def execute(args):
# Check this early on, as the deployment at the end would fail otherwise.
if common.is_git_dirty():
print('Your checkout contains uncommitted changes. Cannot proceed.')
sys.exit(1)
"""Create a new config directory and deployment."""
verifier = DomainVerifier(args.oauth_client_secrets_path)
gcloud = common.Gcloud(args.project_id)
enable_services(gcloud)
# Get tag for domain verification.
appspot_domain = 'https://' + args.project_id + '.appspot.com/'
domain_verification_tag = verifier.get_domain_verification_tag(appspot_domain)
blobs_bucket = project_bucket(args.project_id, 'blobs')
deployment_bucket = project_bucket(args.project_id, 'deployment')
bucket_replacements = (
('test-blobs-bucket', blobs_bucket),
('test-deployment-bucket', deployment_bucket),
('test-bigquery-bucket', project_bucket(args.project_id, 'bigquery')),
('test-backup-bucket', project_bucket(args.project_id, 'backup')),
('test-coverage-bucket', project_bucket(args.project_id, 'coverage')),
('test-fuzzer-logs-bucket', project_bucket(args.project_id,
'fuzzer-logs')),
('test-corpus-bucket', project_bucket(args.project_id, 'corpus')),
('test-quarantine-bucket', project_bucket(args.project_id, 'quarantine')),
('test-shared-corpus-bucket',
project_bucket(args.project_id, 'shared-corpus')),
('test-fuzz-logs-bucket', project_bucket(args.project_id, 'fuzz-logs')),
)
# Write new configs.
create_new_config(gcloud, args.project_id, args.new_config_dir,
domain_verification_tag, bucket_replacements, args.gce_zone)
prev_dir = os.getcwd()
os.chdir(args.new_config_dir)
# Deploy App Engine and finish verification of domain.
os.chdir(prev_dir)
deploy_appengine(
gcloud, args.new_config_dir, appengine_region=args.appengine_region)
verifier.verify(appspot_domain)
# App Engine service account requires ownership to create GCS buckets.
verifier.add_owner(appspot_domain,
app_engine_service_account(args.project_id))
# Create buckets now that domain is verified.
create_buckets(args.project_id, [bucket for _, bucket in bucket_replacements])
# Set CORS settings on the buckets.
set_cors(args.new_config_dir, [blobs_bucket])
# Set deployment bucket for the cloud project.
gcloud.run('compute', 'project-info', 'add-metadata',
'--metadata=deployment-bucket=' + deployment_bucket)
# Deploy source zips.
deploy_zips(args.new_config_dir)
def _update_deployment_manager(project, name, path):
"""Update deployment manager settings."""
config_dir = environment.get_config_directory()
config_path = os.path.join(config_dir, path)
if not os.path.exists(config_path):
return
gcloud = common.Gcloud(project)
try:
gcloud.run(
"deployment-manager",
"deployments",
"update",
name,
"--config=" + config_path,
)
except common.GcloudError:
# Create deployment if it does not exist.
gcloud.run(
"deployment-manager",
"deployments",
"create",
name,
"--config=" + config_path,
)
def _update_deployment_manager(project, name, config_path):
"""Update deployment manager settings."""
if not os.path.exists(config_path):
return
gcloud = common.Gcloud(project)
operation = 'update'
try:
gcloud.run('deployment-manager', 'deployments', 'describe', name)
except common.GcloudError:
# Does not exist.
operation = 'create'
for _ in range(DEPLOY_RETRIES + 1):
try:
gcloud.run('deployment-manager', 'deployments', operation, name,
'--config=' + config_path)
break
except common.GcloudError:
time.sleep(RETRY_WAIT_SECONDS)
def execute(args):
"""Create a new config directory and deployment."""
# Check this early on, as the deployment at the end would fail otherwise.
if common.is_git_dirty():
print("Your checkout contains uncommitted changes. Cannot proceed.")
sys.exit(1)
verifier = DomainVerifier(args.oauth_client_secrets_path)
gcloud = common.Gcloud(args.project_id)
enable_services(gcloud)
# Get tag for domain verification.
appspot_domain = "https://" + args.project_id + ".appspot.com/"
domain_verification_tag = verifier.get_domain_verification_tag(
appspot_domain)
blobs_bucket = project_bucket(args.project_id, "blobs")
deployment_bucket = project_bucket(args.project_id, "deployment")
bucket_replacements = (
("test-blobs-bucket", blobs_bucket),
("test-deployment-bucket", deployment_bucket),
("test-bigquery-bucket", project_bucket(args.project_id, "bigquery")),
("test-backup-bucket", project_bucket(args.project_id, "backup")),
("test-coverage-bucket", project_bucket(args.project_id, "coverage")),
("test-fuzzer-logs-bucket",
project_bucket(args.project_id, "fuzzer-logs")),
("test-corpus-bucket", project_bucket(args.project_id, "corpus")),
("test-quarantine-bucket", project_bucket(args.project_id,
"quarantine")),
("test-shared-corpus-bucket",
project_bucket(args.project_id, "shared-corpus")),
("test-fuzz-logs-bucket", project_bucket(args.project_id,
"fuzz-logs")),
(
"test-mutator-plugins-bucket",
project_bucket(args.project_id, "mutator-plugins"),
),
)
# Write new configs.
create_new_config(
gcloud,
args.project_id,
args.new_config_dir,
domain_verification_tag,
bucket_replacements,
args.appengine_location,
args.gce_zone,
args.firebase_api_key,
)
prev_dir = os.getcwd()
os.chdir(args.new_config_dir)
# Deploy App Engine and finish verification of domain.
os.chdir(prev_dir)
deploy_appengine(gcloud,
args.new_config_dir,
appengine_location=args.appengine_location)
verifier.verify(appspot_domain)
# App Engine service account requires:
# - Domain ownership to create domain namespaced GCS buckets
# - Datastore export permission for periodic backups.
# - Service account signing permission for GCS uploads.
service_account = app_engine_service_account(args.project_id)
verifier.add_owner(appspot_domain, service_account)
add_service_account_role(gcloud, args.project_id, service_account,
"roles/datastore.importExportAdmin")
add_service_account_role(gcloud, args.project_id, service_account,
"roles/iam.serviceAccountTokenCreator")
# Create buckets now that domain is verified.
create_buckets(args.project_id,
[bucket for _, bucket in bucket_replacements])
# Set CORS settings on the buckets.
set_cors(args.new_config_dir, [blobs_bucket])
# Set deployment bucket for the cloud project.
gcloud.run(
"compute",
"project-info",
"add-metadata",
"--metadata=deployment-bucket=" + deployment_bucket,
)
# Deploy source zips.
deploy_zips(args.new_config_dir)
