def deploy_project_resources(config): """Deploys resources into the new data project.""" logging.info('Deploying Project resources...') setup_account = utils.get_gcloud_user() has_organization = bool(config.overall.get('organization_id')) project_id = config.project['project_id'] dm_service_account = utils.get_deployment_manager_service_account( project_id) # Build a deployment config for the data_project.py deployment manager # template. # Shallow copy is sufficient for this script. properties = config.project.copy() # Remove the current user as an owner of the project if project is part of an # organization. properties['has_organization'] = has_organization if has_organization: properties['remove_owner_user'] = setup_account # Change audit_logs to either local_audit_logs or remote_audit_logs in the # deployment manager template properties. audit_logs = properties.pop('audit_logs') if config.audit_logs_project: properties['remote_audit_logs'] = { 'audit_logs_project_id': config.audit_logs_project['project_id'], 'logs_bigquery_dataset_id': audit_logs['logs_bigquery_dataset']['name'], } # Logs GCS bucket is not required for projects without data GCS buckets. if 'logs_gcs_bucket' in audit_logs: properties['remote_audit_logs']['logs_gcs_bucket_name'] = ( audit_logs['logs_gcs_bucket']['name']) else: properties['local_audit_logs'] = audit_logs dm_template_dict = { 'imports': [{ 'path': 'data_project.py' }], 'resources': [{ 'type': 'data_project.py', 'name': 'data_project_deployment', 'properties': properties, }] } # Create the deployment. utils.create_new_deployment(dm_template_dict, 'data-project-deployment', project_id) # Remove Owners role from the DM service account. utils.run_gcloud_command([ 'projects', 'remove-iam-policy-binding', project_id, '--member', dm_service_account, '--role', 'roles/owner' ], project_id=None)
def enable_deployment_manager(config): """Enables Deployment manager, with role/owners for its service account.""" logging.info('Setting up Deployment Manager...') project_id = config.project['project_id'] # Enabled Deployment Manger and Cloud Resource Manager for this project. utils.run_gcloud_command(['services', 'enable', 'deploymentmanager', 'cloudresourcemanager.googleapis.com'], project_id) # Grant deployment manager service account (temporary) owners access. dm_service_account = utils.get_deployment_manager_service_account(project_id) utils.run_gcloud_command(['projects', 'add-iam-policy-binding', project_id, '--member', dm_service_account, '--role', 'roles/owner'], project_id=None)