## Objective Set up automated file sanitization in Google Cloud Storage using the Glasswall Halo API via a Google Cloud Run service and Eventarc. ## Google Cloud Storage Integration Guide - [Prerequisites](/halo/google-cloud-storage-integration#prerequisites) - [Step 1 – Setup](/halo/google-cloud-storage-integration#step-1--setup) - [Step 2 – Deploy Google Cloud Run](/halo/google-cloud-storage-integration#step-2--deploy-google-cloud-run) - [Step 3 – Set up storage events](/halo/google-cloud-storage-integration#step-3--set-up-storage-events) - [Step 4 – Test application](/halo/google-cloud-storage-integration#step-4--test-application) * * * ## Prerequisites - Google Cloud Console account - Source Google Cloud bucket - Destination Google Cloud bucket - [Google Cloud CLI](https://cloud.google.com/sdk/docs/install) **Notes:** - Before you begin, ensure that all configuration parameters are correctly named and added to the Google Cloud Run application, as any mismatches will lead to failures. - This guide covers flat files only and does not include detailed logging. * * * ## Step 1 – Setup Google provides a similar scenario that can be used to get started. Follow the [Before you begin guide](https://cloud.google.com/run/docs/tutorials/eventarc#before-you-begin) for permissions, service accounts, and command-line setup. Once completed, you should be ready to deploy your application. Also ensure that you have completed the following steps: 1. Sign in to the [Google Cloud Console](https://console.cloud.google.com). 2. Prepare your application code in a working directory. 3. Run the following commands: ```shell gcloud auth login gcloud config set project "${PROJECT_ID}" ``` `PROJECT_ID` can be found on the welcome page of the Google Cloud Platform console. * * * ## Step 2 – Deploy Google Cloud Run In the following steps, replace `${SERVICE_NAME}` with the desired name of the deployed Cloud Run application. 1. To deploy from the command line, use the `gcloud run deploy` command: ```shell gcloud run deploy "${SERVICE_NAME}" --source . --region "${SERVICE_REGION}" --set-env-vars OutputBucket="${OUTPUT_BUCKET_NAME}" --set-env-vars HALO_URL="${HALO_URL}" --set-env-vars HALO_USERNAME="${HALO_USERNAME}" --set-env-vars HALO_PASSWORD="${HALO_PASSWORD}" ``` 2. Configuration is performed during deployment. Replace the variables enclosed in `${}` with the appropriate values. | Key | Value | | --- | --- | | Service_name | Name of the Cloud Run service to be created | | Service_region | Region where the Cloud Run service will be deployed | | Output_bucket_name | Destination storage bucket name (must already exist) | | Halo_url | URL for the CDR-file endpoint (for example, `https://api.glasswall.com/api/v3/cdr-file`) | | Halo_username | Username for Halo API basic authentication | | Halo_password | Password for Halo API basic authentication | Refer to the [Google Cloud Run deploy documentation](https://cloud.google.com/sdk/gcloud/reference/run/deploy) for more details. * * * ## Step 3 – Set up storage events To configure storage events, create a Google Eventarc trigger using the following command: ```shell gcloud eventarc triggers create "${SERVICE_NAME}" --destination-run-service="${SERVICE_NAME}" --destination-run-region="${SERVICE_REGION}" --destination-run-path="/" --location="${SERVICE_REGION}" --event-filters="type=google.cloud.storage.object.v1.finalized" --event-filters="bucket=${INPUT_BUCKET_NAME}" --service-account="${PROJECT_NUMBER}-compute@developer.gserviceaccount.com" ``` * * * ## Step 4 – Test application To test the application, upload supported files to the input bucket. Successfully processed files will appear in the output bucket.