Skip to main content

Google

AuthCatalogDiscoveryTeams

Summary

Google is an ownership and cloud resources platform. You can use Google to drive insights into values such as:

  • Authentication
  • Catalog Discovery
  • Service Discovery
  • Ownership
caution

For SSO, read our Google SSO Guide.

Setup

In order to connect Cortex to your Google instance you’ll need to create a Google Service Account and add it under Settings → Google. Additionally, you'll need to enable the Admin SDK API. For GCP resources, you'll need to enable the Cloud Functions, Cloud SQL Admin, Cloud Storage, and Resource Manager APIs in each project.

The service account should also have the following permissions for each project to enable GCP resources:

  • Cloud Functions → Cloud Functions Viewer
  • Cloud Pub/Sub → Pub/Sub Viewer
  • Cloud Resource Manager → Browser
  • Cloud SQL → Cloud SQL Viewer
  • Cloud Storage → Storage Admin
  • Compute Engine → Compute Viewer
  • Cloud Asset -> Cloud Asset Viewer

If you'd like to create a custom role with the minimum permissions required to enable this feature, add the following:

resourcemanager.projects.get
resourcemanager.projects.list

storage.buckets.get
storage.buckets.list

cloudfunctions.functions.get
cloudfunctions.functions.list

cloudsql.instances.get
cloudsql.instances.list

pubsub.topics.get
pubsub.topics.list

compute.urlMaps.list
compute.urlMaps.get

cloudasset.assets.listResource
caution

If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.

Ownership

Cortex can use Google Groups as an ownership provider, automatically syncing memberships from any Google Group mailing list.

Registration

Catalog descriptor

You can define the following block in your Cortex Catalog Descriptor to add your Google group as an owner.
x-cortex-owners:
  - type: group
    name: my-group-email@getcortexapp.com
    provider: GOOGLE
    description: This is a description for this owner # optional

The value for name should be the full group email as defined in Google Groups.

Cortex uses the resource name and project ID to look up catalog entities in your GCP account. Function resource names should be of the format location/function

x-cortex-infra:
  gcp:
    resources:
      - resourceName: location/function
        projectId: project1
        resourceType: function
      - resourceName: example-bucket
        projectId: project1
        resourceType: storage