For GCP Connector, Some of the Logic is handled backend
1. How GCP connector is importing GCP accounts and entitlements? and how to get extra metadata information for accounts . In REST connector we do have importaccountentjson where we define columns mapping and get the required metadata. but in GCP I do not see such option on connector level. Is there any backend code that is doing that mapping, which we cannot see from UI.
Accounts and Entitlements import logic is handled in backed code of this connector. You don't specify much in connection level. Instead while you configure imports you will define what type of data you want to import like account or access. If you want to import specific type of entitlements then you will use CUSTOM Access then you will filter what type of entitlements you want to pull using Include importEntTypes and excludeEntTypes
Sample JSON: {"importEntTypes":{"SQLDatabaseInstance":{}},"excludeEntTypes":{"Groups":{},"Group_Permissions":{},"Projects":{},"Organizations":{},"Org_Roles":{},"Roles":{},"Project_Roles":{},"Project_IAMPolicies":{},"Folders":{},"Disks":{},"ServiceAccountKeys":{},"KubernetesEngine":{},"Instances":{},"RolePermissions":{},"Org_IAMPolicies":{},"Folder_Roles":{},"Folder_IAMPolicies":{},"Zones":{},"Regions":{},"AlertPolicies":{},"SubNetworks":{},"VPCNetworks":{},"DNSZone":{},"Firewall":{},"BucketsList":{},"BucketIAMPolicy":{},"Sinks":{},"LogBasedMetrics":{},"DiskSnapshots":{},"Instances_IAMPolicies":{},"Disks_IAMPolicies":{},"ServiceAccount_Roles":{},"ServiceAccount_IAMPolicies":{}}}} - This will pull only SQL instances of GCP
Similarly for Account attribute mapping this is also handled internally and below are some of the fields that are being pulled by GCP connector and their mapping with accounts table
| Accounts Table Column | GCP Attributes |
| accountID | id |
| name | primaryEmail |
| displayName | name.fullName |
| customproperty1 | emails |
| customproperty2 | nonEditableAliases |
| customproperty4 | kind |
| customproperty5 | etag |
| customproperty6 | isAdmin |
| customproperty7 | isDelegatedAdmin |
| customproperty8 | customerId |
| customproperty9 | orgUnitPath |
| customproperty10 | isMailboxSetup |
| customproperty11 | isEnrolledIn2Sv |
| customproperty12 | isEnforcedIn2Sv |
| customproperty13 | includeInGlobalAddressList |
| customproperty14 | ipWhitelisted |
| customproperty15 | changePasswordAtNextLogin |
| customproperty16 | agreedToTerms |
| customproperty18 | suspensionReason |
| lastlogondate | lastLoginTime |
| CREATED_ON | creationTime |
If you need any additional columns to be mapping then you can use ACCOUNT_ATTRIBUTE_MAPPING
Sample JSON:
{"customproperty31": "emails~#~json"}
2. I do not see any jsons parameters like add access, remove account, remove access json parameters in GCP connector. How are those provisioning operations are happening. -- For Provisioning you may still need to populate these JSONs CreateAccountJSON, UpdateAccountJSON & CREATESERVICEACCOUNTJSON. Rest all like ADD/ Remove Access & Delete are handled by backend logic of the connector.
Regards,SaathvikIf this reply answered your question, please Accept it As Solution to help others who may have a similar problem.
