Managing Google Projects and Service Accounts in Cloudaware
Â
Service Accounts
Â
The tab 'Service Accounts' shows the list of all Google service accounts added. You can edit any service account’s details if necessary, clicking triple dots on the right.
Â
Projects
Â
The tab 'Projects' is designed to show the list of Google Resource Manager Projects discovered and provide the information on their performance (Lifecycle State is received directly from GCE; Status marks the status of the integration on the Cloudaware side).
Â
The tab has 2 view options: Table (default) and Tree. The Table view displays the list of all Google projects discovered.
Switch to the Tree view to see a hierarchical structure of your Google Resource Manager objects (the organization, folders and projects) available under the service account1 added to Cloudaware. The column 'Service Account Assignment' shows the type of a service account assignment to an object. Initially, all objects have the state none and are not being collected by Cloudaware.
Â
Select the objects that you would like to be collected. You can assign a service account manually to each individual project or enable auto-collection of Google projects on the organization or folder level. Assign a service account1Â to a parent object (a folder or an organization) in the tree structure in order to enable auto-collection for all child objects listed under this node.
1Â Cloudaware must be granted access at the organization or folder level to display the tree structure of your GCP environment.
Â
Once the project is collected by Cloudaware, the state changes from inherited to auto.
Â
All states available in the column 'Service Account Assignment':
none - no service account was assigned
auto - a service account was assigned automatically from a parent one (only for the projects collected automatically)
manual - a service account was assigned manually (for folders or the projects with a manually assigned service account)
inherited - a service account is being inherited from a parent one, though the process is incomplete yet due to child objects still being collected or due to a technical error2Â
2Â The error message is received directly from Google. Fix the error in your Google console and refresh the page.
Â
Using the button ''Assign'' you can also re-assign or unbind the service account:
Unbind and disable projects auto-creation (for organizations)
Unbind and inherit from parent (for folders)
Unbind and stop collecting (for projects)3
3 Clicking Unbind and stop collecting, you send a removal request for a project. The project will be marked with a 'Delete Requested' label.
Â
If any service account is assigned to the object higher in the hierarchy, the removed Google Project will be collected by Cloudaware and displayed in the tree again. To prevent collection of a removed project, you should blacklist it first using the tab 'Projects Blacklist' and then request a removal.
Â
Projects Blacklist
Â
The tab 'Projects Blacklist' allows adding filters to exclude certain projects from being collected in Cloudaware.
Â
Click Add Exception and insert regexs4 setting up the filter logic. Click Save.
Â
Â