-
Notifications
You must be signed in to change notification settings - Fork 376
/
Copy pathCloud Storage1
166 lines (86 loc) · 4.53 KB
/
Cloud Storage1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
export ZONE=
export REGION="${ZONE%-*}"
gsutil mb -p $DEVSHELL_PROJECT_ID -c STANDARD -l $REGION -b on gs://$DEVSHELL_PROJECT_ID
gsutil uniformbucketlevelaccess set off gs://$DEVSHELL_PROJECT_ID
export BUCKET_NAME_1=$DEVSHELL_PROJECT_ID
curl \
https://hadoop.apache.org/docs/current/\
hadoop-project-dist/hadoop-common/\
ClusterSetup.html > setup.html
cp setup.html setup2.html
cp setup.html setup3.html
gcloud storage cp setup.html gs://$BUCKET_NAME_1/
gsutil acl get gs://$BUCKET_NAME_1/setup.html > acl.txt
cat acl.txt
gsutil acl set private gs://$BUCKET_NAME_1/setup.html
gsutil acl get gs://$BUCKET_NAME_1/setup.html > acl2.txt
cat acl2.txt
gsutil acl ch -u AllUsers:R gs://$BUCKET_NAME_1/setup.html
gsutil acl get gs://$BUCKET_NAME_1/setup.html > acl3.txt
cat acl3.txt
rm setup.html
gcloud storage cp gs://$BUCKET_NAME_1/setup.html setup.html
CSEK_KEY=$(python3 -c 'import base64; import os; print(base64.encodebytes(os.urandom(32)).decode("utf-8").strip())')
echo "Generated CSEK Key: $CSEK_KEY"
gsutil config -n
sed -i "324c\encryption_key=$CSEK_KEY" .boto
gsutil cp setup2.html gs://$BUCKET_NAME_1/
gsutil cp setup3.html gs://$BUCKET_NAME_1/
rm setup*
gsutil cp gs://$BUCKET_NAME_1/setup* ./
cat setup.html
cat setup2.html
cat setup3.html
sed -i "324c\#encryption_key=$CSEK_KEY" .boto
sed -i "331c\decryption_key1=$CSEK_KEY" .boto
CSEK_KEY=$(python3 -c 'import base64; import os; print(base64.encodebytes(os.urandom(32)).decode("utf-8").strip())')
echo "Generated CSEK Key: $CSEK_KEY"
sed -i "324c\encryption_key=$CSEK_KEY" .boto
gsutil rewrite -k gs://$BUCKET_NAME_1/setup2.html
sed -i "331c\#decryption_key1=$CSEK_KEY" .boto
gsutil cp gs://$BUCKET_NAME_1/setup2.html recover2.html
gsutil cp gs://$BUCKET_NAME_1/setup3.html recover3.html
gsutil lifecycle get gs://$BUCKET_NAME_1
cat > life.json <<'EOF_END'
{
"rule":
[
{
"action": {"type": "Delete"},
"condition": {"age": 31}
}
]
}
EOF_END
gsutil lifecycle set life.json gs://$BUCKET_NAME_1
gsutil lifecycle get gs://$BUCKET_NAME_1
gsutil versioning get gs://$BUCKET_NAME_1
gsutil versioning set on gs://$BUCKET_NAME_1
gsutil versioning get gs://$BUCKET_NAME_1
ls -al setup.html
sed -i '5,9d' setup.html
gcloud storage cp -v setup.html gs://$BUCKET_NAME_1
sed -i '5,9d' setup.html
gcloud storage cp -v setup.html gs://$BUCKET_NAME_1
gcloud storage ls -a gs://$BUCKET_NAME_1/setup.html
VARIABLE=$(gcloud storage ls -a gs://$BUCKET_NAME_1/setup.html | head -n 1 | awk '{print $1}')
export VERSION_NAME=$VARIABLE
gcloud storage cp $VERSION_NAME recovered.txt
mkdir firstlevel
mkdir ./firstlevel/secondlevel
cp setup.html firstlevel
cp setup.html firstlevel/secondlevel
gsutil rsync -r ./firstlevel gs://$BUCKET_NAME_1/firstlevel
sleep 30
gcloud compute instances create crossproject --project=$DEVSHELL_PROJECT_ID --zone=$ZONE --machine-type=e2-medium --network-interface=network-tier=PREMIUM,stack-type=IPV4_ONLY,subnet=default --metadata=enable-oslogin=true --maintenance-policy=MIGRATE --provisioning-model=STANDARD --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --create-disk=auto-delete=yes,boot=yes,device-name=crossproject,image=projects/debian-cloud/global/images/debian-11-bullseye-v20240110,mode=rw,size=10,type=projects/$DEVSHELL_PROJECT_ID/zones/$ZONE/diskTypes/pd-balanced --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud --reservation-affinity=any
Part 2:
export ZONE=
export REGION="${ZONE%-*}"
gsutil mb -p $DEVSHELL_PROJECT_ID -c STANDARD -l $REGION -b on gs://$DEVSHELL_PROJECT_ID-2
gsutil uniformbucketlevelaccess set off gs://$DEVSHELL_PROJECT_ID-2
echo "" > test.txt
gsutil cp test.txt gs://$DEVSHELL_PROJECT_ID-2
gcloud iam service-accounts create cross-project-storage --display-name "Cross-Project Storage Account"
gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member="serviceAccount:cross-project-storage@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" --role="roles/storage.objectViewer"
gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member="serviceAccount:cross-project-storage@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" --role="roles/storage.objectAdmin"
gcloud iam service-accounts keys create credentials.json --iam-account=cross-project-storage@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com