-
Notifications
You must be signed in to change notification settings - Fork 8
Importing Projects
Lukas Karlsson edited this page Jul 29, 2017
·
44 revisions
If users in your domain created GCP projects before the introduction of the Organization resource, you may have projects that are owned by your G Suite users but which are not part of your Organization.
The import_projects.py script will handle the following:
- Retrieve a list of users in your G Suite domain.
- For each user, retrieve a list of GCP projects that the user can see.
- Identify active projects that are 1) owned a domain user and 2) are not part of an organization.
- Display a list of projects to be added to the organization.
- Ask for confirmation to proceed.
- Add a service account as an owner of each project.
- Add each project to the organization.
This script cannot use the Application Default Credentials, because it needs access to do the following things:
- use a Super Admin account to get all users from your G Suite domain (Admin SDK Directory API)
- use each user account to view/update projects (Cloud Resource Manager API)
Instead, we must use a service account.
- Create a service account.
- Save the service account JSON file as
gcp-tools/serviceaccount.json. - Enable the following APIs in the cloud console:
- Delegate domain-wide authority to the service account
- Grant the service account the following scopes in G Suite:
https://www.googleapis.com/auth/admin.directory.user,
https://www.googleapis.com/auth/cloud-platform - Add the service account as a Project Creator on your organization resource.
> ./run.sh import_projects.py [email protected]
Retrieving users from Google Admin SDK Directory API...
Found 13 users in domain.
Scanning all users for projects without a parent...
[email protected]:
* MyDomain Test Project 1: mydomain-test-project01 [367391543796] (ACTIVE)
* MyDomain Test Project 2: mydomain-test-project02 [746509631927] (ACTIVE)
* MyDomain Test Project 3: mydomain-test-project03 [216921026845] (ACTIVE)
Found 3 projects to import:
* mydomain-test-project01 ([email protected])
* mydomain-test-project03 ([email protected])
* mydomain-test-project02 ([email protected])
Preparing to move 3 projects into org: mydomain.com...
---> Are you sure you want to continue? [y/N]: y
Organization: mydomain.com [685481217344] (customer: C0392o3bz)
* mydomain-test-project01:
+ added [email protected] as project owner.
+ added project to organization 685481217344.
* mydomain-test-project02:
+ added [email protected] as project owner.
+ added project to organization 685481217344.
* mydomain-test-project03:
+ added [email protected] as project owner.
+ added project to organization 685481217344.
Done.