========
idem-gcp
========
.. image:: https://img.shields.io/badge/made%20with-pop-teal
:alt: Made with pop, a Python implementation of Plugin Oriented Programming
:target: https://pop.readthedocs.io/
.. image:: https://img.shields.io/badge/made%20with-idem-teal
:alt: Made with idem, a Python implementation of Plugin Oriented Programming
:target: https://www.idemproject.io/
.. image:: https://img.shields.io/badge/docs%20on-docs.idemproject.io-blue
:alt: Documentation is published with Sphinx on docs.idemproject.io
:target: https://docs.idemproject.io/idem-gcp/en/latest/index.html
.. image:: https://img.shields.io/badge/made%20with-python-yellow
:alt: Made with Python
:target: https://www.python.org/
GCP Cloud Provider for Idem.
About
=====
``idem-gcp`` helps manage GCP with ``idem``.
* `idem-gcp source code <https://gitlab.com/vmware/idem/idem-gcp>`__
* `idem-gcp documentation <https://docs.idemproject.io/idem-gcp/en/latest/index.html>`__
What is POP?
------------
This project is built with `pop <https://pop.readthedocs.io/>`__, a Python-based
implementation of *Plugin Oriented Programming (POP)*. POP seeks to bring
together concepts and wisdom from the history of computing in new ways to solve
modern computing problems.
For more information:
* `Intro to Plugin Oriented Programming (POP) <https://pop-book.readthedocs.io/en/latest/>`__
* `pop-awesome <https://gitlab.com/saltstack/pop/pop-awesome>`__
* `pop-create <https://gitlab.com/saltstack/pop/pop-create/>`__
What is Idem?
-------------
This project is built with `idem <https://www.idemproject.io/>`__, an idempotent,
imperatively executed, declarative programming language written in Python. This project extends
idem!
For more information:
* `Idem Project Website <https://www.idemproject.io/>`__
* `Idem Project docs portal <https://docs.idemproject.io/>`__
Getting Started
===============
Prerequisites
-------------
* Python 3.8+
* git *(if installing from source, or contributing to the project)*
* Idem
.. note::
It is recommended that you install Idem using Poetry. Poetry is a tool for virtual environment and dependency management. See the `Idem Getting Started guide <https://docs.idemproject.io/getting-started/en/latest/topics/gettingstarted/installing.html>`_ for more information.
Installation
------------
Install from PyPI
+++++++++++++++++
You can install ``idem-gcp`` from PyPI, a source repository, or a local directory.
Before you install ``idem-gcp``, ensure that you are in the same directory as your ``pyproject.toml`` file. Optionally, you can specify the directory containing your ``pyproject.toml`` file by using the ``--directory=DIRECTORY (-C)`` option.
Install from PyPI
+++++++++++++++++
To install ``idem-gcp`` from PyPI, run the following command:
.. code-block:: bash
poetry add idem-gcp
Install from source
+++++++++++++++++++
You can also install ``idem-gcp`` directly from the source repository:
.. code-block:: bash
poetry add git+https://gitlab.com/vmware/idem/idem-gcp.git
If you don't specify a branch, Poetry uses the latest commit on the ``master`` branch.
Install from a local directory
++++++++++++++++++++++++++++++
Clone the ``idem-gcp`` repository. Then run the following command to install from the cloned directory:
.. code-block:: bash
poetry add ~/path/to/idem-gcp
Setup
=====
After installation GCP Idem Provider execution and state modules will be accessible to the pop `hub`.
In order to use them we need to set up our credentials.
Create a new file called `credentials.yaml` and populate it with your credential profiles.
To provide your GCP credentials in the file, use the "gcp" provider key.
Under that key, add different profiles as needed.
A profile specifies authentication parameters for GCP.
The `default` profile will be automatically used by `idem`,
but the other ones could be explicitly specified for each run or SLS file.
This is done through the `--acct-profile` `idem` cli flag or the
`acct_profile` SLS property.
There is currently one GCP authentication mechanism supported by idem-gcp -
providing service account keys.
