GCP job settings: GCP service account - Adaptive Applications - BlueCat Gateway

GCP job settings: GCP service account - Adaptive Applications - BlueCat Gateway - 25.3

Cloud Discovery & Visibility Administration Guide

ft:locale

en-US

Product name

BlueCat Gateway

Version

25.3

While editing a manager for Google Cloud Platform (GCP) discovery or visibility, GCP service account settings contain GCP credentials that Cloud Discovery & Visibility (CDV) uses to access your GCP infrastructure. You will see these settings when updating the credentials for Discovery or Visibility, or when creating a new Discovery or Visibility.

In order to configure service credentials for CDV on GCP, you must have the following:

At least one Organization and Project in your GCP environment.
Google Pub/Sub enabled within your Project. Within Google Cloud Platform, you can enable Google Pub/Sub from the Pub/Sub link in the left navigation menu.

GCP Cloud Logging generates log messages for actions and events on GCP resources. These messages are routed to Google Pub/Sub using Sinks, where they are stored in a queue. Cloud Discovery & Visibility subscribes to GCP Cloud Logging to acquire Visibility job messages from the Google Pub/Sub queue.
GCP service accounts keys in JSON format, so that CDV can access your GCP infrastructure. You can acquire these from the Service Accounts page in Google Cloud Platform.

GCP service account settings

Field/Option Description

Field/Option	Description
Use VM instance credentials	If CDV is deployed on a virtual machine (VM), CDV can use the VM's credentials. When you open the CDV for GCP, you'll see the message "Detecting VM instance deployment" in the GCP Service Account section. This means CDV is trying to detect whether CDV is running on a VM instance. If CDV successfully detects that it is running on a VM on GCP, tick the Use VM instance credentials checkbox that appears. CDV will now authenticate itself using the VM's credentials. Note: If you use the VM instance's credentials, you won't be able to manually set Service account details.
Service account file	(Available only when Use VM instance credentials* is cleared.)* A JSON file with details GCP credential details. You can acquire this file from the Service Accounts page in Google Cloud Platform. When you acquire your GCP service account key file, drag it onto the Service Account File box. (You can also click in the box and manually browse to the file.) After successfully uploading GCP service account keys, CDV will validate them with Google Cloud Platform. Tip: Service account JSON files use the following format: `{ "type": " ", "project_id": " ", "private_key_id": " ", "private_key": " ", "client_email": " ", "client_id": " ", "auth_uri": " ", "token_uri": " ", "auth_provider_x509_cert_url": " ", "client_x509_cert_url": " ", }`
Discovery for organiziations	Tick this checkbox to perform discovery at the GCP Organization level, including all Projects in that Organization. In order to run Organization-level discovery and visibility jobs, the account that CDV uses to log in to GCP must have certain roles and permissions. For more details, see Setting up and running GCP Organization-level discovery and visibility.

Use VM instance credentials

If CDV is deployed on a virtual machine (VM), CDV can use the VM's credentials.

When you open the CDV for GCP, you'll see the message "Detecting VM instance deployment" in the GCP Service Account section. This means CDV is trying to detect whether CDV is running on a VM instance.

If CDV successfully detects that it is running on a VM on GCP, tick the Use VM instance credentials checkbox that appears. CDV will now authenticate itself using the VM's credentials.

Note: If you use the VM instance's credentials, you won't be able to manually set Service account details.

Service account file

(Available only when Use VM instance credentials is cleared.)

A JSON file with details GCP credential details. You can acquire this file from the Service Accounts page in Google Cloud Platform.

When you acquire your GCP service account key file, drag it onto the Service Account File box. (You can also click in the box and manually browse to the file.)

After successfully uploading GCP service account keys, CDV will validate them with Google Cloud Platform.

Tip: Service account JSON files use the following format:

{
    "type": " ",
    "project_id": " ",
    "private_key_id": " ",
    "private_key": " ",
    "client_email": " ",
    "client_id": " ",
    "auth_uri": " ",
    "token_uri": " ",
    "auth_provider_x509_cert_url": " ",
    "client_x509_cert_url": " ",
}

Discovery for organiziations

Tick this checkbox to perform discovery at the GCP Organization level, including all Projects in that Organization.

In order to run Organization-level discovery and visibility jobs, the account that CDV uses to log in to GCP must have certain roles and permissions. For more details, see Setting up and running GCP Organization-level discovery and visibility.