MCPcopy
hub / github.com/modelcontextprotocol/registry / ensureRequiredAPIs

Function ensureRequiredAPIs

deploy/pkg/providers/gcp/provider.go:80–123  ·  view source on GitHub ↗

ensureRequiredAPIs adopts the GCP APIs the deploy depends on as Pulumi-managed services. Encoding them as Pulumi resources makes the dependency explicit and protects against drift (an org policy reset or accidental disable). Note: bootstrap APIs (storage, cloudresourcemanager, container — see deplo

(ctx *pulumi.Context, projectID string, resourceOpts []pulumi.ResourceOption)

Source from the content-addressed store, hash-verified

78// Returns the Cloud Resource Manager API resource specifically, since the node-SA
79// IAM bindings need to DependsOn it (SetIamPolicy is gated on CRM).
80func ensureRequiredAPIs(ctx *pulumi.Context, projectID string, resourceOpts []pulumi.ResourceOption) (*projects.Service, error) {
81 // Service Usage API (which projects.NewService itself uses) is enabled by default
82 // on GCP projects, so we don't need to manage it here.
83
84 // CRM is created explicitly (not in the loop below) because callers need a
85 // direct reference to it for DependsOn — projects.NewIAMMember calls
86 // SetIamPolicy under the hood, which is gated on CRM.
87 crm, err := projects.NewService(ctx, "crm-api", &projects.ServiceArgs{
88 Project: pulumi.String(projectID),
89 Service: pulumi.String("cloudresourcemanager.googleapis.com"),
90 DisableOnDestroy: pulumi.Bool(false),
91 DisableDependentServices: pulumi.Bool(false),
92 }, resourceOpts...)
93 if err != nil {
94 return nil, fmt.Errorf("failed to ensure cloudresourcemanager.googleapis.com is enabled: %w", err)
95 }
96
97 otherAPIs := []struct {
98 resourceName string
99 serviceName string
100 }{
101 // Required for compute.GetDefaultServiceAccount and the GKE cluster.
102 {"compute-api", "compute.googleapis.com"},
103 // Required for the GKE cluster.
104 {"container-api", "container.googleapis.com"},
105 // Required for fluentbit-gke to ship container logs.
106 {"logging-api", "logging.googleapis.com"},
107 // Required for the managed Prometheus collector to ship metrics.
108 {"monitoring-api", "monitoring.googleapis.com"},
109 }
110
111 for _, api := range otherAPIs {
112 _, err := projects.NewService(ctx, api.resourceName, &projects.ServiceArgs{
113 Project: pulumi.String(projectID),
114 Service: pulumi.String(api.serviceName),
115 DisableOnDestroy: pulumi.Bool(false),
116 DisableDependentServices: pulumi.Bool(false),
117 }, resourceOpts...)
118 if err != nil {
119 return nil, fmt.Errorf("failed to ensure %s is enabled: %w", api.serviceName, err)
120 }
121 }
122 return crm, nil
123}
124
125// grantNodeServiceAccountRoles grants the default compute service account the standard
126// GKE node roles required for log shipping (fluentbit-gke) and metrics scraping

Callers 1

Calls 1

StringMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…