GCP Cloud Function

How to use GCP Cloud Function to connect and manage access to internal applications with Apono

Integrating Apono with GCP Cloud Function will enable the organization to connect to internal applications and manage access via Apono.

How To Integrate GCP Cloud Function

Prerequisites

  • Apono Connector deployed with a service account in GCP
  • Create a new GCP Cloud Function (1st Gen)
  • Sample code for a function that works with Apono:
exports.helloWorld = (req, res) => {
  if (req.method !== 'POST') {
    return res.status(405).send({ error: 'Only POST requests are allowed.' });
  }

  if (!req.is('application/json')) {
    return res.status(400).send({ error: 'The request body must be in JSON format.' });
  }

  const params = req.body.params;
  
  switch (req.body.event_type) {
    case 'list-resources':
      return listResources(params);
    case 'grant-access':
      return grantAccess(params);
    case 'revoke-access':
      return revokeAccess(params);
    default:
      return res.status(200).send("ok");
  }

  function listResources(params) {
    return res.status(200).send(
      {
        resources: [{
          'id': 'all',
          'name': 'All',
          'type': params.resource_type
        }],
        permissions: [{
          'id': 'grant',
          'name': 'Grant'
        }]
      }
    );
  }

  function grantAccess(params) {
    const username = params.username;
    const grantId = params.grant_id;
    const resources = params.resources;
    const permission = params.permission;
    
    const param1 = params.custom_parameters.param1
    const param2 = params.custom_parameters.param2

    console.log(param1)
    console.log(param2)
    
    return res.status(200).send({ status: 'ok' });
  }

  function revokeAccess(params) {
    const username = params.username;
    const grantId = params.grant_id;
    const resources = params.resources;
    const permission = params.permission;

    const param1 = params.custom_parameters.param1
    const param2 = params.custom_parameters.param2
    
    return res.status(200).send({ status: 'ok' });
  }
  
  
}
  • List of APIs to use for the integration with Apono:
"get-status" {
	"custom_parameters" map[string]interface{} 
}

"list-resources" {
	"resource_type" string                 
	"custom_parameters" map[string]interface{} 
}

"list-resources-tags" {
	"custom_parameters" map[string]interface{} 
}

"create-credentials" {
	"username" string                 
	"resource_type" string                 
	"resources" []string               
	"custom_parameters" map[string]interface{} 
}

"reset-credentials" {
	"username" string                 
	"resource_type" string                 
	"resources" []string               
	"custom_parameters" map[string]interface{} 
}

"delete-credentials" {
	"username" string                 
	"resource_type" string                 
	"resources" []string               
	"custom_parameters" map[string]interface{} 
}

"grant-access" {
	"grant_id" string                 
	"username" string                 
	"resource_type" string                 
	"resources" []string               
	"permission" string                 
	"custom_parameters" map[string]interface{} 
}

"revoke-access" {
	"grant_id" string                 
	"username" string                 
	"resource_type" string                 
	"resources" []string               
	"permission" string                 
	"custom_parameters" map[string]interface{} 
}
  • To allow the Apono connector to call the Cloud Functions, add the Cloud Functions Invoke and Cloud Functions Viewer roles to the apono-connector service account apono-connector-iam-sa on the new function you created.

Connect Apono to the GCP Cloud Function:

  1. Click on Integrations Catalog.
  2. Under Custom Integrations, look for GCP Cloud Function and click Connect
  • Enter function access details (to be shown for user when granted access)
  • Enter parameters to be passed to the cloud function
  • Enter function details: project-id, region, name
  • Connect cloud function custom integration