Creating a GCP connection

Select one of the following methods to create a GCP connection: Ensure the relevant APIs from the following list are enabled:
You do not have to enable all APIs, only the ones relevant to the actions you wish to perform with Blink.

Using a Service Account

A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. To create the connection you need:
  • A service account
  • A GCP JSON key

Obtaining the credentials

Creating a service account

Only necessary if you do not have an account.
  1. In the Google Cloud console, go to the Create service account page.
  2. Select a Cloud project.
  3. Enter a service account name to display in the Google Cloud console.The Google Cloud console generates a service account ID based on this name. Edit the ID if necessary. You cannot change the ID later.
  4. Optional: Enter a description of the service account.
  5. If you do not want to set access controls now, click Done to finish creating the service account.To set access controls now, click Create and continue and continue to the next step.
  6. Optional: Choose one or more IAM roles to grant to the service account on the project.
  7. When you are done adding roles, click Continue.
  8. Optional: In the Service account users role field, add members that can impersonate the service account.
  9. Optional: In the Service account admins role field, add members that can manage the service account.
  10. Click Done to finish creating the service account.

Create a service account key

  1. In the Google Cloud console, go to the service account page.
  2. Select a project.
  3. Click the email address of the service account that you want to create a key for.
  4. Click the Keys tab.
  5. Click the Add key drop-down menu, then select Create new key. Create Key
  6. Select JSON as the Key type and click Create. Clicking Create downloads a service account key file. After you download the key file, you cannot download it again. The downloaded key has the following format: 
    {    "type": "service_account",    "project_id": "PROJECT_ID",    "private_key_id": "KEY_ID",    "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",    "client_email": "SERVICE_ACCOUNT_EMAIL",    "client_id": "CLIENT_ID",    "auth_uri": "https://accounts.google.com/o/oauth2/auth",    "token_uri": "https://accounts.google.com/o/oauth2/token",    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"    }
  1. Copy the key.

Creating your connection

The default scope requested when using a service account is https://www.googleapis.com/auth/cloud-platform. In order to perform other HTTP requests to Google’s API you may need to add additional scope to the “Scopes” parameter when creating the GCP connection. This will be indicated by the 403 status code and the “missing permissions” prompt returned by Google to such requests in addition to the missing scope.
  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the GCP icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Select Service Account as the method to create the connection.
  5. Fill in the parameters:
    • Credentials
    • A comma-separatedlist of Scopes you want to request
  6. (Optional) Click Test Connection to test it.
  7. Click Create connection. The new connection appears on the Connections page.

Using Manual OAuth

This option can be used to grant broad permissions which are not possible using standard OAuth or service accounts.

Obtaining the credentials

Prerequisites: You need to have the gcloud CLI installed on your computer.
  1. Run the command gcloud auth login in your terminal to authorize gcloud to access the Cloud Platform. If gcloud is already configured on your computer, you can skip this step.
  2. Copy the content of the configuration file called adc.json.This file is typically located in the configuration directory:
    • Linux and macOS: ~/.config/gcloud/legacy_credentials/<your email>/adc.json
    • Windows: %APPDATA%\gcloud/legacy_credentials/<your email>/adc.json
For example, if you’re using macOS, you can run the following command and copy the output: 
cat ~/.config/gcloud/legacy_credentials/<your_email>/adc.json
The JSON output will be used directly in the Blink platform to create the connection.

Creating your connection

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the GCP icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Select Manual OAuth as the method to create the connection.
  5. Fill in the parameters:
    • Manual OAuth credentials
  6. (Optional) Click Test Connection to test it.
  7. Click Create connection. The new connection appears on the Connections page.

Interactive Tutorial Guides

You can also refer to the following tutorial guides for a more in-depth understanding of how to create GCP connection. Creating a Google Cloud Platform Connection Creating a Google Cloud Platform Connection in Blink Ops