Skip to content

Commit

Permalink
Move our registry docs into docs/ (#2667)
Browse files Browse the repository at this point in the history
Guides are auto-generated, so they remain in the registry.

These are direct copy + paste from the registry docs. I have not changed
the prose.
  • Loading branch information
iwahbe authored Nov 20, 2024
1 parent 01ba4e4 commit 6a3ae79
Show file tree
Hide file tree
Showing 3 changed files with 216 additions and 1 deletion.
116 changes: 116 additions & 0 deletions docs/_index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
---
title: Google Cloud (GCP) Classic
meta_desc: Learn how to use Pulumi's GCP Provider to reduce the complexity of managing and provisioning GCP resources.
layout: package
---

The Google Cloud Platform (GCP) provider for Pulumi can provision many of the cloud resources available in [Google Cloud](https://cloud.google.com/).

The GCP provider must be configured with credentials to deploy and update resources in Google Cloud; see [Installation & Configuration](./installation-configuration) for instructions.

**New to Pulumi and Google Cloud?** [Get started with Google Cloud using our tutorial](/docs/get-started/gcp)


## Example

<!---
javascript removed
--->
{{< chooser language "typescript,python,go,csharp,java,yaml" >}}

{{% choosable language javascript %}}

```javascript
const gcp = require("@pulumi/gcp")

const bucket = new gcp.storage.Bucket("my-bucket");
```

{{% /choosable %}}
{{% choosable language typescript %}}

```typescript
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("my-bucket");
```

{{% /choosable %}}
{{% choosable language python %}}

```python
from pulumi_gcp import storage

bucket = storage.Bucket('my-bucket')
```

{{% /choosable %}}
{{% choosable language go %}}

```go
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
)

func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bucket, err := storage.NewBucket(ctx, "my-bucket", nil)
if err != nil {
return err
}

return nil
})
}
```

{{% /choosable %}}
{{% choosable language csharp %}}

```csharp
using Pulumi;
using Gcp = Pulumi.Gcp;

await Deployment.RunAsync(() =>
{
var bucket = new Gcp.Storage.Bucket("my-bucket");
});
```

{{% /choosable %}}

{{% choosable language java %}}

```java
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.gcp.storage.Bucket;

public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}

private static void stack(Context ctx) {
final var bucket = new Bucket("my-bucket");
ctx.export("bucketName", bucket.name());
}
}
```

{{% /choosable %}}

{{% choosable language yaml %}}

```yaml
resources:
my-bucket:
type: gcp:storage:Bucket
```
{{% /choosable %}}
{{< /chooser >}}
Visit the [How-to Guides](./how-to-guides) to find step-by-step guides for specific scenarios like creating a serverless application using Google Cloud Functions or setting up a Google Kubernetes Engine (GKE) cluster.
97 changes: 97 additions & 0 deletions docs/installation-configuration.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
---
title: Google Cloud (GCP) Classic Installation & Configuration
meta_desc: How to set up credentials to use the Pulumi GCP Provider and choose configuration options to tailor the provider to suit your use case.
layout: package
---

## Installation

The Google Cloud (GCP) Classic provider is available as a package in all Pulumi languages:

* JavaScript/TypeScript: [`@pulumi/gcp`](https://www.npmjs.com/package/@pulumi/gcp)
* Python: [`pulumi-gcp`](https://pypi.org/project/pulumi-gcp/)
* Go: [`github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp`](https://github.com/pulumi/pulumi-gcp)
* .NET: [`Pulumi.Gcp`](https://www.nuget.org/packages/Pulumi.Gcp)
* Java: [`com.pulumi.gcp`](https://search.maven.org/search?q=com.pulumi.gcp)

## Authentication Methods

To provision resources with the Pulumi Google Cloud Provider, you need to have Google credentials.

Pulumi can authenticate to Google Cloud via several methods:

- Google Cloud CLI
- OpenID Connect (OIDC)
- Service account

## Configuration

There are a few different ways you can configure your Google Cloud credentials to work with Pulumi.

### Authenticate using the CLI

{{% configure-gcp type="gcp" %}}

### Authenticate using a service account

If you are using Pulumi in a non-interactive setting (such as a CI/CD system) you will need to [configure and use a service account](/registry/packages/gcp/service-account) instead.

### Authenticate with dynamically generated credentials

In addition to configuring the GCP provider locally, you also have the option to centralize your configurations using [Pulumi ESC (Environments, Secrets, and Configuration)](/docs/pulumi-cloud/esc/). Using this service will enable you to run Pulumi CLI commands with dynamically generated credentials, removing the need to configure and manage your credentials locally.

