Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Google Cloud APIs

Google Cloud Report APIs

search

Google Cloud Report APIs

CCKM provides options to generate key visibility reports based on:

  • Key-related activities between CCKM and Google Cloud key rings

  • Track keys by their expiration dates

Google Cloud reports are categorized as:

  • Key Activity Report: Inspect individual Google Cloud key histories by operations, for example, when they were refreshed, rotated, edited, or deleted. Also, use this report to compare key activities between CCKM and Google Cloud key ring.

  • Key Aging Report: Track keys by their expiration dates. Audit a range of dates, from past material deletions to future scheduled deletions, within the selected Google Cloud key ring.

Use the Google Cloud reports to:

  • Generate a report

  • View the list of existing reports

  • View details of a particular report

  • Delete a report from CCKM

  • Download the content of a report in CSV

Generating a Google Cloud Report

Use the post /v1/cckm/google/reports API to generate a report. This API starts the report generation. The content of the report can be verified by running the get /v1/cckm/google/reports/{id}/contents API. Refer to Viewing Content of Generated Google Cloud Reports.

Syntax


curl -k '<IP>/api/v1/cckm/google/reports' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "name": "<report name>",\n  "start_time": "<start time>",\n  "end_time": "<end time>",\n  "report_type": "<report type>",\n  "gcp_cloud_params": [<Googlecloud params>]\n}' --compressed

Request Parameters

Parameter Type Description
AUTHTOKEN string Authorization token.
gcp_cloud_params array of JSONs Google Cloud parameters. Refer to Google Cloud Parameters for details.
name string Name for the report.
report_type string Type of the report. Possible types are:
• key-report
• key-aging

The default type is key-report.
end_time string End time for the report. Default end time is the time when the call is initiated.
start_time string Start time from when the report is to be generated. Default start time is end_time-24hrs.

If end_time and start_time are not specified, a report for the last 24 hours is generated.

Google Cloud Parameters

Parameter Type Description
key_ring string Name of the Google Cloud key ring.

Example Request


curl -k 'https://127.0.0.1/api/v1/cckm/google/reports' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjAxZDM2ZTY3LTI5NWQtNDNjZC05NDExLTk0OTdkYjQzMzQ4MyIsImlhdCI6MTU5NjAxMzM0OCwiZXhwIjoxNTk2MDEzNjQ4fQ.7jbUbvoZr9dZ8Yf1NmDUTw3jhq-XDzSHJzN-vQeYcbo' -H 'Content-Type: application/json' --data-binary $'{"name":"r1",\n   "report_type": "key-report",\n   "gcp_cloud_params": [\n      {\n         "key_ring": "projects/cckm-demo-proj/locations/us-central1/keyRings/ring"\n      }\n   ],\n   "start_time": "2019-09-17T06:58:00Z",\n   "end_time": "2020-09-17T07:02:00Z"\n}' --compressed

Example Response


{
    "application/json": {
        "id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
        "uri": "kylo:kylo:cckm:reports:report-name",
        "account": "kylo:kylo:admin:accounts:kylo",
        "application": "ncryptify:gemalto:admin:apps:kylo",
        "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
        "createdAt": "2021-04-01T11:02:29.914913Z",
        "name": "report-name",
        "updatedAt": "2021-04-01T11:02:29.955818Z",
        "overall_status": "in_progress",
        "detailed_status": {
            "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo": "in_progress"
        },
        "abort": false,
        "report_type": "key-report",
        "key_rings": [
            "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo"
        ],
        "start_time": "2021-04-15T06:37:07Z",
        "end_time": "2021-06-15T06:37:07Z"
    }
}

The output shows that the "overall_status" and "detailed_status" of the Google Cloud report is "in_progress" on the CipherTrust Manager. Wait for the report to complete. You can run the get /v1/cckm/google/reports (refer to Viewing List of Existing Google Cloud Reports) or get /v1/cckm/google/reports/{id} (refer to Viewing Details of a Particular Google Cloud Report) API to view the updated status of the report.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.

Viewing List of Existing Google Cloud Reports

Use the get /v1/cckm/google/reports API to view the list of updated reports. The results can be filtered using the query parameters.

Syntax


curl -k '<IP>/api/v1/cckm/google/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed

Request Parameter

Parameter Type Description
AUTHTOKEN string Authorization token.

Request Query Parameters

Parameter Type Description
id string Internal ID of the Google Cloud report.
overall_status string Overall status of the Google Cloud report. The status can be:
completed
in progress
failed
name string Name of the Google Cloud report.
report_type string Type of the Google Cloud report. Possible types are:
• key-report
• key-aging
skip integer Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output.
limit integer Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output.
sort string Comma-delimited list of properties to sort the results.

Example Request


curl -k 'https://127.0.0.1/api/v1/cckm/google/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjAxZDM2ZTY3LTI5NWQtNDNjZC05NDExLTk0OTdkYjQzMzQ4MyIsImlhdCI6MTU5NjAxMzM0OCwiZXhwIjoxNTk2MDEzNjQ4fQ.7jbUbvoZr9dZ8Yf1NmDUTw3jhq-XDzSHJzN-vQeYcbo' --compressed

Example Response


{
    "application/json": {
        "skip": 0,
        "limit": 10,
        "total": 1,
        "resources": [
            {
                "id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
                "uri": "kylo:kylo:cckm:reports:report-name",
                "account": "kylo:kylo:admin:accounts:kylo",
                "application": "ncryptify:gemalto:admin:apps:kylo",
                "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
                "createdAt": "2021-04-01T11:02:29.914913Z",
                "name": "report-name",
                "updatedAt": "2021-04-01T11:02:29.955818Z",
                "overall_status": "in_progress",
                "detailed_status": {
                    "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo": "in_progress"
                },
                "abort": false,
                "report_type": "key-report",
                "key_rings": [
                    "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo"
                ],
                "start_time": "2021-04-15T06:37:07Z",
                "end_time": "2021-06-15T06:37:07Z"
            }
        ]
    }
}

The output shows that one Google Cloud report is available on the CipherTrust Manager.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.

