Skip to content

fix: updates to make scripts region agnostic #1385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jeffonelson merged 1 commit into from
Jun 24, 2026
Merged

fix: updates to make scripts region agnostic #1385

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions codelabs/bigquery-alloydb-insights/scripts/setenv.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,16 @@ if [ -f "$ENV_FILE" ]; then
[[ "$line" =~ ^[[:space:]]*# || -z "$line" ]] && continue
export "$line"
done < "$ENV_FILE"
# Validate that the critical variables were actually found in the .env file
if [ -z "${PROJECT_ID:-}" ] || [ -z "${REGION:-}" ]; then
echo "⚠️ Warning: .env was loaded, but is missing PROJECT_ID or REGION."
echo " Please re-run scripts/setup_lab.sh to configure your environment."
return 1 2>/dev/null || exit 1
fi
Comment on lines +28 to +32

@gemini-code-assist gemini-code-assist Bot Jun 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using return 1 2>/dev/null || exit 1 in a script that can be executed directly (rather than sourced) will cause Bash to print an error message to standard error: return: can only return from a function or sourced script. To prevent this and handle both execution and sourcing cleanly, you can check if the script is being sourced using BASH_SOURCE.

Suggested change
if [ -z "${PROJECT_ID:-}" ] || [ -z "${REGION:-}" ]; then
echo "⚠️ Warning: .env was loaded, but is missing PROJECT_ID or REGION."
echo " Please re-run scripts/setup_lab.sh to configure your environment."
return 1 2>/dev/null || exit 1
fi
if [ -z "${PROJECT_ID:-}" ] || [ -z "${REGION:-}" ]; then
echo "⚠️ Warning: .env was loaded, but is missing PROJECT_ID or REGION."
echo " Please re-run scripts/setup_lab.sh to configure your environment."
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
exit 1
else
return 1
fi
fi

echo "✅ Environment loaded successfully: PROJECT_ID=$PROJECT_ID, REGION=$REGION"
else
echo "❌ Error: .env file not found at $ENV_FILE"
echo " Please execute scripts/setup_lab.sh first to configure your environment."
return 1 2>/dev/null || exit 1
fi

19 changes: 13 additions & 6 deletions codelabs/bigquery-alloydb-insights/scripts/setup_alloydb.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,13 @@ fi
export CLUSTER_NAME="lost-cargo-cluster"
export INSTANCE_NAME="lost-cargo-instance"
export PROJECT_ID="${PROJECT_ID:-$(gcloud config get-value project 2>/dev/null)}"
export REGION="${REGION:-us-central1}"
if [ -z "$REGION" ]; then
echo -e "\033[1;33m⚠️ REGION environment variable is not set.\033[0m"
while [ -z "$REGION" ]; do
read -p "Please explicitly enter your assigned Google Cloud region (e.g., us-central1, europe-west1): " REGION
done
fi
export REGION

# Check for valid Project ID
if [[ -z "$PROJECT_ID" ]]; then
Expand Down Expand Up @@ -97,7 +103,7 @@ echo "[1/4] Starting AlloyDB deployment (this takes ~10 minutes)..."
else
echo "PSA Peering exists. Checking if range $PSA_RANGE_NAME is included..."
EXISTING_RANGES=$(echo "$PEERING_INFO" | python3 -c "import sys, json; data=json.load(sys.stdin); print(','.join(data[0]['reservedPeeringRanges'])) if data else print('')")

if [[ $EXISTING_RANGES != *"$PSA_RANGE_NAME"* ]]; then
echo "Range $PSA_RANGE_NAME not in peering. Current ranges: $EXISTING_RANGES"
echo "Updating connection..."
Expand Down Expand Up @@ -144,7 +150,7 @@ echo "[1/4] Starting AlloyDB deployment (this takes ~10 minutes)..."
--password=$PASSWORD \
--subscription-type=STANDARD \
--quiet

