marcosborges · April 6, 2019 00:30
diff --git a/dockerfiles-gcloud-sdk.dockerfile b/dockerfiles-gcloud-sdk.dockerfile
 FROM google/cloud-sdk:alpine
 RUN apk --update add openjdk7-jre
 RUN gcloud components install app-engine-java kubectl
diff --git a/provisioning-service-account.groovy b/provisioning-service-account.groovy
 def _provisioningServiceAccount(saName, roles) {
    def workspace = pwd()
    withCredentials([
        file  (credentialsId: 'GCLOUD_SA', variable: "GCLOUD_SA")
    ]){
        configFileProvider(
            [configFile(fileId: 'dockerfiles-gcloud-sdk.dockerfile', variable: 'GCLOUD_SDK_DOCKERFILE')]
        ) {
            sh "cp ${env.GCLOUD_SDK_DOCKERFILE} gCloudSDK.Dockerfile"
            def gcloudSDK = docker.build("gcloud-sdk-kubectl", "-f gCloudSDK.Dockerfile .")
            gcloudSDK.inside("""  -e "CLOUDSDK_CONFIG=/tmp/mygcloud" -e "KUBECONFIG=/tmp/mykubectl" """) {
                
                def data = readJSON file: "${env.GCLOUD_SA}" 
                sh """ gcloud config set project ${data['project_id']} """
                sh """ gcloud auth activate-service-account "${data['client_email']}" --key-file="${env.GCLOUD_SA}" --project="${data['project_id']}" """
                def saCommand = "" 
                //service_account precisa de no minimo 6 caracteres
                if (saName.length() < 6) {
                    saName = saName.padRight(6, '0')
                }
                for (role in roles) {
                    saCommand += """gcloud projects add-iam-policy-binding "${data['project_id']}" --member "serviceAccount:${saName}@${data['project_id']}.iam.gserviceaccount.com" --role ${role} \n"""
                }
                sh """
                    gcloud iam service-accounts create "${saName}" --display-name="${saName}" 
                    ${saCommand}
                    gcloud iam service-accounts keys create --iam-account="${saName}@${data['project_id']}.iam.gserviceaccount.com" "${workspace}/${saName}.json"
                """
            }
        }
    }    
 }

 node{
    _provisioningServiceAccount(
        "my-service-account", 
        [
            "roles/storage.admin", 
            "roles/datastore.owner", 
            "roles/pubsub.admin",
            "roles/errorreporting.writer",
            "roles/cloudtrace.agent",
            "roles/cloudsql.client"
        ]
    )
 }
	FROM google/cloud-sdk:alpine
	RUN apk --update add openjdk7-jre
	RUN gcloud components install app-engine-java kubectl
	def _provisioningServiceAccount(saName, roles) {
	def workspace = pwd()
	withCredentials([
	file (credentialsId: 'GCLOUD_SA', variable: "GCLOUD_SA")
	]){
	configFileProvider(
	[configFile(fileId: 'dockerfiles-gcloud-sdk.dockerfile', variable: 'GCLOUD_SDK_DOCKERFILE')]
	) {
	sh "cp ${env.GCLOUD_SDK_DOCKERFILE} gCloudSDK.Dockerfile"
	def gcloudSDK = docker.build("gcloud-sdk-kubectl", "-f gCloudSDK.Dockerfile .")
	gcloudSDK.inside(""" -e "CLOUDSDK_CONFIG=/tmp/mygcloud" -e "KUBECONFIG=/tmp/mykubectl" """) {

	def data = readJSON file: "${env.GCLOUD_SA}"
	sh """ gcloud config set project ${data['project_id']} """
	sh """ gcloud auth activate-service-account "${data['client_email']}" --key-file="${env.GCLOUD_SA}" --project="${data['project_id']}" """
	def saCommand = ""
	//service_account precisa de no minimo 6 caracteres
	if (saName.length() < 6) {
	saName = saName.padRight(6, '0')
	}
	for (role in roles) {
	saCommand += """gcloud projects add-iam-policy-binding "${data['project_id']}" --member "serviceAccount:${saName}@${data['project_id']}.iam.gserviceaccount.com" --role ${role} \n"""
	}
	sh """
	gcloud iam service-accounts create "${saName}" --display-name="${saName}"
	${saCommand}
	gcloud iam service-accounts keys create --iam-account="${saName}@${data['project_id']}.iam.gserviceaccount.com" "${workspace}/${saName}.json"
	"""
	}
	}
	}
	}

	node{
	_provisioningServiceAccount(
	"my-service-account",
	[
	"roles/storage.admin",
	"roles/datastore.owner",
	"roles/pubsub.admin",
	"roles/errorreporting.writer",
	"roles/cloudtrace.agent",
	"roles/cloudsql.client"
	]
	)
	}