-
Notifications
You must be signed in to change notification settings - Fork 579
/
Copy pathgcs-create-bucket.yaml
81 lines (71 loc) · 2.38 KB
/
gcs-create-bucket.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: gcs-create-bucket
labels:
app.kubernetes.io/version: "0.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: cloud, gcs
spec:
description: >-
A Task that creates a new GCS bucket.
This tasks is intended to be a replacement for GCS PipelineResource
and can be used for copying to and from GCS buckets.
workspaces:
- name: credentials
description: A secret with a service account key to use as GOOGLE_APPLICATION_CREDENTIALS.
params:
- name: bucketName
description: |
The name (including "gs://") of the bucket to create.
type: string
- name: project
description: |
The project with which your bucket will be associated.
type: string
- name: storageClass
description: |
The storage class for the new bucket. STANDARD, NEARLINE, COLDLINE, or ARCHIVE.
type: string
default: STANDARD
- name: region
description: |
The region, dual-region, or multi-region for the new bucket.
type: string
default: ""
- name: uniformAccess
description: |
Set this to "true" if the bucket should be created with bucket-level permissions instead of Access Control Lists.
type: string
default: "false"
- name: serviceAccountPath
description: |
The path inside the credentials workspace to the GOOGLE_APPLICATION_CREDENTIALS key file.
type: string
default: service_account.json
steps:
- name: create-bucket
image: google/cloud-sdk
script: |
#!/usr/bin/env bash
set -xe
CRED_PATH="$(workspaces.credentials.path)/$(params.serviceAccountPath)"
if [[ -f "$CRED_PATH" ]]; then
GOOGLE_APPLICATION_CREDENTIALS="$CRED_PATH"
fi
if [[ "${GOOGLE_APPLICATION_CREDENTIALS}" != "" ]]; then
echo GOOGLE_APPLICATION_CREDENTIALS is set, activating Service Account...
gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
fi
MB_PARAMS=()
if [[ "$(params.storageClass)" != "" ]] ; then
MB_PARAMS+=(-c "$(params.storageClass)")
fi
if [[ "$(params.region)" != "" ]] ; then
MB_PARAMS+=(-l "$(params.region)")
fi
if [[ "$(params.uniformAccess)" == "true" ]] ; then
MB_PARAMS+=(-b on)
fi
gsutil mb -p "$(params.project)" "${MB_PARAMS[@]}" "$(params.bucketName)"