创建和访问实例
创建 Secure Source Manager 实例并访问其网页界面,以便准备创建代码库和授予用户访问权限。
准备工作
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
Install the Google Cloud CLI.
-
如果您使用的是外部身份提供方 (IdP),则必须先使用联合身份登录 gcloud CLI。
-
如需初始化 gcloud CLI,请运行以下命令:
gcloud init -
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the Secure Source Manager API:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable securesourcemanager.googleapis.com
-
Install the Google Cloud CLI.
-
如果您使用的是外部身份提供方 (IdP),则必须先使用联合身份登录 gcloud CLI。
-
如需初始化 gcloud CLI,请运行以下命令:
gcloud init -
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the Secure Source Manager API:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable securesourcemanager.googleapis.com
- 安装
betaGoogle Cloud CLI 组件:gcloud components install beta
运行以下命令,在
us-central1位置创建名为my-instance的实例。系统可能会要求您向 gcloud CLI 进行身份验证。gcloud beta source-manager instances create my-instance \ --region=us-central1其中:
my-instance是实例的名称。us-central1是您要创建实例的区域。
系统会启动长时间运行的创建实例操作。输出类似于以下内容:
Create request issued for [my-instance]. done: false metadata: '@type': type.googleapis.com/google.cloud.securesourcemanager.v1.OperationMetadata apiVersion: v1 createTime: '2023-02-27T20:57:52.315609549Z' requestedCancellation: false target: projects/PROJECT_ID/locations/us-central1/instances/my-instance verb: create name: projects/PROJECT_ID/locations/us-central1/operations/operation-1234567894561-5ec69948c0f2b-60dd727f-a9b97a2e其中:
projects/PROJECT_ID/locations/us-central1/operations/operation-1234567894561-5ec69948c0f2b-60dd727f-a9b97a2e是OPERATION_NAME。PROJECT_ID是项目 ID。
创建实例最多可能需要 60 分钟。
请注意
OPERATION_NAME,因为您需要使用它来检查操作的状态。运行以下命令,检查
create操作的状态:gcloud beta source-manager operations describe OPERATION_NAME \ --region=us-central1替换以下内容:
- 将
OPERATION_NAME替换为创建命令响应中的操作名称。
实例准备就绪后,响应将类似于以下内容:
{ "name": "projects/PROJECT_ID/locations/us-central1/operations/operation-123456789012-5ec69948c0f2b-60dd727f-a9b97a2e", "metadata": { "@type": "type.googleapis.com/google.cloud.securesourcemanager.v1.OperationMetadata", "createTime": "2022-11-01T14:31:32.420469714Z", "endTime": "2022-11-01T14:48:34.140378114Z", "target": "projects/PROJECT_ID/locations/us-central1/instances/my-instance", "verb": "create", "requestedCancellation": false, "apiVersion": "v1" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.securesourcemanager.v1.Instance", "name": "projects/PROJECT_ID/locations/us-central1/instances/my-instance", "createTime": "2022-11-01T14:31:32.416413630Z", "updateTime": "2022-11-01T14:31:32.416413630Z" }, "state": "ACTIVE", "hostConfig": { "html": "my-instance-098765432109.us-central1.sourcemanager.dev", "api": "my-instance-098765432109-api.us-central1.sourcemanager.dev", "gitHttp": "my-instance-098765432109-git.us-central1.sourcemanager.dev" } } }其中:
my-instance-098765432109.us-central1.sourcemanager.dev是实例 HTML 网址。PROJECT_ID是项目 ID。
- 将
复制成功创建的检查状态命令中的 HTML 网址。您将需要此网址才能通过网络浏览器访问实例。
如需获取实例的 HTML 网址,请再次运行以下命令:
gcloud beta source-manager operations describe OPERATION_NAME \ --region=us-central1将
gcloud beta source-manager operations describe命令成功响应中的 HTML 网址复制到浏览器地址栏中。系统会显示一个 OAuth 2.0 界面,询问您是否要向
sourcemanager.dev授予对您 Google Cloud 账号的访问权限。点击允许按钮。
系统会打开 Secure Source Manager 网页界面。您可以通过网页界面创建和查看代码库以及所有相关问题和拉取请求。
所需的角色
如需获得创建 Secure Source Manager 实例所需的权限,请让您的管理员为您授予 Google Cloud 项目的 Instance Owner (roles/securesourcemanager.instanceOwner) IAM 角色。
Secure Source Manager 角色只有在授予主账号后才会显示在 Google Cloud 控制台中。如需首次授予 Secure Source Manager 角色,请参阅授予和撤消 IAM 角色。
创建实例
访问实例
创建实例后,您可以使用浏览器通过其网页界面访问该实例。
清理
为避免因本页面中使用的资源导致您的 Google Cloud 账号产生费用,请删除包含这些资源的 Google Cloud 项目。
Delete a Google Cloud project:
gcloud projects delete PROJECT_ID