The following example gives the overall structure of the authentication
parameters' expected format.
credentials.yaml
.. code:: sls
gcp:
default:
type: service_account
project_id: “<project>”
private_key_id: “<key_id>”
private_key: "-----BEGIN PRIVATE KEY-----\n<private_key>\n-----END PRIVATE KEY-----\n"
client_email: “<service_account_email>“
client_id: “<client_id>”
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: “<certificate_url>“
universe_domain: googleapis.com
<other_profile_name>:
...
The values of these parameters can be obtained through the GCP console after creating a service account and generating a service account key in JSON format.
Be sure to assign appropriate roles for the service account, such that it has the rights to access and manage the needed resources.
For a better security posture, follow the principal of least privilege and do not use service accounts with excessive rights.
For more information on the authentication parameters used, refer to the `Credentials <https://google-auth.readthedocs.io/en/master/reference/google.oauth2.service_account.html#google.oauth2.service_account.Credentials>`_ docs.
Encrypt the created credentials file:
.. code:: bash
acct encrypt credentials.yaml
The output of this command is the ACCT_KEY which needs to be securely stored.
A `credentials.yaml.fernet` encrypted file is also created in the working directory, whose path should be used as ACCT_FILE.
These could be given to idem either through environment variables or directly as `idem` run parameters.
Setting environment variables
-----------------------------
.. code:: bash
export ACCT_KEY="<ACCT_KEY>"
export ACCT_FILE=$PWD/credentials.yaml.fernet
Providing acct parameters to the idem run
-----------------------------------------
.. code:: bash
idem <subcommand> --acct-key "<ACCT_KEY>" --acct-file "$PWD/credentials.yaml.fernet" --acct-profile "<profile_name>"
Specifying account profile in SLS files
---------------------------------------
.. code:: sls
ensure_resource:
gcp.<service>.<resource>.present:
- acct_profile: <profile_name>
- name: resource_name
- kwarg1: val1
For more information on the Idem ACCT authentication management subsystem, refer to the following resources:
* `Account credentials file doc <https://docs.idemproject.io/idem/en/latest/topics/tutorials/acct_file.html>`_
* `Multiple Account Management <https://docs.idemproject.io/idem/en/latest/topics/tutorials/acct.html>`_
* `ACCT advanced features <https://docs.idemproject.io/idem/en/latest/topics/sls_acct.html>`_
Raw data
{
"_id": null,
"home_page": "https://gitlab.com/vmware/idem/idem-gcp",
"name": "idem-gcp",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "",
"keywords": "",
"author": "VMware, Inc.",
"author_email": "idemproject@vmware.com",
"download_url": "https://files.pythonhosted.org/packages/12/70/a1d7730f3aa5f1d66898674b6d0021f2882b70fbe210f0ea34a0f027ca02/idem_gcp-2.2.4.tar.gz",
"platform": null,
"description": "========\nidem-gcp\n========\n\n.. image:: https://img.shields.io/badge/made%20with-pop-teal\n :alt: Made with pop, a Python implementation of Plugin Oriented Programming\n :target: https://pop.readthedocs.io/\n\n.. image:: https://img.shields.io/badge/made%20with-idem-teal\n :alt: Made with idem, a Python implementation of Plugin Oriented Programming\n :target: https://www.idemproject.io/\n\n.. image:: https://img.shields.io/badge/docs%20on-docs.idemproject.io-blue\n :alt: Documentation is published with Sphinx on docs.idemproject.io\n :target: https://docs.idemproject.io/idem-gcp/en/latest/index.html\n\n.. image:: https://img.shields.io/badge/made%20with-python-yellow\n :alt: Made with Python\n :target: https://www.python.org/\n\nGCP Cloud Provider for Idem.\n\nAbout\n=====\n\n``idem-gcp`` helps manage GCP with ``idem``.\n\n* `idem-gcp source code <https://gitlab.com/vmware/idem/idem-gcp>`__\n* `idem-gcp documentation <https://docs.idemproject.io/idem-gcp/en/latest/index.html>`__\n\nWhat is POP?