├── license.pdf
├── README.md
├── azure
    ├── omniverse
    │   ├── README.md
    │   └── cloudtrust.sh
    ├── ngc_dataset_service
    │   ├── README.md
    │   └── cloudtrust.sh
    └── unified_cluster_lifecycle
    │   ├── README.md
    │   └── cloudtrust.sh
└── gcp
    ├── omniverse
        ├── prod
        │   ├── README.md
        │   └── cloudtrust.sh
        └── stg
        │   ├── README.md
        │   └── cloudtrust.sh
    ├── ngc_dataset_service
        ├── prod
        │   ├── README.md
        │   └── cloudtrust.sh
        └── stg
        │   ├── README.md
        │   └── cloudtrust.sh
    └── unified_cluster_lifecycle
        ├── prod
            ├── README.md
            └── cloudtrust.sh
        └── stg
            ├── README.md
            └── cloudtrust.sh


/license.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NVIDIA/Cloud-Trust-Scripts/main/license.pdf


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # NVIDIA Cloud Trust Scripts
2 | This repository is for NVIDIA Cloud Trust Scripts 
3 | 
4 | ### By downloading or using NVIDIA Cloud Trust Scripts, I accept the terms of the : [Nvidia Cloud Trust License](license.pdf) 


--------------------------------------------------------------------------------
/azure/omniverse/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Omniverse
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service principal will have following permissions:
 7 | * Storage Read
 8 | * Compute Read
 9 | 
10 | ## Setup
11 | 
12 | ### Script execution
13 | Run the script using the following format
14 | > `sh cloudtrust.sh` 
15 | This will create role and service principal in Azure and generate client credentials
16 | ## Verify
17 | 
18 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
19 | Done!


--------------------------------------------------------------------------------
/azure/ngc_dataset_service/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Omniverse
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service principal will have following permissions:
 7 | * Storage Read
 8 | * Compute Read
 9 | 
10 | ## Setup
11 | 
12 | ### Script execution
13 | Run the script using the following format
14 | > `sh cloudtrust.sh` 
15 | This will create role and service principal in Azure and generate client credentials
16 | ## Verify
17 | 
18 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
19 | Done!


--------------------------------------------------------------------------------
/azure/unified_cluster_lifecycle/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Unified Cluster Lifecycle
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service principal will have following permissions:
 7 | * Storage Read
 8 | * Compute Read
 9 | 
10 | ## Setup
11 | 
12 | ### Script execution
13 | Run the script using the following format
14 | > `sh cloudtrust.sh` 
15 | This will create role and service principal in Azure and generate client credentials
16 | ## Verify
17 | 
18 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
19 | Done!


--------------------------------------------------------------------------------
/gcp/omniverse/prod/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Omniverse
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service account will have following permissions:
 7 | * Read/Write Storage
 8 | 
 9 | ## Setup
10 | 
11 | ### Script execution
12 | Run the script using the following format
13 | > `sh cloudtrust.sh <gcp_project_id> <service_account_name>` 
14 | 
15 | 1. `gcp_project_id` : GCP Project ID
16 | 2. `service_account_name` : Service Account Name
17 | 
18 | For example:
19 | > `sh cloudtrust.sh 123456 service_account_name`
20 | 
21 | ## Verify
22 | 
23 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
24 | Done!


--------------------------------------------------------------------------------
/gcp/omniverse/stg/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Omniverse
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service account will have following permissions:
 7 | * Read/Write Storage
 8 | 
 9 | ## Setup
10 | 
11 | ### Script execution
12 | Run the script using the following format
13 | > `sh cloudtrust.sh <gcp_project_id> <service_account_name>` 
14 | 
15 | 1. `gcp_project_id` : GCP Project ID
16 | 2. `service_account_name` : Service Account Name
17 | 
18 | For example:
19 | > `sh cloudtrust.sh 123456 service_account_name`
20 | 
21 | ## Verify
22 | 
23 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
24 | Done!


