Script Automation Integration

Download Script Files

Download the following file to an appropriate location and extract it.

📁

You will see files like the following:

gcloud-service-account-script-main
├── auto.sh
├── config
│   ├── apis.json
│   └── roles.json
├── config.env.template
├── README.md
└── scripts
    ├── 1_init.sh
    ├── 2_create_service_account.sh
    ├── 3_1_create_custom_role_with_permissions.sh
    ├── 3_2_create_custom_org_role_with_permissions.sh
    ├── 4_1_assign_roles_and_apis.sh
    └── 4_2_assing_org_roles_and_apis.sh

Access GCP Console and Login

Log in to the GCP Console with top-level permissions and enter the console. The console button is located in the upper right corner.

Select Organization and Project

Click the Project Selection dropdown in the upper left, then select the organization from the Organization dropdown. Click the All tab to view all projects.

Select Project for Service Account Addition

From the All tab, select the project where you want to add the service account. Confirm that the selected project is fixed in the upper left of the console.

Run Cloud Console Editor

Click the Activate Cloud Shell button in the upper right of the console to activate the terminal. ![](/guides/getting-started/provider-service-account/google-cloud/gcp-script-setting-05.en .png)

When the popup window activates, proceed with approval.

Click the Open Editor button in the upper right of the console to run the cloud console editor.

Confirm that the editor has switched normally.

Upload Script Files

Drag the extracted folder to the left file explorer area (red box) to upload it.

Run Terminal

Type > terminal in the top search bar and select Create New Terminal (With Profile), then select the bash profile.

Prepare Script Execution

Navigate to the uploaded folder and grant execution permissions to the script files. Enter the following commands one by one and press Enter to execute.

cd gcloud-service-account-script-dev/ && ls -al

chmod +x auto.sh && ls -al

Execute Integrated Script

Run the integrated script with the ./auto.sh command.

./auto.sh

When the execution confirmation message appears, type y and press Enter.

After checking the login account, if it’s the correct account, type y and press Enter.

Select the organization you want to configure, enter the number, and press Enter.

After searching all projects in the organization, select the number of the desired project and press Enter.

Step 2 service account creation will run automatically.

When the confirmation message for creating custom project roles in step 3.1 appears, type y and press Enter.

When the confirmation message for creating custom organization roles in step 3.2 appears, type y and press Enter.

In the project-level permissions and API assignment step, confirm the service account [project-sa] number or the account name you set arbitrarily, then press Enter.

In the organization-level permissions and API assignment step, confirm the service account [project-sa] number or the account name you set arbitrarily, then press Enter. Activating APIs for all projects will take considerable time.

Completion

If you have completed all the steps so far, the newly created service account will inherit Google Cloud service accounts and roles (Role) to all projects within the organization.

Download the authentication key of the created service account in JSON format from [(Created Project) > Service Account > KEYS]. This is used when registering a Trusted Account in SpaceONE.

Settings for Managing Multiple Projects Web Manual Integration