Cloudability Vendor Credentials End Points (GCP)
Summary
This end point is used to manage GCP within Cloudability that support the creation, updation and deletion of GCP credentials.
End Point Particulars
end point : /v3/vendors/gcp/accounts
end point : /v3/vendors/gcp/accounts/01A4DD-D4F7E3-F19690?viewId=0
end point :
/v3/vendors/gcp/accounts/01A4DD-D4F7E3-F19690/setup-scripts
end point :
/v3/vendors/gcp/permissions/accounts/00O00E-392CA9-C00B00
end point :
/v3/vendors/gcp/accounts/01A4DD-D4F7E3-K19691/verification
end point : /v3/vendors/gcp/accounts/01A4DD-D4F7E3-K19691/archive
end point : /v3/vendors/gcp/accounts/01A4DD-D4F7E3-K19691
The Credential Object
tableFqn (string) - combination of project-id:dataset_id.gcp_billing_export (project-id:dataset_id.gcp_billing_export_v1_00F7AC_4817A0_36CA46)
gcpOrgId (string) - the gcp organizationId (needs to be provided if gcp automation is used)
consumerOrgId (string) - if the account belongs to msp_consumer, this is the orgId of MSP_CONSUMER (optional, needs to be provided only if it belongs to MSP)
rlbdate (string) - resource label billing date (optional- required in case of GCP Detailed Billing)
isResourceLevelBillingRequired (boolean)) - it can have true/false (optional- required in case of GCP Detailed Billing)
vendorAccountName (string) - GCP vendor Account ID of customers
vendorKey (string) - states the vendor type (GCP)
verification (string) -contains state of the account
state (string) -it specifies whether the account is in verified/unverified/error state
authorization (string) - contains the below details:
type(string) - the provider type
tableName (string) - billing export table name
projectId (string) - billing export project Id
datasetId (string) - billing export dataset Id
bucketName (string) - the gcp bucket name (optional- required in case of GCP Detailed Billing/GCS)
permissions (string) - contains all permission present in a given GCP account after verification
createdAt ( string) - the timestamp at which the account is credentialized
script (string) - the script required to setup GCP role in customer's account
featureName (string) - the section to segregate permissions based on features of Cloudability
label (string) - name of the section to segregate permissions based on features of Cloudability
Create GCP credential
curl --location 'https://api.cloudability.com/v3/vendors/gcp/accounts' \
--header 'Content-Type: application/json' \
--data '{
"type": "gcp_role",
"tableFqn": "samplestandard:sample.gcp_billing_export_v1_01A4DD-D4F7E3-K19691",
"gcpOrgId": "",
"consumerOrgId": "",
"rlbdate": "",
"bucketName": "test1",
"isResourceLevelBillingRequired": false
}'{
"result": {
"id": "01A4DD-D4F7E3-K19691",
"vendorAccountName": "01A4DD-D4F7E3-K19691",
"vendorAccountId": "01A4DD-D4F7E3-K19691",
"vendorKey": "gcp",
"verification": {
"state": "unverified"
},
"authorization": {
"type": "gcp_role",
"bucketName": "test1",
"tableName": "gcp_billing_export_v1_01A4DD-D4F7E3-K19691",
"projectId": "samplestandard",
"datasetId": "sample"
},
"createdAt": "2023-12-27T11:37:50Z",
"consumerOrgId": ""
}
}Update the GCP credential with the given ID
curl --location 'https://api.cloudability.com/v3/vendors/gcp/accounts/01A4DD-D4F7E3-F19690?viewId=0' \
--header 'Content-Type: application/json' \
--data '{
"vendorAccountId": "01A4DD-D4F7E3-F19690",
"type": "gcp_role",
"tableFqn": "samplestandard:sample.gcp_billing_export_v1_01A4DD-D4F7E3-F19690",
"consumerOrgId": "",
"bucketName": "sampleData",
"isResourceLevelBillingRequired": false,
"rlbdate": "",
"gcpOrgId": ""
}'{
"result": {
"id": "01A4DD-D4F7E3-F19690",
"vendorAccountName": "01A4DD-D4F7E3-F19690",
"vendorAccountId": "01A4DD-D4F7E3-F19690",
"vendorKey": "gcp",
"verification": {
"state": "unverified"
},
"authorization": {
"type": "gcp_role",
"bucketName": "sampleData",
"tableName": "gcp_billing_export_v1_01A4DD-D4F7E3-F19690",
"projectId": "samplestandard",
"datasetId": "sample"
},
"createdAt": "2023-12-20T01:15:23Z",
"consumerOrgId": ""
}
}Returns the script for setting up a GCP Role
{
"result": {
