def _first_time_use_instructions(self):
"""Instructions for configuring Spinnaker for the first time.
Google Cloud Platform is treated as a special case because some
configuration parameters have defaults implied by the runtime environment.
"""
optional_defaults_if_on_google = ""
if is_google_instance():
google_project = get_google_project()
optional_defaults_if_on_google = """ # NOTE: Since you deployed on GCE:
# * You do not need JSON credentials to manage project id "{google_project}".
""".format(
google_project=google_project
)
return """
{sudo}mkdir -p {config_dir}
{sudo}cp {install_dir}/default-spinnaker-local.yml \\
{config_dir}/spinnaker-local.yml
{sudo}chmod 600 {config_dir}/spinnaker-local.yml
# edit {config_dir}/spinnaker-local.yml to your liking:
# If you want to deploy to Amazon Web Services:
# * Set providers.aws.enabled = true.
# * Add your keys to providers.aws.primaryCredentials
# or write them to $HOME/.aws/credentials
#
# If you want to deploy to Google Cloud Platform:
# * Set providers.google.enabled = true.
# * Add your project_id to providers.google.primaryCredentials.project
# * Add your the path to your json service account credentials to
# providers.google.primaryCredentials.jsonPath.
{optional_defaults_if_on_google}
{sudo}{script_dir}/stop_spinnaker.sh
{sudo}{script_dir}/reconfigure_spinnaker.sh
{sudo}{script_dir}/start_spinnaker.sh
""".format(
sudo="" if os.geteuid() else "sudo ",
install_dir=self.__configurator.installation_config_dir,
config_dir=self.__configurator.user_config_dir,
script_dir=self.__installation.UTILITY_SCRIPT_DIR,
optional_defaults_if_on_google=optional_defaults_if_on_google,
)
def verify_google_scopes(self):
"""Verify that if we are running on Google that our scopes are valid."""
if not is_google_instance():
return
if not self.verify_true_false('providers.google.enabled'):
return
if not self.__bindings.get('providers.google.enabled'):
return
result = fetch(GOOGLE_INSTANCE_METADATA_URL + '/service-accounts/',
google=True)
service_accounts = result.content if result.ok() else ''
required_scopes = [GOOGLE_OAUTH_URL + '/compute']
found_scopes = []
for account in filter(bool, service_accounts.split('\n')):
if account[-1] == '/':
# Strip off trailing '/' so we can take the basename.
account = account[0:-1]
result = fetch(os.path.join(GOOGLE_INSTANCE_METADATA_URL,
'service-accounts',
os.path.basename(account), 'scopes'),
google=True)
# cloud-platform scope implies all the other scopes.
have = str(result.content)
if have.find(
'https://www.googleapis.com/auth/cloud-platform') >= 0:
found_scopes.extend(required_scopes)
for scope in required_scopes:
if have.find(scope) >= 0:
found_scopes.append(scope)
for scope in required_scopes:
if not scope in found_scopes:
self.__errors.append(
'Missing required scope "{scope}".'.format(scope=scope))
def _first_time_use_instructions(self):
"""Instructions for configuring Spinnaker for the first time.
Google Cloud Platform is treated as a special case because some
configuration parameters have defaults implied by the runtime environment.
"""
optional_defaults_if_on_google = ''
if is_google_instance():
google_project = get_google_project()
optional_defaults_if_on_google = """ # NOTE: Since you deployed on GCE:
# * You do not need JSON credentials to manage project id "{google_project}".
""".format(google_project=google_project)
return """
{sudo}mkdir -p {config_dir}
{sudo}cp {install_dir}/default-spinnaker-local.yml \\
{config_dir}/spinnaker-local.yml
{sudo}chmod 600 {config_dir}/spinnaker-local.yml
# edit {config_dir}/spinnaker-local.yml to your liking:
# If you want to deploy to Amazon Web Services:
# * Set providers.aws.enabled = true.
# * Add your keys to providers.aws.primaryCredentials
# or write them to $HOME/.aws/credentials
#
# If you want to deploy to Google Cloud Platform:
# * Set providers.google.enabled = true.
# * Add your project_id to providers.google.primaryCredentials.project
# * Add your the path to your json service account credentials to
# providers.google.primaryCredentials.jsonPath.
{optional_defaults_if_on_google}
{sudo}{script_dir}/stop_spinnaker.sh
{sudo}{script_dir}/reconfigure_spinnaker.sh
{sudo}{script_dir}/start_spinnaker.sh
""".format(
sudo='' if os.geteuid() else 'sudo ',
install_dir=self.__configurator.installation_config_dir,
config_dir=self.__configurator.user_config_dir,
script_dir=self.__installation.UTILITY_SCRIPT_DIR,
optional_defaults_if_on_google=optional_defaults_if_on_google)
def verify_google_scopes(self):
"""Verify that if we are running on Google that our scopes are valid."""
if not is_google_instance():
return
if not self.verify_true_false('providers.google.enabled'):
return
if not self.__bindings.get('providers.google.enabled'):
return
result = fetch(
GOOGLE_INSTANCE_METADATA_URL + '/service-accounts/', google=True)
service_accounts = result.content if result.ok() else ''
required_scopes = [GOOGLE_OAUTH_URL + '/compute']
found_scopes = []
for account in filter(bool, service_accounts.split('\n')):
if account[-1] == '/':
# Strip off trailing '/' so we can take the basename.
account = account[0:-1]
result = fetch(
os.path.join(GOOGLE_INSTANCE_METADATA_URL, 'service-accounts',
os.path.basename(account), 'scopes'),
google=True)
# cloud-platform scope implies all the other scopes.
have = str(result.content)
if have.find('https://www.googleapis.com/auth/cloud-platform') >= 0:
found_scopes.extend(required_scopes)
for scope in required_scopes:
if have.find(scope) >= 0:
found_scopes.append(scope)
for scope in required_scopes:
if not scope in found_scopes:
self.__errors.append(
'Missing required scope "{scope}".'.format(scope=scope))
