This project is a sample project for creating a prototype GCP API client that could be used to assist projects that need to operate across a GCP org instead of a GCP project.
Requirements to run:
- A service account with the following organization-level GCP permissions:
- resourcemanager.projects.list (Project List Function)
- serviceusage.services.list (Service List Function)
- resourcemanager.projects.get (Get Billing Info Function)
- bigquery.datasets.get (BigQuery Datasets List Function)
- This application must be run using the above service account.
This is how the shim works.
- Using the ResourceManager list all GCP projects in the Spotify organization.
- Filter out any projects that are not in the active state. (For example, a project in the process of being deleted.)
- Use the ServiceList API to get all enabled services. (This is regrettably complicated string-manipulation code. An enum of services — or a definitive listing of all available services — would help considerably.)
- Look up the Billing Information for the project to see if billing is enabled.
- Once all this metadata is present an application should be able to iterate all projects in an org looking for projects that use a particular service and then issue calls as needed.
- Billing does not need to be enabled for Read API calls, but does need to be enabled for write API calls.