To do this, you will need to complete the following steps:

#### Configure OIDC between Pulumi and GCP

Refer to the [Configuring OpenID Connect for GCP Guide](/docs/pulumi-cloud/oidc/gcp/) for the step-by-step process on how to do this. Once you have completed these steps, you can define and expose environment variables as shown below:

```yaml
values:
gcp:
login:
fn::open::gcp-login:
project: <your-project-id>
oidc:
workloadPoolId: <your-pool-id>
providerId: <your-provider-id>
serviceAccount: <your-service-account>
environmentVariables:
GOOGLE_OAUTH_ACCESS_TOKEN: ${gcp.login.accessToken}
GOOGLE_PROJECT: ${gcp.login.project}
GOOGLE_REGION: <your-region>
GOOGLE_ZONE: <your-zone>
```
#### Import your environment
The last step is to update your project's stack settings file (`Pulumi.<stack-name>.yaml`) to import your ESC environment as shown below:

```yaml
environment:
- <your-environment-name>
```

Make sure to replace `<your-environment-name>` with the name of the ESC environment you created in the previous steps.

You can test that your configuration is working by running the `pulumi preview` command. This will validate that your GCP resources can be deployed using the dynamically generated credentials in your environment file.

{{< notes type="info" >}}
Make sure that your local environment does not have GCP credentials configured before running this command. You can logout by running the `gcloud auth revoke` command.
{{< /notes >}}

To learn more about projecting environment variables in Pulumi ESC, refer to the [relevant Pulumi ESC documentation](/docs/pulumi-cloud/esc/environments/#projecting-environment-variables).

## Configuration options

Use `pulumi config set gcp:<option>` or pass options to the [constructor of `new gcp.Provider`](/registry/packages/gcp/api-docs/provider).

| Option | Required? |Description |
| - | - | - |
| `project` | Required | The ID of the project to apply any resources to. This can also be specified using any of the following environment variables (listed in order of precedence): `GOOGLE_PROJECT`, `GOOGLE_CLOUD_PROJECT`, `GCLOUD_PROJECT`, `CLOUDSDK_CORE_PROJECT`. |
| `region` | Optional | The region to operate under, if not specified by a given resource. This can also be specified using any of the following environment variables (listed in order of precedence): `GOOGLE_REGION`, `GCLOUD_REGION`, `CLOUDSDK_COMPUTE_REGION`. |
| `zone` | Optional | The zone to operate under, if not specified by a given resource. This can also be specified using any of the following environment variables (listed in order of precedence): `GOOGLE_ZONE`, `GCLOUD_ZONE`, `CLOUDSDK_COMPUTE_ZONE`. |
| `credentials` | Optional | Contents of a file (or path to a file) that contains your [service account private key in JSON format](/registry/packages/gcp/service-account). Credentials can also be specified using any of the following environment variables (listed in order of precedence): `GOOGLE_APPLICATION_CREDENTIALS`, `GOOGLE_CLOUD_KEYFILE_JSON`, `GCLOUD_KEYFILE_JSON`. If no credentials are specified, the provider will fall back to using the Google Application Default Credentials. If you are running Pulumi from a GCE instance, see [Creating and Enabling Service Accounts for Instances](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances) for details. |
| `accessToken` | Optional | A temporary OAuth 2.0 access token obtained from the Google Authorization server, i.e. the `Authorization: Bearer` token used to authenticate HTTP requests to GCP APIs. Alternative to `credentials`. Ignores the `scopes` field. |
| `scopes` | Optional | List of OAuth 2.0 [scopes](https://developers.google.com/identity/protocols/oauth2/scopes) requested when generating an access token using the service account key specified in `credentials`. Defaults: `https://www.googleapis.com/auth/cloud-platform` and `https://www.googleapis.com/auth/userinfo.email` |
| `impersonateServiceAccount` | Optional | Setting to impersonate a [Google service account](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct) If you authenticate as a service account, Google Cloud derives your quota project and permissions from that service account rather than your primary authentication method. A valid primary authentication mechanism must be provided for the impersonation call, and your primary identity must have the `roles/iam.serviceAccountTokenCreator` role on the service account you are impersonating. This can also be specified by setting the `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` environment variable. |
4 changes: 3 additions & 1 deletion provider/provider_yaml_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,12 @@ func TestComputeFirewallUpgrade(t *testing.T) {
}

func TestCloudFunctionUpgrade(t *testing.T) {
t.Skipf("TODO[https://github.com/pulumi/pulumi-gcp/issues/2670]: Flaky")
testUpgrade(t, "test-programs/cloudfunctions-function")
}

func TestNetworkUpgrade(t *testing.T) {
t.Skipf("Flakey: see https://github.com/pulumi/pulumi-gcp/issues/1655 for details")
t.Skipf("TODO[https://github.com/pulumi/pulumi-gcp/issues/1655]: Flaky")
testUpgrade(t, "test-programs/network")
}

Expand Down Expand Up @@ -114,6 +115,7 @@ func TestIamMember(t *testing.T) {
}

func TestLogSink(t *testing.T) {
t.Skipf("TODO[https://github.com/pulumi/pulumi-gcp/issues/2671]: Flaky")
skipIfNotCI(t)
// ServiceAccount requires 7.0
testUpgrade(t, "test-programs/logsink",
Expand Down

0 comments on commit 6a3ae79

Please sign in to comment.