Google Cloud Platform (GCP) offers a wide variety of hardware such as - computers, hard disks and virtual resources - VMs that are setup in the Google Data Centers across the Globe. GCP also provides cloud services that enhance the capabilities of small, mid, and large enterprises at a scale.
With Google Cloud Platform integration, Resolution intelligence Cloud receives the GCP metric data events seamlessly where it correlates these events into situations and presents them in the form of actionable insights to improve the functionality of services and physical assets offered by GCP.
Prerequisites
These are requirements for the authorization.
For Monitoring - In the GCP project API & Service library settings, you must enable Google Stackdriver Monitoring API.
For Service Account Authorization - A user with Project IAM Admin role is needed to add the service account ID as a member in your GCP project.
In the GCP project IAM & admin, the service account must have the Project Viewer role and the Service Usage Consumer role.
Service Account Credentials - Service Account Management Certificate (JSON or P12 private key)
- Management Certificate Passphrase
Integrating with GCP specific project with Resolution Intelligence Cloud requires you to authorize a Resolution Intelligence Cloud account to fetch data from the GCP project.
Enabling Google Cloud Integration
Using Google Cloud
- From the Resolution Intelligence user interface, navigate to Configurations --> Integrations --> Google Cloud tile.
- Click the Add --> Add New Integration.
The integration will be enabled.
3. On the Google Cloud integration page, click Add Instance.
A window appears on your screen.
4. Under Instance details, provide the following.
-
- Service Account Management Certificate: Select your GCP service account certificate from the local drive or cloud.
- Management Certificate PassPhrase: Enter your service account secret key if you choose the p12 authorization type. This field is automatically filled, if you choose JSON.
- Service Account Email: Enter the email generated for the Service Account if you choose the p12 authorization type. This field is automatically filled, if you choose JSON.
5. Under Specify Ingestion Criteria, construct the condition expression. Select a field and operator from the drop-down lists. For the value, select a value from the drop-down list or enter it manually, depending on the field type. The condition is used to determine the records to which the rule will apply.
A condition expression can consist of several phrases, joined by an And or Or. For each phrase, select a field, operator, and value. Click the button to add an additional row. Use the parentheses and And/Or options to join the phrases together to form a condition expression.
The conditions include the following attributes:
-
- Alias Name
- Created time
- Updated time
- Name
6. Under Schedule, choose the following to sync the incoming data from Google Cloud.
-
- Timezone: Select the appropriate timezone (for example, (UTC+05:30) Asia/Kolkata).
- Time: Select the appropriate date and time.
- Repeat: From the dropdown, select the following.
- Monthly: Specify the number of months and the day (for example, for every 6 months on the 30th day according to the timezone you selected).
- Weekly: Specify the day (for example, Every Thursday at 10:AM according to the timezone you selected).
- Daily: On every day at a specific time based on the time you have specified.
7. Click Validate and Save.
Once you have added your instances, signals start flowing from the GCP project to the Resolution Intelligence Cloud Signals UI where you can suppress and resolve them.
After you have created your GCP instances, you can enable the synchronization of assets and discover them in the Asset details tab.
Using Google Cloud Monitoring
- From the Resolution Intelligence platform, navigate to Configurations --> Integrations --> Monitoring.
- Search "Google Cloud Monitoring "using the search bar and select the Google Cloud Monitoring tile.
- Click Add --> Add Integration.
- On the Google Cloud Monitoring page, under the Inbound section, select the authentication type as JSON Web Token (JWT) in the authentication window.
- Click Save.
A token and a webhook URL will be generated to help your signal flow into the Resolution Intelligence.
Figure 3 Enabling Google Cloud Monitoring
6. To confirm that your signals are monitored by Google Cloud Monitoring, go to Resolutions --> ActOns where you can visualize the signals that are created.
Figure 4 Verifying Signals
Validating Service Account Credentials
The credentials are validated by requesting an access token with a signed JWT token. If the request is successful, then the service account credentials are validated. Currently, the scope of validation is https://www.googleapis.com/auth/cloud-platform.
JWT Token Creation:
{Base64url encoded header}.
{Base64url encoded claim set}.
{Base64url encoded signature}.
Example:
{"alg":"RS256","typ":"JWT"}.
{ "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/cloud-platform",
"aud":"https://oauth2.googleapis.com/token",
"exp":1328554385,
"iat":1328550785 }.
[signature bytes]
Access Token Request:
POST /token? HTTP/1.1 Host: oauth2.googleapis.com Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={jwt_token}
Calling Google Cloud APIs
Direct HTTP Requests
We will call GCP project APIs using service account IDs and its associated private key pair when you authorize through service account.
Step 1: Request access token with required API scopes
Step 2: Invoke the API with access token as an Authorization header
Example: Assets List API request
Comments
0 comments
Please sign in to leave a comment.