Prerequisites

<< Click to Display Table of Contents >>

RayVentory Data Hub > 12.6 u5 > Connectors > Alphabetic Connector List > Google Cloud Compute 

Prerequisites

In order to use the connector, it is necessary to create a Service Account Key JSON as explained in the official documentation https://cloud.google.com/docs/authentication/production#create_service_account. Download it to the local machine and extract the necessary data from the JSON file for the operation of the connector.

 

Authentication and Authorization

To use one Service Account Key in multiple projects it has to be added in IAM of other projects. The connector requires the following scope for authentication: https://www.googleapis.com/auth/cloud-platform.

 

For authentication to the REST APIs, for each Google account a private key (JSON file) has to be created in the Google portal and stored on the server. The required configuration is described below.

 

GCC_Overview

 

For each Google Cloud Account that needs to be connected with License Manangement, perform the following steps in the Google Cloud portal:

 

1.Select the project where the Service Account should be created (it will then be possible to give the appropriate permissions to the other projects with the same service account).

2.Create a service account. After creating the account, grant it the viewer role, then authorize a virtual instance to run as that service account.

 

GCBQ_ServiceAccountDetails

 

GCBQ_ServiceAccountPermissions

 

3.For a service account, download a private key and store the .json file that is to be used to run the connector.

 

GCBQ_Keys

 

GCBQ_JSON

 

4.Save the file locally.

5.Activate the appropriate / required APIs

 

In order to use one Service Account Key in multiple projects, it has to be added to the IAM to other projects.

 

1.Create a service account within the Service Accounts section.

 

GCBQ_ServiceAccounts

 

2.Add to the IAM section of the cross project.

 

GCBQ_Permissions

 

Generally, the organization, folder, and project structure should already be present whether a project is exempt or should be included in the inventory management.

 

These are than managed by policies. This is the best way of organizing access for the service account.

 

The following permissions are used to get information about the Google Cloud Comupte resources:

resourcemanager.projects.get

resourcemanager.projects.list

compute.instances.list

compute.zones.list

computer.machineTypes.get

 

Create the JSON Key File

In order to use the connector it is necessary to create a service account in order to receive a JSON key file.

 

A service account and the service account key can be created by executing the following steps:

 

Go to the Create service account page.

Select the target project.

Enter a descriptive name into the Service account name field and enter a description into the Service account description field.

Click on the Create and continue button.

Select a role with the necessary permissions from the Select a role list  under Project > Owner to grant the necessary rights to the service account that is used.
It is possible to assign multiple roles by clicking on the + Add another role button.

Click on the Continue button.

Click on the Done button to finalize the creation of the service account.

Click on the email address of the newly created service account.

Click on Keys.

Click Add key and then click on the Create new key button.

Click on the Create button to create and download the JSON key file.

Click on the Close button.

 

The newly created JSON key file contains all the information that is needed to setup the connector.