Appearance
Google Cloud
Overview
Google Cloud Platform (GCP) is a cloud resources platform. The Google Cloud App integration allows Tempest to manage the several key resources and sub-resources, providing a comprehensive set of tools for cloud infrastructure management.
Available Resources
- Cloud Build Configuration: Links GitHub repositories to Google Cloud Build projects.
- Sub-resource: Cloud Build Trigger
- Cloud DNS Zone: Manages DNS zones in Google Cloud DNS.
- Sub-resource: Cloud DNS Record
- Memorystore Redis: Creates and manages Redis instances within Google Cloud.
- Cloud Run Service: Deploys and manages container images in Google Cloud Run.
- CloudSQL Instance: Manages database instances in Google Cloud SQL.
- Cloud Storage Bucket: Creates and manages Cloud Storage buckets.
Authentication
In order to allow Tempest to orchestrate and manage GCP resources, you must first authenticate. Tempest currently supports two methods of authentication:
- OAuth2
- Service Account Key
OAuth2
Tempest supports OAuth2 authentication using https://www.googleapis.com/auth/cloud-platform scope.
- Note: If you have issues authenticating via OAuth2, ensure that your Google account has access to request this scope.
To authenticate with OAuth2:
- Go to Recipes and either click “Create Recipe” or select a pre-existing recipe.
- Click an existing GCP resource in your recipe, or add a new resource by selecting “+” next to your preferred environment and selecting a GCP resource.
- Select “Add credentials” and then “+Link credentials.”
- Select “OAuth.”
- Select the Google account you want to authenticate with and enter your password.
- Select “Allow.”
- Once completed, you’ll be authenticated and your name will populate in the credentials drop down.
Note: By default, Google Cloud requires re-authentication for OAuth2 tokens every 24 hours, a setting that can be adjusted in your Google Cloud Console. In general, we recommend authenticating via OAuth2 if you're testing Tempest for non-production resources and want the fastest path for setup. For production resources, we recommend using a Service Account key to avoid potential disruptions.
Service Account Key
Tempest also supports service account keys as an authentication option.
To authenticate:
- Generate a key following instructions here: https://cloud.google.com/iam/docs/keys-create-delete
- Note: The service account attached to the service account key must have access to all of the resources you plan to manage via Tempest. For example, in order for Tempest to use the service account key to manage Memorystore instances, the service account must have the relevant permissions within Google Cloud IAM. For more information: Google Cloud Identity and Access Management
- Go to Recipes and either click “Create Recipe” or select a pre-existing recipe.
- Click an existing GCP resource in your recipe, or add a new resource by selecting “+” next to your preferred environment and selecting a GCP resource.
- Select “Add credentials” and then “+Link credentials.”
- Select “Show more.”
- Select “Service Account.”
- Input a name for your credential. This will be used to identify the credential when you authenticate.
- Upload the JSON file downloaded when you generated your service account key.
- Once completed, you’ll be authenticated and your key name will populate in the credentials drop down.
Resources
The following GCP resources can be managed in Tempest.
Cloud Build Configuration
A Cloud Build Configuration represents a configuration link between a GitHub Repository and a Google Cloud Build Project. This is a parent resource of Cloud Build Trigger.
Create Input
The following input options are available for creating a Cloud Build Configuration:
- Region (required): Select the Google Cloud region where this resource will be created. The default is set to "us-central1". This field uses a data source to populate available regions.
- Repository Full Name (required): Enter the full name of the repository (e.g., "org/repo"). By default, this field will be autofilled with the Project’s GitHub repository's full name.
Properties
| Name | Description |
|---|---|
| Public Key | The public key associated with the Build configuration. |
| Secret ID | The unique identifier for the Private Key stored within Google Cloud Platform. |
| Region | The Google Cloud region where the resource is located. |
Cloud Build Trigger
A Cloud Build Trigger resource can be linked to a Cloud Build Configuration. Creating a Trigger will result in a single run of the Cloud Build pipeline. This is a sub-resource of Cloud Build Configuration.
Create Input
- Repository Full Name (required): The full name of the repository (e.g., "org/repo"). By default, this field will be autofilled with the Project's GitHub repository's full name.
- Branch: The branch to build. If not specified, it defaults to the target repository's default branch.
- Commit Hash: The specific commit hash to build. If not provided, it defaults to the newest commit in the specified branch.
- Image Name: The name of the image to build. By default, it uses the target repository's name.
- Dockerfile: The relative path to the Dockerfile in the repository. Default is "Dockerfile".
Properties
| Name | Description |
|---|---|
| Image (Fully Qualified) | The fully qualified image name that was built (e.g., gcr.io/my-project/my-image:latest). |
| Images | An array of images that were built. |
| ID | The unique identifier for the build. |
| Google Cloud Identifier | The unique identifier for the resource within Google Cloud Platform. |
| Region | The Google Cloud region where the resource is located. |
Cloud DNS Zone
A Cloud DNS Zone represents a DNS zone served by Google Cloud DNS. This can be a private or public zone. This is a parent resource of Cloud DNS Record.
Create Input
- DNS Name (required): Enter the DNS name for the zone (e.g., "example.com").
- Description: Provide a description for the zone. By default, it's set to "Managed by Tempest."
- Visibility: Choose the visibility of the zone, either "public" or "private". The default is set to "private".
