Module: Google::Cloud::ResourceManager

Defined in:
lib/google/cloud/resource_manager.rb,
lib/google/cloud/resource_manager/policy.rb,
lib/google/cloud/resource_manager/manager.rb,
lib/google/cloud/resource_manager/project.rb,
lib/google/cloud/resource_manager/service.rb,
lib/google/cloud/resource_manager/version.rb,
lib/google/cloud/resource_manager/credentials.rb,
lib/google/cloud/resource_manager/project/list.rb,
lib/google/cloud/resource_manager/project/updater.rb

Overview

Google Cloud Resource Manager

The Resource Manager API provides methods that you can use to programmatically manage your projects in the Google Cloud Platform. You may be familiar with managing projects in the Developers Console. With this API you can do the following:

  • Get a list of all projects associated with an account
  • Create new projects
  • Update existing projects
  • Delete projects
  • Undelete, or recover, projects that you don't want to delete

Authentication

The Resource Manager API currently requires authentication of a User Account, and cannot currently be accessed with a Service Account. To use a User Account install the Google Cloud SDK and authenticate with the following:

$ gcloud auth login

Also make sure all GCLOUD environment variables are cleared of any service accounts. Then google-cloud will be able to detect the user authentication and connect with those credentials.

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new

Enabling Logging

To enable logging for this library, set the logger for the underlying Google API Client library. The logger that you set may be a Ruby stdlib Logger as shown below, or a Google::Cloud::Logging::Logger that will write logs to Stackdriver Logging.

If you do not set the logger explicitly and your application is running in a Rails environment, it will default to Rails.logger. Otherwise, if you do not set the logger and you are not using Rails, logging is disabled by default.

Configuring a Ruby stdlib logger:

require "logger"

my_logger = Logger.new $stderr
my_logger.level = Logger::WARN

# Set the Google API Client logger
Google::Apis.logger = my_logger

Listing Projects

Project is a collection of settings, credentials, and metadata about the application or applications you're working on. You can retrieve and inspect all projects that you have permissions to. (See Manager#projects)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.projects.each do |project|
  puts projects.project_id
end

Managing Projects with Labels

Labels can be added to or removed from projects. (See Project#labels)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"
# Label the project as production
project.update do |p|
  p.labels["env"] = "production"
end

Projects can then be filtered by labels. (See Manager#projects)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
# Find only the productions projects
projects = resource_manager.projects filter: "labels.env:production"
projects.each do |project|
  puts project.project_id
end

Creating a Project

You can also use the API to create new projects. (See Manager#create_project)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.create_project "tokyo-rain-123",
                                          name: "Todos Development",
                                          labels: {env: :development}

Deleting a Project

You can delete projects when they are no longer needed. (See Manager#delete and Project#delete)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.delete "tokyo-rain-123"

Undeleting a Project

You can also restore a deleted project within the waiting period that starts when the project was deleted. Restoring a project returns it to the state it was in prior to being deleted. (See Manager#undelete and Project#undelete)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.undelete "tokyo-rain-123"

Configuring retries and timeout

You can configure how many times API requests may be automatically retried. When an API request fails, the response will be inspected to see if the request meets criteria indicating that it may succeed on retry, such as 500 and 503 status codes or a specific internal error code such as rateLimitExceeded. If it meets the criteria, the request will be retried after a delay. If another error occurs, the delay will be increased before a subsequent attempt, until the retries limit is reached.

You can also set the request timeout value in seconds.

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new retries: 10,
                                                      timeout: 120

See the Resource Manager error messages for a list of error conditions.

Managing IAM Policies

Google Cloud Identity and Access Management (Cloud IAM) access control policies can be managed on projects. These policies allow project owners to manage who (identity) has access to what (role). See Cloud IAM Overview for more information.

A project's access control policy can be retrieved. (See Project#policy and Policy.)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"
policy = project.policy

A project's access control policy can also be updated:

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"

policy = project.policy do |p|
  p.add "roles/viewer", "serviceAccount:your-service-account"
end

And permissions can be tested on a project. (See Project#test_permissions)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"
perms = project.test_permissions "resourcemanager.projects.get",
                                 "resourcemanager.projects.delete"
perms.include? "resourcemanager.projects.get"    #=> true
perms.include? "resourcemanager.projects.delete" #=> false

For more information about using access control policies see Managing Policies.

Defined Under Namespace

Classes: Credentials, Manager, Policy, Project

Constant Summary collapse

VERSION = 
"0.30.0".freeze

Class Method Summary collapse

Class Method Details

.configure {|Google::Cloud.configure.resource_manager| ... } ⇒ Google::Cloud::Config

Configure the Google Cloud Resource Manager library.

The following Resource Manager configuration parameters are supported:

  • credentials - (String, Hash, Google::Auth::Credentials) The path to the keyfile as a String, the contents of the keyfile as a Hash, or a Google::Auth::Credentials object. (See Credentials) (The parameter keyfile is also available but deprecated.)
  • scope - (String, Array) The OAuth 2.0 scopes controlling the set of resources and operations that the connection can access.
  • retries - (Integer) Number of times to retry requests on server error.
  • timeout - (Integer) Default timeout to use in requests.

Yields:

Returns:

  • (Google::Cloud::Config)

    The configuration object the Google::Cloud::ResourceManager library uses.



325
326
327
328
329
 
# File 'lib/google/cloud/resource_manager.rb', line 325

def self.configure
  yield Google::Cloud.configure.resource_manager if block_given?

  Google::Cloud.configure.resource_manager
end

.new(credentials: nil, scope: nil, retries: nil, timeout: nil, keyfile: nil) ⇒ Google::Cloud::ResourceManager::Manager

Creates a new Project instance connected to the Resource Manager service. Each call creates a new connection.

For more information on connecting to Google Cloud see the Authentication Guide.

Examples:

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.projects.each do |project|
  puts projects.project_id
end

Parameters:

  • credentials (String, Hash, Google::Auth::Credentials)

    The path to the keyfile as a String, the contents of the keyfile as a Hash, or a Google::Auth::Credentials object. (See Credentials)

  • scope (String, Array<String>)

    The OAuth 2.0 scopes controlling the set of resources and operations that the connection can access. See Using OAuth 2.0 to Access Google APIs.

    The default scope is:

    • https://www.googleapis.com/auth/cloud-platform
  • retries (Integer)

    Number of times to retry requests on server error. The default value is 3. Optional.

  • timeout (Integer)

    Default timeout to use in requests. Optional.

  • keyfile (String)

    Alias for the credentials argument. Deprecated.

Returns:



288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
 
# File 'lib/google/cloud/resource_manager.rb', line 288

def self.new credentials: nil, scope: nil, retries: nil, timeout: nil,
             keyfile: nil
  scope ||= configure.scope
  retries ||= configure.retries
  timeout ||= configure.timeout
  credentials ||= keyfile
  credentials ||= default_credentials(scope: scope)
  unless credentials.is_a? Google::Auth::Credentials
    credentials = ResourceManager::Credentials.new credentials,
                                                   scope: scope
  end

  ResourceManager::Manager.new(
    ResourceManager::Service.new(
      credentials, retries: retries, timeout: timeout
    )
  )
end