mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-04-25 10:40:49 +00:00
Code Issues Releases Wiki Activity

Convert gsutil to gcloud storage (#2670)

Browse Source 
Use of gsutil is discouraged / deprecated, see https://cloud.google.com/storage/docs/gsutil
This commit is contained in:
gbrodman
2025-02-07 16:01:19 -05:00
committed by GitHub
parent a63812160e
commit 34103ec815
13 changed files with 56 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/operational-procedures/brda-deposits.md
View File

@@ -61,7 +61,7 @@ $ mkdir /tmp/brda.$$; for date in 2015-02-26 2015-03-05; \
* Store the generated files to the GCS bucket.
```shell
$ gsutil -m cp /tmp/brda.$$/*.{ryde,sig} gs://{PROJECT-ID}-icann-brda/`
$ gcloud storage cp /tmp/brda.$$/*.{ryde,sig} gs://{PROJECT-ID}-icann-brda/`
```
* Mirror the files in the GCS bucket to the sFTP server.

8
docs/operational-procedures/rde-deposits.md
View File

@@ -99,12 +99,12 @@ that no cooldown period is necessary.
## Listing deposits in Cloud Storage
You can list the files in Cloud Storage for a given TLD using the gsutil tool.
You can list the files in Cloud Storage for a given TLD using the gcloud storage tool.
All files are stored in the {PROJECT-ID}-rde bucket, where {PROJECT-ID} is the
name of the App Engine project for the particular environment you are checking.
```shell
$ gsutil ls gs://{PROJECT-ID}-rde/zip_2015-05-16*
$ gcloud storage ls gs://{PROJECT-ID}-rde/zip_2015-05-16*
gs://{PROJECT-ID}-rde/zip_2015-05-16-report.xml.ghostryde
gs://{PROJECT-ID}-rde/zip_2015-05-16.xml.ghostryde
gs://{PROJECT-ID}-rde/zip_2015-05-16.xml.length
@@ -167,7 +167,7 @@ Sometimes you'll want to take a peek at the contents of a deposit that's been
staged to cloud storage. Use this command:
```shell
$ gsutil cat gs://{PROJECT-ID}-rde/foo.ghostryde | nomulus -e production ghostryde --decrypt | less
$ gcloud storage cat gs://{PROJECT-ID}-rde/foo.ghostryde | nomulus -e production ghostryde --decrypt | less
```
## Identifying which phase of the process failed
@@ -242,7 +242,7 @@ $ nomulus -e production ghostryde --encrypt \
# 3. Copy to Cloud Storage so RdeUploadTask can find them.
$ gsutil cp ${tld}_${date}_full_S1_R0{,-report}.xml.ghostryde gs://{PROJECT-ID}-rde/
$ gcloud storage cp ${tld}_${date}_full_S1_R0{,-report}.xml.ghostryde gs://{PROJECT-ID}-rde/
```
## Updating an RDE cursor

27
docs/proxy-setup.md
View File

@@ -29,12 +29,11 @@ service like [Spinnaker](https://www.spinnaker.io/) for release management.
## Detailed Instruction
We use [`gcloud`](https://cloud.google.com/sdk/gcloud/) and
[`terraform`](https://terraform.io) to configure the proxy project on GCP. We
use [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to
deploy the proxy to the project. Additionally,
[`gsutil`](https://cloud.google.com/storage/docs/gsutil) is used to create GCS
bucket for storing the terraform state file. These instructions assume that all
four tools are installed.
[`terraform`](https://terraform.io) to configure the proxy project on GCP and to create a GCS
bucket for storing the terraform state file. We use
[`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to deploy
the proxy to the project. These instructions assume that all three tools are
installed.
### Setup GCP project
@@ -59,8 +58,8 @@ environment.
In the proxy project, create a GCS bucket to store the terraform state file:
```bash
$ gsutil config # only if you haven't run gsutil before.
$ gsutil mb -p <proxy-project> gs://<bucket-name>/
$ gcloud auth login # only if you haven't run gcloud before.
$ gcloud storage buckets create gs://<bucket-name>/ --project <proxy-project>
```
### Obtain a domain and SSL certificate
@@ -185,7 +184,7 @@ This encrypted file is then uploaded to a GCS bucket specified in the
`config.tf` file.
```bash
$ gsutil cp <combined_secret.pem.enc> gs://<your-certificate-bucket>
$ gcloud storage cp <combined_secret.pem.enc> gs://<your-certificate-bucket>
```
### Edit proxy config file
@@ -379,8 +378,8 @@ A file named `ssl-cert-key.pem.enc` will be created. Upload it to a GCS bucket
in the proxy project. To create a bucket and upload the file:
```bash
$ gsutil mb -p <proxy-project> gs://<bucket-name>
$ gustil cp ssl-cert-key.pem.enc gs://<bucket-name>
$ gcloud storage buckets create gs://<bucket-name> --project <proxy-project>
$ gcloud storage cp ssl-cert-key.pem.enc gs://<bucket-name>
```
The proxy service account needs the "Cloud KMS CryptoKey Decrypter" role to
@@ -396,9 +395,9 @@ The service account also needs the "Storage Object Viewer" role to retrieve the
encrypted file from GCS:
```bash
$ gsutil iam ch \
serviceAccount:<service-account-email>:roles/storage.objectViewer \
gs://<bucket-name>
$ gcloud storage buckets add-iam-policy-binding gs://<bucket-name> \
--member=serviceAccount:<service-account-email> \
--role=roles/storage.objectViewer
```
### Proxy configuration