--------------------------------------------------------------------------------
/gcp/ngc_dataset_service/prod/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Unified Cluster Lifecycle
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service account will have following permissions:
 7 | * Read/Write Storage
 8 | 
 9 | ## Setup
10 | 
11 | ### Script execution
12 | Run the script using the following format
13 | > `sh cloudtrust.sh <gcp_project_id> <service_account_name>` 
14 | 
15 | 1. `gcp_project_id` : GCP Project ID
16 | 2. `service_account_name` : Service Account Name
17 | 
18 | For example:
19 | > `sh cloudtrust.sh 123456 service_account_name`
20 | 
21 | ## Verify
22 | 
23 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
24 | Done!


--------------------------------------------------------------------------------
/gcp/ngc_dataset_service/stg/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Unified Cluster Lifecycle
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service account will have following permissions:
 7 | * Read/Write Storage
 8 | 
 9 | ## Setup
10 | 
11 | ### Script execution
12 | Run the script using the following format
13 | > `sh cloudtrust.sh <gcp_project_id> <service_account_name>` 
14 | 
15 | 1. `gcp_project_id` : GCP Project ID
16 | 2. `service_account_name` : Service Account Name
17 | 
18 | For example:
19 | > `sh cloudtrust.sh 123456 service_account_name`
20 | 
21 | ## Verify
22 | 
23 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
24 | Done!


--------------------------------------------------------------------------------
/gcp/unified_cluster_lifecycle/prod/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Unified Cluster Lifecycle
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service account will have following permissions:
 7 | * Read/Write Storage
 8 | 
 9 | ## Setup
10 | 
11 | ### Script execution
12 | Run the script using the following format
13 | > `sh cloudtrust.sh <gcp_project_id> <service_account_name>` 
14 | 
15 | 1. `gcp_project_id` : GCP Project ID
16 | 2. `service_account_name` : Service Account Name
17 | 
18 | For example:
19 | > `sh cloudtrust.sh 123456 service_account_name`
20 | 
21 | ## Verify
22 | 
23 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
24 | Done!


--------------------------------------------------------------------------------
/gcp/unified_cluster_lifecycle/stg/README.md:
--------------------------------------------------------------------------------
 1 | # Setting up NVIDIA Cloud Trust for Unified Cluster Lifecycle
 2 | Please read the license of this software at : [Nvidia Cloud Trust License](https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf) 
 3 | 
 4 | ## Prerequisite
 5 | Make sure you have access to create roles and assign permissions.
 6 | The service account will have following permissions:
 7 | * Read/Write Storage
 8 | 
 9 | ## Setup
10 | 
11 | ### Script execution
12 | Run the script using the following format
13 | > `sh cloudtrust.sh <gcp_project_id> <service_account_name>` 
14 | 
15 | 1. `gcp_project_id` : GCP Project ID
16 | 2. `service_account_name` : Service Account Name
17 | 
18 | For example:
19 | > `sh cloudtrust.sh 123456 service_account_name`
20 | 
21 | ## Verify
22 | 
23 | Please login to your NVIDIA Cloud Trust Account and verify the Cloud Trust.
24 | Done!


--------------------------------------------------------------------------------
/azure/omniverse/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Azure
15 | 
16 | set -e
17 | 
18 | subscriptionId=$(az account show --query id --output tsv)
19 | entitlement="omniverse"
20 | display_name="Omniverse"
21 | 
22 | az role definition create --role-definition '{
23 |     "Name": "Role_for_NVIDIA_${entitlement}",
24 |     "Description": "This Role is created for NVIDIA ${display_name}",
25 |     "Actions": [
26 |         "Microsoft.Storage/*/read", "Microsoft.Compute/*/read"
27 |     ],
28 |     "AssignableScopes": ["/subscriptions/${subscriptionId}"]
29 | }'
30 | 
31 | 
32 | sp=$(az ad sp create-for-rbac --name NV-Trust-Broker-${entitlement} --role "Role_for_NVIDIA_${entitlement}" --scopes \/subscriptions\/${subscriptionId} --years 1)
33 | 
34 | appId=$(echo $sp | jq .appId | tr -d '"')
35 | clientSecret=$(echo $sp | jq .password | tr -d '"')
36 | clientSecretId=$(az ad app credential list --id $appId --query '[].keyId|[0]' --output tsv)
37 | clientSecretExpiry=$(az ad app credential list --id $appId --query '[].endDateTime|[0]' --output tsv)
38 | subscriptionId=$(az account show --query id --output tsv)
39 | tenantId=$(az account show --query tenantId --output tsv)
40 | 
41 | echo -e "\n SubscriptionId $subscriptionId  \n TenantId       $tenantId    \n AppId       $appId    \n ClientSecret   $clientSecret   \n ClientSecretId    $clientSecretId     \n ClientSecretExpiry    $clientSecretExpiry"
42 | 


