Summary
Google is an ownership and cloud resources platform. You can use Google to drive insights into values such as:
- Authentication
- Catalog Discovery
- Service Discovery
- Ownership
For SSO, read our Google SSO Guide.
Setup
In order to connect Cortex to your Google instance you’ll need to create a Google Service Account and add it under Settings → Google. Additionally, you'll need to enable the Admin SDK API. For GCP resources, you'll need to enable the Cloud Functions, Cloud SQL Admin, Cloud Storage, and Resource Manager APIs in each project.
The service account should also have the following permissions for each project to enable GCP resources:
- Cloud Functions → Cloud Functions Viewer
- Cloud Pub/Sub → Pub/Sub Viewer
- Cloud Resource Manager → Browser
- Cloud SQL → Cloud SQL Viewer
- Cloud Storage → Storage Admin
- Compute Engine → Compute Viewer
- Cloud Asset -> Cloud Asset Viewer
If you'd like to create a custom role with the minimum permissions required to enable this feature, add the following:
resourcemanager.projects.get
resourcemanager.projects.list
storage.buckets.get
storage.buckets.list
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudsql.instances.get
cloudsql.instances.list
pubsub.topics.get
pubsub.topics.list
compute.urlMaps.list
compute.urlMaps.get
cloudasset.assets.listResource
If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.
Ownership
Cortex can use Google Groups as an ownership provider, automatically syncing memberships from any Google Group mailing list.
Registration
Catalog descriptor
You can define the following block in your Cortex Catalog Descriptor to add your Google group as an owner.x-cortex-owners:
- type: group
name: my-group-email@getcortexapp.com
provider: GOOGLE
description: This is a description for this owner # optional
The value for name
should be the full group email as defined in Google Groups.
Cortex uses the resource name and project ID to look up catalog entities in your GCP account. Function resource names should be of the format location/function
x-cortex-infra:
gcp:
resources:
- resourceName: location/function
projectId: project1
resourceType: function
- resourceName: example-bucket
projectId: project1
resourceType: storage