Overview
Google Workspace is an ownership and cloud resources platform.
Integrating Cortex with Google allows you to:
Automatically discover and track ownership of Google entities
Pull in Service Level Objectives (SLOs) from Google Cloud Observability, and view this information on entity pages
Create Scorecards that track progress and drive alignment on projects involving your Google resources and teams
How to configure Google with Cortex
Prerequisites
Before getting started:
Prerequisite 1: Configure a Google service account
Create a Google service account.
The service account should have the following permissions for each project to enable Google Cloud resources:
If you'd like to create a custom role with the minimum permissions required to enable this feature, add the following:
Prerequisite 2: Configure Google Admin SDK API
Enable the Google Admin SDK API.
Prerequisite 3: Configure Google Cloud resource project permissions
For Google Cloud resources, in each project, enable the following:
For each project in Vertex AI, enable the following:
Step 1: Configure the integration in Google
In the G Suite admin console, navigate to Security > API Controls > Manage Domain Wide Delegation. Click Add new.
Add the client ID you copied during the previous steps, and include the following scopes:
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.group.member.readonly
Navigate to the service account you created for this integration. Click Keys, then generate a key in JSON format.
Navigate to Admin Roles > Groups Reader and expand the "Admins" panel.
Click Assign service accounts then enter the email of the service account you created for this integration.
Step 2: Configure the integration in Cortex
In Cortex, navigate to the Google Cloud & Groups settings page:
In Cortex, click your avatar in the lower left corner, then click Settings.
Under "Integrations," click Google Cloud & Groups.
Click Add configuration.
Configure the Google integration form:
Domain: Enter your Google domain.
Service account email: Enter the email address for the service account.
Credentials JSON: Enter the service account JSON key you created in the previous steps.
Click Save.
By default, a service will have dependencies on any resource with Google Cloud tag label = "service" and tag value = the service's Cortex tag. After saving your integration, you may customize the tag key name here by entering a new name into the Custom label key field. Leave it blank to use "service" as the key name.
Supported Google entity types
Cortex supports pulling in the following entity types from Google:
Google Cloud Vertex AI Batch Prediction Job
Google Cloud Vertex AI Dataset
Google Cloud Vertex AI Endpoint
Google Cloud Vertex AI Featurestore
Google Cloud Vertex AI Index
Google Cloud Vertex AI Model
Google Cloud Vertex AI Model Deployment Monitoring Job
Google Cloud Vertex AI Notebooks Instance
Google Cloud Vertex AI Pipeline Job
Google Cloud Vertex AI Platform Index Endpoint
Google Cloud Vertex AI Specialist Pool
Google Cloud Vertex AI Study
Google Cloud Vertex AI Tensorboard
Google Cloud Vertex AI Training Pipeline
Google Cloud Vertex AI Vision Application
Google Cloud Vertex AI Vision Cluster
Google Cloud Vertex AI Vision Index Point
Google Cloud Vertex AI Vision Operator
Google Cloud Vertex AI Vision Processor
Google Cloud Apigee Api
Google Cloud Apigee Instance
Google Cloud App Engine Service
Google Cloud Artifact Registry Repository
Google Cloud BigQuery Connection
Google Cloud BigQuery
Google Cloud Composer Environment
Google Cloud Functions
Google Cloud Kubernetes Engine Clusters
Google Cloud Kubernetes Engine Operations
Google Cloud IAM Service Account
Google Cloud Instance Group
Google Cloud HTTP(S) Load Balancing
Google Cloud Memorystore Memcached
Google Cloud Memorystore Redis
Google Cloud Project
Google Cloud Run Job
Google Cloud Run Service
Google Cloud Spanner Instance
Google Cloud Spanner Instance Config
Google Cloud SQL
Google Cloud Storage
Google Cloud Pub/Sub Topics
Google Cloud VM Instances
Google Cloud VPC Serverless Connector
How to connect Cortex entities to Google
Enable automatic import of Google entities
You can configure automatic import from Google Cloud. Note that this setting does not include team entities.
In Cortex, navigate to Settings > Entities > General.
Next to Auto import from AWS, Azure, and/or Google Cloud, click the toggle to enable the import.
Import teams from Google
See the Create teams documentation for instructions on importing entities.
Automatic ownership of Google entities
Cortex can use Google Groups as an ownership provider, automatically syncing memberships from any Google Group mailing list.
Automatic Google dependency discovery
By default, Cortex will try to automatically discover dependencies between your entities and Google Cloud resources with a matching label. By default the label key that will be matched is service
, however you can customize this key value in the Google Cloud Settings page.
If you'd like to explicitly define these Google Cloud dependencies, the x-cortex-dependency
field should be a map, defined as follows:
x-cortex-dependency:
gcp:
labels:
- key: my-key-1
value: my-value-1
- key: my-key-2
value: my-value-2
Editing the entity descriptor
Groups
x-cortex-owners:
- type: group
name: [email protected]
provider: GOOGLE
description: This is a description for this owner # optional
The value for name
should be the full group email as defined in Google Groups.
Entities
Cortex uses the resource name and project ID to look up catalog entities in your Google Cloud account. Function resource names should be of the format location/function
x-cortex-infra:
Google Cloud:
resources:
- resourceName: location/function
projectId: project1
resourceType: function
- resourceName: example-bucket
projectId: project1
resourceType: storage
SLOs
x-cortex-slos:
gcp:
- projectId: cortex-gcp-integration
serviceId: iLE2e4HvR_iVlxAaBbCc12
- projectId: cortex-gcp-integration
serviceId: adfdfdafd
The serviceID
value is the value of the Unique ID listed on the service page in Google Cloud Observability.
View Google Cloud Observability data in entity pages
After integrating with Google, you will see data from Google Cloud Observability on entity details pages:
On an entity's overview page, see an overview of SLOs for the entity.
Click Monitoring > Google in an entity's sidebar to see more information about Google SLOs, including the SLO name, its targets, its status, the current value for that entity, and the period of time the SLO is being calculated for. For example, if the time listed is "7 days ago," then the SLO is looking at the time range starting 7 days ago to now.
Scorecards and CQL
With the Google integration, you can create Scorecard rules and write CQL queries based on GCP details, Google Cloud Observability SLOs, and Google teams.
See more examples in the CQL Explorer in Cortex.
Ownership CQL
Background sync
Cortex conducts an ownership sync for Google teams every day at 9 a.m. UTC.
Still need help?
The following options are available to get assistance from the Cortex Customer Engineering team:
Email: [email protected], or open a support ticket in the in app Resource Center
Chat: Available in the Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a
:ticket:
reaction to a question in Slack, and the team will respond directly.
Don’t have a Slack channel? Talk with your Customer Success Manager.
Last updated
Was this helpful?