Starting virtual machine on gcp compute engine with web-uri

Question

I set up a VM on CE. I want to start and shutdown this VM with the API using the instances().stop and instances().start method with a HTTP request.

Using the API explorer (https://cloud.google.com/compute/docs/reference/rest/v1/instances/start) and putting in project-name, zone and instance-name everything works fine and i can start and stop the VM. I am forwarded to the google login -> i authorize --> it works.

However, when i try to do this via the provided html in my browser: https://www.googleapis.com/compute/v1/projects/{my_projekt}/zones/{my_zone}/instances/{my_instance}/start", it doesn't work. Error: Not found. I figured that some kind of autorization is missing so i also tried to add ?key={my_key}.

In the documentation i find: Requires one of the following OAuth scopes: https://www.googleapis.com/auth/compute https://www.googleapis.com/auth/cloud-platform

But i don't know how to set this up. Someone can help me with that? Is it even possible what i am trying to do?

In a next step i would like to allow others to start and stop this vm by giving them IAM roles. Can they use http post requests as well?

I am pretty new in working with GCP and the autorization process gives me a headache ...

Thanks in advance. Greetings, Oli

Answer 1

Okay, you have 3 ways to achieve this, they are well documented in here, I will list them from the easiest to the harder:

A.- Google Cloud Console.

B.- Google Cloud SDK CLI tool "gcloud".

C.- Google Cloud HTTP API calls.

The permission the account will need to perform the Stop/start of the instance will be:

compute.instances.stop
compute.instances.start

to reset:

compute.instances.reset

A role that has these permission is "compute.instanceAdmin", however you can always create a customer role with the desired permissions.

---

A.- Google Cloud Console

Is the most user friendly way to do it, since it uses a GUI. Go to the Cloud Console, On your Compute Engine Instances. If you don't see your instances on the list, be sure you have selected the proper project.

Click on the instances you want to stop/start and click on the buttons above according to what you want to do.

---

B.- Google Cloud SDK CLI tool "gcloud"

Install the CLI tool "gcloud", authenticate into it using:

gcloud auth login [ACCOUNT] 

Then you will be able to use the commands to Stop/Start/Reset the instances

gcloud compute instances stop example-instance-1 example-instance-2

gcloud compute instances start example-instance

gcloud compute instances reset example-instance

---

C.- Google Cloud HTTP API calls

This is the method you are currently trying to use, you'll have to make an HTTP request to the Google Cloud API: Start , Stop , Reset.

You will need to add your "access token" into the "authentication" field on the header on the request. using "Authorization: bearer here-your-long-token". More information about it here.

How to get the "access token" may vary depending on the language you are using, here's an example in javascript:

var {google} = require("googleapis");

// Load the service account key JSON file.
var serviceAccount = require("path/to/serviceAccountKey.json");

// Define the required scopes.
var scopes = [
  "https://www.googleapis.com/auth/cloud-platform",
  "https://www.googleapis.com/auth/compute"
];

// Authenticate a JWT client with the service account.
var jwtClient = new google.auth.JWT(
  serviceAccount.client_email,
  null,
  serviceAccount.private_key,
  scopes
);

// Use the JWT client to generate an access token.
jwtClient.authorize(function(error, tokens) {
  if (error) {
    console.log("Error making request to generate access token:", error);
  } else if (tokens.access_token === null) {
    console.log("Provided service account does not have permission to generate access tokens");
  } else {
    var accessToken = tokens.access_token;
    // here you have the token, you can use it on your API request.
  }
});