GCP Service Account options - Adaptive Applications - BlueCat Gateway - 23.1.1

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
23.1.1

The Service Account section of the Google Cloud Platform Setup page lets you configure the credentials that Cloud Discovery & Visibility (CDV) uses to access your Google Cloud Platform (GCP) infrastructure.

In order to configure service credentials for CDV on GCP, you must have the following:
  • At least one Organization and Project in your GCP environment.

  • Google Pub/Sub enabled within your Project. Within Google Cloud Platform, you can enable Google Pub/Sub from the Pub/Sub link in the left navigation menu.

    GCP Cloud Logging generates log messages for actions and events on GCP resources. These messages are routed to Google Pub/Sub using Sinks, where they are stored in a queue. Cloud Discovery & Visibility subscribes to GCP Cloud Logging to acquire Visibility job messages from the Google Pub/Sub queue.

  • GCP service accounts keys in JSON format, so that CDV can access your GCP infrastructure. You can acquire these from the Service Accounts page in Google Cloud Platform.

    Note:

    In recent versions of GCP, when you generate a GCP service account key, the JSON file will include the new field universe_domain. This field will cause an unknown field error during discovery in current and earlier versions of CDV (v23.1.1 and earlier).

    Support for this field will be added in a future version. To avoid this error before then, we recommend you delete the universe_domain field from the JSON file.

To set up GCP authentication for CDV:

  1. Open the GCP Setup page (click the GCP tab in the banner at the top, then click Setup.)

  2. If necessary, click to expand the GCP Service Account section.

  3. There are two main options for authenticating CDV on GCP:

    • Use the virtual machine's credentials: If CDV is deployed on a virtual machine (VM), CDV can use the VM's credentials.

      When you open the CDV for GCP, you'll see the message "Detecting VM instance deployment" in the GCP Service Account section. This means CDV is trying to detect whether CDV is running on a VM instance.

      If CDV successfully detects that it is running on a VM on GCP, select the Use VM instance credentials checkbox that appears. CDV will now authenticate itself using the VM's credentials.

      Note: If you use the VM instance's credentials, you will be unable to set up basic authentication.
    • Use a custom GCP service account: If CDV is not deployed on a VM, on the Setup page, under GCP Service Account, drag your GCP service account key file (a JSON file) to the Service Account File area. (You can also click the upload icon and manually browse to the file.)

      After successfully uploading GCP service account keys, CDV will validate the service account keys with Google Cloud Platform.