https://pulumi.com
Join Slack
Guys I have created a composite component which creates a GCP project, an associated service account...
# python
d
Guys I have created a composite component which creates a GCP project, an associated service account and key, a new provider associated with the key
Copy code
from pulumi import ComponentResource, ResourceOptions
from pulumi import Output
import pulumi_gcp
from pulumi_gcp import (
    organizations,
    projects,
    pubsub,
    storage,
    serviceAccount,
)
import base64


class ProjectArgs:
    def __init__(
        self, project_name: str, root_project_name: str, organization_name: str
    ):
        self.project_name = project_name
        self.root_project_name = root_project_name
        self.organization_name = organization_name


class Project(ComponentResource):

    new_project_id: Output[str]
    ephemeral_project_provider: pulumi_gcp.Provider
    project_owner_service_account: pulumi_gcp.serviceAccount.Account

    def __init__(self, name: str, args: ProjectArgs, opts: ResourceOptions = None):

        super().__init__("my-org:modules:Project", name, {}, opts)

        root_project = organizations.Project.get(
            f"{name}-root-project", id=args.root_project_name
        )
        organization = organizations.get_organization(
            organization=args.organization_name
        )

        # Create an ephemeral project
        ephemeral_project = organizations.Project(
            f"{name}-new-project",
            name=args.project_name,
            project_id=args.project_name,
            billing_account=root_project.billing_account,
            org_id=organization.org_id,
        )

        self.project_owner_service_account = serviceAccount.Account(
            resource_name=f"{args.project_name}-project-owner-service-account",
            account_id="projectowner",
            project=ephemeral_project.project_id,
        )

        project_owner_service_account_key = serviceAccount.Key(
            resource_name=f"{args.project_name}-project-owner-service-account-key",
            service_account_id=self.project_owner_service_account.name,
        )

        project_owner_serviceaccount_iam_membership = projects.IAMMember(
            resource_name=f"{args.project_name}-project-owner-service-account-iam-member",
            project=ephemeral_project.project_id,
            role="roles/owner",
            member=self.project_owner_service_account.email.apply(
                lambda service_account_email: f"serviceAccount:{service_account_email}"
            ),
        )

        resourceManagerService = projects.Service(
            f"{args.project_name}-enable-resorce-management",
            project=ephemeral_project.project_id,
            service="<http://cloudresourcemanager.googleapis.com|cloudresourcemanager.googleapis.com>",
        )

        self.ephemeral_project_provider = pulumi_gcp.Provider(
            resource_name="ephemeral_project_provider",
            credentials=project_owner_service_account_key.private_key.apply(
                lambda k: base64.b64decode(k).decode("utf-8")
            ),
            opts=ResourceOptions(
                depends_on=[
                    resourceManagerService,
                    project_owner_serviceaccount_iam_membership,
                ],
            ),
        )

        self.register_outputs({"new_project_id": ephemeral_project.project_id})
Now when I try to use it in my stack, I get an exception because the event loop is already closed
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by