Google Cloud Platform (GCP)
Google Cloud Platform (GCP) connection to the CipherTrust Manager can be configured using the following:
Managing Google Connections using GUI
-
Key File - upload the key file that you have got from the GCP console while creating the service account.
-
Cloud Name - select the Google from the drop-down list.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Currently, the only product supported for Google connection is Cloud Key Manager.
Managing Google Connections using ksctl
The following operations can be performed:
-
Create/Get/Update/Delete a GCP connection
-
List all GCP connections
-
Test an existing GCP connection
-
Test a New GCP Connection
Creating a GCP Connection
To create a GCP connection, run:
Syntax
ksctl connectionmgmt gcp create --name <Connection-Name> --key-file <Key-File-Path> --cloudname <Cloud-Name> --products <Product-Names> --meta <Key:Values>
Format of GCP Key File
{
"type": "service_account",
"project_id": "test",
"private_key_id": "hbk0662522e157b8e39cc672108de25016d736y0",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDV7g0lBwL/XaBD\nbpKtMQwFQJUiIPpv8luHA5wrvRi+XgAHBey8xMSOy/ezDNTlPgF99RNFz022WuCV\nAitCCaDpuaHPSqnx7ygs8hM6Mh/Kpq0fInnCXrdcgZKpK2qIJ8H0OdSmyiZp1hNG\nOICQckcmuJ0VUQLzwbS3R8dbwFAquQSxR1WBbI1vWZia3iap1ALSsh6nBUvaH7M6\nXaLZmZxUSLBw9o50slyI6UtM9WswcNWR9iYQS78DYakM5on9/M2y8kWQozhbIT/b\nilcE2weCtiu3UJR1xtI3WDL7eW3xdfJc2kLg0AIHflOopVkiuKaaFCw7s6aQUvFn\nna9Oi7FbAgMBAAECggEAIYBI8K57arAnw8eSEqsmnb/yWsjdTyCd8rO/Bh5zvIQN\n7wufeiQ6P75zSMfOoyOlqirx3LHNEqyClPMlAQ9u8osOat7fZDK2kOtL1YY58ktN\nux10AdtBTaxA4lsZML9Bj5Oq4H+5qkNK+2knwPcUa1znxInOM4v3F+iLsKiaJUZQ\nwnew+WacECpgMHxMavDiY92/0hPIYtBgJPk4Qud/0+EZ9QnTZ1FR4NSwk2rKBOx3\nJZTDcxLHbJ/jYPt+AJo77HITXkkbwBI9l9ILq5Y/aCI3Xw5qZA8lzuqxlklqvLvJ\n3j1ivz0+3t2/Ux4Y/wKpqmEMmKUAIq0BFKd+IqiykQKBgQDwS++M7l8SwQR8Sntn\nkkseFWPFmsETe9JzTugVsaQAfn9HPDtGmr2wcK+0Fo7/NEpYm+Vodh1rlLcSs7Ak\nheOIjShdDSRXjtwSoNxVoMoAaLFP3DORERhWYCczJjeqcoP1fUC27LmvA/1NDd15\n/C9BEdVH+ltpPDwgJxYJtXE+uQKBgQDj6QLJ0b9LEYxz0ig0knN7u0g4LRPkZF58\nrLDphUF+t06XRiXa8UKkaHsCMc0hVbZJ0yvHdY640ckxhzZfLk78fmonKfW11wV0\nBMjoYZlfJPQvAydalehVBrJ4j/ZhouhYKuycRrOrCcZD+FwpKBd8ThVcRxd/9j8V\nQgMf8ciGswKBgQDXC33z55dZ1zbGbHmHtNpYr9e8DcRgRV2PJ7x3PaSBdLM+8t4x\nT2YWsqHrTozmQsuOBOYG2D13+3zi1b/6z39SwtCuhYZSfVzhpufIEb71IrwbtfrI\nBj57fk1Wbws+FIGXfmId0jhSMgXLoW7lLhSz7NusMJcB1JASTihgw+n2sQKBgQCn\nFz4kGNLWhpcikwFHCdgA7t2T0fiziaJ8ZV+O1VOfQ2UrIxK94gOp5a/JfBmYRu7O\nUTPXmCh699M5rJgAUEM4erX44Jp0JqCo3pktReDcEIu1q+o+T4l2TOKr4WARVQ5j\nFZVDPdKbox7o1j07L1mImPawIK7p8e9t9me0E9+gYQKBgCiXzwL5ngTxAqLNXTTx\nuYL/1x3Pg6uvBnltfCUTDKVFDPv9Dwaad3T9cwqZZCzlM0GqTuALzVb1NAHVcx3U\nIUXcwn8mDT/aYWClnTDW7/ZwThnOsXSxbco68JdM2bpCS9nRqhYAlLb0eLMl2pEU\n59cqC1DjxsmVcmpabyi/726I\n-----END PRIVATE KEY-----\n",
"client_email": "test@some-project.iam.gserviceaccount.com",
"client_id": "some-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40some-project.iam.gserviceaccount.com"
}
Example Request
ksctl connectionmgmt gcp create --name gcpConn --key-file gcp.json --products CCKM
Example Response
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.5260642Z",
"updatedAt": "2021-04-01T04:56:28.524593208Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
Getting Details of a GCP Connection
To get details of a GCP connection, run:
Syntax
ksctl connectionmgmt gcp get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt gcp get --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59
Example Response
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.526064Z",
"updatedAt": "2021-04-01T04:56:28.524593Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
Updating a GCP Connection
To update a GCP connection, run:
Syntax
ksctl connectionmgmt gcp modify --id <Connection-Name> --key-file <Key-File-Path> --cloudname <Cloud-Name> --products <Product-Names> --meta <Key:Values>
Example Request
ksctl connectionmgmt gcp modify --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59 --key-file gcp1.json
Example Response
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.526064Z",
"updatedAt": "2021-04-01T05:03:38.665326512Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": true,
"last_connection_at": "2021-04-01T05:00:03.806155Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"meta": "",
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
Deleting a GCP Connection
To delete a GCP connection, run:
Syntax
ksctl connectionmgmt gcp delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt gcp delete --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59
There will be no response if GCP connection is deleted successfully.
Getting List of GCP Connections
To list all the GCP connections, run:
Syntax
ksctl connectionmgmt gcp list
Example Request
ksctl connectionmgmt gcp list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.526696Z",
"updatedAt": "2021-04-01T04:56:28.526696Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
]
}
Testing an Existing GCP Connection
To test an existing GCP connection, run:
Syntax
ksctl connectionmgmt gcp test --id <Connection-Name/ID> --key-file <Key-File-Path>
Example Request
ksctl connectionmgmt gcp test --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59
Example Response
{
"connection_ok": true
}
Testing a New GCP Connection
To test a New GCP connection, run:
Syntax
ksctl connectionmgmt gcp test --key-file <Key-File-Path>
Example Request
ksctl connectionmgmt gcp test --key-file gcp.json
Example Response
{
"connection_ok": true
}