--------------------------------------------------------------------------------
/azure/unified_cluster_lifecycle/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Azure
15 | 
16 | set -e
17 | 
18 | subscriptionId=$(az account show --query id --output tsv)
19 | entitlement="UCL"
20 | display_name="Unified Cluster Lifecycle"
21 | 
22 | az role definition create --role-definition '{
23 |     "Name": "Role_for_NVIDIA_${entitlement}",
24 |     "Description": "This Role is created for NVIDIA ${display_name}",
25 |     "Actions": [
26 |         "Microsoft.Storage/*/read", "Microsoft.Compute/*/read"
27 |     ],
28 |     "AssignableScopes": ["/subscriptions/${subscriptionId}"]
29 | }'
30 | 
31 | 
32 | sp=$(az ad sp create-for-rbac --name NV-Trust-Broker-${entitlement} --role "Role_for_NVIDIA_${entitlement}" --scopes \/subscriptions\/${subscriptionId} --years 1)
33 | 
34 | appId=$(echo $sp | jq .appId | tr -d '"')
35 | clientSecret=$(echo $sp | jq .password | tr -d '"')
36 | clientSecretId=$(az ad app credential list --id $appId --query '[].keyId|[0]' --output tsv)
37 | clientSecretExpiry=$(az ad app credential list --id $appId --query '[].endDateTime|[0]' --output tsv)
38 | subscriptionId=$(az account show --query id --output tsv)
39 | tenantId=$(az account show --query tenantId --output tsv)
40 | 
41 | echo -e "\n SubscriptionId $subscriptionId  \n TenantId       $tenantId    \n AppId       $appId    \n ClientSecret   $clientSecret   \n ClientSecretId    $clientSecretId     \n ClientSecretExpiry    $clientSecretExpiry"
42 | 


--------------------------------------------------------------------------------
/azure/ngc_dataset_service/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Azure
15 | 
16 | set -e
17 | 
18 | subscriptionId=$(az account show --query id --output tsv)
19 | entitlement="ngc_dataset_service"
20 | display_name="NGC DataSet Service"
21 | 
22 | az role definition create --role-definition '{
23 |     "Name": "Role_for_NVIDIA_${entitlement}",
24 |     "Description": "This Role is created for NVIDIA ${display_name}",
25 |     "Actions": [
26 |         "Microsoft.Storage/*/write", "Microsoft.Compute/*/read"
27 |     ],
28 |     "AssignableScopes": ["/subscriptions/${subscriptionId}"]
29 | }'
30 | 
31 | 
32 | sp=$(az ad sp create-for-rbac --name NV-Trust-Broker-${entitlement} --role "Role_for_NVIDIA_${entitlement}" --scopes \/subscriptions\/${subscriptionId} --years 1)
33 | 
34 | appId=$(echo $sp | jq .appId | tr -d '"')
35 | clientSecret=$(echo $sp | jq .password | tr -d '"')
36 | clientSecretId=$(az ad app credential list --id $appId --query '[].keyId|[0]' --output tsv)
37 | clientSecretExpiry=$(az ad app credential list --id $appId --query '[].endDateTime|[0]' --output tsv)
38 | subscriptionId=$(az account show --query id --output tsv)
39 | tenantId=$(az account show --query tenantId --output tsv)
40 | 
41 | echo -e "\n SubscriptionId $subscriptionId  \n TenantId       $tenantId    \n AppId       $appId    \n ClientSecret   $clientSecret   \n ClientSecretId    $clientSecretId     \n ClientSecretExpiry    $clientSecretExpiry"
42 | 


