GCP Cloud Provider for Idem
Project description
GCP Cloud Provider for Idem.
About
idem-gcp helps manage GCP with idem.
What is POP?
This project is built with pop, a Python-based implementation of Plugin Oriented Programming (POP). POP seeks to bring together concepts and wisdom from the history of computing in new ways to solve modern computing problems.
For more information:
What is Idem?
This project is built with idem, an idempotent, imperatively executed, declarative programming language written in Python. This project extends idem!
For more information:
Getting Started
Prerequisites
Python 3.8+
git (if installing from source, or contributing to the project)
Idem
Installation
Install from PyPI
You can install idem-gcp from PyPI, a source repository, or a local directory.
Before you install idem-gcp, ensure that you are in the same directory as your pyproject.toml file. Optionally, you can specify the directory containing your pyproject.toml file by using the --directory=DIRECTORY (-C) option.
Install from PyPI
To install idem-gcp from PyPI, run the following command:
poetry add idem-gcpInstall from source
You can also install idem-gcp directly from the source repository:
poetry add git+https://gitlab.com/vmware/idem/idem-gcp.gitIf you don’t specify a branch, Poetry uses the latest commit on the master branch.
Install from a local directory
Clone the idem-gcp repository. Then run the following command to install from the cloned directory:
poetry add ~/path/to/idem-gcpSetup
After installation GCP Idem Provider execution and state modules will be accessible to the pop hub. In order to use them we need to set up our credentials.
Create a new file called credentials.yaml and populate it with your credential profiles.
To provide your GCP credentials in the file, use the “gcp” provider key. Under that key, add different profiles as needed. A profile specifies authentication parameters for GCP. The default profile will be automatically used by idem, but the other ones could be explicitly specified for each run or SLS file. This is done through the –acct-profile idem cli flag or the acct_profile SLS property.
There is currently one GCP authentication mechanism supported by idem-gcp - providing service account keys. The following example gives the overall structure of the authentication parameters’ expected format.
credentials.yaml
gcp:
default:
type: service_account
project_id: “<project>”
private_key_id: “<key_id>”
private_key: "-----BEGIN PRIVATE KEY-----\n<private_key>\n-----END PRIVATE KEY-----\n"
client_email: “<service_account_email>“
client_id: “<client_id>”
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: “<certificate_url>“
universe_domain: googleapis.com
<other_profile_name>:
...The values of these parameters can be obtained through the GCP console after creating a service account and generating a service account key in JSON format. Be sure to assign appropriate roles for the service account, such that it has the rights to access and manage the needed resources. For a better security posture, follow the principal of least privilege and do not use service accounts with excessive rights. For more information on the authentication parameters used, refer to the Credentials docs.
Encrypt the created credentials file:
acct encrypt credentials.yamlThe output of this command is the ACCT_KEY which needs to be securely stored. A credentials.yaml.fernet encrypted file is also created in the working directory, whose path should be used as ACCT_FILE. These could be given to idem either through environment variables or directly as idem run parameters.
Setting environment variables
export ACCT_KEY="<ACCT_KEY>"
export ACCT_FILE=$PWD/credentials.yaml.fernetProviding acct parameters to the idem run
idem <subcommand> --acct-key "<ACCT_KEY>" --acct-file "$PWD/credentials.yaml.fernet" --acct-profile "<profile_name>"Specifying account profile in SLS files
ensure_resource:
gcp.<service>.<resource>.present:
- acct_profile: <profile_name>
- name: resource_name
- kwarg1: val1For more information on the Idem ACCT authentication management subsystem, refer to the following resources:
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file idem_gcp-2.2.4.tar.gz.
File metadata
- Download URL: idem_gcp-2.2.4.tar.gz
- Upload date:
- Size: 191.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/41.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.5 tqdm/4.66.1 importlib-metadata/6.8.0 keyring/24.2.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.9.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0e5571aa73b8ec386e98ce281d88aa7a63831e8d0f34f2b9933a1ab8c8c3f868 |
|
| MD5 | 314deda1b31d51be47a5030914e51570 |
|
| BLAKE2b-256 | 1270a1d7730f3aa5f1d66898674b6d0021f2882b70fbe210f0ea34a0f027ca02 |
File details
Details for the file idem_gcp-2.2.4-py3-none-any.whl.
File metadata
- Download URL: idem_gcp-2.2.4-py3-none-any.whl
- Upload date:
- Size: 283.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/41.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.5 tqdm/4.66.1 importlib-metadata/6.8.0 keyring/24.2.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.9.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ebe7e9f3045f167d27a5cad1f40a076b3fcc8c0c42b8eb8b59d7b0c74324eaca |
|
| MD5 | 2bad42464d36f90273ec14ddd044e644 |
|
| BLAKE2b-256 | 84cea4844a821b5d51bf133b0c96b8ce5d3506b9aa0bad393d08648f9b77a877 |
