GCP Cloud Provider for Idem
Project description
GCP Cloud Provider for Idem.
About
idem-gcp helps manage GCP with idem.
What is POP?
This project is built with pop, a Python-based implementation of Plugin Oriented Programming (POP). POP seeks to bring together concepts and wisdom from the history of computing in new ways to solve modern computing problems.
For more information:
What is Idem?
This project is built with idem, an idempotent, imperatively executed, declarative programming language written in Python. This project extends idem!
For more information:
Getting Started
Prerequisites
Python 3.8+
git (if installing from source, or contributing to the project)
Installation
If wanting to use idem-gcp, you can do so by either installing from PyPI or from source.
Install from PyPI
pip install idem-gcp
Install from source
Clone the idem_gcp repository.
git clone git@gitlab.com:vmware/idem/idem-gcp.git
cd idem_gcp
Create a virtual environment, and then activate it:
python3 -m venv venv
source venv/bin/activate
Install idem-gcp and other base requirements:
pip3 install -e .
pip3 install -r requirements/base.txt
Install the following packages in order to run the tests:
pip3 install -r requirements/py3.10/tests.txt
NOTE: Change py3.10 if needed with your Python version. There is support for py3.8, py3.9, py3.10 and py3.11.
Setup
After installation GCP Idem Provider execution and state modules will be accessible to the pop hub. In order to use them we need to set up our credentials.
Create a new file called credentials.yaml and populate it with your credential profiles.
To provide your GCP credentials in the file, use the “gcp” provider key. Under that key, add different profiles as needed. A profile specifies authentication parameters for GCP. The default profile will be automatically used by idem, but the other ones could be explicitly specified for each run or SLS file. This is done through the –acct-profile idem cli flag or the acct_profile SLS property.
There is currently one GCP authentication mechanism supported by idem-gcp - providing service account keys. The following example gives the overall structure of the authentication parameters’ expected format.
credentials.yaml
gcp:
default:
type: service_account
project_id: “<project>”
private_key_id: “<key_id>”
private_key: |
-----BEGIN PRIVATE KEY-----
<private_key>
——END PRIVATE KEY-----
client_email: “<service_account_email>“
client_id: “<client_id>”
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: “<certificate_url>“
universe_domain: googleapis.com
<other_profile_name>:
...
The values of these parameters can be obtained through the GCP console after creating a service account and generating a service account key in JSON format. Be sure to assign appropriate roles for the service account, such that it has the rights to access and manage the needed resources. For a better security posture, follow the principal of least privilege and do not use service accounts with excessive rights. For more information on the authentication parameters used, refer to the Credentials docs.
Encrypt the created credentials file:
acct encrypt credentials.yaml
The output of this command is the ACCT_KEY which needs to be securely stored. A credentials.yaml.fernet encrypted file is also created in the working directory, whose path should be used as ACCT_FILE. These could be given to idem either through environment variables or directly as idem run parameters.
Setting environment variables
export ACCT_KEY="<ACCT_KEY>"
export ACCT_FILE=$PWD/credentials.yaml.fernet
Providing acct parameters to the idem run
idem <subcommand> --acct-key "<ACCT_KEY>" --acct-file "$PWD/credentials.yaml.fernet" --acct-profile "<profile_name>"
Specifying account profile in SLS files
ensure_resource:
gcp.<service>.<resource>.present:
- acct_profile: <profile_name>
- name: resource_name
- kwarg1: val1
For more information on the Idem ACCT authentication management subsystem, refer to the following resources:
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file idem_gcp-1.1.0.tar.gz
.
File metadata
- Download URL: idem_gcp-1.1.0.tar.gz
- Upload date:
- Size: 187.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/37.3 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.3 tqdm/4.65.0 importlib-metadata/6.6.0 keyring/23.13.1 rfc3986/2.0.0 colorama/0.4.6 CPython/3.9.17
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | fd8f120f746f5934588453401dc6bccf399886740253b489f497fde4131663d1 |
|
MD5 | 0d819906e12fe159a488ac5f96db37e2 |
|
BLAKE2b-256 | 8916023436a520dfbdb08a394e740d1d63c733dde7256753761769c4786c99b3 |
File details
Details for the file idem_gcp-1.1.0-py3-none-any.whl
.
File metadata
- Download URL: idem_gcp-1.1.0-py3-none-any.whl
- Upload date:
- Size: 280.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/37.3 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.3 tqdm/4.65.0 importlib-metadata/6.6.0 keyring/23.13.1 rfc3986/2.0.0 colorama/0.4.6 CPython/3.9.17
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | fafb6121f284878350563ef14707880806c5369187ca56d394c793a4f93be6be |
|
MD5 | 7dff78a639411f8a122696788cd87881 |
|
BLAKE2b-256 | a8a5ab4aa91218ea6fc8d26119d9867849c7d78a8a03db8a4438c6f4a7e08a59 |