Google Cloud Integration Guide

  • Updated
In this article:

    Google Cloud Platform (GCP) offers a wide variety of hardware such as - computers, hard disks and virtual resources - VMs that are setup in the Google Data Centers across the Globe. GCP also provides cloud services that enhance the capabilities of small, mid, and large enterprises at a scale.

    With Google Cloud Platform integration, Resolution intelligence Cloud receives the GCP metric data events seamlessly where it correlates these events into situations and presents them in the form of actionable insights to improve the functionality of services and physical assets offered by GCP.  

    Prerequisites

    These are requirements for the authorization.

    For Monitoring  -  In the GCP project API& Service library settings, you must enable Google Stackdriver Monitoring API.

    For Service Account Authorization - A user with Project IAM Admin role is needed to add the service account ID as a member in your GCP project.

    In the GCP project IAM & admin, the service account must have the Project Viewer role and the Service Usage Consumer role.

    Service Account Credentials    -  Service Account Management Certificate (JSON or P12 private key)

                                                         -  Management Certificate Passphrase

    Integrating with GCP specific project with Resolution Intelligence Cloud requires you to authorize Resolution Intelligence Cloud account to fetch data from the GCP project. 

    Enabling Google Cloud Integration

    1. From the Resolution Intelligence user interface, navigate to Configurations --> Integrations --> Google Cloud tile.
    2. Click Enable integration toggle switch at top right of screen.
    3. Click Add Instance. A pop up appears on screen.
    mceclip0.png

    4. Provide the following details.

      • Name: Integration Instance Name
      • Authorization type: Select JSON or p12
      • Service Account Management Certificate: Select your GCP service account certificate from local drive or cloud.
      • Management Certificate PassPhrase: Enter your service account secret key if you choose p12 authorization type. This field is automatically filled, if you choose JSON.
      • Service Account Email: Enter email generated for the Service Account if you choose p12 authorization type. This field is automatically filled, if you choose JSON.
      • Project ID: Enter project id for which the service account belongs to, if you choose p12 authorization type. This field is automatically filled, if you choose JSON.

    5. Click Validate and Save. After successful validation, instance details are added.

    mceclip4.png

    Once you have added your instances, signals start flowing from GCP project to Resolution Intelligence Cloud Signals UI where you can suppress and resolve them.

    After you have created your GCP instances, you can enable synchronization of assets and discover them in the Asset details tab.

    Validating Service Account Credentials

    The credentials are validated by requesting access token with signed JWT token. If the request is successful, then the service account credentials are validated. Currently the scope of validation is https://www.googleapis.com/auth/cloud-platform.

    JWT Token Creation:

    {Base64url encoded header}. 

    {Base64url encoded claim set}.

    {Base64url encoded signature}.

    Example:

    {"alg":"RS256","typ":"JWT"}.
    { "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com", 
    "scope":"https://www.googleapis.com/auth/cloud-platform", 
    "aud":"https://oauth2.googleapis.com/token",
    "exp":1328554385,
    "iat":1328550785 }.
    [signature bytes]

    Access Token Request:

    POST /token? HTTP/1.1 Host: oauth2.googleapis.com Content-Type: application/x-www-form-urlencoded

    grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={jwt_token}

    Calling Google Cloud APIs

    Direct HTTP Requests

    We will call GCP project APIs using service account IDs and its associated private key pair when you authorize through service account.

    Step 1: Request access token with required API scopes

    POST /token? HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded

grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={jwt_token}

    Step 2: Invoke the API with access token as an Authorization header

    Example: Assets List API request

    GET /v1p5beta1/projects/gcp-integration-288312/assets? HTTP/1.1
Host: cloudasset.googleapis.com
Authorization: Bearer {access_token}

     

    Editing Instance details

    If you would like to change any instance details like adding latest JSON or p12 certificate, you can add using edit option in the instances page.

    To edit your instance,

    1. From the Resolution Intelligence user interface, navigate to Configurations --> Integrations --> Google Cloud tile.
    2. Select an instance that you want to edit.
    3. Click three dots and click Edit Instance. A popup appears on screen.

    mceclip1.png

    4. Update the details.
    5. Click Validate and Save.

    Removing Google Cloud Instances

    To delete your instances,

    1. From the Resolution Intelligence platform interface, navigate to Configurations --> Integrations --> Google Cloud tile.
    2. Select an instance (s) that you want to delete.
    3. Click Delete at the top right of screen (or)

    mceclip2.png

    4. Click three dots and click Delete Instance next to each instance.

    mceclip3.png

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.