Google Cloud Platform App

This app allows you to synchronize your Google Cloud Platform (GCP) assets into Badrap and receive security notifications about them. If you are not the owner or your organization's GCP project or projects, you will need help from the owner.

First, the owner of your organization's GCP project(s) creates a service account, downloads a key for it, and delivers the key to the Badrap GCP app user. Badrap GCP app user loads the key to the Badrap GCP app. Once installed, the app maintains a list of your organization's assets and add those assets under your Badrap user account. Namely:

• public IP-addresses from your GCP installation
• domain names, if GCP also hosts your DNS
• public IP-addresses of your Google Cloud SQL instances
• public IP-addresses of your Google Kubernetes Engine clusters' control planes

I am the owner of the GCP project

Create a service account with limited access:

1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts (opens new window) (log in if necessary).
2. Select the project which public assets are going to be shared
3. Click on the Create service account button.

4. On the Service account details area, give the account any name you want (for example "Service account for badrap.io").
   • Optionally add a description so you can remember what this service account is for.
   • Click the Create button.

5. On the Service account permissions area, select the role Compute Viewer.
   • Click Add another role and add the DNS Reader role.
   • Click Add another role and add the Cloud SQL Viewer role.
   • Click Add another role and add the Kubernetes Engine Cluster Viewer role.
   • Click the Continue button.

6. On the Grant users access to this service account area, leave the fields empty and click the Done button. You will be taken back to the project's Service accounts page.

7. On the Service accounts page, find the row for the account you created, and click the three dots on the right.

   • Click Manage keys.
   • From the Add key drop-down menu, select Create new key.
   • When the key creation dialog opens, select JSON as the key type and click Create.
   • The key file is downloaded to your computer.
   • Close the dialog by clicking the Close button.

If you completed this process on behalf of someone else, deliver them the JSON key file containing the key to the service account. Delete the JSON key file from your local storage, once you don't need it anymore.

I am the Badrap user

Install the Google Cloud Platform app.

1. Open the Google Cloud Platform app page (opens new window) in Badrap and click the Install button.

2. The app will need your consent to create and manage assets under your Badrap user account. Click Install the app to give your consent.

3. Click the Add a new account button. Upload the JSON key file you received or downloaded. Remember to delete the local file once the installation is finished and working.

4. Congratulations! You are all done. Check the My assets page (opens new window) and find the section Google Cloud Platform from your asset list. You should see your public IP-addresses. If your DNS records are also under your GCP project, you should see your domain names in the list too.

Uninstalling the app

1. Open the Google Cloud Platform app page (opens new window) and click Uninstall.
2. Go to Service accounts (opens new window) in your Google Cloud Platform console.
3. Select the project whose assets you have been following with the Badrap GCP app.
4. Search for the service account you created earlier for the Badrap GCP app and select Delete from the Actions menu on the right.

5. You have now successfully uninstalled the app and cleaned up its configuration from your GCP installation.