Google Service Account

On this Page

You can create an account with the Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:

  • Your private project folder: This folder contains the pipelines that will use the account.
  • Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
  • The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.


Account Configuration

Prerequisites

  • Create a Service Account in the Google Cloud console. 

  • Create a custom role and grant it to the Service account. Add the following permissions to the custom role (insufficient permissions will fail the Snap):

    • storage.objects.get (Read)

    • storage.objects.list (Read)

    • storage.objects.create (Write)

    • storage.objects.update (Write)

    • storage.objects.delete (Write)

    • storage.buckets.list (required for Snap Account Validation)
  • JSON file containing the public/private key pair. This file is downloaded to your machine when you create the service account. You need to upload it to the SLDB. See Service account keys for more information.

In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:

  1. Click Create, then select Binary, then the appropriate account type.
  2. Supply an account label.
  3. Supply the necessary information.

  4. (Optional) Supply additional information on this account in the Notes field of the Info tab.
  5. Click Apply.


Account Settings

Label

Required. User-provided label for the account instance.

Default value: N/A

JSON Key

Required. The relative path of the JSON key in the SLDB.

  • You can upload the JSON file to the SLDB by clicking  Upload icon. 
  • You can configure the JSON String of the Service Account key directly.

  • You can pass the JSON Strings using the pipeline parameters.

  • You can access a secret key value configured in your secrets manager.

The JSON key contains the information regarding the project ID. This can be used in newer versions of Google Cloud Storage SDK.

Acceptable File Paths

  • Relative paths

    • filename.json: Saves the file in the project.

    • ../shared/filename.json: Saves the file in the Project Shared Space.

    • ../../shared/filename.json: Saves the files in the Org Shared project.

  • Absolute path

    • /<org>/<projectSpace>/<project>/filename.json

Lint Warning

The Snap displays a Lint Warning in your Pipeline in the following scenarios:

  • INCORRECT_FILE_PATH: When you provide an incorrect file path to write a file, such as not following the given relative paths pattern or absolute path patterns.

  • INCORRECT_ORG_PATHWhen you create files or directories in a different org other than the one where the Pipeline is executing.

Therefore, we recommend that you confirm to any of the acceptable relative paths. Otherwise, use an absolute path—that is provide a file path that belongs to the same org where you want to write the file, or use the File Upload icon to specify the File path.


Example: ../shared/testproject1234-a0545b98719d_dummy.json

Default value: N/A

Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per account.

  • High:
  • Medium + High:
  • Low + Medium + High