Viewing Details of a Particular Google Cloud Report

Use the get /v1/cckm/google/reports/{id} API to view the details of a Google Cloud report.

Syntax


curl -k '<IP>/api/v1/cckm/google/reports/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed

Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.

Request Parameters

Parameter Type Description
AUTHTOKEN string Authorization token.

Example Request


curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed

Example Response


{
    "application/json": {
        "id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
        "uri": "kylo:kylo:cckm:reports:report-name",
        "account": "kylo:kylo:admin:accounts:kylo",
        "application": "ncryptify:gemalto:admin:apps:kylo",
        "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
        "createdAt": "2021-04-01T11:02:29.914913Z",
        "name": "report-name",
        "updatedAt": "2021-04-01T11:05:53.617901Z",
        "completed_at": "2021-04-01T11:05:53.617656Z",
        "overall_status": "completed",
        "detailed_status": {
            "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo": "completed"
        },
        "abort": false,
        "report_type": "key-report",
        "key_rings": [
            "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo"
        ],
        "start_time": "2021-04-15T06:37:07Z",
        "end_time": "2021-06-15T06:37:07Z"
    }
}

The output shows the details of the Google Cloud report with the specified resource ID.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.

Viewing Content of Generated Google Cloud Reports

Use the get /v1/cckm/google/reports/{id}/contents API to view the content of a Google Cloud report on console. Use the request query parameters to filter the content of the report.

Syntax


curl -k '<IP>/api/v1/cckm/google/reports/{id}/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed

Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.

Request Parameter

Parameter Type Description
AUTHTOKEN string Authorization token.

Request Query Parameters

Parameter Type Description
key_name string Name of the Google Cloud key.
key_ring string Name of the Google Cloud key ring on CCKM.
project string Name of the Google Cloud project.
region string Region (location) of the Google Cloud key ring.
organization string Name of the Google Cloud organization.
key_activity string Activity of the Google Cloud key.
user_name string Name of the CCKM user who performed the operation.
cckm_operation string Operation performed from CCKM.
origin Source of the key material. The origin of the key can be:
• CCKM: Key material is created on CCKM.
• Native: Key material is created on the cloud.
• External (Unknown): Source of the key material is unknown. It is different than CCKM and the native cloud.
skip integer Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output.
limit integer Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output.
sort string Comma-delimited list of properties to sort the results.

Example Request


curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed

Example Response


{
    "application/json": {
        "skip": 0,
        "limit": 1,
        "total": 55,
        "resources": [
            {
                "id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
                "uri": "kylo:kylo:cckm:gcp-reports:c3d657fa-0782-4c16-a741-e3da541434e6",
                "account": "kylo:kylo:admin:accounts:kylo",
                "application": "ncryptify:gemalto:admin:apps:kylo",
                "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
                "createdAt": "2021-04-01T11:02:59.934312Z",
                "updatedAt": "2021-04-01T11:02:59.929245Z",
                "key_name": "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo/cryptoKeys/19jan2021k1",
                "key_ring": "key-ring-demo",
                "project": "projects/cckm-demo-proj",
                "region": "us-east1",
                "key_activity": "CreateCryptoKey",
                "modified_time": "2021-05-19T13:20:23.788785Z",
                "key_expiration": null,
                "user_name": "manas.khandeshe@thalesesecurity.com"
            }
        ]
    }
}

The output shows the content of the Google Cloud report with the specified resource ID.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.

Downloading Content of Google Cloud Reports in CSV

Use the get /v1/cckm/google/reports/{id}/download API to view the comma-separated Google Cloud report. If needed, you can copy this report and create a CSV file.

Syntax


curl -k '<IP>/api/v1/cckm/google/reports/{id}/download' -H 'Authorization: Bearer AUTHTOKEN' --compressed

Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.

Request Parameter

Parameter Type Description
AUTHTOKEN string Authorization token.

Example Request


curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259/download' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed

Example Response


"Key Name,Key Ring,Key Activity,Project,Modified Date,Cloud"
Uploaded,pkv-softkeys::260ecbe7-777b-4d3c-84ea-887620498863,,KeyBackup,ef767cf9-61dd-4765-a4df-ebd65493c728,2020-12-04 10:06:14.16 +0000 UTC,260ecbe7-777b-4d3c-84ea-887620498863,AzureCloud

The output shows the comma-separated Google Cloud report. If needed, you can copy this report and create a CSV file.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.

Deleting a Report from CCKM

Use the delete /v1/cckm/google/reports/{id} API to delete a Google Cloud report from CCKM.

Syntax


curl -k '<IP>/api/v1/cckm/google/reports/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed

Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.

Request Parameter

Parameter Type Description
AUTHTOKEN string Authorization token.

Example Request


curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed

Example Response


{
"status": 204
}

The output shows that the Google Cloud report with the specified resource ID is deleted from CCKM.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.