Google Service Account

Prerequisites

  • Create a Service Account in the Google Cloud console.

  • Create a custom role and grant it to the Service account. Add the following permissions to the custom role (insufficient permissions will fail the Snap):

    • storage.objects.get (Read)

    • storage.objects.list (Read)

    • storage.objects.create (Write)

    • storage.objects.update (Write)

    • storage.objects.delete (Write)

    • storage.buckets.list (required for Snap Account Validation)
  • JSON file containing the public/private key pair. This file is downloaded to your machine when you create the service account. You need to Files it to the SLDB. See Service account keys for more information.
In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:
  1. Click Create, then select Binary, then the appropriate account type.
  2. Supply an account label.
  3. Supply the necessary information.
  4. (Optional) Supply additional information on this account in the Notes field of the Info tab.
  5. Click Apply.

Account settings



Legend:
  • Expression icon (): Allows using JavaScript syntax to access SnapLogic Expressions to set field values dynamically (if enabled). If disabled, you can provide a static value. Learn more.
  • SnapGPT (): Generates SnapLogic Expressions based on natural language using SnapGPT. Learn more.
  • Suggestion icon (): Populates a list of values dynamically based on your Snap configuration. You can select only one attribute at a time using the icon. Type into the field if it supports a comma-separated list of values.
  • Upload : Uploads files. Learn more.
Learn more about the icons in the Snap settings dialog.
Field / Field set Type Description
Label String

Required. Specify a unique label for the account.

Default value: N/A
JSON Key String/Expression Required. The relative path of the JSON key in the SLDB.
  • You can upload the JSON file to the SLDB by clicking Upload icon.

  • You can configure the JSON String of the Service Account key directly.

  • You can pass the JSON Strings using the pipeline parameters.

  • You can access a secret key value configured in your secrets manager.

Warning: The JSON key contains the information regarding the project ID. This can be used in newer versions of Google Cloud Storage SDK.
Note: Acceptable File Paths
  • Relative paths

    • filename.json: Saves the file in the project.

    • ../shared/filename.json: Saves the file in the Project Shared Space.

    • ../../shared/filename.json: Saves the files in the Org Shared project.

  • Absolute path

    • /<org>/<projectSpace>/<project>/filename.json

Warning: Lint Warning

The Snap displays a Lint Warning in your Pipeline in the following scenarios:

  • INCORRECT_FILE_PATH: When you provide an incorrect file path to write a file, such as not following the given relative paths pattern or absolute path patterns.

  • INCORRECT_ORG_PATH: When you create files or directories in a different org other than the one where the Pipeline is executing.

    Therefore, we recommend that you confirm to any of the acceptable relative paths. Otherwise, use an absolute path—that is provide a file path that belongs to the same org where you want to write the file, or use the File Upload icon to specify the File path.

Default value: N/A

Example: ../shared/testproject1234-a0545b98719d_dummy.json

Account encryption

Standard Encryption If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.
Enhanced Encryption If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per account.
  • High: JSON Key
  • Medium + High: JSON Key
  • Low + Medium + High: JSON Key