def DeployProjectResources(config):
"""Deploys resources into the new data project."""
logging.info('Deploying Project resources...')
setup_account = utils.GetGcloudUser()
has_organization = bool(config.overall.get('organization_id'))
project_id = config.project['project_id']
dm_service_account = utils.GetDeploymentManagerServiceAccount(project_id)
# Build a deployment config for the data_project.py deployment manager
# template.
# Shallow copy is sufficient for this script.
properties = config.project.copy()
# Remove the current user as an owner of the project if project is part of an
# organization.
properties['has_organization'] = has_organization
if has_organization:
properties['remove_owner_user'] = setup_account
# Change audit_logs to either local_audit_logs or remote_audit_logs in the
# deployment manager template properties.
audit_logs = properties.pop('audit_logs')
if config.audit_logs_project:
properties['remote_audit_logs'] = {
'audit_logs_project_id':
config.audit_logs_project['project_id'],
'logs_bigquery_dataset_id':
audit_logs['logs_bigquery_dataset']['name'],
}
# Logs GCS bucket is not required for projects without data GCS buckets.
if 'logs_gcs_bucket' in audit_logs:
properties['remote_audit_logs']['logs_gcs_bucket_name'] = (
audit_logs['logs_gcs_bucket']['name'])
else:
properties['local_audit_logs'] = audit_logs
dm_template_dict = {
'imports': [{
'path': 'data_project.py'
}],
'resources': [{
'type': 'data_project.py',
'name': 'data_project_deployment',
'properties': properties,
}]
}
# Create the deployment.
utils.CreateNewDeployment(dm_template_dict, 'data-project-deployment',
project_id)
# Remove Owners role from the DM service account.
utils.RunGcloudCommand([
'projects', 'remove-iam-policy-binding', project_id, '--member',
dm_service_account, '--role', 'roles/owner'
],
project_id=None)
def DeployProjectResources(config):
"""Deploys resources into the new data project."""
logging.info('Deploying Data Project resources...')
setup_account = utils.GetGcloudUser()
has_organization = bool(config.get('organization_id'))
project_id = config['project_config']['project_id']
dm_service_account = utils.GetDeploymentManagerServiceAccount(project_id)
# Build a deployment config for the data_project.py deployment manager
# template.
# Shallow copy is sufficient for this script.
properties = config['project_config'].copy()
# Remove the current user as an owner of the project if project is part of an
# organization.
properties['has_organization'] = has_organization
if has_organization:
properties['remove_owner_user'] = setup_account
# If using remote_audit_logs, set properties for the data project.
remote_audit_logs = config.get('remote_audit_logs')
if remote_audit_logs:
properties['remote_audit_logs'] = {
'audit_logs_project_id':
remote_audit_logs['audit_logs_project_id'],
'logs_gcs_bucket_name':
remote_audit_logs['logs_gcs_bucket']['name'],
'logs_bigquery_dataset_id':
(remote_audit_logs['logs_bigquery_dataset']['name']),
}
dm_template_dict = {
'imports': [{
'path': 'data_project.py'
}],
'resources': [{
'type': 'data_project.py',
'name': 'data_project_deployment',
'properties': properties,
}]
}
# Create the deployment.
utils.CreateNewDeployment(dm_template_dict, 'data-project-deployment',
project_id)
# Remove Owners role from the DM service account.
utils.RunGcloudCommand([
'projects', 'remove-iam-policy-binding', project_id, '--member',
dm_service_account, '--role', 'roles/owner'
],
project_id=None)
def EnableDeploymentManager(config):
"""Enables Deployment manager, with role/owners for its service account."""
logging.info('Setting up Deployment Manager...')
project_id = config['project_config']['project_id']
# Enabled Deployment Manger and Cloud Resource Manager for this project.
utils.RunGcloudCommand([
'services', 'enable', 'deploymentmanager',
'cloudresourcemanager.googleapis.com'
], project_id)
# Grant deployment manager service account (temporary) owners access.
dm_service_account = utils.GetDeploymentManagerServiceAccount(project_id)
utils.RunGcloudCommand([
'projects', 'add-iam-policy-binding', project_id, '--member',
dm_service_account, '--role', 'roles/owner'
],
project_id=None)