Trying to assign a newly created and domain-joined machine fails with a 400 Bad Request error from the CAM API. This means that the machine has never been assigned.

orchestrate broker machine unassign machine1 has no effect at all even if the machine is indeed assigned.

Add ability to specify whether to use standard or SSD drives when creating a template. It is currently hard-coded to pd-standard.

Add serial port enable to instance creation. see this for future reference. https://cloud.google.com/compute/docs/instances/interacting-with-serial-console

The Teradici deployment scripts master branch has been updated to support network name customization in all deployment types. The variable names were renamed to: dc_subnet_name, cac_subnet_name, and ws_subnet_name, whereas we were using controller_network, connector_network, and workstations_network. Update orchestrate.systems.teradici.main to match the new variable names. See this for further reference: https://github.com/teradici/cloud_deployment_scripts/blob/master/deployments/gcp/multi-region/networking.tf#L168-L194

The orchestrate broker machines assign command fails with a cryptic 400 Bad Request error if the --zone option is not explicitly provided. It should automatically pick up the default zone from the active configuration if none is provided, or perhaps even get it from the the GCP API. In any event, make sure that the command can pick up the zone from the active configuration if it's not explicitly provided. And, if no zone can be provided to the backend, it should raise a descriptive error message to the user.

orchestrate templates create allow for customizing the network name via --network. The subnetwork name is expected to match the network name. However, this may not always be the case. Especially in cases when there are corporate policies imposed in the deployment projects that may enforce certain topology and network names. Add a --subnetwork option to customize the name as needed. Make it default to the same value as --network if not explicitly provided.

api/bin/create_cluster.sh and api/bin/update_cluster.sh are currently hard-coded to zone us-central1-a. This needs to be parameterized just like project.

Use CAM service account credentials for orchestrate broker commands so user doesn't have to generate an API token so often (currently expire in 2 hours)

The CAM-level service account can be used just for POST deployments/ and POST auth/keys and literally nothing else in the API. Any other requests raise a 403 status. The deployment-level service account can be used for all other API calls except the two that the CAM-level service account has access to. Unfortunately, to fully automate the deployment of the teradici components, we need a service account that could also call POST auth/tokens/connectors and others. Right after the deployment, orchestrate broker commands require a service account credentials to use other endpoints. See #34 for more context.

Ultimately, we want to minimize the manual steps in web UIs and have user generate a single service account credentials file. Have the code detect the type of service account from the credentials content and adapt. If given a CAM-level account, it should create a deployment-level account and cache the credentials automatically in ~/.config/teradici so that the orchestrate broker commands work seamlessly and without requiring the user creating new credentials manually.

orchestrate broker machines assign fails with an error saying that post endpoint does not exist.

Many of the Teradici CAM API endpoints that the orchestrate broker commands use under the hood support pagination with a default limit of 15. Add command-line parameters to support pagination and/or auto-paginate results. Currently, it only shows the first page.

All instances are intended to be isolated from the external network and only accessible via a connection broker.

Add ability to specify either startup-script-url or windows-startup-script-url when creating a template so that it gets propagated to the instance when calling orchestrate instances create. The user needs to be responsible for doing the initialization required for the systems deployed in the project, e.g. PCoIP registration, joining AD domain, etc.

Make sure that the cluster create and update scripts are explicitly specifying --network and --subnetwork, otherwise it would assume default which may not exist in the project.

By default, orchestrate systems deploy teradici would deploy a multi-region setup. However, there are a couple others that might be of interest depending on the use case, e.g. single-connector, and single-connector2 (experimental for deploying in an existing shared VPC with an existing subnet and without the ability to create networks or subnetworks.)

Add a deployment-type parameter and add the multi-region connectors information if connectors is not empty.

The PCoIP client is showing a power-management error when attempting to connect to a machine that has been assigned to a user.

orchestrate systems deploy teradici is currently deploying a single connector. Let's make multi-region the default deploying one connector in us-west2-b and one in us-east4-b behind a GLB by default.

When I start: orchestrate projects register --help
I get this error:
ImportError: cannot import name 'orchestrate_pb2_grpc' from 'orchestrate.service'
The service folder has an initi.py without any functions

Add integration tests for common workflows:

• Create an image
• Create a template
• Create individual machines from a template
• Deploy a storage cluster
• Deploy a broker and active directory

In addition to the config files and environment variables currently supported to point the CLI to the API service, add support for storing credentials in a secret in GCP. Access can be granted to users based on permissions. See this for reference: https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets

Currently, all deployable systems are expected to be located in the orchestrate/systems package. For instance, orchestrate systems deploy teradici filestore virtual-studio. However, it would need to be able to locate additional systems from the path to allow third-parties to develop automation recipes and integrate additional systems into orchestrate. It would also be useful to allow them to use full packages name, for instance: orchestrate systems deploy vendor1.storage vendor2.cache

Properly package orchestrateapi as an installable Python package similar to the orchestrate CLI one. This will enable integration tests to initialize a local server automatically to run tests against it by being able to import both orchestrate (CLI) and orchestrateapi (API) side-by-side.

This is required by #50

The credentials of a GCP service account must be registered in the Teradici CAM UI in order for CAM to be able to start and stop GCP instances automatically. This step can also be done programmatically via the CAM UI. See here https://cam.teradici.com/api/docs#operation/registerCloudServiceAccount

Template metadata is not being propagated down to instances upon creation. For example, creating a template like this:

orchestrate templates create editorial --metadata startup-script-url=gs://one/two.ps1 ...

And, creating an instance like this:

orchestrate instances create editorial

Results in an instance that doesn't have the startup script specified in the template metadata.

The CAM-level service account only allows for POST deployments/ not GET. This prevents the code from checking whether the deployment exists before attempting to create it. Instead, need to attempt creating the account and check for 409 Conflict errors.

The default AD domain currently defaults to just demo. It used to work with windows-2016 up until a point when a policy is being enforced that requires de domain to be at least two components, e.g. a.b. The deployment would finish apparently successfully but no computers could join the domain because it was not actually initialized. The AD domain controller would fail without percolating the error up to Terraform and stopping the deployment. Make sure the default is at least two tokens, and, perform validation for override value provided from the command line.