--------------------------------------------------------------------------------
/gcp/omniverse/prod/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Google Cloud
15 | 
16 | set -e
17 | 
18 | PROGNAME=$(basename "$0")
19 | 
20 | usage()
21 | {
22 |     cat <<EOF
23 | Usage:    $PROGNAME PROJECT_ID SERVICE_ACCOUNT_NAME
24 | 
25 | Positional arguments:
26 |     PROJECT_ID	GCP Project Id
27 |     SERVICE_ACCOUNT_NAME	Service Account Name
28 | EOF
29 | }
30 | 
31 | # Verify script parameters
32 | if [ $# -ne 2 ]; then
33 |     echo "$PROGNAME: invalid operand(s)"
34 |     usage
35 |     exit 1
36 | fi
37 | 
38 | echo "Project is $1"
39 | echo "Service account name is $2"
40 | 
41 | #Enable GCP Service APIs
42 | gcloud services enable compute.googleapis.com --project $1
43 | gcloud services enable storage-component.googleapis.com --project $1
44 | 
45 | #Import Service Account in IAM
46 | gcloud projects add-iam-policy-binding $1 --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-prod.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator
47 | 
48 | #Create Service Account
49 | gcloud iam service-accounts create $2 --display-name="Cloud Trust Access Service Account" --project $1
50 | 
51 | #Add  roles required for TAO
52 | gcloud iam service-accounts add-iam-policy-binding "$2@$1.iam.gserviceaccount.com" --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-prod.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator --project $1
53 | 
54 | gcloud projects add-iam-policy-binding $1 --member="serviceAccount:$2@$1.iam.gserviceaccount.com"  --role=roles/storage.objectViewer
55 | gcloud projects add-iam-policy-binding $1 --member="serviceAccount:$2@$1.iam.gserviceaccount.com"  --role=roles/compute.instanceAdmin
56 | 
57 | 
58 | echo "Service Account is : $2@$1.iam.gserviceaccount.com"
59 | 
60 | 
61 | 
62 | 


--------------------------------------------------------------------------------
/gcp/omniverse/stg/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Google Cloud
15 | 
16 | set -e
17 | 
18 | PROGNAME=$(basename "$0")
19 | 
20 | usage()
21 | {
22 |     cat <<EOF
23 | Usage:    $PROGNAME PROJECT_ID SERVICE_ACCOUNT_NAME
24 | 
25 | Positional arguments:
26 |     PROJECT_ID	GCP Project Id
27 |     SERVICE_ACCOUNT_NAME	Service Account Name
28 | EOF
29 | }
30 | 
31 | # Verify script parameters
32 | if [ $# -ne 2 ]; then
33 |     echo "$PROGNAME: invalid operand(s)"
34 |     usage
35 |     exit 1
36 | fi
37 | 
38 | echo "Project is $1"
39 | echo "Service account name is $2"
40 | 
41 | #Enable GCP Service APIs
42 | gcloud services enable compute.googleapis.com --project $1
43 | gcloud services enable storage-component.googleapis.com --project $1
44 | 
45 | #Import Service Account in IAM
46 | gcloud projects add-iam-policy-binding $1 --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-dev.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator
47 | 
48 | #Create Service Account
49 | gcloud iam service-accounts create $2 --display-name="Cloud Trust Access Service Account" --project $1
50 | 
51 | #Add  roles required for TAO
52 | gcloud iam service-accounts add-iam-policy-binding "$2@$1.iam.gserviceaccount.com" --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-dev.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator --project $1
53 | 
54 | gcloud projects add-iam-policy-binding $1 --member="serviceAccount:$2@$1.iam.gserviceaccount.com"  --role=roles/storage.objectViewer
55 | gcloud projects add-iam-policy-binding $1 --member="serviceAccount:$2@$1.iam.gserviceaccount.com"  --role=roles/compute.instanceAdmin
56 | 
57 | 
58 | echo "Service Account is : $2@$1.iam.gserviceaccount.com"
59 | 
60 | 
61 | 
62 | 


