建立及存取執行個體
建立 Secure Source Manager 執行個體並存取其網頁介面,準備建立存放區及授予使用者存取權。
事前準備
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
Install the Google Cloud CLI.
-
如果您使用外部識別資訊提供者 (IdP),請先 使用聯合身分登入 gcloud CLI。
-
如要初始化 gcloud CLI,請執行下列指令:
gcloud init -
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the Secure Source Manager API:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable securesourcemanager.googleapis.com
-
Install the Google Cloud CLI.
-
如果您使用外部識別資訊提供者 (IdP),請先 使用聯合身分登入 gcloud CLI。
-
如要初始化 gcloud CLI,請執行下列指令:
gcloud init -
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the Secure Source Manager API:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable securesourcemanager.googleapis.com
- 安裝
betaGoogle Cloud CLI 元件:gcloud components install beta
執行下列指令,在
us-central1location 中建立名為my-instance的執行個體。系統可能會要求您向 gcloud CLI 進行驗證。gcloud beta source-manager instances create my-instance \ --region=us-central1其中:
my-instance是執行個體的名稱。us-central1是您要建立執行個體的地區。
系統會啟動長時間執行的建立執行個體作業。輸出結果類似如下:
Create request issued for [my-instance]. done: false metadata: '@type': type.googleapis.com/google.cloud.securesourcemanager.v1.OperationMetadata apiVersion: v1 createTime: '2023-02-27T20:57:52.315609549Z' requestedCancellation: false target: projects/PROJECT_ID/locations/us-central1/instances/my-instance verb: create name: projects/PROJECT_ID/locations/us-central1/operations/operation-1234567894561-5ec69948c0f2b-60dd727f-a9b97a2e其中:
projects/PROJECT_ID/locations/us-central1/operations/operation-1234567894561-5ec69948c0f2b-60dd727f-a9b97a2e是OPERATION_NAME。PROJECT_ID是您的專案 ID。
建立執行個體最多需要 60 分鐘。
請記下
OPERATION_NAME,因為您需要使用這個 ID 來檢查作業狀態。執行下列指令,檢查
create作業的狀態:gcloud beta source-manager operations describe OPERATION_NAME \ --region=us-central1更改下列內容:
OPERATION_NAME,並將其替換為建立指令回應中的作業名稱。
執行個體準備就緒後,回應內容應如下所示:
{ "name": "projects/PROJECT_ID/locations/us-central1/operations/operation-123456789012-5ec69948c0f2b-60dd727f-a9b97a2e", "metadata": { "@type": "type.googleapis.com/google.cloud.securesourcemanager.v1.OperationMetadata", "createTime": "2022-11-01T14:31:32.420469714Z", "endTime": "2022-11-01T14:48:34.140378114Z", "target": "projects/PROJECT_ID/locations/us-central1/instances/my-instance", "verb": "create", "requestedCancellation": false, "apiVersion": "v1" }, "done": true, "response": { "@type": "type.googleapis.com/google.cloud.securesourcemanager.v1.Instance", "name": "projects/PROJECT_ID/locations/us-central1/instances/my-instance", "createTime": "2022-11-01T14:31:32.416413630Z", "updateTime": "2022-11-01T14:31:32.416413630Z" }, "state": "ACTIVE", "hostConfig": { "html": "my-instance-098765432109.us-central1.sourcemanager.dev", "api": "my-instance-098765432109-api.us-central1.sourcemanager.dev", "gitHttp": "my-instance-098765432109-git.us-central1.sourcemanager.dev" } } }其中:
my-instance-098765432109.us-central1.sourcemanager.dev是執行個體 HTML 網址。PROJECT_ID是您的專案 ID。
從成功建立的檢查狀態指令中複製 HTML 網址。您需要這個網址,才能透過網路瀏覽器存取執行個體。
如要取得執行個體的 HTML 網址,請再次執行下列指令:
gcloud beta source-manager operations describe OPERATION_NAME \ --region=us-central1將
gcloud beta source-manager operations describe指令成功回應中的 HTML 網址,複製到瀏覽器網址列。系統會顯示 OAuth 2.0 畫面,詢問您是否要授權「
sourcemanager.dev」存取您的 Google Cloud 帳戶。按一下「允許」按鈕。
Secure Source Manager 網頁介面隨即開啟。您可以在網頁介面中建立及查看存放區,以及所有相關聯的問題和提取要求。
必要的角色
如要取得建立 Secure Source Manager 執行個體所需的權限,請要求管理員為您授予專案的 Google Cloud 執行個體擁有者 (roles/securesourcemanager.instanceOwner) 身分與存取權管理角色。
Secure Source Manager 角色指派給主體後,才會顯示在 Google Cloud 控制台中。如要首次授予 Secure Source Manager 角色,請參閱「授予及撤銷身分與存取權管理角色」。
建立執行個體
存取執行個體
建立執行個體後,您可以使用瀏覽器透過網頁介面存取執行個體。
清除所用資源
如要避免系統向您的 Google Cloud 帳戶收取本頁面所用資源的費用,請刪除含有這些資源的 Google Cloud 專案。
Delete a Google Cloud project:
gcloud projects delete PROJECT_ID