IAM

Configuring IAM permissions with gcloud.

history command

    1  gcloud
    2  curl https://sdk.cloud.google.com | bash
    3  cat /home/student-03-1688e8cece68/.bashrc
    4  exec -l $SHELL
    5  gcloud init
    6  gcloud components list
    7  gcloud components install beta
    8  gcloud compute instances create lab-1
    9  gcloud config list
   10  gcloud compute zones list
   11  gcloud config set compute/zone us-central1-c
   12  gcloud config list
   13  cat ~/.config/gcloud/configurations/config_default
   14  gcloud init
   15  gcloud compute instances list
   16  gcloud compute instances create lab-2
   17  gcloud init
   18  gcloud config configurations activate default
   19  gcloud iam roles list
   20  gcloud iam roles list | grep "name:"
   21  gcloud iam roles list | grep "name: roles/compute"
   22  gcloud iam roles describe roles/compute.instanceAdmin
   23  gcloud config configurations activate default
   24  sudo yum -y install epel-release
   25  sudo yum -y install jq
   26  echo "export USERID1=student-03-3e529d66e7fe@qwiklabs.net" >> ~/.bashrc
   27* 
   28  gcloud config configurations activate user2
   29  echo "export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1" >> ~/.bashrc
   30  . ~/.bashrc
   31  gcloud config set project $PROJECTID2
   32  gcloud config configurations activate default
   33  cat ~/.bashrc
   34  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
   35  echo "export USERID1=student-03-1688e8cece68@qwiklabs.net" >> ~/.bashrc
   36  echo "export USERID1=student-03-1688e8cece68@qwiklabs.net" >> ~/.bashrc
   37  echo "export USERID2=student-03-3e529d66e7fe@qwiklabs.net" >> ~/.bashrc
   38  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
   39  . ~/.bashrc
   40  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
   41  gcloud config configurations activate user2
   42  gcloud config set project $PROJECTID2
   43  gcloud compute instances list
   44  gcloud compute instances create lab-2
   45  gcloud config configurations activate default
   46  gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
   47  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
   48  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
   49  gcloud config configurations activate user2
   50  gcloud compute instances create lab-2
   51  gcloud compute instances list
   52  gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devopsgcloud config configurations activate default
   53  gcloud config configurations activate default
   54  gcloud config set project $PROJECTEID2
   55  export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1
   56  gcloud config set project $PROJECTEID2
   57  gcloud config set project qwiklabs-gcp-03-d7214c9b0bb1
   58  echo $PROJECTEID2
   59  gcloud iam service-accounts create devops --display-name devops
   60  gcloud iam service-accounts list --filter "displayName=devops"
   61  SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
   62  gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
   63  gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
   64  gcloud compute instances create lab-3 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
   65  gcloud compute ssh lab-3
   66  history

contents of ~/.bashrc

# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

# The next line updates PATH for the Google Cloud SDK.
if [ -f '/home/student-03-1688e8cece68/google-cloud-sdk/path.bash.inc' ]; then . '/home/student-03-1688e8cece68/google-cloud-sdk/path.bash.inc'; fi

# The next line enables shell command completion for gcloud.
if [ -f '/home/student-03-1688e8cece68/google-cloud-sdk/completion.bash.inc' ]; then . '/home/student-03-1688e8cece68/google-cloud-sdk/completion.bash.inc'; fi
export USERID1=student-03-3e529d66e7fe@qwiklabs.net
export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1
export USERID1=student-03-1688e8cece68@qwiklabs.net
export USERID2=student-03-3e529d66e7fe@qwiklabs.net

PreviousAssessment questions NextCloud Storage

Last updated 3 years ago

Was this helpful?

1 gcloud 2 curl https://sdk.cloud.google.com | bash 3 cat /home/student-03-1688e8cece68/.bashrc 4 exec -l $SHELL 5 gcloud init 6 gcloud components list 7 gcloud components install beta 8 gcloud compute instances create lab-1 9 gcloud config list 10 gcloud compute zones list 11 gcloud config set compute/zone us-central1-c 12 gcloud config list 13 cat ~/.config/gcloud/configurations/config_default 14 gcloud init 15 gcloud compute instances list 16 gcloud compute instances create lab-2 17 gcloud init 18 gcloud config configurations activate default 19 gcloud iam roles list 20 gcloud iam roles list | grep "name:" 21 gcloud iam roles list | grep "name: roles/compute" 22 gcloud iam roles describe roles/compute.instanceAdmin 23 gcloud config configurations activate default 24 sudo yum -y install epel-release 25 sudo yum -y install jq 26 echo "export USERID1=student-03-3e529d66e7fe@qwiklabs.net" >> ~/.bashrc 27* 28 gcloud config configurations activate user2 29 echo "export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1" >> ~/.bashrc 30 . ~/.bashrc 31 gcloud config set project $PROJECTID2 32 gcloud config configurations activate default 33 cat ~/.bashrc 34 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer 35 echo "export USERID1=student-03-1688e8cece68@qwiklabs.net" >> ~/.bashrc 36 echo "export USERID1=student-03-1688e8cece68@qwiklabs.net" >> ~/.bashrc 37 echo "export USERID2=student-03-3e529d66e7fe@qwiklabs.net" >> ~/.bashrc 38 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer 39 . ~/.bashrc 40 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer 41 gcloud config configurations activate user2 42 gcloud config set project $PROJECTID2 43 gcloud compute instances list 44 gcloud compute instances create lab-2 45 gcloud config configurations activate default 46 gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount" 47 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser 48 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops 49 gcloud config configurations activate user2 50 gcloud compute instances create lab-2 51 gcloud compute instances list 52 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devopsgcloud config configurations activate default 53 gcloud config configurations activate default 54 gcloud config set project $PROJECTEID2 55 export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1 56 gcloud config set project $PROJECTEID2 57 gcloud config set project qwiklabs-gcp-03-d7214c9b0bb1 58 echo $PROJECTEID2 59 gcloud iam service-accounts create devops --display-name devops 60 gcloud iam service-accounts list --filter "displayName=devops" 61 SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops") 62 gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser 63 gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin 64 gcloud compute instances create lab-3 --service-account $SA --scopes "https://www.googleapis.com/auth/compute" 65 gcloud compute ssh lab-3 66 history

# .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functions # The next line updates PATH for the Google Cloud SDK. if [ -f '/home/student-03-1688e8cece68/google-cloud-sdk/path.bash.inc' ]; then . '/home/student-03-1688e8cece68/google-cloud-sdk/path.bash.inc'; fi # The next line enables shell command completion for gcloud. if [ -f '/home/student-03-1688e8cece68/google-cloud-sdk/completion.bash.inc' ]; then . '/home/student-03-1688e8cece68/google-cloud-sdk/completion.bash.inc'; fi export USERID1=student-03-3e529d66e7fe@qwiklabs.net export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1 export USERID1=student-03-1688e8cece68@qwiklabs.net export USERID2=student-03-3e529d66e7fe@qwiklabs.net