From 55f112224aae5fea090fa13b3bc06e006813b9a5 Mon Sep 17 00:00:00 2001
From: Sam Stoelinga <sammiestoel@gmail.com>
Date: Wed, 3 Jul 2024 15:09:30 -0700
Subject: [PATCH] add script to create sa and copy to clipboard (#104)

---
 deploy/create-gcp-sa.sh | 64 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100755 deploy/create-gcp-sa.sh

diff --git a/deploy/create-gcp-sa.sh b/deploy/create-gcp-sa.sh
new file mode 100755
index 00000000..7bc86f38
--- /dev/null
+++ b/deploy/create-gcp-sa.sh
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+
+copy_to_clipboard() {
+    local file="$1"
+    case "$(uname -s)" in
+        Linux)
+            # Linux generally uses xclip or xsel. xclip is used here.
+            if command -v xclip >/dev/null 2>&1; then
+                xclip -selection clipboard < "$file"
+            else
+                echo "xclip is not installed. Please install it to use this function."
+                return 1
+            fi
+            ;;
+        Darwin)
+            # macOS uses pbcopy
+            pbcopy < "$file"
+            ;;
+        CYGWIN*|MINGW32*|MSYS*|MINGW*)
+            # Windows with Git Bash or similar environment uses /dev/clipboard
+            cat "$file" > /dev/clipboard
+            ;;
+        *)
+            echo "Unsupported operating system."
+            return 1
+            ;;
+    esac
+}
+
+export PROJECT_ID=${PROJECT_ID:-$(gcloud config get-value project)}
+echo "Working in project $PROJECT_ID"
+
+export SA_NAME=${SA_NAME:-"substratus-control-plane"}
+set -x
+
+# Create a service account if it doesn't exist
+if gcloud iam service-accounts list | grep -q $SA_NAME; then
+    echo "Service account $SA_NAME already exists"
+else
+    gcloud iam service-accounts create substratus-control-plane --display-name "Service account used by Substratus Control Plane to manage AI infrastructure"
+fi
+
+# Assign privleges to the service account
+# Assign compute admin
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+    --member serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com \
+    --role roles/compute.admin
+
+# Create a keyfile if it doesn't exist
+keyfile_path="/tmp/substratus-sa.keyfile.json"
+if [ -f $keyfile_path ]; then
+    echo "Keyfile $keyfile_path already exists"
+else
+    gcloud iam service-accounts keys create $keyfile_path \
+        --iam-account $SA_NAME@$PROJECT_ID.iam.gserviceaccount.com
+fi
+
+echo "Your service account keyfile is at $keyfile_path."
+echo "The contents have been copied to your clipboard."
+copy_to_clipboard "$keyfile_path"
+