Properties
| Name | Description |
|---|---|
| ID | The unique identifier for the zone. |
| Name | The name of the zone. |
| Description | A description of the zone. |
| DNS Name | The DNS name of the zone. |
| Visibility | The visibility of the zone (either "public" or "private"). |
Cloud DNS Record
An individual record within a specified Parent Cloud DNS Zone. This is a sub-resource of a Cloud DNS Zone.
Create Input
- Record Name: The name of the record to create. This is the domain name for the record, without the domain suffix. If not specified, a random name will be generated.
- Record Type (required): The type of DNS record to create. Options include A, AAAA, CNAME, and TXT. Default is CNAME.
- Target (required): The content of the DNS record. For CNAME records, this should be a fully-qualified domain name. For A or AAAA records, this should be an IP address.
- TTL: The Time-To-Live value for the record, in seconds. Default is 300 seconds (5 minutes).
Properties
| Name | Description |
|---|---|
| Name | The name of the resource record set to which this record belongs. |
| ID | A unique identifier for the resource, defined by the server. |
| Record Contents | An array of DNS records in this set. |
| Type | The record type. |
Memorystore Redis
A Memorystore Redis resource will create and manage a single Redis instance within Google Cloud.
Create Input
- Region (required): Select the Google Cloud region where this resource will be created. The default is set to "us-central1". This field uses a data source to populate available regions.
- Name: The name of the Redis instance. A random identifier will be appended to ensure uniqueness. Default is "tempest-managed-instance".
- Size: Specify the size of the instance in GB. The minimum is 1 GB, which is also the default.
- High Availability: If enabled, this instance will be configured with a primary and secondary node. By default, this is set to false.
Properties
| Name | Description |
|---|---|
| ID | The unique identifier for the Redis instance within Google Cloud Platform. |
| Name | The name of the Redis instance. |
| Host | The host name or IP address of the Redis instance. |
| Port | The port number of the Redis instance. |
| Region | The Google Cloud region where the resource is located. |
| Project | The Google Cloud project where the resource is located. |
Cloud Run Service
A Cloud Run Service resource will run a single container image within Google Cloud Run.
Create Input
- Region (required): Select the Google Cloud region where this resource will be created. The default is set to "us-central1". This field uses a data source to populate available regions.
- Name (required): Name of the service to create in Google Cloud Run. By default, this field will be autofilled with the Project's GitHub repository name.
- Image (required): Image to deploy in Google Cloud Run. This should be a fully qualified image name (e.g., "gcr.io/my-project/my-image:latest"). By default, this field will be autofilled with the image built by the most recent Cloud Build Trigger.
- Description: Description of the service to create in Google Cloud Run. Default is "Managed by Tempest."
- Visibility: Choose the visibility of the service, either "public" or "private". The default is set to "private".
- Minimum Instances: Minimum number of instances to run in Google Cloud Run. Default is 1.
- Maximum Instances: Maximum number of instances to run in Google Cloud Run. Default is 1.
- Port: Port to expose in Google Cloud Run. Default is 8080.
Properties
| Name | Description |
|---|---|
| ID | The unique identifier for the resource within Google Cloud Platform. |
| UID | The unique identifier of the service. |
| URI | The URI of the service. |
| FQDN | The fully qualified domain name of the service. |
| Region | The Google Cloud region where the resource is located. |
| Project | The Google Cloud project where the resource is located. |
| Name | The name of the service. |
CloudSQL Instance
A CloudSQL Instance resource represents a single database instance hosted in Google Cloud SQL.
Create Input
- Region (required): Select the Google Cloud region where this resource will be created. The default is set to "us-central1".
- Name: The name of the database instance. A random identifier will be appended to ensure uniqueness. Default is "tempest-managed-instance".
- Database Version: Choose the version of the database instance. Options include various versions of MySQL and PostgreSQL. Default is "POSTGRES_15".
- Edition: Select the edition of the database instance. Options are "ENTERPRISE" or "ENTERPRISE_PLUS". Default is "ENTERPRISE".
- Tier: Specify the tier of the database instance. Default is "db-f1-micro". This field uses a data source to populate available tiers.
Properties
| Name | Description |
|---|---|
| ID | The unique identifier for the resource within Google Cloud Platform. |
| Connection Name | The connection name for the instance, which can be used with the Cloud SQL Proxy to connect to the instance. |
| Project | The Google Cloud project where the instance resides. |
| Region | The Google Cloud region where the instance is located. |
| Service Account Email Address | The email address of the service account attached to the instance. |
| Database Version | The database version of the instance. |
| DNS Name | The DNS name of the instance. |
| Write Endpoint | The IP address of the instance's write endpoint. |
Cloud Storage Bucket
A single Cloud Storage Bucket.
Create Input
- Name: The name of the bucket. A random identifier will be appended to ensure uniqueness. Default is "tempest-managed-bucket".
- Location: Choose the location for the Cloud Storage bucket. Options include US, EU, ASIA, AU, CA, and IN. Default is "US". For more information on locations, see https://cloud.google.com/storage/docs/locations
- Versioning: Enable or disable versioning for the bucket. Default is false (disabled).
Properties
| Name | Description |
|---|---|
| ID | The unique identifier for the resource within Google Cloud Platform. |
| Name | The name of the bucket. |
| Location | The location of the bucket. |
| Storage Class | The storage class of the bucket. |