我可以使用 Terraform 创建 GCP API 密钥吗? [英] Can I create GCP API keys using Terraform?

问题描述

我想使用 Terraform 创建 Google Cloud API 密钥.p>

这可能吗?

解决方案

目前还没有，但 Google 似乎正在努力公开用于 API 密钥管理的 API.最新的云 sdk(使用 287.0.0 测试)支持 alpha，如下所示:

$ gcloud alpha services api-keys错误:(gcloud.alpha.services.api-keys)需要命令名称参数.gcloud alpha services api-keys 的可用命令:clone *(ALPHA)* 创建一个新的 API 密钥元数据作为输入键.create *(ALPHA)* 创建一个 API 密钥.删除 *(ALPHA)* 删除 API 密钥.describe *(ALPHA)* 描述 API 密钥的元数据.get-key-string *(ALPHA)* 获取 API 密钥的密钥字符串.list *(ALPHA)* 列出 API 密钥.lookup *(ALPHA)* 查找键字符串的资源名称.取消删除 *(ALPHA)* 取消删除 API 密钥.update *(ALPHA)* 更新 API 密钥的元数据.

使用 --log-http 列出项目 API 密钥时，您可以看到使用的 API 端点:

$ gcloud alpha services api-keys list --project $PROJECT --log-http...==== 请求开始 ====URI:https://apikeys.googleapis.com/v2alpha1/projects/$PROJECT/keys?alt=json...

即使 cloud sdk 使用 v2alpha1，也有可用的 v2beta1.验证如下:

$ curl -s -H"Authorization: Bearer $(gcloud auth print-access-token)" https://apikeys.googleapis.com/v2beta1/projects/$PROJECT/keys{钥匙":[{"name": "projects/REDACTED/keys/REDACTED","displayName": "已编辑","createTime": "2019-04-15T10:39:53.558Z","updateTime": "2019-04-15T10:40:06.616639Z",限制": {androidKeyRestrictions":{}，api目标":[{服务":地理编码后端"}]},状态":活动"}]}

由于 terraform google 提供商通常会很快添加新功能，因此我只能假设支持即将推出.你可能想创建一个 Github 问题来表达你的兴趣.或观看 beta 提供者 的更改日志.

I'd like to create Google Cloud API keys using Terraform.

Is this possible?

解决方案

Not yet, but Google seems to be working on exposing an API for API key management. Latest cloud sdk (tested with 287.0.0) has alpha support, like this:

$ gcloud alpha services api-keys
ERROR: (gcloud.alpha.services.api-keys) Command name argument expected.

Available commands for gcloud alpha services api-keys:

      clone                   *(ALPHA)*  Create a new API key with the same
                              metadata as input key.
      create                  *(ALPHA)*  Create an API key.
      delete                  *(ALPHA)*  Delete an API key.
      describe                *(ALPHA)*  Describe an API key's metadata.
      get-key-string          *(ALPHA)*  Get key string of an API key.
      list                    *(ALPHA)*  Lists API keys.
      lookup                  *(ALPHA)*  Look up resource name of a key string.
      undelete                *(ALPHA)*  Undelete an API key.
      update                  *(ALPHA)*  Update an API key's metadata.

When listing project API keys with the --log-http you can see the API endpoint used:

$ gcloud alpha services api-keys list --project $PROJECT --log-http
...
==== request start ====
uri: https://apikeys.googleapis.com/v2alpha1/projects/$PROJECT/keys?alt=json
...

Even though cloud sdk is using v2alpha1, there is a v2beta1 available. Verified like this:

$ curl -s -H"Authorization: Bearer $(gcloud auth print-access-token)" 
   https://apikeys.googleapis.com/v2beta1/projects/$PROJECT/keys
{
  "keys": [
    {
      "name": "projects/REDACTED/keys/REDACTED",
      "displayName": "REDACTED",
      "createTime": "2019-04-15T10:39:53.558Z",
      "updateTime": "2019-04-15T10:40:06.616639Z",
      "restrictions": {
        "androidKeyRestrictions": {},
        "apiTargets": [
          {
            "service": "geocoding_backend"
          }
        ]
      },
      "state": "ACTIVE"
    }
  ]
}

Since the terraform google provider is usually pretty quick to add new features I can only assume support is coming soon. You may want to create a Github Issue to show your interest. Or watch the beta provider's change log.

这篇关于我可以使用 Terraform 创建 GCP API 密钥吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！