我想使用Terraform创建Google Cloud API密钥,是否可行?
我想使用Terraform创建Google Cloud API密钥,是否可行?
谷歌云提供商(版本>= 4.14.0)现在支持使用Terraform创建API密钥。
根据@noamt的建议,更新答案,并附上一个示例。
在这种情况下,该密钥限制可以使用某些GMaps API:
resource "google_apikeys_key" "maps" {
name = "maps-api-key"
display_name = "Nice name displayed in the UI"
restrictions {
# Example of whitelisting Maps Javascript API and Places API only
api_targets {
service = "maps-backend.googleapis.com"
}
api_targets {
service = "places-backend.googleapis.com"
}
}
}
$ gcloud alpha services api-keys
ERROR: (gcloud.alpha.services.api-keys) Command name argument expected.
Available commands for gcloud alpha services api-keys:
clone *(ALPHA)* Create a new API key with the same
metadata as input key.
create *(ALPHA)* Create an API key.
delete *(ALPHA)* Delete an API key.
describe *(ALPHA)* Describe an API key's metadata.
get-key-string *(ALPHA)* Get key string of an API key.
list *(ALPHA)* Lists API keys.
lookup *(ALPHA)* Look up resource name of a key string.
undelete *(ALPHA)* Undelete an API key.
update *(ALPHA)* Update an API key's metadata.
使用--log-http
列出项目API密钥时,您可以看到所使用的API端点:
$ gcloud alpha services api-keys list --project $PROJECT --log-http
...
==== request start ====
uri: https://apikeys.googleapis.com/v2alpha1/projects/$PROJECT/keys?alt=json
...
v2alpha1
,但有一个可用的v2beta1
版本。可以这样验证:$ curl -s -H"Authorization: Bearer $(gcloud auth print-access-token)" \
https://apikeys.googleapis.com/v2beta1/projects/$PROJECT/keys
{
"keys": [
{
"name": "projects/REDACTED/keys/REDACTED",
"displayName": "REDACTED",
"createTime": "2019-04-15T10:39:53.558Z",
"updateTime": "2019-04-15T10:40:06.616639Z",
"restrictions": {
"androidKeyRestrictions": {},
"apiTargets": [
{
"service": "geocoding_backend"
}
]
},
"state": "ACTIVE"
}
]
}
由于terraform谷歌提供商通常很快就会添加新功能,我只能假设支持很快就会到来。您可能想创建一个Github问题来展示您的兴趣。或者关注beta提供商的变更日志。