File tree 1 file changed +12
-7
lines changed
references/gcp-sa-auth-shared-flow
1 file changed +12
-7
lines changed Original file line number Diff line number Diff line change @@ -22,11 +22,21 @@ SA_EMAIL="$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com"
2222SCRIPTPATH=" $( cd " $( dirname " $0 " ) " || exit > /dev/null 2>&1 ; pwd -P ) "
2323export PATH=" $PATH :$SCRIPTPATH /../../tools/apigee-sackmesser/bin"
2424
25- # create a service account without any roles and download the key
25+
26+
27+ # create a service account without any roles if it doesn't exist
2628EXISTING_EMAIL=$( gcloud iam service-accounts list --filter=" email=$SA_EMAIL " " get(email)" )
2729if [ " $EXISTING_EMAIL " != " $SA_EMAIL " ; then
2830 gcloud iam service-accounts create " $SA_NAME "
2931fi
32+
33+ # Cleaning up existing service account keys for that SA
34+ for SA_KEY_NAME in $( gcloud iam service-accounts keys list --iam-account=" $SA_EMAIL " " get(name)" " keyType=USER_MANAGED" )
35+ do
36+ gcloud iam service-accounts keys delete " $SA_KEY_NAME " " $SA_EMAIL "
37+ done
38+
39+ # Create and download service account key
3040gcloud iam service-accounts keys create " $SCRIPTPATH /$SA_NAME -key.json"
3141 --iam-account " $SA_EMAIL "
3242
@@ -48,9 +58,4 @@ sackmesser deploy --googleapi -d "$SCRIPTPATH"/test/token-validation \
4858
4959
5060curl -k --fail " https://$APIGEE_X_HOSTNAME /token-validation/v0/oauth"
51- curl -k --fail " https://$APIGEE_X_HOSTNAME /token-validation/v0/jwt"
52-
53- for SA_KEY_NAME in $( gcloud iam service-accounts keys list --iam-account=" $SA_EMAIL " " get(name)" " keyType=USER_MANAGED" )
54- do
55- gcloud iam service-accounts keys delete " $SA_KEY_NAME " " $SA_EMAIL "
56- done
61+ curl -k --fail " https://$APIGEE_X_HOSTNAME /token-validation/v0/jwt"
You can’t perform that action at this time.
0 commit comments