#!/bin/bash
# Define your variables (replace with your actual values)
SERVICE_ACCOUNT_EMAIL="madhuran-testoc-doc@cloud-sandbox-1162.iam.gserviceaccount.com"
GCP_PROJECT_ID="cloud-sandbox-1162"

# List of roles to add
ROLES=(
	"roles/compute.admin"
	"roles/iam.securityAdmin"
	"roles/iam.serviceAccountAdmin"
	"roles/iam.serviceAccountUser"
	"roles/storage.admin"
	"roles/dns.admin"
	"roles/iam.serviceAccountKeyAdmin"
	"roles/compute.networkAdmin"
)

# Loop through each role and add the binding
for ROLE in "${ROLES[@]}"; do
    echo "Adding role: ${ROLE} to service account: ${SERVICE_ACCOUNT_EMAIL}"
    gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \
        --member="serviceAccount:${SERVICE_ACCOUNT_EMAIL}" \
        --role="${ROLE}" \
        --condition=None  # Use --condition=None if you explicitly don't want a condition (optional)
    if [ $? -ne 0 ]; then
        echo "Error adding role ${ROLE}. Exiting."
        exit 1
    fi
    echo "Role ${ROLE} added successfully."
    sleep 1 # Small delay to avoid hitting API rate limits, especially for many roles
done

echo "All specified roles have been assigned to the service account."