def _first_time_use_instructions(self): """Instructions for configuring Spinnaker for the first time. Google Cloud Platform is treated as a special case because some configuration parameters have defaults implied by the runtime environment. """ optional_defaults_if_on_google = "" if is_google_instance(): google_project = get_google_project() optional_defaults_if_on_google = """ # NOTE: Since you deployed on GCE: # * You do not need JSON credentials to manage project id "{google_project}". """.format( google_project=google_project ) return """ {sudo}mkdir -p {config_dir} {sudo}cp {install_dir}/default-spinnaker-local.yml \\ {config_dir}/spinnaker-local.yml {sudo}chmod 600 {config_dir}/spinnaker-local.yml # edit {config_dir}/spinnaker-local.yml to your liking: # If you want to deploy to Amazon Web Services: # * Set providers.aws.enabled = true. # * Add your keys to providers.aws.primaryCredentials # or write them to $HOME/.aws/credentials # # If you want to deploy to Google Cloud Platform: # * Set providers.google.enabled = true. # * Add your project_id to providers.google.primaryCredentials.project # * Add your the path to your json service account credentials to # providers.google.primaryCredentials.jsonPath. {optional_defaults_if_on_google} {sudo}{script_dir}/stop_spinnaker.sh {sudo}{script_dir}/reconfigure_spinnaker.sh {sudo}{script_dir}/start_spinnaker.sh """.format( sudo="" if os.geteuid() else "sudo ", install_dir=self.__configurator.installation_config_dir, config_dir=self.__configurator.user_config_dir, script_dir=self.__installation.UTILITY_SCRIPT_DIR, optional_defaults_if_on_google=optional_defaults_if_on_google, )
def verify_google_scopes(self): """Verify that if we are running on Google that our scopes are valid.""" if not is_google_instance(): return if not self.verify_true_false('providers.google.enabled'): return if not self.__bindings.get('providers.google.enabled'): return result = fetch(GOOGLE_INSTANCE_METADATA_URL + '/service-accounts/', google=True) service_accounts = result.content if result.ok() else '' required_scopes = [GOOGLE_OAUTH_URL + '/compute'] found_scopes = [] for account in filter(bool, service_accounts.split('\n')): if account[-1] == '/': # Strip off trailing '/' so we can take the basename. account = account[0:-1] result = fetch(os.path.join(GOOGLE_INSTANCE_METADATA_URL, 'service-accounts', os.path.basename(account), 'scopes'), google=True) # cloud-platform scope implies all the other scopes. have = str(result.content) if have.find( 'https://www.googleapis.com/auth/cloud-platform') >= 0: found_scopes.extend(required_scopes) for scope in required_scopes: if have.find(scope) >= 0: found_scopes.append(scope) for scope in required_scopes: if not scope in found_scopes: self.__errors.append( 'Missing required scope "{scope}".'.format(scope=scope))
def _first_time_use_instructions(self): """Instructions for configuring Spinnaker for the first time. Google Cloud Platform is treated as a special case because some configuration parameters have defaults implied by the runtime environment. """ optional_defaults_if_on_google = '' if is_google_instance(): google_project = get_google_project() optional_defaults_if_on_google = """ # NOTE: Since you deployed on GCE: # * You do not need JSON credentials to manage project id "{google_project}". """.format(google_project=google_project) return """ {sudo}mkdir -p {config_dir} {sudo}cp {install_dir}/default-spinnaker-local.yml \\ {config_dir}/spinnaker-local.yml {sudo}chmod 600 {config_dir}/spinnaker-local.yml # edit {config_dir}/spinnaker-local.yml to your liking: # If you want to deploy to Amazon Web Services: # * Set providers.aws.enabled = true. # * Add your keys to providers.aws.primaryCredentials # or write them to $HOME/.aws/credentials # # If you want to deploy to Google Cloud Platform: # * Set providers.google.enabled = true. # * Add your project_id to providers.google.primaryCredentials.project # * Add your the path to your json service account credentials to # providers.google.primaryCredentials.jsonPath. {optional_defaults_if_on_google} {sudo}{script_dir}/stop_spinnaker.sh {sudo}{script_dir}/reconfigure_spinnaker.sh {sudo}{script_dir}/start_spinnaker.sh """.format( sudo='' if os.geteuid() else 'sudo ', install_dir=self.__configurator.installation_config_dir, config_dir=self.__configurator.user_config_dir, script_dir=self.__installation.UTILITY_SCRIPT_DIR, optional_defaults_if_on_google=optional_defaults_if_on_google)
def verify_google_scopes(self): """Verify that if we are running on Google that our scopes are valid.""" if not is_google_instance(): return if not self.verify_true_false('providers.google.enabled'): return if not self.__bindings.get('providers.google.enabled'): return result = fetch( GOOGLE_INSTANCE_METADATA_URL + '/service-accounts/', google=True) service_accounts = result.content if result.ok() else '' required_scopes = [GOOGLE_OAUTH_URL + '/compute'] found_scopes = [] for account in filter(bool, service_accounts.split('\n')): if account[-1] == '/': # Strip off trailing '/' so we can take the basename. account = account[0:-1] result = fetch( os.path.join(GOOGLE_INSTANCE_METADATA_URL, 'service-accounts', os.path.basename(account), 'scopes'), google=True) # cloud-platform scope implies all the other scopes. have = str(result.content) if have.find('https://www.googleapis.com/auth/cloud-platform') >= 0: found_scopes.extend(required_scopes) for scope in required_scopes: if have.find(scope) >= 0: found_scopes.append(scope) for scope in required_scopes: if not scope in found_scopes: self.__errors.append( 'Missing required scope "{scope}".'.format(scope=scope))