GCP Cloud Function

Integrating Apono with GCP Cloud Function will enable the organization to connect to internal applications and manage access via Apono.

How To Integrate GCP Cloud Function

Prerequisites

  • Apono Connector deployed with a service account in GCP
  • Create a new GCP Cloud Function
  • Sample code for a function that works with Apono:
exports.helloWorld = (req, res) => {
  if (req.method !== 'POST') {
    return res.status(405).send({ error: 'Only POST requests are allowed.' });
  }

  if (!req.is('application/json')) {
    return res.status(400).send({ error: 'The request body must be in JSON format.' });
  }

  const params = req.body.params;
  
  switch (req.body.event_type) {
    case 'list-resources':
      return listResources(params);
    case 'grant-access':
      return grantAccess(params);
    case 'revoke-access':
      return revokeAccess(params);
    default:
      return res.status(200).send("ok");
  }

  function listResources(params) {
    return res.status(200).send(
      {
        resources: [{
          'id': 'all',
          'name': 'All',
          'type': params.resource_type
        }],
        permissions: [{
          'id': 'grant',
          'name': 'Grant'
        }]
      }
    );
  }

  function grantAccess(params) {
    const username = params.username;
    const grantId = params.grant_id;
    const resources = params.resources;
    const permission = params.permission;
    
    const param1 = params.custom_parameters.param1
    const param2 = params.custom_parameters.param2

    console.log(param1)
    console.log(param2)
    
    return res.status(200).send({ status: 'ok' });
  }

  function revokeAccess(params) {
    const username = params.username;
    const grantId = params.grant_id;
    const resources = params.resources;
    const permission = params.permission;

    const param1 = params.custom_parameters.param1
    const param2 = params.custom_parameters.param2
    
    return res.status(200).send({ status: 'ok' });
  }
  
  
}
  • List of APIs to use for the integration with Apono:
"get-status" {
    "custom_parameters" map[string]interface{} 
}

"list-resources" {
    "resource_type" string                 
    "custom_parameters" map[string]interface{} 
}

"list-resources-tags" {
    "custom_parameters" map[string]interface{} 
}

"create-credentials" {
    "username" string                 
    "resource_type" string                 
    "resources" []string               
    "custom_parameters" map[string]interface{} 
}

"reset-credentials" {
    "username" string                 
    "resource_type" string                 
    "resources" []string               
    "custom_parameters" map[string]interface{} 
}

"delete-credentials" {
    "username" string                 
    "resource_type" string                 
    "resources" []string               
    "custom_parameters" map[string]interface{} 
}

"grant-access" {
    "grant_id" string                 
    "username" string                 
    "resource_type" string                 
    "resources" []string               
    "permission" string                 
    "custom_parameters" map[string]interface{} 
}

"revoke-access" {
    "grant_id" string                 
    "username" string                 
    "resource_type" string                 
    "resources" []string               
    "permission" string                 
    "custom_parameters" map[string]interface{} 
}
  • To allow the Apono connector to call the Cloud Functions, add the Cloud Functions Invoke and Cloud Functions Viewer roles to the apono-connector service account apono-connector-iam-sa on the new function you created.

Connect Apono to the GCP Cloud Function:

  1. Click on Integrations Catalog.
  2. Under Custom Integrations, look for GCP Cloud Function and click Connect
  • Enter function access details (to be shown for user when granted access)
  • Enter parameters to be passed to the cloud function
  • Enter function details: project-id, region, name
  • Connect cloud function custom integration