Wouldn't be nice to script your GCP infrastructure without having to learn a new language ?
This package simplifies the deployment of GCP services through the gcloud command line.
pip install pygcloud
gcloud command line toolgcloud as possibleFor the "SingletonImmutable" category, we ignore exceptions arising from the service already being created. The "describe" facility might be or not available.
For the "RevisionBased", we skip the "update" step. The "create" method will be called. The "describe" facility might be or not available.
For the "Updatable", we do the complete steps i.e. describe, create or update.
A longer example is available here
from pygcloud.models import Param, EnvParam, service_groups
from pygcloud.gcp.services.storage import StorageBucket
from pygcloud.deployer import Deployer
# Retrieve parameter from environment variables
# Useful in the context of using Cloud Build
project_id = EnvParam("--project", "_PROJECT_ID")
# The 'common_params' will be added at the end of the gcloud command
# The Deployer can be reused for multiple services
deployer = Deployer(common_params=[project_id])
# Create a group for a number of services
srv_group_common = service_groups.create("common")
# The first parameter is the name. Most services require a unique name.
# `params_create` correspond to the gcloud parameters pertinent
# to the `create` method.
# e.g. gcloud storage buckets create my-bucket
#
bucket = StorageBucket("my-bucket",
params_create=["--public-access-prevention"],
params_update=["--public-access-prevention"])
#
# Any number of services can be added to a group
#
srv_group_common.append(bucket)
# Deploy the service
# For Storage Buckets, an existence check is done using the `describe` gcloud command
# before creating or updating the bucket.
# Which group of services to deploy
# This parameter can come from the environment e.g. Cloud Build
#
# In this case, we only have 1 group defined "common".
# If the environment variable `_SRV_GROUP` contains `common`,
# all the services associated with this group defined here
# will get deployed. If `_SRV_GROUP` is not specified in the
# environment variables, the group `main` is assumed.
srv_group_name = EnvValue("_SRV_GROUP", default="main")
deployer.deploy(srv_group_name)
Additional usage tips can be found in the tests/gcp.services folder.
Some services have explicit relationship(s) with other services e.g.
Many relationships are also explicit through IAM bindings.
Some relationships are valuable but cannot be obtained through service specifications nor IAM bindings. The main culprits are default service accounts with their large binding scope: the ability to determine precisely the "real" relationships between services is compromised.
pygcloud supports specifying relationships between GCP services and external ones.
Below is the list of the major components of this package:
Service Groups hold much of the state necessary for the proper functionning of the core capabilities of this package.
stateDiagram-v2
direction LR
state "Service Groups\n declaration" as SG
state "Policing before Deployment\n[Optional]" as PB
state "Policing after Deployment\n[Optional]" as PA
state "Deploying" as D
state "Graphing\n[Optional]" as G
SG --> PB
PB --> D
D --> PA
PA --> G
The architecture relies internally on hooks (aka callbacks) in order to operate with an additional level of decoupling between components. The internal hooks are setup the __init__ phase of pygcloud.
Each policy defined (as derived class from Policy) gets automatically added to the list of policers in scope for evaluation.
When the Policer.police classmethod is invoked, each policy is evaluated against each service declared in the service groups.
After a deployment, more information is available because the service specification are often returned by default by GCP.
The Linker executes automatically and collects this additional information set.
Labels optionally carry the "use" relationships between service instances.
We work with the limitations (i.e. 64 entries, unique key names, value length limited to 63 characters) of GCP's labeling capability in the following manner:
pygcloud-use-$index$ns--$nameThe field $name is sometimes encoded since the value contains characters not supported by GCP. Encoding strategy in these cases is always the same (bas64 with custom alphabet, padding = removed).
Some services are more difficult to inventory than others. This is the case for Cloud Scheduler for example: gloud scheduler jobs list command requires specifying the --location where to perform the listing.
The gcloud command line is currently built for Python 3.9. The accompanied Docker image provided by Google is built for Python 3.9. To simplify usage of pygcloud, I opted to follow this gcloud constraint.
This package supports entrypoints. They are defined in the package's pyproject.toml file. The prototypes of the callables can be found in the pygcloud.events module.
pygcloud.gcp.modelspygcloud.gcp.servicespygcloud.gcp.linkerFAQs
Python helper around gcloud
We found that pygcloud demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Safari 18.4 adds support for Iterator Helpers and two other TC39 JavaScript features, bringing full cross-browser coverage to key parts of the ECMAScript spec.
Research
Security News
The Socket Research Team investigates a malicious Python package that enables automated credit card fraud on WooCommerce stores by abusing real checkout and payment flows.
Security News
Python has adopted a standardized lock file format to improve reproducibility, security, and tool interoperability across the packaging ecosystem.