This article describes the prerequisites and procedures required for Google Cloud Platform integration with the Resolution Intelligence Cloud.
Google Cloud Platform (GCP) offers a wide variety of hardware, such as computers, hard disks, and virtual resources - Virtual machines that are setup in Google Data Centers across the globe. GCP also provides cloud services that enhance the capabilities of small, mid, and large enterprises at scale.
Prerequisites
These are the requirements for authorization:
For Service Account Authorization -
- A user with the Project IAM Admin role is needed to add the service account ID as a member in your GCP project.
- In the GCP project IAM & admin, the service account must have the Project Viewer role and the Service Usage Consumer role.
Service Account Credentials
- Service Account E-mail
- Management Certificate Passphrase
Integrating a GCP specific project with Resolution Intelligence Cloud requires you to authorize a Resolution Intelligence Cloud account to fetch data from the GCP project.
Enabling Google Cloud Integration
In Resolution Intelligence Cloud
Roles Required:
- Owner
- Global Admin
- A user with manager role
- Configuration Manager
To set up integration:
-
Click the gear icon at the top (or) hover over icon at the top left corner.
-
In the bottom of the left menu, click Configurations.
-
In the left menu, under Data Ingestion, click Integrations.
You will be navigated to the available integrations page. - Locate and click the Google Cloud Platform tile.
- Click Add --> Add New Integration.
The integration will be enabled.
3. On the Google Cloud integration page, click Add Instance.
A window appears on your screen.
4. Under Instance details, provide the following:
-
- Service Account Management Certificate: Select the GCP service account certificate in JSON format from the local drive or cloud to upload.
- Management Certificate PassPhrase: Once the Service Account Management Certificate is uploaded, the Management Certificate PassPhrase value in the JSON file is defaulted into this field.
- Service Account Email: The service account email value from the JSON file is defaulted in this field.
5. Under Specify Ingestion Criteria, construct the condition expression. Select a field and operator from the drop-down lists. For the value, select a value from the drop-down list or enter it manually, depending on the field type. The condition is used to determine the records to which the rule will apply. If the condition in the rule is met, the signal flows into the Resolution Intelligence cloud.
A condition expression can consist of several phrases, joined by an And or Or. For each phrase, select a field, operator, and value. Click the button to add an additional row. Use the parentheses and And/Or options to join the phrases together to form a condition expression.
The conditions include the following attributes:
-
- Alias Name
- Created time
- Updated time
- Name
6. Under Schedule, choose the following frequency at which the sync of incoming data from Google Cloud should happen.
-
- Timezone: Select the appropriate timezone (for example, (UTC+05:30) Asia/Kolkata).
- Time: Select the appropriate date and time.
- Repeat: From the drop-down, select the following:
- Monthly: Specify the number of months and the day (for example, for every 6 months on the 30th day according to the timezone you selected).
- Weekly: Specify the day (for example, Every Thursday at 10:AM according to the timezone you selected).
- Daily: Every day at a specific time based on the time you have specified.
7. Click Validate and Save to validate the data and save the details.
Once you have added your instances, signals start flowing from the GCP project to the Resolution Intelligence Cloud Signals UI where you can suppress and resolve them.
Managing all instances in Google Cloud
Use this procedure to manage all instances in Google cloud.
To manage all instances:
-
Click the gear icon at the top (or) hover over icon at the top left corner.
-
In the bottom of the left menu, click Configurations.
-
In the left menu, under Data Ingestion, click Integrations.
You will be navigated to the available integrations page. - Locate and click the Google Cloud Platform tile.
- Select the Google Cloud option in the Enabled integrations section. This takes you to the page where you can see all the instances created in Google cloud under this tenant.
- View this information:
Field name | Field description |
---|---|
Service Account Management certificate | This is a unique ID to authenticate the service account. |
Project ID | The ID for the project from where the GCP assets are pulled into the platform. |
Service Account E-mail | The email address of the service account. |
The email address of the user who created the instance. | |
Updated time | The time at which the instance was last updated. |
Schedule | The schedule set up to sync assets from GCP to this platform. |
7. Perform the following:
- View the details of the scheduled jobs run in the past, using the Job History option.
- Sync the data from GCP to the platform irrespective of the scheduled time, using the Sync now option. You cannot syn the data if an active job is running. All the data obtained from GCP through sync is found in the Asset details tab.
- Modify the instance details, using the Edit Instance option.
- Delete an instance, using the Delete Instance option. You cannot delete the instance when the job is running.
- Delete a scheduled job, using the Delete Schedule option.
Enabling Google Cloud Monitoring Integration
In Resolution Intelligence Cloud
With Google Cloud Monitoring, Resolution intelligence Cloud receives the GCP metric data events seamlessly where it correlates these events into situations and presents them in the form of actionable insights to improve the functionality of services and physical assets offered by GCP.
To enable the integration:
-
Click the gear icon at the top (or) hover over icon at the top left corner.
-
In the bottom of the left menu, click Configurations.
-
In the left menu, under Data Ingestion, click Integrations.
You will be navigated to the available integrations page. - Locate and click Google Cloud Monitoring tile.
- Click Add --> Add Integration.
- On the Google Cloud Monitoring page, under the Inbound section, select the authentication type as JSON Web Token (JWT) in the authentication window.
- Click Save.
A token and a webhook URL will be generated.
Figure 3 Enabling Google Cloud Monitoring
6. To confirm that your signals are monitored by Google Cloud Monitoring, go to Resolutions --> Signals where you can visualize the signals that are created.
Figure 4 Verifying Signals
Validating Service Account Credentials
The credentials are validated by requesting an access token with a signed JWT token. If the request is successful, then the service account credentials are validated. Currently, the scope of validation is https://www.googleapis.com/auth/cloud-platform.
JWT Token Creation:
{Base64url encoded header}.
{Base64url encoded claim set}.
{Base64url encoded signature}.
Example:
{"alg":"RS256","typ":"JWT"}.
{ "iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/cloud-platform",
"aud":"https://oauth2.googleapis.com/token",
"exp":1328554385,
"iat":1328550785 }.
[signature bytes]
Access Token Request:
POST /token? HTTP/1.1 Host: oauth2.googleapis.com Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={jwt_token}
Calling Google Cloud APIs
Direct HTTP Requests
We will call GCP project APIs using service account IDs and its associated private key pair when you authorize through service account.
Step 1: Request access token with required API scopes
Step 2: Invoke the API with access token as an Authorization header
Example: Assets List API request
Comments
0 comments
Please sign in to leave a comment.