Remediate AWS CIS v3.0 and v4.0 with Flowpipe's interactive wizard →
DocsHubBlogChangelogSlack CommunityGitHub
Download
On this page
Get Involved
Edit on GitHub

gcp

Important

As of Flowpipe 1.0.0, credential has been renamed to connection. The gcp credential resource is deprecated and will be removed in a future version of Flowpipe. Use the gcp connection instead.

The gcp credential can be used to access Google Cloud Platform resources.

credential "gcp" "gcp_def" {
  credentials = "~/.config/gcloud/my_credentials.json"
}

Arguments

NameTypeRequired?Description
credentialsStringOptionalEither the path to a JSON credential file that contains Google application credentials or the contents of a service account key file in JSON format.
ttlNumberOptionalThe time, in seconds, to cache the credentials. By default, the GP credential will be cached for 5 minutes.

All arguments are optional, and a gcp credential with no arguments will behave the same as the GCP default credential.

Attributes (Read-Only)

AttributeTypeDescription
access_tokenStringAn OAuth access token to use to authenticate to GCP.

Default Credential

The GCP credential type includes an implicit, default credential (credential.gcp.default) that will be configured using the same mechanism as the GCloud CLI (environment variables, config files, etc); the effective credentials of this default are the same as if you run the gcloud command. Credentials will be loaded from:

  • The path specified in the GOOGLE_APPLICATION_CREDENTIALS environment variable, if set; otherwise
  • The standard location (~/.config/gcloud/application_default_credentials.json)

Examples

Static Credentials from Credential File

credential "gcp" "gcp_def" {
  credentials = "~/.config/gcloud/my_credentials.json"
}

Static Credentials defined inline

credential "gcp_inline" {
  #project = "my_project"
  credentials = <<EOC
  {
  "client_id": "blah-blah.apps.googleusercontent.com",
  "client_secret": "d-blah",
  "quota_project_id": "dev-aaa",
  "refresh_token": "1//blah-blah",
  "type": "authorized_user"
  } 
  EOC
}

Using GCP Credentials in Container Step

pipeline "gcp_test" {
    param "cred" {
    type    = string
    default = "default"
  }


  step "container" "get_instances" {
    image = "gcr.io/google.com/cloudsdktool/google-cloud-cli"
    cmd   = ["gcloud", "compute", "instances", "list"]
    env = {
      CLOUDSDK_CORE_PROJECT      = "my-project"
      CLOUDSDK_AUTH_ACCESS_TOKEN = credentials.gcp[param.cred].access_token
    }
  }
}

Using GCP Credentials in HTTP Step

pipeline "gcp_test" {
  param "cred" {
    type    = string
    default = "default"
  }


  step "http" "get_instances" {
    url = "https://compute.googleapis.com/compute/v1/projects/my-project/aggregated/instances"
    
    request_headers = {
      Content-Type = "application/json; charset=utf-8"
      Authorization = "Bearer ${credentials.gcp[param.cred].access_token}"
    }
  }
}