"scripts": "gcloud iam roles create CloudabilityRole_Billing \\\n --project \\\n samplestandard \\\n --title \\\n \"Cloudability Billing Role\" \\\n --description \\\n \"Allows Cloudability access to billing account data\" \\\n --permissions \\\n bigquery.jobs.create,bigquery.tables.getData,bigquery.tables.export,storage.buckets.get,storage.buckets.getIamPolicy,storage.multipartUploads.abort,storage.multipartUploads.create,storage.multipartUploads.list,storage.multipartUploads.listParts,storage.objects.create,storage.objects.delete,storage.objects.get,storage.objects.list,storage.objects.update \\\n --stage=GA \ngsutil iam ch serviceAccount:billing-data-service-acct@cloudability-credentials.iam.gserviceaccount.com:projects/samplestandard/roles/CloudabilityRole_Billing gs://sampleData\ngcloud projects add-iam-policy-binding samplestandard \\\n --member serviceAccount:billing-data-service-acct@cloudability-credentials.iam.gserviceaccount.com \\\n --role 'projects/samplestandard/roles/CloudabilityRole_Billing'"
}
}
}Returns GCP permissions for a given ID
{
"result": [
{
"featureName": "Utilization",
"label": "Utilization",
"permissions": [
{
"name": "compute.instances.list"
},
{
"name": "monitoring.timeSeries.list"
},
{
"name": "compute.disks.list"
}
]
},
{
"featureName": "Reservations",
"label": "Reservations",
"permissions": [
{
"name": "compute.commitments.get"
},
{
"name": "compute.commitments.list"
},
{
"name": "consumerprocurement.orders.list"
},
{
"name": "consumerprocurement.orders.get"
}
]
},
{
"featureName": "Cost \u0026 Usage Data",
"label": "Cost",
"permissions": [
{
"name": "bigquery.jobs.create"
},
{
"name": "bigquery.tables.getData"
},
{
"name": "bigquery.tables.export"
},
{
"name": "storage.buckets.get"
},
{
"name": "storage.buckets.getIamPolicy"
},
{
"name": "storage.multipartUploads.abort"
},
{
"name": "storage.multipartUploads.create"
},
{
"name": "storage.multipartUploads.list"
},
{
"name": "storage.multipartUploads.listParts"
},
{
"name": "storage.objects.create"
},
{
"name": "storage.objects.delete"
},
{
"name": "storage.objects.get"
},
{
"name": "storage.objects.list"
},
{
"name": "storage.objects.update"
}
]
},
{
"featureName": "Rightsizing",
"label": "Rightsizing",
"permissions": [
{
"name": "recommender.computeInstanceMachineTypeRecommendations.list"
},
{
"name": "recommender.computeInstanceMachineTypeRecommendations.get"
},
{
"name": "recommender.computeInstanceIdleResourceRecommendations.list"
},
{
"name": "recommender.computeInstanceIdleResourceRecommendations.get"
}
]
}
]
}Verifies GCP Credential with a given ID
when verification fails
{
"result": {
"id": "01A4DD-D4F7E3-K19691",
"vendorAccountName": "01A4DD-D4F7E3-K19691",
"vendorAccountId": "01A4DD-D4F7E3-K19691",
"vendorKey": "gcp",
"verification": {
"state": "error",
"message": "The Cloudability role or service account key does not have IAM role(s) with sufficient permissions assigned to it. Please ensure that the role or service account has the following permissions: [bigquery.jobs.create, bigquery.tables.getData, bigquery.tables.export, storage.buckets.get, storage.buckets.getIamPolicy, storage.multipartUploads.abort, storage.multipartUploads.create, storage.multipartUploads.list, storage.multipartUploads.listParts, storage.objects.create, storage.objects.delete, storage.objects.get, storage.objects.list, storage.objects.update]",
"lastVerificationAttemptedAt": "2023-12-27T11:42:25Z"
},
"authorization": {
"type": "gcp_role",
"bucketName": "test1",
"tableName": "gcp_billing_export_v1_01A4DD-D4F7E3-K19691",
"projectId": "samplestandard",
"datasetId": "sample"
},
"createdAt": "2023-12-27T11:37:50Z",
"consumerOrgId": ""
}
}
when verification succeeds
{
"result": {
"id": "00F7AC-4817A0-36CA46",
"vendorAccountName": "00F7AC-4817A0-36CA46",
"vendorAccountId": "00F7AC-4817A0-36CA46",
"vendorKey": "gcp",
"verification": {
"state": "verified",
"lastVerificationAttemptedAt": "2023-12-27T11:53:25Z"
},
"authorization": {
"type": "gcp_role",
"permissions": [
"bigquery.tables.getData",
"consumerprocurement.orders.get",
"consumerprocurement.orders.list",
"bigquery.jobs.create"
],
"tableName": "gcp_billing_export_v1_00F7AC_4817A0_36CA46",
"projectId": "cldy-billing-data",
"datasetId": "cloudability_billing_gcp"
},
"createdAt": "2020-04-23T16:42:42Z",
"consumerOrgId": ""
}
}Archive GCP Credential with a given ID
{
"result": {
"id": "01A4DD-D4F7E3-K19691",
"vendorAccountName": "01A4DD-D4F7E3-K19691",
"vendorAccountId": "01A4DD-D4F7E3-K19691",
"vendorKey": "gcp",
"verification": {
"state": "archived"
},
"meta": {},
"consumerOrgId": ""
}
}Deletes the credential with the given ID
{
"result": {
"message": "Successfully deleted",
"vendorKey": "gcp",
"vendorAccountId": "01A4DD-D4F7E3-K19691"
}
}