\n------------\n\nThis project is built with `pop <https://pop.readthedocs.io/>`__, a Python-based\nimplementation of *Plugin Oriented Programming (POP)*. POP seeks to bring\ntogether concepts and wisdom from the history of computing in new ways to solve\nmodern computing problems.\n\nFor more information:\n\n* `Intro to Plugin Oriented Programming (POP) <https://pop-book.readthedocs.io/en/latest/>`__\n* `pop-awesome <https://gitlab.com/saltstack/pop/pop-awesome>`__\n* `pop-create <https://gitlab.com/saltstack/pop/pop-create/>`__\n\nWhat is Idem?\n-------------\n\nThis project is built with `idem <https://www.idemproject.io/>`__, an idempotent,\nimperatively executed, declarative programming language written in Python. This project extends\nidem!\n\nFor more information:\n\n* `Idem Project Website <https://www.idemproject.io/>`__\n* `Idem Project docs portal <https://docs.idemproject.io/>`__\n\nGetting Started\n===============\n\nPrerequisites\n-------------\n\n* Python 3.8+\n* git *(if installing from source, or contributing to the project)*\n* Idem\n\n.. note::\n It is recommended that you install Idem using Poetry. Poetry is a tool for virtual environment and dependency management. See the `Idem Getting Started guide <https://docs.idemproject.io/getting-started/en/latest/topics/gettingstarted/installing.html>`_ for more information.\n\nInstallation\n------------\n\nInstall from PyPI\n+++++++++++++++++\nYou can install ``idem-gcp`` from PyPI, a source repository, or a local directory.\n\nBefore you install ``idem-gcp``, ensure that you are in the same directory as your ``pyproject.toml`` file. Optionally, you can specify the directory containing your ``pyproject.toml`` file by using the ``--directory=DIRECTORY (-C)`` option.\n\nInstall from PyPI\n+++++++++++++++++\n\nTo install ``idem-gcp`` from PyPI, run the following command:\n\n.. code-block:: bash\n\n poetry add idem-gcp\n\nInstall from source\n+++++++++++++++++++\n\nYou can also install ``idem-gcp`` directly from the source repository:\n\n.. code-block:: bash\n\n poetry add git+https://gitlab.com/vmware/idem/idem-gcp.git\n\nIf you don't specify a branch, Poetry uses the latest commit on the ``master`` branch.\n\nInstall from a local directory\n++++++++++++++++++++++++++++++\n\nClone the ``idem-gcp`` repository. Then run the following command to install from the cloned directory:\n\n.. code-block:: bash\n\n poetry add ~/path/to/idem-gcp\n\nSetup\n=====\n\nAfter installation GCP Idem Provider execution and state modules will be accessible to the pop `hub`.\nIn order to use them we need to set up our credentials.\n\nCreate a new file called `credentials.yaml` and populate it with your credential profiles.\n\nTo provide your GCP credentials in the file, use the \"gcp\" provider key.\nUnder that key, add different profiles as needed.\nA profile specifies authentication parameters for GCP.\nThe `default` profile will be automatically used by `idem`,\nbut the other ones could be explicitly specified for each run or SLS file.\nThis is done through the `--acct-profile` `idem` cli flag or the\n`acct_profile` SLS property.\n\nThere is currently one GCP authentication mechanism supported by idem-gcp -\nproviding service account keys.\nThe following example gives the overall structure of the authentication\nparameters' expected format.\n\ncredentials.yaml\n\n.. code:: sls\n\n gcp:\n default:\n type: service_account\n project_id: \u201c<project>\u201d\n private_key_id: \u201c<key_id>\u201d\n private_key: \"-----BEGIN PRIVATE KEY-----\\n<private_key>\\n-----END PRIVATE KEY-----\\n\"\n client_email: \u201c<service_account_email>\u201c\n client_id: \u201c<client_id>\u201d\n auth_uri: https://accounts.google.com/o/oauth2/auth\n token_uri: https://oauth2.googleapis.com/token\n auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs\n client_x509_cert_url: \u201c<certificate_url>\u201c\n universe_domain: googleapis.com\n <other_profile_name>:\n ...