diff --git a/codelabs/bigquery-alloydb-insights/scripts/setup_alloydb.sh b/codelabs/bigquery-alloydb-insights/scripts/setup_alloydb.sh index 78bfee78..5f81b773 100644 --- a/codelabs/bigquery-alloydb-insights/scripts/setup_alloydb.sh +++ b/codelabs/bigquery-alloydb-insights/scripts/setup_alloydb.sh @@ -97,7 +97,7 @@ echo "[1/4] Starting AlloyDB deployment (this takes ~10 minutes)..." else echo "PSA Peering exists. Checking if range $PSA_RANGE_NAME is included..." EXISTING_RANGES=$(echo "$PEERING_INFO" | python3 -c "import sys, json; data=json.load(sys.stdin); print(','.join(data[0]['reservedPeeringRanges'])) if data else print('')") - + if [[ $EXISTING_RANGES != *"$PSA_RANGE_NAME"* ]]; then echo "Range $PSA_RANGE_NAME not in peering. Current ranges: $EXISTING_RANGES" echo "Updating connection..." @@ -144,7 +144,7 @@ echo "[1/4] Starting AlloyDB deployment (this takes ~10 minutes)..." --password=$PASSWORD \ --subscription-type=STANDARD \ --quiet - + if [ $? -ne 0 ]; then echo "Error: Failed to create AlloyDB cluster." exit 1 @@ -229,13 +229,13 @@ echo "[4/4] Configuring IAM permissions for AlloyDB..." PROJECT_NUMBER=$(gcloud projects describe "${PROJECT_ID}" --format="value(projectNumber)" 2>/dev/null || echo "") if [[ -n "$PROJECT_NUMBER" ]]; then ALLOYDB_SERVICE_AGENT="service-${PROJECT_NUMBER}@gcp-sa-alloydb.iam.gserviceaccount.com" - + echo " Granting Vertex AI access to AlloyDB Service Agent..." gcloud projects add-iam-policy-binding "${PROJECT_ID}" --format=none \ --member="serviceAccount:${ALLOYDB_SERVICE_AGENT}" \ --role="roles/aiplatform.user" \ --quiet || echo "⚠️ Warning: Failed to grant Vertex AI User role to AlloyDB Service Agent." - + echo " Granting GCS access to AlloyDB Service Agent..." gcloud projects add-iam-policy-binding "${PROJECT_ID}" --format=none \ --member="serviceAccount:${ALLOYDB_SERVICE_AGENT}" \ @@ -254,7 +254,7 @@ if [[ -n "$ALLOYDB_SA" ]]; then --member="serviceAccount:${ALLOYDB_SA}" \ --role="roles/aiplatform.user" \ --quiet || echo "⚠️ Warning: Failed to grant Vertex AI User role to cluster-specific service account." - + echo " Granting GCS access to cluster-specific service account..." gcloud projects add-iam-policy-binding "${PROJECT_ID}" --format=none \ --member="serviceAccount:${ALLOYDB_SA}" \ diff --git a/codelabs/bigquery-alloydb-insights/scripts/setup_lab.sh b/codelabs/bigquery-alloydb-insights/scripts/setup_lab.sh index a537ea44..d840fc9f 100644 --- a/codelabs/bigquery-alloydb-insights/scripts/setup_lab.sh +++ b/codelabs/bigquery-alloydb-insights/scripts/setup_lab.sh @@ -103,16 +103,16 @@ echo "" # [2/8] Create BigQuery dataset # --------------------------------------------------------------- echo "[2/8] Creating BigQuery dataset 'lost_cargo_dataset'..." -bq --location=us-central1 mk --dataset "$PROJECT_ID:lost_cargo_dataset" 2>/dev/null || true +bq --location="$REGION" mk --dataset "$PROJECT_ID:lost_cargo_dataset" 2>/dev/null || true echo " Done." # --------------------------------------------------------------- # [3/8] Create Cloud Resource connection + IAM grants # --------------------------------------------------------------- echo "[3/8] Creating Cloud Resource connection and granting permissions..." -bq mk --connection --location=us-central1 --connection_type=CLOUD_RESOURCE lost_cargo_conn 2>/dev/null || true +bq mk --connection --location=$REGION --connection_type=CLOUD_RESOURCE lost_cargo_conn 2>/dev/null || true -SA_EMAIL=$(bq show --format=prettyjson --connection us-central1.lost_cargo_conn \ +SA_EMAIL=$(bq show --format=prettyjson --connection $REGION.lost_cargo_conn \ | grep "serviceAccountId" | cut -d '"' -f 4) echo " Connection service account: $SA_EMAIL" @@ -133,10 +133,10 @@ echo " You can re-run this step later with: bq mk --connection ..." curl -s -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ - "https://bigqueryconnection.googleapis.com/v1/projects/${PROJECT_ID}/locations/us-central1/connections?connectionId=lost_cargo_alloydb_conn" \ + "https://bigqueryconnection.googleapis.com/v1/projects/${PROJECT_ID}/locations/${REGION}/connections?connectionId=lost_cargo_alloydb_conn" \ -d '{ "cloudSql": { - "instanceId": "'${PROJECT_ID}':us-central1:lost-cargo-cluster", + "instanceId": "'${PROJECT_ID}':'${REGION}':lost-cargo-cluster", "database": "postgres", "type": "POSTGRES", "credential": { @@ -147,7 +147,7 @@ curl -s -X POST \ }' > /dev/null || true # Grant the connection's service account access to AlloyDB -SA_EMAIL_ALLOYDB=$(bq show --format=prettyjson --connection us-central1.lost_cargo_alloydb_conn | grep "serviceAccountId" | cut -d '"' -f 4) +SA_EMAIL_ALLOYDB=$(bq show --format=prettyjson --connection "$REGION.lost_cargo_alloydb_conn" | grep "serviceAccountId" | cut -d '"' -f 4) if [[ -n "$SA_EMAIL_ALLOYDB" ]]; then grant_iam_role_with_retry "$PROJECT_ID" "serviceAccount:$SA_EMAIL_ALLOYDB" "roles/alloydb.client" fi @@ -161,7 +161,7 @@ if gcloud storage buckets describe "$BUCKET" &>/dev/null; then echo " Bucket already exists: $BUCKET" else echo " Creating bucket $BUCKET..." - gcloud storage buckets create "$BUCKET" --location=us-central1 + gcloud storage buckets create "$BUCKET" --location="$REGION" fi echo " Copying images from central bucket..." @@ -223,8 +223,8 @@ echo "============================================" echo "" echo " Created resources:" echo " - BigQuery dataset: lost_cargo_dataset" -echo " - BQ connection: us-central1.lost_cargo_conn (Cloud Resource)" -echo " - BQ connection: us-central1.lost_cargo_alloydb_conn (AlloyDB)" +echo " - BQ connection: $REGION.lost_cargo_conn (Cloud Resource)" +echo " - BQ connection: $REGION.lost_cargo_alloydb_conn (AlloyDB)" echo " - GCS bucket: $BUCKET" echo " - images/: Port security images" echo " - data/: Telemetry data"