GCP

Setup

Gallery's GCP integration works through Oauth authorization. In order to setup Gallery, then, all you need to do is "Login With Google" when the prompt comes up on the integration page.

Security Note

Since some Google Cloud services (like App Engine, for example), require a new project to create a clone of your production setup, we need to be able to hold permissions to create new projects, while service accounts only hold permissions to individual projects, we cannot use service accounts to perform all project creation actions. However, we try to limit our use of your Oauth credentials as much as possible, only using it to create new projects, and to create service accounts on those projects, which we then use to provision the cloud services required for your review environments.

Build Information

The following environment variables (in the build) are automatically filled in by Gallery:

• GOOGLE_APPLICATION_CREDENTIALS: Holds the path to a JSON file holding the credentials to a service account that has Owner access to the created Gallery project.

• GOOGLE_PROJECT_ID: The GCP project ID for the project in which the new resources for the review environment are spun up.

• GOOGLE_SERVICE_ACCOUNT: The email for the Gallery service account to be used to provision resources, and the service account that corresponds to the application credential file.

Terraform Information

The following terraform variables are available:

• gallery_info.google_project_id: The GCP project ID for the project in which the new resources for the review environment are spun up.