\n\nThe values of these parameters can be obtained through the GCP console after creating a service account and generating a service account key in JSON format.\nBe sure to assign appropriate roles for the service account, such that it has the rights to access and manage the needed resources.\nFor a better security posture, follow the principal of least privilege and do not use service accounts with excessive rights.\nFor more information on the authentication parameters used, refer to the `Credentials <https://google-auth.readthedocs.io/en/master/reference/google.oauth2.service_account.html#google.oauth2.service_account.Credentials>`_ docs.\n\nEncrypt the created credentials file:\n\n\n.. code:: bash\n\n acct encrypt credentials.yaml\n\n\nThe output of this command is the ACCT_KEY which needs to be securely stored.\nA `credentials.yaml.fernet` encrypted file is also created in the working directory, whose path should be used as ACCT_FILE.\nThese could be given to idem either through environment variables or directly as `idem` run parameters.\n\nSetting environment variables\n-----------------------------\n\n.. code:: bash\n\n export ACCT_KEY=\"<ACCT_KEY>\"\n export ACCT_FILE=$PWD/credentials.yaml.fernet\n\nProviding acct parameters to the idem run\n-----------------------------------------\n\n.. code:: bash\n\n idem <subcommand> --acct-key \"<ACCT_KEY>\" --acct-file \"$PWD/credentials.yaml.fernet\" --acct-profile \"<profile_name>\"\n\nSpecifying account profile in SLS files\n---------------------------------------\n\n.. code:: sls\n\n ensure_resource:\n gcp.<service>.<resource>.present:\n - acct_profile: <profile_name>\n - name: resource_name\n - kwarg1: val1\n\n\nFor more information on the Idem ACCT authentication management subsystem, refer to the following resources:\n\n* `Account credentials file doc <https://docs.idemproject.io/idem/en/latest/topics/tutorials/acct_file.html>`_\n* `Multiple Account Management <https://docs.idemproject.io/idem/en/latest/topics/tutorials/acct.html>`_\n* `ACCT advanced features <https://docs.idemproject.io/idem/en/latest/topics/sls_acct.html>`_\n",
"bugtrack_url": null,
"license": "Apache Software License 2.0",
"summary": "GCP Cloud Provider for Idem",
"version": "2.2.4",
"project_urls": {
"Code": "https://gitlab.com/vmware/idem/idem-gcp",
"Homepage": "https://gitlab.com/vmware/idem/idem-gcp",
"Issue tracker": "https://gitlab.com/vmware/idem/idem-gcp/-/issues"
},
"split_keywords": [],
"urls": [
{
"comment_text": "pypi",
"digests": {
"blake2b_256": "84cea4844a821b5d51bf133b0c96b8ce5d3506b9aa0bad393d08648f9b77a877",
"md5": "2bad42464d36f90273ec14ddd044e644",
"sha256": "ebe7e9f3045f167d27a5cad1f40a076b3fcc8c0c42b8eb8b59d7b0c74324eaca"
},
"downloads": -1,
"filename": "idem_gcp-2.2.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "2bad42464d36f90273ec14ddd044e644",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 283834,
"upload_time": "2023-12-18T13:27:14",
"upload_time_iso_8601": "2023-12-18T13:27:14.119849Z",
"url": "https://files.pythonhosted.org/packages/84/ce/a4844a821b5d51bf133b0c96b8ce5d3506b9aa0bad393d08648f9b77a877/idem_gcp-2.2.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "pypi",
"digests": {
"blake2b_256": "1270a1d7730f3aa5f1d66898674b6d0021f2882b70fbe210f0ea34a0f027ca02",
"md5": "314deda1b31d51be47a5030914e51570",
"sha256": "0e5571aa73b8ec386e98ce281d88aa7a63831e8d0f34f2b9933a1ab8c8c3f868"
},
"downloads": -1,
"filename": "idem_gcp-2.2.4.tar.gz",
"has_sig": false,
"md5_digest": "314deda1b31d51be47a5030914e51570",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 191105,
"upload_time": "2023-12-18T13:27:17",
"upload_time_iso_8601": "2023-12-18T13:27:17.376943Z",
"url": "https://files.pythonhosted.org/packages/12/70/a1d7730f3aa5f1d66898674b6d0021f2882b70fbe210f0ea34a0f027ca02/idem_gcp-2.2.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-12-18 13:27:17",
"github": false,
"gitlab": true,
"bitbucket": false,
"codeberg": false,
"gitlab_user": "vmware",
"gitlab_project": "idem",
"lcname": "idem-gcp"
}
JSON