GCP
The GCP plugin lets formae manage Google Cloud Platform resources.
Configuration
Target
Configure a GCP target in your Forma file:
import "@formae/formae.pkl"
import "@gcp/gcp.pkl"
target: formae.Target = new formae.Target {
label = "gcp-target"
config = new gcp.Config {
project = "your-project-id"
region = "us-central1"
// Optional: path to service account key file
// credentialsFile = read("env:GCP_CREDENTIALS_FILE")
}
}Credentials
The plugin uses the standard GCP credential chain.
Application Default Credentials (ADC):
gcloud auth application-default loginService Account Key File:
export GCP_CREDENTIALS_FILE="/path/to/service-account-key.json"Then reference it in your target config:
config = new gcp.Config {
project = "your-project-id"
region = "us-central1"
credentialsFile = read("env:GCP_CREDENTIALS_FILE")
}Workload Identity (on GKE): when running on GKE with Workload Identity enabled, credentials are provided automatically.
OIDC (for CI/CD): for GitHub Actions, use google-github-actions/auth with Workload Identity Federation.
| Environment Variable | Description | Required |
|---|---|---|
GCP_PROJECT_ID |
GCP project ID | Yes |
GCP_PROJECT_NUMBER |
GCP project number | For WIF |
GCP_REGION |
GCP region (e.g., europe-central2) |
Yes |
GCP_ZONE |
GCP zone (e.g., europe-central2-b) |
For zonal resources |
GCP_CREDENTIALS_FILE |
Path to service account JSON key | Local only |
Examples
Examples are bundled with formae at /opt/pel/formae/examples/formae-plugin-gcp/.
Before running any example, resolve the Pkl dependencies:
pkl project resolve /opt/pel/formae/examples/formae-plugin-gcpAvailable examples:
| Example | Description |
|---|---|
| gcp-lifeline | VPC network with subnets, firewalls, router, and compute instance |
| gcp-loadbalancer | HTTP(S) load balancer setup |
# Evaluate an example
formae eval /opt/pel/formae/examples/formae-plugin-gcp/gcp-lifeline/gcp_lifeline.pkl
# Apply resources
formae apply --mode reconcile --watch /opt/pel/formae/examples/formae-plugin-gcp/gcp-lifeline/gcp_lifeline.pklSupported Resources
46 resource types across eight GCP services.
BigQuery
| Type | Description |
|---|---|
GCP::BigQuery::Dataset |
Top-level container for tables and views |
GCP::BigQuery::Table |
Table within a dataset |
Bigtable
| Type | Description |
|---|---|
GCP::Bigtable::Backup |
Point-in-time backup of a table |
GCP::Bigtable::Cluster |
Cluster within a Bigtable instance |
GCP::Bigtable::Instance |
Bigtable instance (container for clusters and tables) |
GCP::Bigtable::MaterializedView |
Materialized view over a source table |
GCP::Bigtable::Table |
Table within a Bigtable instance |
Cloud Run
| Type | Description |
|---|---|
GCP::CloudRun::Execution |
Single run of a Cloud Run Job |
GCP::CloudRun::Job |
Batch job that runs to completion |
GCP::CloudRun::Revision |
Immutable snapshot of a Service configuration |
GCP::CloudRun::Service |
Long-running HTTP service |
GCP::CloudRun::Task |
Individual task within a Job execution |
GCP::CloudRun::WorkerPool |
Pool of long-running worker instances |
Compute
| Type | Description |
|---|---|
GCP::Compute::Address |
Regional external or internal IP address |
GCP::Compute::BackendService |
Regional backend service for load balancing |
GCP::Compute::Disk |
Zonal persistent disk |
GCP::Compute::Firewall |
VPC firewall rule |
GCP::Compute::ForwardingRule |
Regional forwarding rule for load balancers |
GCP::Compute::GlobalAddress |
Global external or internal IP address |
GCP::Compute::GlobalForwardingRule |
Global forwarding rule |
GCP::Compute::HealthCheck |
Global health check |
GCP::Compute::Instance |
Compute Engine VM instance |
GCP::Compute::Network |
VPC network |
GCP::Compute::RegionBackendService |
Regional backend service |
GCP::Compute::RegionHealthCheck |
Regional health check |
GCP::Compute::RegionTargetHttpProxy |
Regional HTTP target proxy |
GCP::Compute::RegionTargetHttpsProxy |
Regional HTTPS target proxy |
GCP::Compute::RegionTargetTcpProxy |
Regional TCP target proxy |
GCP::Compute::RegionUrlMap |
Regional URL map |
GCP::Compute::Router |
Cloud Router for dynamic routing and NAT |
GCP::Compute::Subnetwork |
Subnet within a VPC network |
GCP::Compute::TargetHttpProxy |
Global HTTP target proxy |
GCP::Compute::TargetHttpsProxy |
Global HTTPS target proxy |
GCP::Compute::TargetPool |
Target pool for network load balancing |
GCP::Compute::TargetSslProxy |
Global SSL target proxy |
GCP::Compute::TargetTcpProxy |
Global TCP target proxy |
GCP::Compute::UrlMap |
Global URL map |
Container (GKE)
| Type | Description |
|---|---|
GCP::Container::Cluster |
GKE cluster |
GCP::Container::NodePool |
Node pool within a GKE cluster |
GKE Hub
| Type | Description |
|---|---|
GCP::GKEHub::Feature |
Fleet-wide feature (e.g., Config Management, Service Mesh) |
GCP::GKEHub::Membership |
Cluster membership in a fleet |
Cloud SQL
| Type | Description |
|---|---|
GCP::SQL::DatabaseInstance |
Managed Cloud SQL instance (MySQL, PostgreSQL, SQL Server) |
Cloud Storage
| Type | Description |
|---|---|
GCP::Storage::AnywhereCache |
Anywhere Cache instance for a bucket |
GCP::Storage::Bucket |
Cloud Storage bucket |
GCP::Storage::BucketAccessControl |
ACL entry for a bucket |
GCP::Storage::DefaultObjectAccessControl |
Default ACL applied to new objects in a bucket |
GCP::Storage::ObjectAccessControl |
ACL entry for an individual object |
Release notes
See release notes for changes per version.