How to use IBM® App Connect with Google Cloud Storage

Google Cloud Storage is an object storage service for storing and accessing live or archived data. Data is stored in containers that are called buckets. It is a flexible cloud storage product with several options to manage and store your data.

Supported product and API versions

To find out which product and API versions this connector supports, see Detailed System Requirements on the IBM Support page.

What to consider first

If you have access to specific buckets, you can create an account by using the bucket name along with your Google Cloud Storage access key and secret. Access to App Connect actions and events using that buckets are then limited to the permissions associated with the role assigned to you in Google Cloud Storage. The same applies to any bucket you have access to outside of the Google Cloud Storage account you sign in to App Connect with. For more information, see Working with buckets not associated with your Google Cloud Storage account.

Connecting to Google Cloud Storage

To connect App Connect to a Google Cloud Storage account, you need to provide the following connection details:
Secret
Specify the secret for your Google Cloud Storage user account. For more information, see https://cloud.google.com/storage/docs/authentication/hmackeys and ensure you set a default project for interoperable access for your user account.
  • Required: True
Access ID
Specify the access ID for your Google Cloud Storage user account. For more information, see https://cloud.google.com/storage/docs/authentication/hmackeys and ensure you set a default project for interoperable access for your user account.
  • Required: True
Bucket name
Specify the bucket name from your Google Cloud Storage account if you only have access to specific buckets in your Google Cloud Storage account
  • Required: False
To find these credentials, complete the following steps:
  1. Open your Google Cloud Platform Storage browser in the Google Cloud Console.
  2. If you are not already logged in, you will be prompted to enter the credentials for your Google Cloud Console account.
  3. Select the project that you want to work with using the project selection menu in the navigation bar.
  4. Open the Settings page.
  5. Click the Interoperability tab.
  6. In the User account HMAC section, set the project that you selected in Step 3 as the default project.
    Setting a default project in Google Cloud Storage
  7. To create the access keys you need to connect in App Connect, click CREATE A KEY.
    Create a key button

    The Access key and Secret are displayed.

To connect to a Google Cloud Storage endpoint from the App Connect Designer Connect > Applications and APIs page (previously the Catalog page) for the first time, expand Google Cloud Storage, then click Connect. For more information, see Managing accounts.

General considerations for using Google Cloud Storage in App Connect

  • Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.

  • If you have access to specific buckets only, you can create an account using that bucket name. To see other buckets that are not associated with your account, you need to use the advanced mode in App Connect to explicitly specify that bucket. For example, in the following scenario Nicholas has his own Google Cloud Storage account with project 1040721463034. He also has access to another bucket (MM_test_2), in a different project 841753217240 in another account.
    1. Using an event driven flow in App Connect, he selects a Retrieve bucket ACLs action.
    2. The only buckets presented to him are the buckets in his project that he signed in with.
      Google Cloud Storage bucket list in App Connect
    3. To see the bucket that he has been given access to from project 841753217240 he needs to select Switch to advanced mode and then in the *Bucket field, type the name of the bucket that he wants to perform the action on.
    4. He tests this action, which produces a 200 OK success result.
      Advanced mode showing bucket field and test result
    5. In the Google Cloud Storage UI, if his role is changed from Storage Legacy Bucket Owner to Storage Legacy Bucket Reader then he is unable to perform a Retrieve action in App Connect and App Connect throws an error.
      403 test result after changing roles
    6. As a reader he is unable to perform a Retrieve action because his role as a Storage Legacy Bucket Reader grants permission to read object metadata, excluding IAM policies, when listing objects.
  • (General consideration) You can see lists of the trigger events and actions that are available on the Applications and APIs page of the App Connect Designer.

    For some applications, the events and actions depend on the environment and whether the connector supports configurable events and dynamic discovery of actions. If the application supports configurable events, you see a Show more configurable events link under the events list. If the application supports dynamic discovery of actions, you see a Show more link under the actions list.

  • (General consideration) If you are using multiple accounts for an application, the set of fields that is displayed when you select an action for that application can vary for different accounts. In the flow editor, some applications always provide a curated set of static fields for an action. Other applications use dynamic discovery to retrieve the set of fields that are configured on the instance that you are connected to. For example, if you have two accounts for two instances of an application, the first account might use settings that are ready for immediate use. However, the second account might be configured with extra custom fields.

Events and actions

Google Cloud Storage events

These events are for changes in this application that trigger a flow to start completing the actions in the flow.

Note: Events are not available for changes in this application. You can trigger a flow in other ways, such as at a scheduled interval or at specific dates and times.

Google Cloud Storage actions

Your flow completes these actions on this application.

Object Action Description
Bucket ACLs Retrieve bucket ACLs Retrieves a list of buckets that is owned by the authenticated sender of the request
Update bucket ACL Sets the permissions for an existing bucket
Bucket CORS configuration Retrieve bucket CORS configurations Retrieves the CORS configuration of a bucket
Update bucket CORS configuration Updates the CORS of an existing bucket
Bucket lifecycle configuration Retrieve bucket lifecycle configurations Retrieves the lifecycle configuration of a bucket
Update bucket lifecycle configuration Updates the lifecycle configuration of an existing bucket
Bucket location Retrieve bucket location Retrieves the region of the bucket in Google Cloud Storage
Bucket logging configuration Retrieve bucket logging configurations Retrieves the logging configuration of an existing bucket
Update bucket logging configuration Updates the logging configuration of an existing bucket
Bucket tags Get bucket tags Retrieves a list of labels of a bucket
Set bucket tags Updates the labels of a bucket
Bucket versioning Get bucket versioning Retrieves the versioning state of a bucket
Set bucket versioning Sets the versioning state of an existing bucket
Bucket website Retrieve bucket website Retrieves the website configuration of an existing bucket
Update bucket website Updates the website configuration of an existing bucket
Buckets Create bucket Creates a new Google Cloud Storage bucket
Delete bucket Deletes a Google Cloud Storage bucket
Get bucket default storage class Retrieves the storage class of a bucket that contains the object
Retrieve buckets Retrieve a list of Google Cloud Storage buckets
Set bucket default storage class Sets the default storage class of a bucket
Object ACLs Retrieve object ACLs Retrieve a list of objects that is owned by the authenticated sender of the request
Update object ACL Sets the permissions of an existing object
Object versioning Retrieve object versioning Retrieves all the versions of the objects in a bucket
Objects Copy object Copies an object in Google Cloud Storage
Delete object Deletes an object in Google Cloud Storage
Download object content Downloads the content of an object
Retrieve objects Retrieves a list of objects in Google Cloud Storage
Update or create object Creates a new object or updates an existing object in the Google Cloud Storage

Examples

Screenshot of the dashboard tile for a template that uses Google Cloud Storage

Use templates to quickly create flows for Google Cloud Storage

Learn how to use App Connect templates to quickly create flows that perform actions on Google Cloud Storage. For example, open Discover, and then search for Google Cloud Storage.

Learn more