--------------------------------------------------------------------------------
/gcp/ngc_dataset_service/stg/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, redevuction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Google Cloud
15 | 
16 | set -e
17 | 
18 | PROGNAME=$(basename "$0")
19 | 
20 | usage()
21 | {
22 |     cat <<EOF
23 | Usage:    $PROGNAME PROJECT_ID SERVICE_ACCOUNT_NAME
24 | 
25 | Positional arguments:
26 |     PROJECT_ID	GCP Project Id
27 |     SERVICE_ACCOUNT_NAME	Service Account Name
28 | EOF
29 | }
30 | 
31 | # Verify script parameters
32 | if [ $# -ne 2 ]; then
33 |     echo "$PROGNAME: invalid operand(s)"
34 |     usage
35 |     exit 1
36 | fi
37 | 
38 | PROJECT_ID=$1
39 | SERVICE_ACCOUNT_NAME=$2
40 | 
41 | echo "Project is ${PROJECT_ID}"
42 | echo "Service account name is ${SERVICE_ACCOUNT_NAME}"
43 | 
44 | #Enable GCP Service APIs
45 | gcloud services enable compute.googleapis.com --project ${PROJECT_ID}
46 | gcloud services enable storage-component.googleapis.com --project ${PROJECT_ID}
47 | 
48 | #Import Service Account in IAM
49 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-dev.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator
50 | 
51 | #Create Service Account
52 | gcloud iam service-accounts create ${SERVICE_ACCOUNT_NAME} --display-name="Cloud Trust Access Service Account" --project ${PROJECT_ID}
53 | 
54 | #Add  roles required for TAO
55 | gcloud iam service-accounts add-iam-policy-binding "${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-dev.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator --project $1
56 | 
57 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/storage.admin
58 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/compute.instanceAdmin
59 | 
60 | 
61 | echo "Service Account is : ${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"


--------------------------------------------------------------------------------
/gcp/ngc_dataset_service/prod/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Google Cloud
15 | 
16 | set -e
17 | 
18 | PROGNAME=$(basename "$0")
19 | 
20 | usage()
21 | {
22 |     cat <<EOF
23 | Usage:    $PROGNAME PROJECT_ID SERVICE_ACCOUNT_NAME
24 | 
25 | Positional arguments:
26 |     PROJECT_ID	GCP Project Id
27 |     SERVICE_ACCOUNT_NAME	Service Account Name
28 | EOF
29 | }
30 | 
31 | # Verify script parameters
32 | if [ $# -ne 2 ]; then
33 |     echo "$PROGNAME: invalid operand(s)"
34 |     usage
35 |     exit 1
36 | fi
37 | 
38 | PROJECT_ID=$1
39 | SERVICE_ACCOUNT_NAME=$2
40 | 
41 | echo "Project is ${PROJECT_ID}"
42 | echo "Service account name is ${SERVICE_ACCOUNT_NAME}"
43 | 
44 | #Enable GCP Service APIs
45 | gcloud services enable compute.googleapis.com --project ${PROJECT_ID}
46 | gcloud services enable storage-component.googleapis.com --project ${PROJECT_ID}
47 | 
48 | #Import Service Account in IAM
49 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-prod.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator
50 | 
51 | #Create Service Account
52 | gcloud iam service-accounts create ${SERVICE_ACCOUNT_NAME} --display-name="Cloud Trust Access Service Account" --project ${PROJECT_ID}
53 | 
54 | #Add  roles required for TAO
55 | gcloud iam service-accounts add-iam-policy-binding "${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-prod.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator --project $1
56 | 
57 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/storage.admin
58 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/compute.instanceAdmin
59 | 
60 | 
61 | echo "Service Account is : ${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"