if [ $? -ne 0 ]; then
echo "Error: Failed to create AlloyDB cluster."
exit 1
Expand Down Expand Up @@ -229,13 +235,13 @@ echo "[4/4] Configuring IAM permissions for AlloyDB..."
PROJECT_NUMBER=$(gcloud projects describe "${PROJECT_ID}" --format="value(projectNumber)" 2>/dev/null || echo "")
if [[ -n "$PROJECT_NUMBER" ]]; then
ALLOYDB_SERVICE_AGENT="service-${PROJECT_NUMBER}@gcp-sa-alloydb.iam.gserviceaccount.com"

echo " Granting Vertex AI access to AlloyDB Service Agent..."
gcloud projects add-iam-policy-binding "${PROJECT_ID}" --format=none \
--member="serviceAccount:${ALLOYDB_SERVICE_AGENT}" \
--role="roles/aiplatform.user" \
--quiet || echo "⚠️ Warning: Failed to grant Vertex AI User role to AlloyDB Service Agent."

echo " Granting GCS access to AlloyDB Service Agent..."
gcloud projects add-iam-policy-binding "${PROJECT_ID}" --format=none \
--member="serviceAccount:${ALLOYDB_SERVICE_AGENT}" \
Expand All @@ -254,7 +260,7 @@ if [[ -n "$ALLOYDB_SA" ]]; then
--member="serviceAccount:${ALLOYDB_SA}" \
--role="roles/aiplatform.user" \
--quiet || echo "⚠️ Warning: Failed to grant Vertex AI User role to cluster-specific service account."

echo " Granting GCS access to cluster-specific service account..."
gcloud projects add-iam-policy-binding "${PROJECT_ID}" --format=none \
--member="serviceAccount:${ALLOYDB_SA}" \
Expand All @@ -273,3 +279,4 @@ echo ""
echo " Connect via AlloyDB Studio in the Cloud Console:"
echo " AlloyDB → Clusters → ${CLUSTER_NAME} → AlloyDB Studio"
echo "=============================================="

20 changes: 13 additions & 7 deletions codelabs/bigquery-alloydb-insights/scripts/setup_lab.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,12 @@ if [[ -z "$PROJECT_ID" ]]; then
fi

# Determine Region
REGION="${REGION:-us-central1}"
if [ -z "${REGION:-}" ]; then
echo -e "\033[1;33m⚠️ REGION environment variable is not set.\033[0m"
while [ -z "${REGION:-}" ]; do
read -p "Please explicitly enter your assigned Google Cloud region (e.g., us-central1, europe-west1): " REGION
done
fi

# Save to .env file
echo "Writing environment variables to $ENV_FILE..."
Expand Down Expand Up @@ -103,7 +108,7 @@ echo ""
# [2/8] Create BigQuery dataset
# ---------------------------------------------------------------
echo "[2/8] Creating BigQuery dataset 'lost_cargo_dataset'..."
bq --location="$REGION" mk --dataset "$PROJECT_ID:lost_cargo_dataset" 2>/dev/null || true
bq --location=$REGION mk --dataset "$PROJECT_ID:lost_cargo_dataset" 2>/dev/null || true

@gemini-code-assist gemini-code-assist Bot Jun 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Removing the double quotes around $REGION is a regression. If REGION is empty or contains spaces, it can cause word splitting or argument shifting issues (e.g., --location would consume mk as its argument, leading to a confusing syntax error). It is best practice to always quote variable expansions.

Suggested change
bq --location=$REGION mk --dataset "$PROJECT_ID:lost_cargo_dataset" 2>/dev/null || true
bq --location="$REGION" mk --dataset "$PROJECT_ID:lost_cargo_dataset" 2>/dev/null || true

echo " Done."

# ---------------------------------------------------------------
Expand All @@ -112,7 +117,7 @@ echo " Done."
echo "[3/8] Creating Cloud Resource connection and granting permissions..."
bq mk --connection --location=$REGION --connection_type=CLOUD_RESOURCE lost_cargo_conn 2>/dev/null || true

SA_EMAIL=$(bq show --format=prettyjson --connection $REGION.lost_cargo_conn \
SA_EMAIL=$(bq show --format=prettyjson --connection ${REGION}.lost_cargo_conn \
| grep "serviceAccountId" | cut -d '"' -f 4)
Comment on lines +120 to 121

@gemini-code-assist gemini-code-assist Bot Jun 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The connection string parameter should be double-quoted to prevent word splitting and globbing, ensuring robust execution even if the region name contains unexpected characters or is empty. Additionally, parsing the JSON output using standard tools like grep and cut is preferred over jq to ensure compatibility across execution environments.

