There are certain prerequisites that need to be set up in your GCP project before it can be onboarded into CoreStack.
The following permissions must be configured in your GCP Project before onboarding.
User account permissions:
Service account permissions:
Based on the authentication protocol to be used in CoreStack, the following information must be retrieved from the GCP console.
1. OAuth2 Based:
The following values must be generated/copied from your GCP Project and configured in CoreStack.
Client ID & Client Secret:
Scope: The OAuth 2.0 scope information for GCP project is: https://www.googleapis.com/auth/cloud-platform.
The project ID is a unique identifier for a project and is used only within the console.
Redirect URI: The following redirect URI that is configured while creating the client ID and client secret must be used: https://corestack.io/.
The authorization code must be generated with user consent and required permissions.
Note: The values retrieved in the earlier steps can be used instead of <Client ID> and <Redirect URI> specified in the URL format.
Copy these details and provide them while onboarding your GCP Project into CoreStack using OAuth2 option.
2. Service Account Based:
A service account must be created in your GCP Project. You need to create a service account key and download it as a JSON file. Also, Project ID / Folder ID must be retrieved as well to onboard a GCP Project or GCP folder.
How to Download the Credentials File (JSON):
Project ID/Folder ID:
The project ID or folder ID is a unique identifier for a project or folder in GCP respectively. To retrieve a Project ID or Folder ID, perform the following steps:
Provide the JSON and Project / Folder ID while onboarding the GCP Project in CoreStack using Service Account option.
The following steps need to be performed to onboard a GCP Linked Project.
1) Click Add New button in the CoreStack dashboard and select Single Account.
2) Click Start Now.
3) Select GCP option in the Public Cloud field.
4) Click Get Started button.
5) Select the required option in the Access Type field. The options are: Assessment and Assessment + Governance.
6) Select the Linked Project Account option in the Account Type field.
7) Select the required option in the Authentication Protocol field. The options are: OAuth2 and Service Account.
8) Click Next.
9) Provide the necessary details (Client ID, Client Secret, Scope, Project ID, Redirect URI, and Authorization Code OR Hierarchy Scope, Project ID/Folder ID, Credentials File (JSON)) explained in the Pre-onboarding section based on the option selected in the Authentication Protocol field.
If Service Account option is selected in the Authentication Protocol field, the Hierarchy Scope field will be available and must be configured as follows.
10) In the Hierarchy Scope field, select the required option based on your need as explained below. The options are: Project, Folder, and Organization.
a) Project: This option will enable a specific GCP project to be onboarded. Specify the ID of the GCP Project in the Project ID field.
b) Folder: This option will enable the GCP projects that are available within a Folder (departments or teams within an organization) in GCP to be onboarded. Specify the ID of the GCP folder in the Folder ID field.
c) Organization: This option will enable all the GCP projects that are available within an Organization in GCP to be onboarded.
Note: GCP Projects must have access to the specified service account. While onboarding a Folder or Organization from GCP, only the GCP Projects that have access to the specified service account will be onboarded.
11)Click Validate button.
12) The Advanced Settings section will be displayed with additional fields (Name, Master Account, and Scope). 13) Modify the prepopulated name of the account in the Name field, if required.
14) Select the required account in the Master Account dropdown list.
15) Select the required option in the Scope field. The options are: Account, Private, and Tenant.
16) Click I’m Done button.
The GCP Project will be onboarded successfully into CoreStack. Relevant insights and information about the resources available in the GCP Project will be populated under each cloud governance pillars in CoreStack.