GCP Cloud Function
How to use GCP Cloud Function to connect and manage access to internal applications with Apono
Integrating Apono with GCP Cloud Function will enable the organization to connect to internal applications and manage access via Apono.
How To Integrate GCP Cloud Function
Prerequisites
- Apono Connector deployed with a service account in GCP
- Create a new GCP Cloud Function (1st Gen)
- Sample code for a function that works with Apono:
exports.helloWorld = (req, res) => {
if (req.method !== 'POST') {
return res.status(405).send({ error: 'Only POST requests are allowed.' });
}
if (!req.is('application/json')) {
return res.status(400).send({ error: 'The request body must be in JSON format.' });
}
const params = req.body.params;
switch (req.body.event_type) {
case 'list-resources':
return listResources(params);
case 'grant-access':
return grantAccess(params);
case 'revoke-access':
return revokeAccess(params);
default:
return res.status(200).send("ok");
}
function listResources(params) {
return res.status(200).send(
{
resources: [{
'id': 'all',
'name': 'All',
'type': params.resource_type
}],
permissions: [{
'id': 'grant',
'name': 'Grant'
}]
}
);
}
function grantAccess(params) {
const username = params.username;
const grantId = params.grant_id;
const resources = params.resources;
const permission = params.permission;
const param1 = params.custom_parameters.param1
const param2 = params.custom_parameters.param2
console.log(param1)
console.log(param2)
return res.status(200).send({ status: 'ok' });
}
function revokeAccess(params) {
const username = params.username;
const grantId = params.grant_id;
const resources = params.resources;
const permission = params.permission;
const param1 = params.custom_parameters.param1
const param2 = params.custom_parameters.param2
return res.status(200).send({ status: 'ok' });
}
}
- List of APIs to use for the integration with Apono:
"get-status" {
"custom_parameters" map[string]interface{}
}
"list-resources" {
"resource_type" string
"custom_parameters" map[string]interface{}
}
"list-resources-tags" {
"custom_parameters" map[string]interface{}
}
"create-credentials" {
"username" string
"resource_type" string
"resources" []string
"custom_parameters" map[string]interface{}
}
"reset-credentials" {
"username" string
"resource_type" string
"resources" []string
"custom_parameters" map[string]interface{}
}
"delete-credentials" {
"username" string
"resource_type" string
"resources" []string
"custom_parameters" map[string]interface{}
}
"grant-access" {
"grant_id" string
"username" string
"resource_type" string
"resources" []string
"permission" string
"custom_parameters" map[string]interface{}
}
"revoke-access" {
"grant_id" string
"username" string
"resource_type" string
"resources" []string
"permission" string
"custom_parameters" map[string]interface{}
}
- To allow the Apono connector to call the Cloud Functions, add the Cloud Functions Invoke and Cloud Functions Viewer roles to the apono-connector service account
apono-connector-iam-sa
on the new function you created.
Connect Apono to the GCP Cloud Function:
- Click on Integrations Catalog.
- Under Custom Integrations, look for GCP Cloud Function and click Connect
- Enter function access details (to be shown for user when granted access)
- Enter parameters to be passed to the cloud function
- Enter function details: project-id, region, name
- Connect cloud function custom integration
Updated about 1 month ago