Python get_deployment_manager_service_account示例

示例#1

def deploy_project_resources(config):
    """Deploys resources into the new data project."""
    logging.info('Deploying Project resources...')
    setup_account = utils.get_gcloud_user()
    has_organization = bool(config.overall.get('organization_id'))
    project_id = config.project['project_id']
    dm_service_account = utils.get_deployment_manager_service_account(
        project_id)

    # Build a deployment config for the data_project.py deployment manager
    # template.
    # Shallow copy is sufficient for this script.
    properties = config.project.copy()
    # Remove the current user as an owner of the project if project is part of an
    # organization.
    properties['has_organization'] = has_organization
    if has_organization:
        properties['remove_owner_user'] = setup_account

    # Change audit_logs to either local_audit_logs or remote_audit_logs in the
    # deployment manager template properties.
    audit_logs = properties.pop('audit_logs')
    if config.audit_logs_project:
        properties['remote_audit_logs'] = {
            'audit_logs_project_id':
            config.audit_logs_project['project_id'],
            'logs_bigquery_dataset_id':
            audit_logs['logs_bigquery_dataset']['name'],
        }
        # Logs GCS bucket is not required for projects without data GCS buckets.
        if 'logs_gcs_bucket' in audit_logs:
            properties['remote_audit_logs']['logs_gcs_bucket_name'] = (
                audit_logs['logs_gcs_bucket']['name'])
    else:
        properties['local_audit_logs'] = audit_logs
    dm_template_dict = {
        'imports': [{
            'path': 'data_project.py'
        }],
        'resources': [{
            'type': 'data_project.py',
            'name': 'data_project_deployment',
            'properties': properties,
        }]
    }

    # Create the deployment.
    utils.create_new_deployment(dm_template_dict, 'data-project-deployment',
                                project_id)

    # Remove Owners role from the DM service account.
    utils.run_gcloud_command([
        'projects', 'remove-iam-policy-binding', project_id, '--member',
        dm_service_account, '--role', 'roles/owner'
    ],
                             project_id=None)

示例#2

文件： create_project.py 项目： owenchen/healthcare

def enable_deployment_manager(config):
  """Enables Deployment manager, with role/owners for its service account."""
  logging.info('Setting up Deployment Manager...')
  project_id = config.project['project_id']

  # Enabled Deployment Manger and Cloud Resource Manager for this project.
  utils.run_gcloud_command(['services', 'enable', 'deploymentmanager',
                            'cloudresourcemanager.googleapis.com'],
                           project_id)

  # Grant deployment manager service account (temporary) owners access.
  dm_service_account = utils.get_deployment_manager_service_account(project_id)
  utils.run_gcloud_command(['projects', 'add-iam-policy-binding', project_id,
                            '--member', dm_service_account,
                            '--role', 'roles/owner'],
                           project_id=None)