def execute(args): # Check this early on, as the deployment at the end would fail otherwise. if common.is_git_dirty(): print('Your checkout contains uncommitted changes. Cannot proceed.') sys.exit(1) """Create a new config directory and deployment.""" verifier = DomainVerifier(args.oauth_client_secrets_path) gcloud = common.Gcloud(args.project_id) enable_services(gcloud) # Get tag for domain verification. appspot_domain = 'https://' + args.project_id + '.appspot.com/' domain_verification_tag = verifier.get_domain_verification_tag(appspot_domain) blobs_bucket = project_bucket(args.project_id, 'blobs') deployment_bucket = project_bucket(args.project_id, 'deployment') bucket_replacements = ( ('test-blobs-bucket', blobs_bucket), ('test-deployment-bucket', deployment_bucket), ('test-bigquery-bucket', project_bucket(args.project_id, 'bigquery')), ('test-backup-bucket', project_bucket(args.project_id, 'backup')), ('test-coverage-bucket', project_bucket(args.project_id, 'coverage')), ('test-fuzzer-logs-bucket', project_bucket(args.project_id, 'fuzzer-logs')), ('test-corpus-bucket', project_bucket(args.project_id, 'corpus')), ('test-quarantine-bucket', project_bucket(args.project_id, 'quarantine')), ('test-shared-corpus-bucket', project_bucket(args.project_id, 'shared-corpus')), ('test-fuzz-logs-bucket', project_bucket(args.project_id, 'fuzz-logs')), ) # Write new configs. create_new_config(gcloud, args.project_id, args.new_config_dir, domain_verification_tag, bucket_replacements, args.gce_zone) prev_dir = os.getcwd() os.chdir(args.new_config_dir) # Deploy App Engine and finish verification of domain. os.chdir(prev_dir) deploy_appengine( gcloud, args.new_config_dir, appengine_region=args.appengine_region) verifier.verify(appspot_domain) # App Engine service account requires ownership to create GCS buckets. verifier.add_owner(appspot_domain, app_engine_service_account(args.project_id)) # Create buckets now that domain is verified. create_buckets(args.project_id, [bucket for _, bucket in bucket_replacements]) # Set CORS settings on the buckets. set_cors(args.new_config_dir, [blobs_bucket]) # Set deployment bucket for the cloud project. gcloud.run('compute', 'project-info', 'add-metadata', '--metadata=deployment-bucket=' + deployment_bucket) # Deploy source zips. deploy_zips(args.new_config_dir)
def _update_deployment_manager(project, name, path): """Update deployment manager settings.""" config_dir = environment.get_config_directory() config_path = os.path.join(config_dir, path) if not os.path.exists(config_path): return gcloud = common.Gcloud(project) try: gcloud.run( "deployment-manager", "deployments", "update", name, "--config=" + config_path, ) except common.GcloudError: # Create deployment if it does not exist. gcloud.run( "deployment-manager", "deployments", "create", name, "--config=" + config_path, )
def _update_deployment_manager(project, name, config_path): """Update deployment manager settings.""" if not os.path.exists(config_path): return gcloud = common.Gcloud(project) operation = 'update' try: gcloud.run('deployment-manager', 'deployments', 'describe', name) except common.GcloudError: # Does not exist. operation = 'create' for _ in range(DEPLOY_RETRIES + 1): try: gcloud.run('deployment-manager', 'deployments', operation, name, '--config=' + config_path) break except common.GcloudError: time.sleep(RETRY_WAIT_SECONDS)
def execute(args): """Create a new config directory and deployment.""" # Check this early on, as the deployment at the end would fail otherwise. if common.is_git_dirty(): print("Your checkout contains uncommitted changes. Cannot proceed.") sys.exit(1) verifier = DomainVerifier(args.oauth_client_secrets_path) gcloud = common.Gcloud(args.project_id) enable_services(gcloud) # Get tag for domain verification. appspot_domain = "https://" + args.project_id + ".appspot.com/" domain_verification_tag = verifier.get_domain_verification_tag( appspot_domain) blobs_bucket = project_bucket(args.project_id, "blobs") deployment_bucket = project_bucket(args.project_id, "deployment") bucket_replacements = ( ("test-blobs-bucket", blobs_bucket), ("test-deployment-bucket", deployment_bucket), ("test-bigquery-bucket", project_bucket(args.project_id, "bigquery")), ("test-backup-bucket", project_bucket(args.project_id, "backup")), ("test-coverage-bucket", project_bucket(args.project_id, "coverage")), ("test-fuzzer-logs-bucket", project_bucket(args.project_id, "fuzzer-logs")), ("test-corpus-bucket", project_bucket(args.project_id, "corpus")), ("test-quarantine-bucket", project_bucket(args.project_id, "quarantine")), ("test-shared-corpus-bucket", project_bucket(args.project_id, "shared-corpus")), ("test-fuzz-logs-bucket", project_bucket(args.project_id, "fuzz-logs")), ( "test-mutator-plugins-bucket", project_bucket(args.project_id, "mutator-plugins"), ), ) # Write new configs. create_new_config( gcloud, args.project_id, args.new_config_dir, domain_verification_tag, bucket_replacements, args.appengine_location, args.gce_zone, args.firebase_api_key, ) prev_dir = os.getcwd() os.chdir(args.new_config_dir) # Deploy App Engine and finish verification of domain. os.chdir(prev_dir) deploy_appengine(gcloud, args.new_config_dir, appengine_location=args.appengine_location) verifier.verify(appspot_domain) # App Engine service account requires: # - Domain ownership to create domain namespaced GCS buckets # - Datastore export permission for periodic backups. # - Service account signing permission for GCS uploads. service_account = app_engine_service_account(args.project_id) verifier.add_owner(appspot_domain, service_account) add_service_account_role(gcloud, args.project_id, service_account, "roles/datastore.importExportAdmin") add_service_account_role(gcloud, args.project_id, service_account, "roles/iam.serviceAccountTokenCreator") # Create buckets now that domain is verified. create_buckets(args.project_id, [bucket for _, bucket in bucket_replacements]) # Set CORS settings on the buckets. set_cors(args.new_config_dir, [blobs_bucket]) # Set deployment bucket for the cloud project. gcloud.run( "compute", "project-info", "add-metadata", "--metadata=deployment-bucket=" + deployment_bucket, ) # Deploy source zips. deploy_zips(args.new_config_dir)