Skip to main content

GCP Cloud Provider for Idem

Project description

Made with pop, a Python implementation of Plugin Oriented Programming Made with idem, a Python implementation of Plugin Oriented Programming Documentation is published with Sphinx on docs.idemproject.io Made with Python

GCP Cloud Provider for Idem.

About

idem-gcp helps manage GCP with idem.

What is POP?

This project is built with pop, a Python-based implementation of Plugin Oriented Programming (POP). POP seeks to bring together concepts and wisdom from the history of computing in new ways to solve modern computing problems.

For more information:

What is Idem?

This project is built with idem, an idempotent, imperatively executed, declarative programming language written in Python. This project extends idem!

For more information:

Getting Started

Prerequisites

  • Python 3.8+

  • git (if installing from source, or contributing to the project)

Installation

If wanting to use idem-gcp, you can do so by either installing from PyPI or from source.

Install from PyPI

pip install idem-gcp

Install from source

Clone the idem_gcp repository.

git clone git@gitlab.com:vmware/idem/idem-gcp.git
cd idem_gcp

Create a virtual environment, and then activate it:

python3 -m venv venv
source venv/bin/activate

Install idem-gcp and other base requirements:

pip3 install -e .
pip3 install -r requirements/base.txt

Install the following packages in order to run the tests:

pip3 install -r requirements/py3.10/tests.txt

NOTE: Change py3.10 if needed with your Python version. There is support for py3.8, py3.9, py3.10 and py3.11.

Setup

After installation GCP Idem Provider execution and state modules will be accessible to the pop hub. In order to use them we need to set up our credentials.

Create a new file called credentials.yaml and populate it with your credential profiles.

To provide your GCP credentials in the file, use the “gcp” provider key. Under that key, add different profiles as needed. A profile specifies authentication parameters for GCP. The default profile will be automatically used by idem, but the other ones could be explicitly specified for each run or SLS file. This is done through the –acct-profile idem cli flag or the acct_profile SLS property.

There is currently one GCP authentication mechanism supported by idem-gcp - providing service account keys. The following example gives the overall structure of the authentication parameters’ expected format.

credentials.yaml

gcp:
  default:
    type: service_account
    project_id: “<project>”
    private_key_id: “<key_id>”
    private_key: |
      -----BEGIN PRIVATE KEY-----
      <private_key>
      ——END PRIVATE KEY-----
    client_email: “<service_account_email>“
    client_id: “<client_id>”
    auth_uri: https://accounts.google.com/o/oauth2/auth
    token_uri: https://oauth2.googleapis.com/token
    auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
    client_x509_cert_url: “<certificate_url>“
    universe_domain: googleapis.com
  <other_profile_name>:
    ...

The values of these parameters can be obtained through the GCP console after creating a service account and generating a service account key in JSON format. Be sure to assign appropriate roles for the service account, such that it has the rights to access and manage the needed resources. For a better security posture, follow the principal of least privilege and do not use service accounts with excessive rights. For more information on the authentication parameters used, refer to the Credentials docs.

Encrypt the created credentials file:

acct encrypt credentials.yaml

The output of this command is the ACCT_KEY which needs to be securely stored. A credentials.yaml.fernet encrypted file is also created in the working directory, whose path should be used as ACCT_FILE. These could be given to idem either through environment variables or directly as idem run parameters.

Setting environment variables

export ACCT_KEY="<ACCT_KEY>"
export ACCT_FILE=$PWD/credentials.yaml.fernet

Providing acct parameters to the idem run

idem <subcommand> --acct-key "<ACCT_KEY>" --acct-file "$PWD/credentials.yaml.fernet" --acct-profile "<profile_name>"

Specifying account profile in SLS files

ensure_resource:
  gcp.<service>.<resource>.present:
    - acct_profile: <profile_name>
    - name: resource_name
    - kwarg1: val1

For more information on the Idem ACCT authentication management subsystem, refer to the following resources:

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

idem_gcp-1.1.0.tar.gz (187.5 kB view details)

Uploaded Source

Built Distribution

idem_gcp-1.1.0-py3-none-any.whl (280.5 kB view details)

Uploaded Python 3

File details

Details for the file idem_gcp-1.1.0.tar.gz.

File metadata

  • Download URL: idem_gcp-1.1.0.tar.gz
  • Upload date:
  • Size: 187.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/37.3 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.3 tqdm/4.65.0 importlib-metadata/6.6.0 keyring/23.13.1 rfc3986/2.0.0 colorama/0.4.6 CPython/3.9.17

File hashes

Hashes for idem_gcp-1.1.0.tar.gz
Algorithm Hash digest
SHA256 fd8f120f746f5934588453401dc6bccf399886740253b489f497fde4131663d1
MD5 0d819906e12fe159a488ac5f96db37e2
BLAKE2b-256 8916023436a520dfbdb08a394e740d1d63c733dde7256753761769c4786c99b3

See more details on using hashes here.

File details

Details for the file idem_gcp-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: idem_gcp-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 280.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.9.6 readme-renderer/37.3 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.3 tqdm/4.65.0 importlib-metadata/6.6.0 keyring/23.13.1 rfc3986/2.0.0 colorama/0.4.6 CPython/3.9.17

File hashes

Hashes for idem_gcp-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fafb6121f284878350563ef14707880806c5369187ca56d394c793a4f93be6be
MD5 7dff78a639411f8a122696788cd87881
BLAKE2b-256 a8a5ab4aa91218ea6fc8d26119d9867849c7d78a8a03db8a4438c6f4a7e08a59

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page