Google is an ownership and cloud resources platform. You can use Google to drive insights into values such as:
- Catalog Discovery
- Service Discovery
For SSO, read our Google SSO Guide.
In order to connect Cortex to your Google instance you’ll need to create a Google Service Account and add it under Settings → Google. Additionally, you'll need to enable the Admin SDK API. For GCP resources, you'll need to enable the Cloud Functions, Cloud SQL Admin, Cloud Storage, and Resource Manager APIs in each project.
The service account should also have the following permissions for each project to enable GCP resources:
- Cloud Functions → Cloud Functions Viewer
- Cloud Pub/Sub → Pub/Sub Viewer
- Cloud Resource Manager → Browser
- Cloud SQL → Cloud SQL Viewer
- Cloud Storage → Storage Admin
- Compute Engine → Compute Viewer
If you'd like to create a custom role with the minimum permissions required to enable this feature, add the following:
resourcemanager.projects.get resourcemanager.projects.list storage.buckets.get storage.buckets.list cloudfunctions.functions.get cloudfunctions.functions.list cloudsql.instances.get cloudsql.instances.list pubsub.topics.get pubsub.topics.list compute.urlMaps.list compute.urlMaps.get
If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.
Cortex can use Google Groups as an ownership provider, automatically syncing memberships from any Google Group mailing list.
Catalog DescriptorYou can define the following block in your Cortex Catalog Descriptor to add your Google group as an owner.
x-cortex-owners: - type: group name: email@example.com provider: GOOGLE description: This is a description for this owner # optional
The value for
name should be the full group email as defined in Google Groups.
Cortex uses the resource name and project ID to look up catalog entities in your GCP account. Function resource names should be of the format
x-cortex-infra: gcp: resources: - resourceName: location/function projectId: project1 resourceType: function - resourceName: example-bucket projectId: project1 resourceType: storage