# Google Cloud Storage Connector

Google Cloud Storage (opens new window) is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure.

# API version

This connector uses the Cloud Storage JSON API v1 (opens new window).

Enable Google Cloud Storage API

Ensure that the Google Cloud Storage API is enabled in your Google Cloud Platform API set. Learn how to enable this API (opens new window).

Enable Google Cloud Storage API in the Google Cloud Platform Enable Google Cloud Storage API in the Google Cloud Platform

# How to connect to Google cloud storage on Workato

The GCS connector only allows connections using Service Account.

Field Description
Connection name Give this connection a unique name that identifies which Google cloud storage instance it is connected to.
Project identifier Enter a valid cloud platform project identifier which will be used in the connector. This can be found in the Google Cloud Console (opens new window).
GCS Project service account email The email address of the service account.
Private key The private key that came from the downloaded json.
Click here to learn more about Google Service Accounts.
Advanced settings Adjust the scopes of your connection.

# What is a Google Service Account

A Google Service Account (opens new window) is a special type of Google account that is associated with your Google Cloud Project that can be used to run API requests on your behalf. Service accounts can be used in Google Cloud Storage to ensure that the solution will continue running even if individual users' permissions change.

To create a service account, you need to log into your Google Cloud Platform (GCP) console. Follow the guide here (opens new window) to create a new service account in your GCP project. Next, follow this guide to add a new private key (opens new window) and download the key in JSON format.

WARNING

You may only download the key file when it is created. Remember to store the key in a secure location as it will not be available in the future.

# Permissions

The recommended service account role to use all actions and triggers is the Storage Admin role.

To restrict the allowable action for your Google Cloud Storage connection, you may use a role with a narrower scope:

  • Storage Object Admin: this role restricts actions to Google Cloud Storage objects.
  • Storage Object Viewer: this role restricts actions to only view and download Google Cloud Storage objects.
  • Custom role: Use custom roles (opens new window) to define the permission for your Google Cloud Storage connection.

The follow 24 permissions are required for use all the actions and triggers. Learn more about GCS permissions (opens new window):

  • firebase.projects.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • storage.buckets.create
  • storage.buckets.createTagBinding
  • storage.buckets.delete
  • storage.buckets.deleteTagBinding
  • storage.buckets.get
  • storage.buckets.getIamPolicy
  • storage.buckets.list
  • storage.buckets.listTagBindings
  • storage.buckets.setIamPolicy
  • storage.buckets.update
  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.getIamPolicy
  • storage.objects.list
  • storage.objects.setIamPolicy
  • storage.objects.update

However, while establishing connection, we fetch all buckets associated with a particular project, hence storage.buckets.list permission is minimum permission required to create a connection.

Insufficient privileges

The actions for this connector will fail (return access error) if the connection tries to fetch or update resource beyond the access that is provided.

# Read more

You can browse the following chapters.