Onboard a Google Cloud Platform subscription using the Dome9 API

In this topic:

    This note will describe how to onboard a GCP accout to Dome9 using the Dome9 REST API. This will use the GoogleCloudAccount resource. You will need details about your GCP account, which you can obtain either using the GCP console or API.

    Prerequisites

    Dome9 information

    GCP subscription information

    • Service Account Key for a Dome9 role for your account. This key is used by Dome9 to access your GCP account and onboard details from it.
    • Service Account permissions block (JSON) for the service account.

    Setup the GCP subscription

    The Google subscription must have a service account defined, Dome9-Connection, with the Viewer role set.  Follow steps 3 - 15 in Onboard a GCP Account to Dome9 to create the service account and key from the GCP console. 

    Request

    POST https://api.dome9.com/v2/GoogleCloudAccount

    {
      "name": "GCP-account",
      "serviceAccountCredentials": {
    "type": "service_account",
    "project_id": "**********",
    "private_key_id": "****************************************",
    "private_key": "-----BEGIN PRIVATE KEY-----\**********************************************************************************************************************************************************UuA9H02NzLYkcrFAMJNT\n-----END PRIVATE KEY-----\n",
    "client_email": "************
    "client_id": "1**********2",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dome9-connect%40dome9-alon.iam.gserviceaccount.com"
    } }

    Parameters

    name - the name of the subscription as it will appear in Dome9

    serviceAccountCredentials - the service account permissions block (including the service account key), generated on the GCP console, as-is.

    Response

    The response includes the id for the subscription in Dome9.

    {
      "id": "********-****-****-****-************",
      "name": "GCP-account",
      "projectId": "**********",
      "creationDate": "2018-10-16T12:29:09Z"
    }

     See also

    Onboard a Google Cloud Project to Dome9

    GoogleCloudAccount (Dome9 API)