apphub-app-creator is a command-line utility to generate Google Cloud App Hub applications from Cloud Asset Inventory (CAIS) asset searches.
This tool simplifies the process of creating App Hub applications by allowing you to define them based on existing GCP resource labels, tags or resource names.
apphub-app-creator is a binary and you can download the appropriate one for your platform from here. Run this script to download & install the latest version (on Linux or Darwin)
curl -L https://raw.githubusercontent.com/srinandan/apphub-app-creator/main/downloadLatest.sh | sh -or
docker run -ti --rm ghcr.io/srinandan/apphub-app-creator:latest apps generate --helpThe primary command is generate, which creates App Hub applications based on a GCP resource label.
-
Ensure you have authenticated with Google Cloud CLI:
gcloud auth login gcloud auth application-default login
-
The user or service account running the tool must have the following IAM roles:
apphub.adminon the App Hub management project.cloudasset.vieweron the project where your resources are located.logging.vieweron the project where logs are written to.
-
Please follow the instructions here to setup on Host Projects
-
OR Please follow the instructions here to enable a folder for Application Management.
Please see the documentation for all available options.
To create App Hub applications based on well known labels and tags:
docker run -it --rm ghcr.io/srinandan/apphub-app-creator:latest apps generate \
--project-id="my-gcp-project" \
--locations="us-central1" \
--auto-detect=trueTo create App Hub applications for all resources in my-gcp-project that have the label key appid, you would run:
docker run -it --rm ghcr.io/srinandan/apphub-app-creator:latest apps generate \
--project-id="my-gcp-project" \
--locations="us-central1" \
--label-key="appid"This will:
- Search for all resources in
my-gcp-projectwith the label keyappid. - For each unique value of the
appidlabel key, it will create a new App Hub application. - The services and workloads for each application will be populated from the resources that share the same label value.
To create App Hub applications for all resources in my-gcp-project that have the label key appid and value app1, you would run:
docker run -it --rm ghcr.io/srinandan/apphub-app-creator:latest apps generate \
--project-id="my-gcp-project" \
--locations="us-central1" \
--label-key="appid" \
--label-value="app1"This will:
- Search for all resources in
my-gcp-projectwith the label keyappidand valueapp1. - It will create a new App Hub application the services and workloads for each application will be populated from the resources that share the same label value.
To create App Hub applications for all resources in my-gcp-project that have the label key appid and deployed in multiple locations, you would run:
docker run -it --rm ghcr.io/srinandan/apphub-app-creator:latest apps generate \
--project-id="my-gcp-project" \
--locations="us-central1" \
--locations="us-east1" \
--label-key="appid"This will:
- Search for all resources in
my-gcp-projectwith the label keyappidin the locationsus-central1and `us-east1. - For each unique value of the
appidlabel key, it will create a new App Hub application. - The services and workloads for each application will be populated from the resources that share the same label value.
The delete command deletes one or more applications in a given set of locations. The delete command requires the following flags:
--locations: (Required) GCP location names to delete applications from (e.g. us-central1).--management-project: (Required) The project where App Hub is managed.
apphub-app-creator can also run as an HTTP server, which allows you to create applications by making API calls.
To start the server, run the following command:
apphub-app-creator serverBy default, the server starts on port 8080. You can specify a different port using the --port flag:
apphub-app-creator server --port=8081-
GET /
Returns a
200 OKstatus to indicate that the server is running.
-
POST /generate
Creates App Hub applications based on the provided JSON payload.
Example Payload (
sample1.json):{ "selector": { "autoDetect": true }, "scope": { "parent": "projects/xxxx", "locations": [ "us-central1", "global" ], "managementProject": "google-mpf-xxxx" }, "action": { "reportOnly": true } }Example
curlcommand:curl -X POST -H "Content-Type: application/json" -d @samples/sample1.json http://localhost:8080/generate
All artifacts are signed by cosign. We recommend verifying any artifact before using them.
You can use the following public key to verify any apphub-app-creator binary with:
cat cosign.pub
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHHFDIsSzmNuYtsR1R0+nElNG3WuY
asYLL8Ko8vw+CvCcGEV7BuI5vJykMBQWlW3XfDoGtPLQ4oxhuCaK21h07w==
-----END PUBLIC KEY-----
cosign verify-blob --key=cosign.pub --signature apphub-app-creator_<platform>_<arch>.zip.sig apphub-app-creator_<platform>_<arch>.zipWhere platform can be one of Darwin, Linux or Windows and arch (architecture) can be one of arm64 or x86_64
All images are signed by cosign. We recommend verifying any container before using them.
cat cosign.pub
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHHFDIsSzmNuYtsR1R0+nElNG3WuY
asYLL8Ko8vw+CvCcGEV7BuI5vJykMBQWlW3XfDoGtPLQ4oxhuCaK21h07w==
-----END PUBLIC KEY-----
cosign verify --key=cosign.pub ghcr.io/srinandan/apphub-app-creator:latestPlease see CONTRIBUTING.md for information on how to contribute to this project.
This project is licensed under the Apache 2.0 License - see the LICENSE.txt file for details.
This is not an officially supported Google product