Identity and Access Management (IAM) with Google Cloud

In this post we’re going to learn how to use Google Cloud IAM (Identity and Access Management) to limit who can manage resources in a Google Cloud account.

If you are interested in AWS IAM, you can check my Identity and Access Management with AWS article.

Concepts

  • Member - An entity that needs to perform an action on a resource. An end user or a service are examples of members
  • Identity - Another name for Member
  • Resource - A resource is pretty much anything that can be managed in GCP. A compute engine instance or a cloud storage bucket are examples of resources
  • Permission - Allows or denys access to resources. For example: create a storage bucket
  • Role - A collection of permissions. Roles can be granted to members
  • Policy - Defines who (member) can perform which actions (permissions) on which resources
Read More

Monetizing a Jekyll blog with Adsense

I’ve been writing this blog for a while and I recently thought it would be nice if it could help pay for the servers I use for my other projects. At the time of this writing, this blog gets around 25,000 views per month, which is not much, but might be enough to pay for a couple of virtual machines (Hopefully. I’ll know more after I have ads running for some time).

Since this blog is built with Jekyll, I’m going to show how to add Adsense to similar blogs.

Creating a site in Adsense

Before we can start adding ads to our site, we need to tell Google that the site is ours. To do that we need click Add site on the Sites section:

Adsense add site

We will then get a code that we should put in the <head> of our website. The code looks something like this:

1
<script data-ad-client="ca-pub-12345678987654321" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
Read More

Introduction to Google Cloud Functions

Cloud Functions are Google’s offering for serverless architecture (similar to AWS lambdas).

What is serverless?

Before we look into how to use Cloud Functions, we should understand some things about it.

Code needs servers to run, so serverless doesn’t mean there are no servers, it means that we don’t need to manage those servers ourselves.

In a usual server based architecture, we might create a service and deploy it to a machine. This service will be running in the machine all the time waiting for requests. This has the disadvantage that even if there are no requests, the machine would need to be up, and incurring cost.

On the other hand, if we use Cloud Functions, we write a service and register it with Google. Google will then listen to the endpoint this service cares about and will only start it when there are requests. If it detects that there haven’t been requests for some time, it will stop the service again.

Read More

Introduction to Golang modules

Modules are the new way of doing dependency management in Golang.

A module is a collection of packages that are distributed together (e.g. a single binary). A module contains a go.mod file at its root.

With modules, it is not necessary to have our code in $GOPATH/src anymore, so we can create a project anywhere.

Let’s start a new project:

1
mkdir ~/project

And make it a module:

1
2
cd ~/project
go mod init mymodule/hello
Read More

Introduction to Google Cloud CLI

A few months ago, I wrote an article about AWS CLI. Today I’m going to explore gcloud, Google Cloud’s CLI.

Installation

The gcloud CLI requires python 3.5 or later. Let’s verify our version will work:

1
python3 --version

If everything is good, we can download the cli:

1
curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-309.0.0-linux-x86_64.tar.gz

Extract it:

1
tar -xvf google-cloud-sdk-309.0.0-linux-x86_64.tar.gz
Read More

Java Lambdas

Sometimes when writing software, it is useful to pass a function as an argument to another function. A common example for this is a generic filter function. In pseudo code, it would look something like this:

1
2
3
4
5
6
7
8
9
10
filter(persons, filter_function) {
  filtered = [];
  for (person in persons) {
    if (filter_function(person)) {
      filtered.push(person);
    }
  }

  return filtered;
}
Read More

Java Map::entryset

The entryset method of a Java Map is used to provide a Set “view” of the Map. Since Map is not iterable, this method provides a way to iterate over the key-value pairs. Let’s look at it in action:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import java.util.HashMap;
import java.util.Set;

class Streams {
  public static void main(String[] args) {
    HashMap<String, String> map = new HashMap<String, String>();
    map.put("hello", "world");
    map.put("hola", "mundo");

    Set<HashMap.Entry<String, String>> set = map.entrySet();
    for (HashMap.Entry<String, String> entry : set) {
      System.out.println("Key: " + entry.getKey() + " Value: " + entry.getValue());
    }
  }
}

The output of this program is:

1
2
Key: hello Value: world
Key: hola Value: mundo
Read More

Introduction to Simple Workflow Service (SWF)

In this post I’m going to explore Simple Workflow Service (SWF) available in AWS.

To understand what SWF is good for, we need to first understand what a workflow is. Wikipedia defines it as follows:

A workflow consists of an orchestrated and repeatable pattern of activity, enabled by the systematic organization of resources into processes that transform materials, provide services, or process information. It can be depicted as a sequence of operations, the work of a person or group, the work of an organization of staff, or one or more simple or complex mechanisms.

In computer systems we care about the part about processing information. Some things that could be modeled as workflows:

  • Deployment pipeline: We could receive some code as input and then build it in a worker machine. We can run tests in parallel in different machines. If all tests pass we can deploy the binaries to another set of machines.
  • Coordinate shipments: A user buys a product on an online store and the order is placed on a system. A human monitors this system and takes care of finding the products in a warehouse and shipping them to the correct address. When the shipment is made, the information is entered in a system. The workflow notices this information an e-mails the user the shipping details.
  • Asynchronous image processing: A system uploads files to a system for processing (let’s say, create thumbnails). A workflow uses multiple workers to execute the task. If any of the machines fails while processing a set of files, they same work can be taken over by another worker.
Read More

The most useful git commands

In the beginning of times, there were centralized version control systems (SVN and Perforce are examples). This means that there is a server somewhere that contains all our code and the history of all the changes. If someone needs to work on that codebase they do a checkout (typically of the main branch) and they will get the newest version of all the files.

If the server looks something like this (Every letter represents a different commit):

Source control server

When a developer checks out main, they will get only the files at D, the commit history exists only in the server.

This has a two main disadvantages:

  • It is not possible to create local branches. If a developer needs a branch they have to push it to the server
  • If the server explodes, all the history is lost
Read More