Google Cloud Pubsub

the google cloud pubsub connector enables interaction with google's messaging service, allowing users to publish and subscribe to messages in the cloud google cloud pubsub is a powerful, asynchronous messaging service that enables developers to create scalable and decoupled applications this connector allows swimlane turbine users to seamlessly integrate with google cloud pubsub, enabling them to pull messages from subscriptions and publish messages to topics within the google cloud environment by leveraging this connector, users can automate the distribution and consumption of event driven data, enhance real time data processing, and improve incident response workflows without writing any code the integration facilitates efficient communication between services, ensuring timely and reliable message delivery for complex security automation tasks prerequisites to utilize the google cloud pubsub connector with turbine, ensure you have the following google oauth2 credentials with the following parameters client id the unique identifier for your google cloud application client secret a secret key provided by google to authenticate your application refresh token a token used to obtain a new access token when the current one expires service account authentication with the following parameters credentials the json key file associated with your google cloud service account delegate account an optional email address of the user the service account is impersonating, if any asset setup scope google cloud pubsub requires one of the following oauth scopes https //www googleapis com/auth/pubsub https //www googleapis com/auth/cloud platform capabilities this connector provides the following capabilities projects subscriptions pull projects topics publish gcp project creation log in to gcp console here https //console cloud google com/ navigate to this link to create a new project https //console cloud google com/projectcreate name your project and click create we recommend specific and recognizable project names navigate to your projects, and select your new project enable the google cloud pubsub api go to the api & services dashboard in the cloud console click on the "enable apis and services" button search for "google cloud pubsub api" and enable it for your project asset configuration configuring a service account google cloud pubsub connector requires a google service account to authenticate open https //console developers google com/iam admin/serviceaccounts select the appropriate project click + create new service account assign a name for the service account and add a description, click create and continue click the select a role dropdown and type “owner” in the filter choose owner and click continue for the menu specifying grant users access to this service account (optional) you may select users or skip and click done this is not required for the connector click on the newly created service account email navigate to the keys menu click add key , select create new key , select json format, and click create make sure you download the json file presented this file will be needed when configuring the asset in swimlane navigate to the details menu at the top of the screen copy down the unique id to be used in the setting api scopes step below delegating domain wide authority (recommended) in order to support accessing multiple user's accounts, domain wide authority must be enabled before creating a service account choosing not to delegate domain wide authority will heavily limit the scope of what this connector can do if the connector will only operate against a single account, the next section (setting api scopes) can be skipped setting api scopes after creating a service account, the necessary api scopes required to be authorized must be set from https //admin google com/ , navigate to security > api controls and then click manage domain wide delegation at the bottom of the window click add new in the client id field, enter the unique id from the service account details menu enter the following csv value into the oauth scopes (comma delimited) input https //www googleapis com/auth/pubsub, https //www googleapis com/auth/cloud platform click authorize credentials the contents of the json credentials key file downloaded when creating a service account must be base64 encoded when creating the google cloud pubsub asset for linux and mac $ cat \<path to credentials json> | base64 for windows using powershell \[convert] tobase64string((get content path "your file path" encoding byte)) now copy the base64 encoded string and paste it into the service account json field delegate account the delegate account value is used to determine which account to operate as when running actions this value should be the email address for the target account (the mailbox you are trying to read/write) some actions provide an optional input to override the asset value in most if not all cases an admin account of the google workspace should be used it should not be the service account email customer id the unique id for the customer's google workspace account as an account administrator, you can also use the my customer alias to represent your account's customerid the customerid is also returned as part of the users resource in order to get this value, navigate to https //admin google com then go to account account settings , and you will find it listed oauth 2 0 to configure oauth 2 0 for the google cloud pubsub connector, follow these steps navigate to the https //console cloud google com/ select your project from the top menu in the left sidebar, select "apis & services" > "credentials " click the "+ create credentials" button and select "oauth 2 0 client id " under "application type," select "web application " enter a name for the oauth 2 0 client click "create " a dialog with your client id and client secret will appear click "ok" to close the dialog next to the oauth 2 0 client you just created, click on the pencil icon to edit the client under "scopes for google apis," add the necessary scopes that are required for your connector (as specified in the "setting api scopes" section of this readme) click "save " your oauth 2 0 client is now configured and ready to be used with the google cloud pubsub connector once this is configured, you need to provide the refresh token in the asset if you dont know how to achieve this, swimlane will provide you with a script that will help you to get the refresh token notes https //cloud google com/pubsub/docs/authentication https //cloud google com/pubsub/docs/reference/rest/v1/projects subscriptions https //cloud google com/pubsub/docs/reference/rest/v1/projects topics configurations google cloud pubsub authentication authenticates google forms using google credentials configuration parameters parameter description type required client id the client id for the oauth 2 0 application string required client secret the client secret for the oauth 2 0 application string required refresh token oauth 2 0 refresh token used to obtain new access tokens if using a refresh token, you must also provide a client id and secret string required scope permission scopes for this action array optional google cloud pubsub service account authentication authenticates google forms using service account configuration parameters parameter description type required credentials base64 encoded contents from service account json credentials file see readme for setup instructions string required delegate account account to execute integrations under if not specified, the integration will run as a service account using a service account will introduce limitations see readme string required scope permission scopes for this action array optional actions projects subscriptions pull retrieves a specified number of messages from a google cloud pubsub subscription input argument name type required description subscription string required the subscription from which messages should be pulled format is projects/{project}/subscriptions/{sub} returnimmediately boolean optional if this field set to true, the system will respond immediately even if it there are no messages available to return in the subscriptions pull response maxmessages number required the maximum number of messages to return for this request must be a positive integer input example {"subscription" "projects/{project1}/subscriptions/{sub1} ","returnimmediately"\ true,"maxmessages" 10} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response receivedmessages array response message response receivedmessages data string response data output example {"status code" 200,"response headers" {},"reason" "ok","response" {"receivedmessages" \[{}]}} projects topics publish publishes messages to a specified google cloud pubsub topic, requiring both 'topic' and 'messages' as inputs input argument name type required description topic string required the messages in the request will be published on this topic format is projects/{project}/topics/{topic} messages array required response message messages data string optional response data input example {"topic" "xyz","messages" \[{"data" "c2ftcgxligrhdge="}]} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response messageids array unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","response" {"messageids" \["10696178334573752"]}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt