Google cloud storage integration
Objective
Set up automated file sanitization in Google Cloud Storage using the Glasswall Halo API via a Google Cloud Run service and Eventarc.
Google cloud storage integration guide
- Prerequisites
- Step 1 – Setup
- Step 2 – Deploy Google Cloud Run
- Step 3 – Set up storage events
- Step 4 – Test application
Prerequisites
- Google Cloud Console account
- Source Google Cloud bucket
- Destination Google Cloud bucket
- Google Cloud CLI
- Glasswall example code
Notes:
- Before you begin, ensure that all configuration parameters are correctly named and added to the Google Cloud Run application, as any mismatches will lead to failures.
- The provided sample code demonstrates this use case only. It handles flat files and does not include advanced logging mechanisms.
Step 1 – Setup
Google provides a similar scenario that can be used to get started. Follow the Before you begin guide for permissions, service accounts, and command-line setup.
Once completed, you should be ready to deploy the example code.
Also ensure that you have completed the following steps:
- Sign in to the Google Cloud Console.
- Clone the sample code to a working directory.
- Run the following commands:
cd ./GCloudStorageEvents/dotnet
gcloud auth login
gcloud config set project "${PROJECT_ID}"
PROJECT_ID can be found on the welcome page of the Google Cloud Platform console.
Step 2 – Deploy Google Cloud Run
In the following steps, replace ${SERVICE_NAME} with the desired name of the deployed Cloud Run application.
- To deploy from the command line, use the
gcloud run deploycommand:
gcloud run deploy "${SERVICE_NAME}" --source . --region "${SERVICE_REGION}" --set-env-vars OutputBucket="${OUTPUT_BUCKET_NAME}" --set-env-vars HALO_URL="${HALO_URL}" --set-env-vars HALO_USERNAME="${HALO_USERNAME}" --set-env-vars HALO_PASSWORD="${HALO_PASSWORD}"
- Configuration is performed during deployment. Replace the variables enclosed in
${}with the appropriate values.
| Key | Value |
|---|---|
| Service_name | Name of the Cloud Run service to be created |
| Service_region | Region where the Cloud Run service will be deployed |
| Output_bucket_name | Destination storage bucket name (must already exist) |
| Halo_url | URL for the CDR-file endpoint (for example, https://api.glasswall.com/api/v3/cdr-file) |
| Halo_username | Username for Halo API basic authentication |
| Halo_password | Password for Halo API basic authentication |
Refer to the Google Cloud Run deploy documentation for more details.
Step 3 – Set up storage events
To configure storage events, create a Google Eventarc trigger using the following command:
gcloud eventarc triggers create "${SERVICE_NAME}" --destination-run-service="${SERVICE_NAME}" --destination-run-region="${SERVICE_REGION}" --destination-run-path="/" --location="${SERVICE_REGION}" --event-filters="type=google.cloud.storage.object.v1.finalized" --event-filters="bucket=${INPUT_BUCKET_NAME}" --service-account="${PROJECT_NUMBER}[email protected]"
Step 4 – Test application
To test the application, upload supported files to the input bucket. Successfully processed files will appear in the output bucket.