Skip to main content
Version: 3.8.0

How to Collect Google Cloud Resource Data

The Google Cloud collector is configured within the Resoto Worker configuration via the config command in Resoto Shell.

Prerequisites​

This guide assumes that you have already installed Resoto.

Directions​

1. Enable the Google Cloud Collector​

  1. Open the Resoto Worker configuration via the config command in Resoto Shell:

    > config edit resoto.worker

  2. Add gcp to the list of collectors by modifying the configuration as follows:

    Resoto Worker configuration
    resotoworker:
      ...
      # List of collectors to run
      collector:
        - 'gcp'
        ...
    ...

2. Authenticate with Google Cloud​

You can authenticate with Google Cloud via service account JSON files or automatic discovery.

  1. Open the Resoto Worker configuration via the config command in Resoto Shell:
> config edit resoto.worker

  1. Add the contents of your service account JSON file(s) to the resotoworker section of the configuration as follows:

    Resoto Worker configuration
    resotoworker:
      ...
      write_files_to_home_dir:
        - path: ~/.gcp/service-account-1.json
          content: |
            {
            "type": "service_account",
            "project_id": "example",
            "private_key_id": "7fe5157943fc7fe5157943fc7fe5157943fc",
            "private_key": "-----BEGIN PRIVATE KEY-----\n<private key>\n-----END PRIVATE KEY-----\n",
            "client_email": "account@example.iam.gserviceaccount.com",
            "client_id": "123456789123456789",
            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
            "token_uri": "https://oauth2.googleapis.com/token",
            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
            "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/account%40example.iam.gserviceaccount.com"
          }
        - path: ~/.gcp/service-account-2.json
          content: |
            {
              ...
            }
    ...
    note

    If you do not wish to save the contents of your service account JSON file(s) to Resoto's database, you can alternatively mount the directory containing your service account JSON file(s) to the resotoworker container.

    info

    Since Resoto is running on your local machine, it can access the file(s) directly. Move or copy your service account JSON file(s) to the ~/.gcp directory.

  2. Modify the gcp section of the configuration as follows, adding the paths to your service account JSON file:

    Resoto Worker configuration
    resotoworker:
      ...
    ...
    gcp:
      ...
      # GCP service account file(s)
      service_account:
        - /home/resoto/.gcp/service-account-1.json
        - /home/resoto/.gcp/service-account-2.json
    ...
    note

    The above example assumes that your service account JSON file(s) are named service-account-1.json, service-account-2.json, etc.

3. Trigger Resource Collection​

  1. By default, Resoto performs resource collection each hour. To immediately trigger a collect run, use the workflow run command in Resoto Shell:

    > workflow run collect

  2. Once the collect run completes, you can view a summary of collected Google Cloud resources using the following search:

    > search is(gcp_resource) | count kind

Contact Us

Have feedback or need help? Don’t be shy—we’d love to hear from you!

 

 

 

Some Engineering Inc.