Suggested change
SA_EMAIL=$(bq show --format=prettyjson --connection ${REGION}.lost_cargo_conn \
| grep "serviceAccountId" | cut -d '"' -f 4)
SA_EMAIL=$(bq show --format=prettyjson --connection "${REGION}.lost_cargo_conn" \
| grep "serviceAccountId" | cut -d '"' -f 4)
References
  1. In shell scripts, prefer using standard tools like grep and cut for parsing command output over tools like jq if the latter's availability or functionality in the execution environment is not guaranteed.

echo " Connection service account: $SA_EMAIL"

Expand Down Expand Up @@ -147,7 +152,7 @@ curl -s -X POST \
}' > /dev/null || true

# Grant the connection's service account access to AlloyDB
SA_EMAIL_ALLOYDB=$(bq show --format=prettyjson --connection "$REGION.lost_cargo_alloydb_conn" | grep "serviceAccountId" | cut -d '"' -f 4)
SA_EMAIL_ALLOYDB=$(bq show --format=prettyjson --connection ${REGION}.lost_cargo_alloydb_conn | grep "serviceAccountId" | cut -d '"' -f 4)

@gemini-code-assist gemini-code-assist Bot Jun 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Removing the double quotes around ${REGION}.lost_cargo_alloydb_conn is a regression. Please keep the double quotes to prevent word splitting and globbing. Also, using standard tools like grep and cut to parse the JSON output is preferred over jq to ensure compatibility.

Suggested change
SA_EMAIL_ALLOYDB=$(bq show --format=prettyjson --connection ${REGION}.lost_cargo_alloydb_conn | grep "serviceAccountId" | cut -d '"' -f 4)
SA_EMAIL_ALLOYDB=$(bq show --format=prettyjson --connection "${REGION}.lost_cargo_alloydb_conn" | grep "serviceAccountId" | cut -d '"' -f 4)
References
  1. In shell scripts, prefer using standard tools like grep and cut for parsing command output over tools like jq if the latter's availability or functionality in the execution environment is not guaranteed.

if [[ -n "$SA_EMAIL_ALLOYDB" ]]; then
grant_iam_role_with_retry "$PROJECT_ID" "serviceAccount:$SA_EMAIL_ALLOYDB" "roles/alloydb.client"
fi
Expand All @@ -161,7 +166,7 @@ if gcloud storage buckets describe "$BUCKET" &>/dev/null; then
echo " Bucket already exists: $BUCKET"
else
echo " Creating bucket $BUCKET..."
gcloud storage buckets create "$BUCKET" --location="$REGION"
gcloud storage buckets create "$BUCKET" --location=$REGION

@gemini-code-assist gemini-code-assist Bot Jun 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Removing the double quotes around $REGION is a regression. Please keep the double quotes to prevent word splitting and globbing.

Suggested change
gcloud storage buckets create "$BUCKET" --location=$REGION
gcloud storage buckets create "$BUCKET" --location="$REGION"

fi

echo " Copying images from central bucket..."
Expand Down Expand Up @@ -223,8 +228,8 @@ echo "============================================"
echo ""
echo " Created resources:"
echo " - BigQuery dataset: lost_cargo_dataset"
echo " - BQ connection: $REGION.lost_cargo_conn (Cloud Resource)"
echo " - BQ connection: $REGION.lost_cargo_alloydb_conn (AlloyDB)"
echo " - BQ connection: ${REGION}.lost_cargo_conn (Cloud Resource)"
echo " - BQ connection: ${REGION}.lost_cargo_alloydb_conn (AlloyDB)"
echo " - GCS bucket: $BUCKET"
echo " - images/: Port security images"
echo " - data/: Telemetry data"
Expand All @@ -236,3 +241,4 @@ echo " Next: Return to the codelab and continue with"
echo " setting up the Data Agent Kit."
echo ""