Google Cloud Resource Manager

The Resource Manager API provides methods that you can use to programmatically manage your projects in the Google Cloud Platform. You may be familiar with managing projects in the Developers Console. With this API you can do the following:

  • Get a list of all projects associated with an account
  • Create new projects
  • Update existing projects
  • Delete projects
  • Undelete, or recover, projects that you don't want to delete

The goal of google-cloud is to provide an API that is comfortable to Rubyists. Your authentication credentials are detected automatically in Google Cloud Platform (GCP), including Google Compute Engine (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud Functions (GCF) and Cloud Run. In other environments you can configure authentication easily, either directly in your code or via environment variables. Read more about the options for connecting in the Authentication Guide.

Listing Projects

Project is a collection of settings, credentials, and metadata about the application or applications you're working on. You can retrieve and inspect all projects that you have permissions to. (See Manager#projects)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.projects.each do |project|
  puts projects.project_id
end

Managing Projects with Labels

Labels can be added to or removed from projects. (See Project#labels)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"
# Label the project as production
project.update do |p|
  p.labels["env"] = "production"
end

Projects can then be filtered by labels. (See Manager#projects)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
# Find only the productions projects
projects = resource_manager.projects filter: "labels.env:production"
projects.each do |project|
  puts project.project_id
end

Creating a Project

You can also use the API to create new projects. (See Manager#create_project)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.create_project "tokyo-rain-123",
                                          name: "Todos Development",
                                          labels: {env: :development}

Deleting a Project

You can delete projects when they are no longer needed. (See Manager#delete and Project#delete)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.delete "tokyo-rain-123"

Undeleting a Project

You can also restore a deleted project within the waiting period that starts when the project was deleted. Restoring a project returns it to the state it was in prior to being deleted. (See Manager#undelete and Project#undelete)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
resource_manager.undelete "tokyo-rain-123"

Configuring retries and timeout

You can configure how many times API requests may be automatically retried. When an API request fails, the response will be inspected to see if the request meets criteria indicating that it may succeed on retry, such as 500 and 503 status codes or a specific internal error code such as rateLimitExceeded. If it meets the criteria, the request will be retried after a delay. If another error occurs, the delay will be increased before a subsequent attempt, until the retries limit is reached.

You can also set the request timeout value in seconds.

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new retries: 10,
                                                      timeout: 120

See the Resource Manager error messages for a list of error conditions.

Managing IAM Policies

Google Cloud Identity and Access Management (Cloud IAM) access control policies can be managed on projects. These policies allow project owners to manage who (identity) has access to what (role). See Cloud IAM Overview for more information.

A project's access control policy can be retrieved. (See Project#policy and Policy.)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"
policy = project.policy

A project's access control policy can also be updated:

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"

policy = project.policy do |p|
  p.add "roles/viewer", "serviceAccount:your-service-account"
end

And permissions can be tested on a project. (See Project#test_permissions)

require "google/cloud/resource_manager"

resource_manager = Google::Cloud::ResourceManager.new
project = resource_manager.project "tokyo-rain-123"
perms = project.test_permissions "resourcemanager.projects.get",
                                 "resourcemanager.projects.delete"
perms.include? "resourcemanager.projects.get"    #=> true
perms.include? "resourcemanager.projects.delete" #=> false

For more information about using access control policies see Managing Policies.

Additional information

Resource Manager can be configured to use logging. To learn more, see the Logging guide.