Adding GCP authorisation¶
GCP authorisation may be achieved either via OAuth 2.0, and/or by directly linking a Service Account.
If you want to integrate a GCP account, then follow the steps here.
Note
You may connect as many GCP accounts as you like (using a mix of OAuth 2.0 & Service Account authorisation), and mix with as many accounts from other cloud providers.
Bcome will allow you to interact with them all in the same project.
Create directory structure¶
For both OAuth 2.0
and Service account
authorisation methods, create a directory named .gauth
in the root of your project directory.
If you’ve correctly setup your project directory structure (see: Getting Started), your directory structure should now look like:
.
├── .gauth
├── Gemfile
└── bcome
└── networks.yml
Warning
Do not commit any files within your .gauth directory to source control. Your OAuth 2.0 & ServiceAccount secrets will live here, as well as any access tokens returned from GCP when OAuth 2.0 is in use.
OAuth 2.0¶
To integrate OAuth 2.0 with Bcome, you’ll need to create a client id and secret. To do this, follow these steps:
- Login to your GCP web console
- From your projects list select your project (or create a new one)
- Go to APIs & Services
- Go to Credentials
- Select Create Credentials, then select OAuth client id
- Under
Application Type
selectDesktop app
(previously this was ‘other’) - Under
Name
, enter a name for your Oauth client application. - Hit
Create
Note
If you are prompted to create an OAuth consent screen, you will only need to do so with the minimal required settings of App Name, User Support Email, and Developer Email Address.
Next, make a note of the Client Id
and Client Secret
then in your .gauth directory create a file named .gauth/your-secrets-file.json and add the following contents:
{
"installed":
{
"client_id": "Your client id",
"client_secret": "Your client secret",
"type": "authorized_user"
}
}
If you forgot to make a note of the Client Id and Client Secret, then:
- Login to you GCP web console
- From your projects list select your project
- Go to APIs & Services
- Go to Credentials
- Select your OAuth 2.0 Client application
- Select
Download JSON
Save this file to your .gauth directory as .gauth/your-secrets-file.json. This file may differ slightly in structure to that suggested above, but it will be compatible.
Note
Your .gauth/your-secrets-file.json can be called anything you like. You’ll reference this file later on when you add your authorisation to your network configuration.
Bcome supports multiple GCP authorisations at the same time (either for different GCP accounts, or for different projects within the same account), and you would integrate these by adding a secrets file per GCP project to your .gauth directory.
Warning
Don’t commit your secrets file to source control!
As a final step, visit GCP Compute Engine API and hit ENABLE
to enable the Compute Engine API.
Service Account¶
Service Account authorisation requires credentials in JSON format.
- Follow this guide here in order to create your credentials: Creating and managing service account keys
- Download the credentials file in JSON format and save it to your .gauth directory. Your file will look something like this:
{
"type": "service_account",
"project_id": "your project id",
"private_key_id": "your private key id",
"private_key": "your private key",
"client_email": "your client email",
"client_id": "your client id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "your client x509 cert url"
}
Save your service account credentials json file to your .gauth directory under any name you like. You’ll reference this file later on in your networks.yml configuration file.
Note
For demonstrations of GCP authorisation in use, please see our guides: GCP OAuth 2.0 authentication guide / GCP Service Account authentication guide.
Hint
To add your GCP authorisation to your network configuration, see Network Configuration.