how do you create a google cloud project and service account using node js?

Question

How do you programmatically provision a google cloud project, enable API's and create a service account using node js?

thanks

Chris

Answer 1

The answer lies within the REST API.

Assuming you’re using the Cloud Shell, first install the Node.JS Client Library by running:

npm install googleapis --save

To create a project you can use the Resource Manager API method ‘projects.create‘ as shown in the Node.JS code example there. Replace my-project-id with the desired Project ID, and my-project-name with the desired Project name:

const {google} = require('googleapis');
var cloudResourceManager = google.cloudresourcemanager('v1');

authorize(function(authClient) {
  var request = {
    resource: {
      "projectId": "my-project-id", // TODO
      "name": "my-project-name" // TODO
    },
    auth: authClient,
  };

  cloudResourceManager.projects.create(request, function(err, response) {
    if (err) {
      console.error(err);
      return;
    }
    console.log(JSON.stringify(response, null, 2));
  });
});

Similarly you can use the Cloud IAM API ‘projects.serviceAccounts.create’ method to create Service Accounts. Replace my-project-id with the project ID the Service Account will be associated with, and my-service-account with the desired Service Account ID:

const {google} = require('googleapis');
var iam = google.iam('v1');

authorize(function(authClient) {
  var request = {
    name: 'projects/my-project-id', // TODO
    resource: {
      "accountId": "my-service-account" // TODO
    },
    auth: authClient,
  };

  iam.projects.serviceAccounts.create(request, function(err, response) {
    if (err) {
      console.error(err);
      return;
    }
    console.log(JSON.stringify(response, null, 2));
  });
});

And then, to enable an API or Service use the Service Usage API ‘services.enable’ method. In this case, I will enable the Cloud Pub/Sub API. Replace 123 with your project number:

const {google} = require('googleapis');
var serviceUsage = google.serviceusage('v1');

authorize(function(authClient) {
  var request = {
    name: "projects/123/services/pubsub.googleapis.com", // TODO
    auth: authClient,
  };

  serviceUsage.services.enable(request, function(err, response) {
    if (err) {
      console.error(err);
      return;
    }
    console.log(JSON.stringify(response, null, 2));
  });
});

Alternatively you may use the ‘services.batchEnable‘ method to enable multiple APIs in a single call. You can find a full list of the APIs you can enable here.

You can define each call with:

function authorize(callback) {
  google.auth.getClient({
    scopes: ['https://www.googleapis.com/auth/cloud-platform']
  }).then(client => {
    callback(client);
  }).catch(err => {
    console.error('authentication failed: ', err);
  });
}

Note that you should adapt the code to your needs, simplifying it, and modifying or adding any additional parameters you require for your API calls.

Answer 2

The Deployment Manager allows you to provision all these resources and can be triggered through the API.

There is even an official example on GitHub that does the following:

1. Creates a new project.
2. Sets the billing account on the new project.
3. Sets IAM permissions on the new project.
4. Turns on a set of apis in the new project.
5. Creates service accounts in the new project.

Remember to replace the values in the config.yaml file. To get the billing account ID, you can use the billingAccounts.list method, and to get the organization ID, you can use the gcloud organizations list command.

Keep in mind that you will need to set up the requirements specified in the README file of the example repository, but this only needs to be done once. The permissions to the DM Service Account can be set in the Manage Resources section of the Cloud Console.

Once you have changed the required configurations, you can test the deployment with the gcloud deployment-manager deployments create command and get the request body sent to the Deployments: insert API by adding the --log-http flag. Notice that what interests you is the first request, the others are made to check the progress of the operation.

Finally, with the request body contents, you can change the values you need and make this call to the API using nodejs. This post provides examples on how to use the google-api-nodejs-client to create deployments.

The advantage of using the Deployment Manager is that all resources can be created in a single request.