From cc2c55feeed7f7a808b2a50278ab98992fcdbfd8 Mon Sep 17 00:00:00 2001
From: kchertenko <108395945+kchertenko@users.noreply.github.com>
Date: Mon, 19 Sep 2022 19:28:19 +0300
Subject: [PATCH] fix: remove user setup environment error. (#345)

---
 .../user_environment_setup.sh                 | 112 ++++++++++++------
 1 file changed, 73 insertions(+), 39 deletions(-)

diff --git a/generated_samples/interactive-tutorials/user_environment_setup.sh b/generated_samples/interactive-tutorials/user_environment_setup.sh
index 81f45593afa5..95138d54c235 100644
--- a/generated_samples/interactive-tutorials/user_environment_setup.sh
+++ b/generated_samples/interactive-tutorials/user_environment_setup.sh
@@ -14,43 +14,77 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{
-  # set the Google Cloud Project ID
-  project_id=$1
-  echo "Project ID: $project_id"
-  gcloud config set project "$project_id"
-} && {
-  timestamp=$(date +%s)
-
-  service_account_id="service-acc-$timestamp"
-  echo "Service Account: $service_account_id"
-
-  # create service account
-  gcloud iam service-accounts create "$service_account_id"
-} && {
-  # assign necessary roles to your new service account
-  for role in {retail.admin,editor}
-    do
-      gcloud projects add-iam-policy-binding "$project_id" --member="serviceAccount:$service_account_id@$project_id.iam.gserviceaccount.com" --role=roles/"${role}"
-  done
-} && {
-  echo "Wait ~60 seconds to be sure the appropriate roles have been assigned to your service account"
-  sleep 60
-
-  # upload your service account key file
-  service_acc_email="$service_account_id@$project_id.iam.gserviceaccount.com"
-  gcloud iam service-accounts keys create ~/key.json --iam-account "$service_acc_email"
-} && {
-  # activate the service account using the key
-  gcloud auth activate-service-account --key-file ~/key.json
-} && {
-  echo "======================================="
-  echo "The Google Cloud setup is completed."
-  echo "Please proceed with the Tutorial steps"
-  echo "======================================="
-} || {
-  echo "======================================="
-  echo "The Google Cloud setup was not completed."
-  echo "Please fix the errors above!"
-  echo "======================================="
+success() {
+    echo "========================================="
+    echo "The Google Cloud setup is completed."
+    echo "Please proceed with the Tutorial steps"
+    echo "========================================="
+    exit 0
+}
+
+failure() {
+    echo "========================================="
+    echo "The Google Cloud setup was not completed."
+    echo "Please fix the errors above!"
+    echo "========================================="
+    exit 1
 }
+
+# catch any error that happened during execution
+trap 'failure' ERR
+
+# set the Google Cloud Project ID
+project_id=$1
+echo "Project ID: $project_id"
+gcloud config set project "$project_id"
+
+email=$(gcloud auth list --filter="status:ACTIVE account:$project_id.iam.gserviceaccount.com" --format="value(account)")
+echo $email
+
+# Check if user has service account active
+if [ -z "$email" ]
+then
+    # Create a new service account
+    timestamp=$(date +%s)
+    service_account_id="service-acc-$timestamp"
+    echo "Service Account: $service_account_id"
+    gcloud iam service-accounts create "$service_account_id"
+else
+    service_account_id="${email%@*}"
+    # Log out of service account
+    gcloud auth revoke 2>/dev/null
+fi
+echo "$service_account_id"
+
+
+editor=$(gcloud projects get-iam-policy $project_id  \
+--flatten="bindings[].members" \
+--format='table(bindings.role)' \
+--filter="bindings.members:$service_account_id ROLE=roles/editor")
+
+retail_admin=$(gcloud projects get-iam-policy $project_id  \
+--flatten="bindings[].members" \
+--format='table(bindings.role)' \
+--filter="bindings.members:$service_account_id ROLE=roles/retail.admin")
+
+
+# Check if any of the needed roles is missing
+if [ -z "$editor" ] || [ -z "$retail_admin" ]
+then
+    # Assign necessary roles to your new service account.
+    for role in {retail.admin,editor}
+    do
+        gcloud projects add-iam-policy-binding "$project_id" --member="serviceAccount:$service_account_id@$project_id.iam.gserviceaccount.com" --role=roles/"${role}"
+    done
+    echo "Wait ~60 seconds to be sure the appropriate roles have been assigned to your service account"
+    sleep 60
+fi
+
+# Upload your service account key file.
+service_acc_email="$service_account_id@$project_id.iam.gserviceaccount.com"
+gcloud iam service-accounts keys create ~/key.json --iam-account "$service_acc_email"
+
+# Activate the service account using the key.
+gcloud auth activate-service-account --key-file ~/key.json
+
+'success'