GCP Cloud Function
Integrating Apono with GCP Cloud Function will enable the organization to connect to internal applications and manage access via Apono.
How To Integrate GCP Cloud Function
Prerequisites
- Apono Connector deployed with a service account in GCP
- Create a new GCP Cloud Function
- Sample code for a function that works with Apono:
exports.helloWorld = (req, res) => {
if (req.method !== 'POST') {
return res.status(405).send({ error: 'Only POST requests are allowed.' });
}
if (!req.is('application/json')) {
return res.status(400).send({ error: 'The request body must be in JSON format.' });
}
const params = req.body.params;
switch (req.body.event_type) {
case 'list-resources':
return listResources(params);
case 'grant-access':
return grantAccess(params);
case 'revoke-access':
return revokeAccess(params);
default:
return res.status(200).send("ok");
}
function listResources(params) {
return res.status(200).send(
{
resources: [{
'id': 'all',
'name': 'All',
'type': params.resource_type
}],
permissions: [{
'id': 'grant',
'name': 'Grant'
}]
}
);
}
function grantAccess(params) {
const username = params.username;
const grantId = params.grant_id;
const resources = params.resources;
const permission = params.permission;
const param1 = params.custom_parameters.param1
const param2 = params.custom_parameters.param2
console.log(param1)
console.log(param2)
return res.status(200).send({ status: 'ok' });
}
function revokeAccess(params) {
const username = params.username;
const grantId = params.grant_id;
const resources = params.resources;
const permission = params.permission;
const param1 = params.custom_parameters.param1
const param2 = params.custom_parameters.param2
return res.status(200).send({ status: 'ok' });
}
}
- List of APIs to use for the integration with Apono:
"get-status" {
"custom_parameters" map[string]interface{}
}
"list-resources" {
"resource_type" string
"custom_parameters" map[string]interface{}
}
"list-resources-tags" {
"custom_parameters" map[string]interface{}
}
"create-credentials" {
"username" string
"resource_type" string
"resources" []string
"custom_parameters" map[string]interface{}
}
"reset-credentials" {
"username" string
"resource_type" string
"resources" []string
"custom_parameters" map[string]interface{}
}
"delete-credentials" {
"username" string
"resource_type" string
"resources" []string
"custom_parameters" map[string]interface{}
}
"grant-access" {
"grant_id" string
"username" string
"resource_type" string
"resources" []string
"permission" string
"custom_parameters" map[string]interface{}
}
"revoke-access" {
"grant_id" string
"username" string
"resource_type" string
"resources" []string
"permission" string
"custom_parameters" map[string]interface{}
}
- To allow the Apono connector to call the Cloud Functions, add the Cloud Functions Invoke and Cloud Functions Viewer roles to the apono-connector service account
apono-connector-iam-sa
on the new function you created.
Connect Apono to the GCP Cloud Function:
- Click on Integrations Catalog.
- Under Custom Integrations, look for GCP Cloud Function and click Connect
- Enter function access details (to be shown for user when granted access)
- Enter parameters to be passed to the cloud function
- Enter function details: project-id, region, name
- Connect cloud function custom integration
Updated 19 days ago