I am trying to use a golang client to programmatically list all the scheduled snapshot policies in a given project and region and describe them.
I am able to fetch them using gcloud commands, but wondering how I can do the same programmatically (preferably compute golang client)?
gcloud compute resource-policies list --project myproject
gcloud compute resource-policies describe my-snapshot-policy --project myproject --region myregion
thanks in advance.
Per #john-hanley, you are encouraged to demonstrate your own attempt to solve the problem in your question.
Google provides SDKs for all of its services. There are 2 flavors and this can be confusing. The original style which you can find for any Google service are called API Client Libraries. For Google Cloud Platform many (!) of the services also (!) have Cloud Client Libraries. See Google Client Libraries Explained.
For Compute for Golang, there's a new Cloud Client Library.
You can see examples of its use here. I encourage you to follow Google's style including by using Application Default Credentials.
You will want to use a ResourcePoliciesClient and the client's Get and List methods.
Related
Before I conclude that I can't do this with google cloud workflows alone, I just wanted to check with the community that I'm not missing anything...
I have a google cloud workflows program which exports data from BigQuery to GCS and then sends an email to a user with a URL in the body of the email. I want this URL to be signed.
The gcloud CLI and language-specific libraries all come with nice helpers to do this but I can't access any of this direct from google cloud workflows. I considered implementing my own sub-workflow which would perform the logic described in the signing URLS manually documentation but I don't think I can do this from Workflows alone (I could easily create some cloud func which I call [and in that case, I could just use the helper from the python SDK for example] but I'm trying to avoid that). The following functionality from the python example constitute blockers; logic that I believe I can't do from google cloud workflows alone - unless anyone knows of public web services that I can call to get around this?
canonical_request_hash = hashlib.sha256(canonical_request.encode()).hexdigest()
signature = binascii.hexlify(google_credentials.signer.sign(string_to_sign)).decode()
Everything else I could just about do in a fairly long and drawn out sub-workflow... but it would be possible.
Cloud Workflows do not natively support hashing & RSA signing libraries within its Standard library which is a core requirement of GCS URL signing algorithm.
As also advised in public docs, Cloud workflows / sub-workflows should be primarily used as an orchestration flow to invoke services, parse responses, and construct inputs for other connected services. Services (like Cloud Function / Run etc.) should be created to perform any work that is too complex for Workflows or for operations that are not natively supported by Workflows expressions and its standard library.
Solution for above use case is to either:
a) Create a service (~ triggered from Cloud Workflow) like Cloud Function to generate signed GCS URLs.
OR b) Generate the GCS Signed URL as an independent task outside & after execution of the core workflow operation as shown in this sample.
I need to build a single Chatbot instance using BotFramework v4 that can handle multiple endpoints, and thus multiple AppID/Secret. I have seen notes online and in BotFramework samples that it is possible to do but I cannot find any specific examples for BotFramework v4.
Can anyone provide a sample on who to handle such scenario. For example, I would need to have endpoints /messages/hr and /messages/payroll, and depending on which endpoint is used the right AppID/Secret is used and specific MainMenuHrDialog or MainMenuPayrollDialog is launched.
In general, is it recommended to handle bots for different domains in the same bot project, or is it better to have separate projects for different domains with a NuGet package shared for common tasks.
So if I understand correctly, your desire to use different appIDs and secrets is gonna require multiple web app instances of similar botframework template code which executes different functions using an extension to their already existing api/messages endpoint(the default chatbot messaging endpoint). I'd recommend setting up a couple of azure web app instances along with a couple of bot channels registrations for connecting channels to your bot logic. Here's a decent resource for that: https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-tutorial-deploy-basic-bot?view=azure-bot-service-4.0&tabs=csharp
Though this doesn't apply directly to your scenario, you might want to check out this sample repo here: https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/typescript_nodejs/16.proactive-messages. It shows you how you could open up those extra endpoints of /api/messages/hr or /api/messages/payroll. Additionally, I'm not sure how necessary the extra appIDs and secrets are for you but if your requirement is to ensure authorization when accessing these endpoints, I'd recommend looking into this prebuilt sample as well: https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/javascript_nodejs/18.bot-authentication. It possesses some info about authentication and how you might differentiate between users using a combination of conversation.activity.id and tokenResponses from AzureAD.
The GoDoc doesn't seem to support this feature.
https://godoc.org/cloud.google.com/go/firestore
I only want to index very few fields, and it's tedious to manually add index exemptions across multiple environments.
Is there anyway to do this in a more automated fashion?
Will this feature be added to the Go API in the future?
I know this might come to Terraform in the future (https://github.com/terraform-providers/terraform-provider-google/issues/3305).
This feature is not yet supported in the Go client, but support for the Cloud Firestore Admin API was recently added to the Node.js and Java client libraries:
updateField for single-field indexes, Node.js
FirestoreAdminClient in Java
I suspect they will add this feature to the Go client library soon, but I encourage you to also open a feature request for the Go client library.
You can also manage your indexes using the gcloud CLI: gcloud beta firestore indexes fields update
I am planning to launch container cluster from an SDK/API. Presently, I am fine with any language, but I prefer NodeJS SDK. As far as I have seen, I could not find any Container engine SDK. Here is the NodeJS SDK for GCP which does not contain container engine. In fact it contains SDK only for very few GCP services.
I came across OAuth API for container engine but it involves human intervention to launch it. I am looking for service account based authentication for the SDK.
Are there container engine SDKs available ?
Update after discussion with Robert Lacok:
This is the code I tried to use for container APIs with API-key, it does not work. It expects Oauth 2 token, or some other credentials other than Service account. I tried API-key it didnt work. I dont know how to use Service account authentication with the API.
Here is my source code:
Here is the error:
I see a method for Application Default credentials. But I dont think so it will be useful for my use-case. I am trying to create container cluster from AWS Lambda. So, I cant use application default credentials. Is there any other options ?
The API for Google Container Engine is very limited at the moment as all the features are in Alpha status and because they can change not many people are incorporating them into the SDKs they are developing.
These are the current available APIs: https://cloud.google.com/sdk/gcloud/reference/container/
And here is the Alpha APIs: https://cloud.google.com/sdk/gcloud/reference/alpha/container/
What you probably want to do is making calls to the REST API and using the client library for OAuth2 authentication.
You can browse the API documentation and see that every method has a short how-to for a number of languages, NODE.JS being one of them. Have a look here for an example on how to create a container cluster.
You also mentioned service account authentication. The preferred way to do this is to use the application default credentials, you can have a little read about them here.
In short, you want to set an environment variable GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json which is a key to service account you generated in console.
Then the client library will take care of the rest (getting the OAuth tokens and what not).
I am currently using the Java Google Cloud Client for Compute Engine. I was able to successfully create a Network. Is it possible to programatically create a new firewall rule (given source, protocol, port, tags, etc)? It seems this is possible using gcloud command line, but I'd like to know how to do this via API. I've looked through all of the documentation but can't seem to find anything related to this. In addition, how can I tie the firewall rule to a specific Network? Thanks!
Sure, see the API reference, at the bottom it has examples for a variety of languages:
https://cloud.google.com/compute/docs/reference/latest/firewalls/insert
Note that if we can do something with gcloud, we can always do it with REST API (and its language bindings), gcloud is just a command line wrapper for the API. If you add --log-http flag in the command, it will show you the HTTP details.