Managing projects
All resources on the CBWS platform are part of a project, they help bundle related resources for a specific goal.
This guide describes how to create and use them to organize your resources.
Creating a project
Creating projects requires the Project creator role on an organization, after creation you will get the
Project owner role allowing to fully manage resources in the newly created project.
Hint
Since project names are unique across the entire CBWS platform it might be useful to for example prepend them with an abbreviation of your organization or product name.
- Click on the project selection button
- Click on create project
cbws projects create test-project
package main
import (
"context"
"log"
projects "github.com/cbws/go-cbws/cbws/projects/v1alpha1"
)
func main() {
p, err := projects.NewClient(context.Background())
if err != nil {
log.Fatalf("Error: %+v", err)
}
project, err := p.CreateProject(context.Background(), "//organizations.cloudbear.nl/organizations/908e6132-1eb9-11ea-939b-9c81b2f6bed2", "test-project")
if err != nil {
log.Fatalf("Error: %+v", err)
}
log.Printf("Project: %+v", project)
}
<?php
$projects = new \Cbws\API\Projects\V1alpha1\Client();
$project = $projects->createProject('//organizations.cloudbear.nl/organizations/908e6132-1eb9-11ea-939b-9c81b2f6bed2', 'test-project');
Listing projects
You generally have quite a few projects, listing all of them can be doing as follows:
List all the projects you have access to, this will also include projects from organizations you've been given access to.
cbws projects list
This example uses the PaginateProjects helper method and the Iterate function of the CBWS pagination library
to iterate through all the projects and handles pagination on the background.
package main
import (
"context"
"log"
projects "github.com/cbws/go-cbws/cbws/projects/v1alpha1"
)
func main() {
p, err := projects.NewClient(context.Background())
if err != nil {
log.Fatalf("Error: %+v", err)
}
paginator := p.PaginateProjects()
edges, err := pagination.Iterate(context.Background(), paginator)
if err != nil {
log.Fatalf("Error: %+v", err)
}
for _, edge := range edges {
log.Printf("Project: %+v", edge.Node)
}
}
<?php
$projects = new \Cbws\API\Projects\V1alpha1\Client();
$data = $projects->listProjects();
foreach ($data->getProjects() as $project) {
var_dump($project);
}
echo 'Next page token: ' . $data->getNextPageToken() . PHP_EOL;
Using a project
Most things you do on the CBWS platform will be done in the context of a project. Most tools will work in a specific project so you can focus on the things at hand. It is however very easy to switch back and forth between different projects.
When you open the CBWS panel you can select a project by using the project selection button in the menu on the left.
The CBWS command line tool generally operates on a specific project. This way you only see and manage the resources related to that specific project. Switching between projects can be done using the following command:
cbws projects use test-project
You can also use a flag to run a specfic command on a different project:
cbws -p test-project iam service-accounts list
Project IAM policies
When creating a new project, you will be the only one with the Project owner role. This will give you full access to
all resources within the project, and full access to the project itself. To give others or service accounts access to
your project or create a more specific access policy you can use the project IAM policies.
For more details IAM policies you can read the IAM getting started documentation.
Info
To ensure we can help you we by default also give Cloudbear tech support the Tech support role on your project.
You can remove this at any point, this however means our support department won't be able to immediately help you.
Getting current policy
In this example we're going to view the current IAM policy of the test-project project.
package main
import (
"context"
"log"
projects "github.com/cbws/go-cbws/cbws/projects/v1alpha1"
)
func main() {
p, err := projects.NewClient(context.Background())
if err != nil {
log.Fatalf("Error: %+v", err)
}
policy, err := v.GetIAMPolicy(context.Background(), "projects/test-project")
if err != nil {
log.Fatalf("Error: %+v", err)
}
log.Printf("Policy: %+v", policy)
}
Changing policy
In this example we're going to give user employee2@example.com the ability to administer virtual machines in the
test-project project. For this we will be creating a binding in the policy that uses the
services/vm.cbws.xyz/roles/vm-admin role.
Warning
Giving a principal the setIAMPolicy permission will also allow this principal to give themselves more permissions.
Project policies can be managed via the CBWS portal by opening a project and clicking on Policy in the menu on the left.
Tip
Setting a new policy overrides the previous policy entirely, make sure you include all bindings that should exist after applying.
package main
import (
"context"
"log"
"github.com/cbws/go-cbws-grpc/cbws/iam/policy/v1alpha1"
projects "github.com/cbws/go-cbws/cbws/projects/v1alpha1"
)
func main() {
p, err := projects.NewClient(context.Background())
if err != nil {
log.Fatalf("Error: %+v", err)
}
_, err = v.SetIAMPolicy(context.Background(), "projects/test-project", v1alpha1.Policy{
Bindings: []*v1alpha1.Binding{
{
Role: "roles/owner",
Description: "Owner access for project creator",
Members: []string{"user:employee1@example.com"},
},
{
Role: "services/vm.cbws.xyz/roles/vm-admin",
Description: "Virtual machine admin for colleague",
Members: []string{"user:employee2@example.com"},
},
{
Role: "roles/tech-support",
Description: "Tech support access for Cloudbear tech departments",
Members: []string{"group:tech@cloudbear.nl"},
},
},
})
}