Create a dedicated Google Cloud Platform project to use with Tailer Platform. Billing needs to be enabled.
To create a new project:
Go to the Manage resources page in the Cloud Console.
In the organization drop-down list at the top of the page, select the organization in which you want to create a project.
Click Create Project.
In the New Project window that appears, enter a project name and select a billing account as applicable.
If you want to add the project to a folder, enter the folder name in the Location box.
When you're finished entering new project details, click Create.
The following Google Cloud APIs need to be enabled for the project you have created:
Identity and Access Management (IAM)
Cloud Resource Manager
To enable an API:
Open the APIs & services page for your project in the Cloud Console.
Click the Enable APIs and Services button.
Click the API you want to enable. If you need help finding the API, use the search field.
In the page that displays information about the API, click Enable.
When you enable the Cloud Functions API, a service account is automatically created for your project. It should be named as follows:
You need to grant roles to this service account so that it has permission to complete specific actions on some resources in your Cloud Platform project.
To grant roles to the service account:
Open the IAM & Admin page for your project in the Cloud Console.
Click the Edit button corresponding to [email protected]
Add the Project > Editor and Service Account > Service Account Token Creator roles.
Click Save to apply the roles to the service account.
The App Engine default account will need to access the following elements of Tailer Platform:
Composer (Airflow): to trigger DAGs
Firestore: to retrieve data operations
Source Repositories: to retrieve Cloud Functions source code
The GCP project hosting the Composer and Firestore instances should already have groups with the appropriate permissions. You have to add the App Engine default account to these groups.
This generic service account will be used among other things for:
Deploying configurations on behalf of an authorized user
Moving files from one bucket to another
To create the service account:
Open the Service Accounts page in the Cloud Console.
Click Select a project, choose your project, and click Open.
Click Create Service Account.
You can use YOUR-PROJECT-ID as a name for the service account.
To generate JSON credentials:
In that row, click the More button, and then click Create key.
Select JSON as Key type and click Create.