-
Notifications
You must be signed in to change notification settings - Fork 16
docs(samples): the bash scripts for environment setup are added #392
Changes from 5 commits
b998aa2
4bedf81
213a52f
756a39c
8bd8e92
108a637
5f976e4
475ef6f
1df9f7a
23b8ff4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2022 Google Inc. All Rights Reserved. | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
# set the Google Cloud project Id | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
project_id=$1 | ||
echo Project ID: $project_id | ||
gcloud config set project project_id | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
timestamp=$(date +%s) | ||
|
||
service_account_id="service-acc-"$timestamp | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
echo Service Account: $service_account_id | ||
|
||
# create service account (your project_id+timestamp) | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
gcloud iam service-accounts create $service_account_id | ||
|
||
# assign needed roles to your new service account | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
for role in {retail.admin,editor,bigquery.admin} | ||
do | ||
gcloud projects add-iam-policy-binding $project_id --member="serviceAccount:"$service_account_id"@"$project_id".iam.gserviceaccount.com" --role="roles/${role}" | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
done | ||
|
||
echo Wait 70 seconds to be sure the appropriate roles have been assigned to your service account | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
sleep 70 | ||
|
||
# upload your service account key file | ||
service_acc_email=$service_account_id"@"$project_id".iam.gserviceaccount.com" | ||
gcloud iam service-accounts keys create ~/key.json --iam-account $service_acc_email | ||
|
||
# activate the service account using the key | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, if your doing this, then why tell the user to provide a service account in the README? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In the tutorials we give the user 2 options - eanther users want to setup the work env by themselfs, then we provide steps similar to those discribed in the README, or they want to speedup the process and start exploring the Retail features - for tha purpose we give them this scripts. But you are right, it is good to tell users that they may use the scripts in the Readme as well |
||
gcloud auth activate-service-account --key-file ~/key.json | ||
|
||
# install needed Google client libraries | ||
cd ~/cloudshell_open/java-retail/samples/interactive-tutorials | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
mvn clean install -DskipTests | ||
|
||
echo ======================================== | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
echo "The Google Cloud setup is completed." | ||
echo "Please proceed with the Tutorial steps" | ||
echo ======================================== |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash | ||
|
||
# Copyright 2022 Google Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
# set the key as GOOGLE_APPLICATION_CREDENTIALS | ||
export GOOGLE_APPLICATION_CREDENTIALS=~/key.json | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You do know that this will not be set once the script ends? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I know that, but we still need this variable to run the java code samples within the script |
||
|
||
# Change the working directory | ||
cd ~/cloudshell_open/java-retail/samples/interactive-tutorials/ | ||
|
||
# Create a GCS bucket and upload the product data to the bucket | ||
Shabirmean marked this conversation as resolved.
Show resolved
Hide resolved
|
||
output=$(mvn compile exec:java -Dexec.mainClass="product.setup.ProductsCreateGcsBucket") | ||
|
||
# Get the bucket name and store it in the env variable BUCKET_NAME | ||
temp="${output#*gcs bucket }" | ||
bucket_name="${temp% was created*}" | ||
export BUCKET_NAME=$bucket_name | ||
|
||
# Import products to the Retail catalog | ||
mvn compile exec:java -Dexec.mainClass="product.ImportProductsGcs" | ||
|
||
echo ===================================== | ||
echo "Your Retail catalog is ready to use!" | ||
echo ===================================== |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aren't we trying to de-emphasize GOOGLE_APPLICATION_CREDENTIALS in favor of
gcloud auth application-default login
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
using GOOGLE_APPLICATION_CREDENTIALS to request the Retail servicei is a recommented way to do that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really? Most of the time we are providing you with credentials.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is discribed in the Retail documentation we are relying creating this tutorials https://cloud.google.com/retail/docs/setting-up#local-environment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That isn't the way things are supposed to be these days.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you reach out to a TechWriter?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://cloud.google.com/docs/authentication/production#automatically
From our previous experiences, gcloud CLI often results in using end user credentials instead of the service account credentials in some languages, and causing errors like "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported."
In this case, we prefer to have users explicitly set GOOGLE_APPLICATION_CREDENTIALS so that end user credentials won't be used.