How to Collect Google Cloud Resource Data
The Google Cloud collector is configured within the Resoto Worker configuration via the config
command in Resoto Shell.
Prerequisites​
This guide assumes that you have already installed Resoto.
Directions​
1. Enable the Google Cloud Collector​
Open the Resoto Worker configuration via the
config
command in Resoto Shell:> config edit resoto.worker
Add
gcp
to the list of collectors by modifying the configuration as follows:Resoto Worker configurationresotoworker:
...
# List of collectors to run
collector:
- 'gcp'
...
...
2. Authenticate with Google Cloud​
You can authenticate with Google Cloud via service account JSON files or automatic discovery.
- Service Account JSON
- Automatic Discovery
- Open the Resoto Worker configuration via the
config
command in Resoto Shell:
> config edit resoto.worker
Add the contents of your service account JSON file(s) to the
resotoworker
section of the configuration as follows:Resoto Worker configurationresotoworker:
...
write_files_to_home_dir:
- path: ~/.gcp/service-account-1.json
content: |
{
"type": "service_account",
"project_id": "example",
"private_key_id": "7fe5157943fc7fe5157943fc7fe5157943fc",
"private_key": "-----BEGIN PRIVATE KEY-----\n<private key>\n-----END PRIVATE KEY-----\n",
"client_email": "account@example.iam.gserviceaccount.com",
"client_id": "123456789123456789",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/account%40example.iam.gserviceaccount.com"
}
- path: ~/.gcp/service-account-2.json
content: |
{
...
}
...noteIf you do not wish to save the contents of your service account JSON file(s) to Resoto's database, you can alternatively mount the directory containing your service account JSON file(s) to the
resotoworker
container.infoSince Resoto is running on your local machine, it can access the file(s) directly. Move or copy your service account JSON file(s) to the
~/.gcp
directory.Modify the
gcp
section of the configuration as follows, adding the paths to your service account JSON file:Resoto Worker configurationresotoworker:
...
...
gcp:
...
# GCP service account file(s)
service_account:
- /home/resoto/.gcp/service-account-1.json
- /home/resoto/.gcp/service-account-2.json
...noteThe above example assumes that your service account JSON file(s) are named
service-account-1.json
,service-account-2.json
, etc.
You can specify an empty string for the service account file, and Resoto will automatically discover the service account and all the projects it has access to.
Open the Resoto Worker configuration via the
config
command in Resoto Shell:> config edit resoto.worker
Modify the
gcp
section of the configuration as follows:Resoto Worker configurationresotoworker:
...
...
gcp:
...
# GCP service account file(s)
service_account:
- ''
...
3. Trigger Resource Collection​
By default, Resoto performs resource collection each hour. To immediately trigger a collect run, use the
workflow run
command in Resoto Shell:> workflow run collect
Once the collect run completes, you can view a summary of collected Google Cloud resources using the following search:
> search is(gcp_resource) | count kind