--------------------------------------------------------------------------------
/gcp/unified_cluster_lifecycle/stg/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, redevuction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Google Cloud
15 | 
16 | set -e
17 | 
18 | PROGNAME=$(basename "$0")
19 | 
20 | usage()
21 | {
22 |     cat <<EOF
23 | Usage:    $PROGNAME PROJECT_ID SERVICE_ACCOUNT_NAME
24 | 
25 | Positional arguments:
26 |     PROJECT_ID	GCP Project Id
27 |     SERVICE_ACCOUNT_NAME	Service Account Name
28 | EOF
29 | }
30 | 
31 | # Verify script parameters
32 | if [ $# -ne 2 ]; then
33 |     echo "$PROGNAME: invalid operand(s)"
34 |     usage
35 |     exit 1
36 | fi
37 | 
38 | PROJECT_ID=$1
39 | SERVICE_ACCOUNT_NAME=$2
40 | 
41 | echo "Project is ${PROJECT_ID}"
42 | echo "Service account name is ${SERVICE_ACCOUNT_NAME}"
43 | 
44 | #Enable GCP Service APIs
45 | gcloud services enable compute.googleapis.com --project ${PROJECT_ID}
46 | gcloud services enable storage-component.googleapis.com --project ${PROJECT_ID}
47 | 
48 | #Import Service Account in IAM
49 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-dev.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator
50 | 
51 | #Create Service Account
52 | gcloud iam service-accounts create ${SERVICE_ACCOUNT_NAME} --display-name="Cloud Trust Access Service Account" --project ${PROJECT_ID}
53 | 
54 | #Add  roles required for TAO
55 | gcloud iam service-accounts add-iam-policy-binding "${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-dev.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator --project $1
56 | 
57 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/storage.objectViewer
58 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/compute.instanceAdmin
59 | 
60 | 
61 | echo "Service Account is : ${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"


--------------------------------------------------------------------------------
/gcp/unified_cluster_lifecycle/prod/cloudtrust.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/sh
 2 | 
 3 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 4 | # LicenseRef-NvidiaProprietary
 5 | #
 6 | # NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
 7 | # property and proprietary rights in and to this material, related
 8 | # documentation and any modifications thereto. Any use, reproduction,
 9 | # disclosure or distribution of this material and related documentation
10 | # without an express license agreement from NVIDIA CORPORATION or
11 | # its affiliates is strictly prohibited.
12 | # Please read the complete licese agreement at (https://github.com/NVIDIA/Cloud-Trust-Scripts/blob/main/license.pdf
13 | 
14 | # This script is to create cloud trust on Google Cloud
15 | 
16 | set -e
17 | 
18 | PROGNAME=$(basename "$0")
19 | 
20 | usage()
21 | {
22 |     cat <<EOF
23 | Usage:    $PROGNAME PROJECT_ID SERVICE_ACCOUNT_NAME
24 | 
25 | Positional arguments:
26 |     PROJECT_ID	GCP Project Id
27 |     SERVICE_ACCOUNT_NAME	Service Account Name
28 | EOF
29 | }
30 | 
31 | # Verify script parameters
32 | if [ $# -ne 2 ]; then
33 |     echo "$PROGNAME: invalid operand(s)"
34 |     usage
35 |     exit 1
36 | fi
37 | 
38 | PROJECT_ID=$1
39 | SERVICE_ACCOUNT_NAME=$2
40 | 
41 | echo "Project is ${PROJECT_ID}"
42 | echo "Service account name is ${SERVICE_ACCOUNT_NAME}"
43 | 
44 | #Enable GCP Service APIs
45 | gcloud services enable compute.googleapis.com --project ${PROJECT_ID}
46 | gcloud services enable storage-component.googleapis.com --project ${PROJECT_ID}
47 | 
48 | #Import Service Account in IAM
49 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-prod.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator
50 | 
51 | #Create Service Account
52 | gcloud iam service-accounts create ${SERVICE_ACCOUNT_NAME} --display-name="Cloud Trust Access Service Account" --project ${PROJECT_ID}
53 | 
54 | #Add  roles required for TAO
55 | gcloud iam service-accounts add-iam-policy-binding "${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" --member=serviceAccount:nvidia-cloud-trust@nv-cloudtrust-prod.iam.gserviceaccount.com --role=roles/iam.serviceAccountTokenCreator --project $1
56 | 
57 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/storage.objectViewer
58 | gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"  --role=roles/compute.instanceAdmin
59 | 
60 | 
61 | echo "Service Account is : ${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"


--------------------------------------------------------------------------------