Datadog Gold Partner logo

Programatically manage Google Cloud Resources via REST APIs

By Kishore Jagannath.Aug 19, 2022

In this article we will deep dive on how we can easily and efficiently manage the GCP resources using the REST APIs exposed by Google Cloud . We will look at how REST APIs in GCP provide a generic framework for automation and programatic management. With GCP REST APIs you can adopt a TEST -> IMPLEMENT -> REUSE approach for managing GCP resources. The sample code will be in python but you can do an equivalent substitution with any programming language of choice

APIs in GCP

GCP exposes REST APIs to create, list, view, delete or modify the various resources within GCP. While SDKs exist across multiple programming languages each SDK has its own methods and documentation. For e.g the SDK for accessing and managing Google cloud Storage resources is different from the SDK for managing GCP compute resources. Also using every SDK involves some amount of learning curve.

GCP provides JSON based REST APIS to manage the various resources and detailed documentation is available.

For e.g the Compute engine API can be found in 

https://cloud.google.com/compute/docs/reference/rest/v1  and GCS REST APIs in 

https://cloud.google.com/storage/docs/json_api/v1

Test your API Requests

The parameters, headers, request body and authentication form a critical part of a REST API. GCP provides the facility to Try out a JSON API wherein you can not only specify the parameters and Headers, but also construct the Request Body(with autosuggest) and submit the Request to your GCP project of choice. This enables developers to verify complex request body data and the request parameters in an easy manner without writing a single line of code.

Article-Programatically manage Google Cloud Resources via REST APIs_1

Also code snippets available for HTTP and Java script

HTTP Code snippet

POST https://storage.googleapis.com/storage/v1/b?project=test-project-gcp&key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
“name”: “my-test-bucket”,
“cors”: [],
“acl”: [],
“lifecycle”: {},
“labels”: {}
}

Code Implementation

Once you have tested the Parameters, Headers and Request body as mentioned above, the next step is to start coding the REST client.

Authentication

One of the important aspects of GCP REST client is Authentication and Authorisation . For Authentication & Authorisation, the flexible and simplest way is to set the CREDENTIALS via an environmental variable and do a token refresh. The CREDENTIALS is usually service account having the relevant GCP permissions to perform the API operation.

By setting the CREDENTIALS via environmental variable, you can avoid hardcoding the credentials in the code. This also enables you to run the same code in different environments and CICD pipelines without any code changes.

For e.g : export GOOGLE_APPLICATION_CREDENTIALS=”KEY_PATH”

Once you have the GCP credentials available in your environment, you can use the google.auth.credentials api to obtain a token with a limited life time based on the CREDENTIALS set in your environment.

The python code snippet to obtain tokens for the credentials set in the environment is as below

import google.auth
import google.auth.transport.requests
def get_creds():
credentials, proj_id = google.auth.default(scopes=[“https://www.googleapis.com/auth/cloud-platform”])
auth_req = google.auth.transport.requests.Request()
credentials.refresh(auth_req) #refresh token
token_str=(credentials.token) # prints token
print(credentials.expiry)
return token_str,proj_id

Invoking GCP APIs via REST CLIENT

Let’s take an example of invoking the REST API to create a Cloud function in GCP. In this method we obtain the access token by calling the get_creds() function mentioned above. This access token is mentioned in the “Authorization” header and a post request is sent with the request body JSON. The request body JSON can be obtained as mentioned above in “Test Your API Requests” section.

def create_function_with_trigger(bucket_name, bucket_out, template):
access_token,proj_id=auth.get_creds()
functions_url = “https://cloudfunctions.googleapis.com/v1/projects/media-348707/locations/us-central1/functions”
print(f’ cloud function {access_token}’)
headers_req={‘Authorization’: ‘Bearer ‘ + access_token}
request_body=get_request_for_create_cloud_function(template, bucket_out, bucket_name)
resp = requests.post(url=functions_url, json=request_body, headers=headers_req)
print(resp.content)

The request_body in the above code is the JSON Request for the API. With the above code, it is possible to manage any API resource with few lines of code and the best part is that the whole API can be tested independently as mentioned initially. This enables users to create a faster and efficient client to manage GCP resources efficiently.

Code Reuse

Apart from the request url and request body in the code above, most of code on the client side is reusable. Let’s say you want to create a new GCP resource from API, say a compute instance , you can repeat the whole process of using the GCP API documentation to frame the request body and request url. Apart from the request body and request url, the client code is similar for any post request and can be reused.

Conclusion

REST APIs enables you to easily managed GCP resources by following the TEST -> IMPLEMENT -> REUSE approach. Also a rich set of API documentation with the ability to “Try out any API” exposed by GCP makes this process simpler , efficient and less error prone


The original article published on Medium.

Related Posts