This directory contains samples for calling Google Cloud Compute Engine APIs from PHP. Specifically, they show how to manage your VPC firewall rules.
Authentication is typically done through Application Default Credentials which means you do not have to change the code to authenticate as long as your environment has credentials. You have a few options for setting up authentication:
-
When running locally, use the Google Cloud SDK
gcloud auth application-default login -
When running on App Engine or Compute Engine, credentials are already set. However, you may need to configure your Compute Engine instance with additional scopes.
-
You can create a Service Account key file. This file can be used to authenticate to Google Cloud Platform services from any environment. To use the file, set the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable to the path to the key file, for example:export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account.json
-
Install dependencies using Composer. Run
php composer.phar install(if composer is installed locally) orcomposer install(if composer is installed globally). -
Create a service account.
-
Download the json key file of the service account.
-
Set the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable pointing to that file.
To run the Compute samples, run any of the files in src/ on the CLI to print
the usage instructions:
$ php list_firewall_rules.php
Usage: list_firewall_rules.php $projectId
@param string $projectId Project ID or project number of the Cloud project you want to list rules from.
$ php src/create_firewall_rule.php $YOUR_PROJECT_ID "my-firewall-rule"
Created rule my-firewall-rule
$ php src/list_firewall_rules.php $YOUR_PROJECT_ID
--- Firewall Rules ---
- default-allow-icmp : Allow ICMP from anywhere : https://www.googleapis.com/compute/v1/projects/$YOUR_PROJECT_ID/global/networks/default
- default-allow-internal : Allow internal traffic on the default network : https://www.googleapis.com/compute/v1/projects/$YOUR_PROJECT_ID/global/networks/default
$ php src/print_firewall_rule.php $YOUR_PROJECT_ID "my-firewall-rule"
ID: $ID
Kind: compute#firewall
Name: my-firewall-rule
Creation Time: $TIMESTAMP
Direction: INGRESS
Network: https://www.googleapis.com/compute/v1/projects/$YOUR_PROJECT_ID/global/networks/default
Disabled: false
Priority: 100
Self Link: https://www.googleapis.com/compute/v1/projects/$YOUR_PROJECT_ID/global/firewalls/my-firewall-rule
Logging Enabled: false
--Allowed--
Protocol: tcp
- Ports: 80
- Ports: 443
--Source Ranges--
- Range: 0.0.0.0/0
$ php src/delete_firewall_rule.php $YOUR_PROJECT_ID "my-firewall-rule"
Rule my-firewall-rule deleted successfully!
$ php src/patch_firewall_priority.php $YOUR_PROJECT_ID "my-firewall-rule" 100
Patched my-firewall-rule priority to 100.
If you get the following error, set the environment variable GCLOUD_PROJECT to your project ID:
[Google\Cloud\Core\Exception\GoogleException]
No project ID was provided, and we were unable to detect a default project ID.
This sample uses the Google Cloud Compute Client Library for PHP. You can read the documentation for more details on API usage and use GitHub to browse the source and report issues.