GCP Setup: Guide For New Developers

Hey guys! So, you're a new developer joining the team and ready to dive into our Google Cloud Platform (GCP) environment? Awesome! This guide will walk you through the steps to get your development environment set up, specifically focusing on accessing the local Google Cloud Storage (GCS) server. Think of this as your treasure map to accessing the GCS server, ensuring you can contribute to our amazing projects without a hitch. Let's get started!

Why This Guide?

Before we jump into the how-to, let’s quickly cover the why. Working with a local GCS server is super important for development. It allows us to:

• Develop and test our applications without hitting the live production environment. This means we can experiment, break things, and fix them without affecting real users – crucial for a smooth development process.
• Work offline or with limited internet connectivity. A local server means you're not always reliant on a stable internet connection, boosting productivity.
• Speed up development cycles. Local access is generally faster than accessing remote servers, which means faster iterations and quicker progress.

This guide consolidates the knowledge gleaned from some of our seasoned GCP veterans, @naglepuff and @pkalita-lbl, ensuring you benefit from their expertise from day one. We'll also be testing these instructions with @marySalvi to guarantee they're crystal clear and easy to follow. So, you're in good hands!

Prerequisites

Before we dive into the setup process, let's make sure you have all the necessary tools and permissions. Think of these as your essential gear for the GCP adventure:

• A Google Cloud Platform (GCP) Account: This is your base camp. If you don't have one yet, you'll need to get one set up. Talk to your team lead or system administrator for assistance.
• Sufficient GCP Permissions: You'll need the rights to manage users and grant permissions within our GCP project. This is like having the key to the kingdom – without it, you won't be able to unlock the resources you need. Specifically, you’ll likely need the “roles/iam.securityAdmin” role or equivalent permissions.
• The Google Cloud SDK (gcloud CLI): This is your trusty multi-tool. It allows you to interact with GCP services from your command line. Make sure you have it installed and configured. You can download it from the official Google Cloud documentation.
• Familiarity with the Command Line: You'll be using the command line to execute various commands, so a basic understanding of command-line operations is essential.

Once you've ticked off these prerequisites, you're ready to roll!

Step-by-Step Instructions: Setting Up a New Developer

Alright, let’s get down to the nitty-gritty. This is where we’ll walk through the actual steps to set up a new developer on GCP, granting them access to the local GCS server. Consider this your detailed map, guiding you through each stage of the process.

Step 1: Add the New Developer as a User in GCP

First things first, we need to add the new developer to our GCP project. This is like adding their name to the guest list. To do this, we'll use the gcloud CLI. Open your terminal and follow these substeps:

1. Identify the Project ID: You'll need your GCP project ID. This is a unique identifier for your project. If you're unsure, you can find it in the GCP Console.
2. Add the User: Use the following command, replacing [developer-email] with the developer's email address and [your-project-id] with your actual project ID:

   gcloud projects add-iam-policy-binding [your-project-id] --member='user:[developer-email]' --role='roles/viewer'
   

   This command adds the developer as a “Viewer” to the project. The roles/viewer role grants them basic read-only access. We'll grant more specific permissions in the following steps.
3. Verify User Addition: You can verify that the user has been added by navigating to the IAM & Admin section in the GCP Console and checking the list of members.

Adding the user to the project is the foundational step, ensuring they're recognized within our GCP environment. It's like giving them their entry pass to the GCP world.

Step 2: Grant Permissions to Access the Local GCS Server

Now that the developer is a user in our project, we need to grant them the necessary permissions to interact with the local GCS server. This is like giving them the specific tools they need for their work. Here’s how we do it:

1. Identify the Service Account: Our local GCS server typically uses a service account for authentication. You'll need to identify the service account associated with your local GCS server. This is usually an email address ending in @.gserviceaccount.com. You can find this information in your GCS server configuration or by asking your team lead.
2. Grant Storage Object Viewer Role: We'll grant the developer the “Storage Object Viewer” role, which allows them to view objects in the GCS bucket. Use the following command, replacing [developer-email], [service-account-email], and [your-project-id] with the appropriate values:

   gcloud iam service-accounts add-iam-policy-binding [service-account-email] --member='user:[developer-email]' --role='roles/storage.objectViewer' --project=[your-project-id]
   

3. Grant Storage Object Creator Role (if needed): If the developer needs to upload objects to the GCS bucket, we'll also grant them the “Storage Object Creator” role. Use the following command:

   gcloud iam service-accounts add-iam-policy-binding [service-account-email] --member='user:[developer-email]' --role='roles/storage.objectCreator' --project=[your-project-id]
   

4. Grant Storage Object Admin Role (if needed): In some instances, a developer might need full administrative access to the storage bucket. If this is the case, the