public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
659a01903e3bf6963da17029cd2b4304f5554bd7
grafana/docs/sources/datasources/google-cloud-monitoring/google-authentication/index.md
T
Jack Baldry 7eb17bccca Explicitly set all front matter labels in the source files (#71548) 
* Set every page to have defaults of 'Enterprise' and 'Open source' labels

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set administration pages to have of 'Cloud', 'Enterprise', and 'Open source' labels

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set administration/enterprise-licensing pages to have 'Enterprise' labels

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set administration/organization-management pages to have 'Enterprise' and 'Open source' labels

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set administration/provisioning pages to have 'Enterprise' and 'Open source' labels

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set administration/recorded-queries pages to have labels cloud,enterprise

* Set administration/roles-and-permissions/access-control pages to have labels cloud,enterprise

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set administration/stats-and-license pages to have labels cloud,enterprise

* Set alerting pages to have labels cloud,enterprise,oss

* Set breaking-changes pages to have labels cloud,enterprise,oss

* Set dashboards pages to have labels cloud,enterprise,oss

* Set datasources pages to have labels cloud,enterprise,oss

* Set explore pages to have labels cloud,enterprise,oss

* Set fundamentals pages to have labels cloud,enterprise,oss

* Set introduction/grafana-cloud pages to have labels cloud

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Fix introduction pages products

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set panels-visualizations pages to have labels cloud,enterprise,oss

* Set release-notes pages to have labels cloud,enterprise,oss

* Set search pages to have labels cloud,enterprise,oss

* Set setup-grafana/configure-security/audit-grafana pages to have labels cloud,enterprise

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set setup-grafana/configure-security/configure-authentication pages to have labels cloud,enterprise,oss

* Set setup-grafana/configure-security/configure-authentication/enhanced-ldap pages to have labels cloud,enterprise

* Set setup-grafana/configure-security/configure-authentication/saml pages to have labels cloud,enterprise

* Set setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-hashicorp-key-vault pages to have labels cloud,enterprise

* Set setup-grafana/configure-security/configure-request-security pages to have labels cloud,enterprise,oss

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set setup-grafana/configure-security/configure-team-sync pages to have labels cloud,enterprise

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set setup-grafana/configure-security/export-logs pages to have labels cloud,enterprise

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Set troubleshooting pages to have labels cloud,enterprise,oss

* Set whatsnew pages to have labels cloud,enterprise,oss

* Apply updated labels from review

Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>

---------

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
Co-authored-by: brendamuir <100768211+brendamuir@users.noreply.github.com>
Co-authored-by: Isabel <76437239+imatwawana@users.noreply.github.com>
2023-07-18 09:10:12 +01:00

58 lines
3.4 KiB
Markdown
Raw Blame History

---
aliases:
- /docs/grafana/next/datasources/cloudmonitoring/
description: Google authentication
keywords:
- grafana
- google
- authentication
labels:
products:
- cloud
- enterprise
- oss
title: Authentication
weight: 5
---
# Configure Google authentication
Requests from a Grafana plugin to Google are made on behalf of an Identity and Access Management (IAM) role or IAM user.
The IAM user or IAM role must have the associated policies to perform certain API actions.
Since these policies are specific to each data source, refer to the data source documentation for details.
All requests to Google APIs are performed on the server-side by the Grafana backend.
You can authenticate a Grafana plugin to Google by uploading a Google JSON Web Token (JWT) file, or by automatically retrieving credentials from the Google metadata server.
The latter option is available only when running Grafana on a GCE virtual machine.
## Use a Google Service Account key file
To authenticate the Grafana plugin with the Google API, create a Google Cloud Platform (GCP) Service Account for the Project you want to show data.
Each Grafana data source integrates with one GCP Project.
To visualize data from multiple GCP Projects, create one data source per GCP Project.
### Create a GCP Service Account and key file
1. Navigate to the [APIs and Services Credentials page](https://console.cloud.google.com/apis/credentials).
1. Click on the **Create credentials** dropdown and select the **Service account** option.
1. In **Service account name**, enter a name for the account.
1. From the **Role** dropdown, choose the roles required by the specific plugin.
1. Click **Done**.
1. Use the newly created account to [create a service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-console).
A JSON key file is created and downloaded to your computer.
1. Store the key file in a secure place, because it grants access to your Google data.
1. In the Grafana data source configuration page, upload the key file.
The file's contents are encrypted and saved in the Grafana database.
Remember to save the file after uploading.
## Configure a GCE Default Service Account
When Grafana is running on a Google Compute Engine (GCE) virtual machine, Grafana can automatically retrieve default credentials from the metadata server. As a result, there is no need to generate a private key file for the service account. You also do not need to upload the file to Grafana. The following preconditions must be met before Grafana can retrieve default credentials.
- You must create a Service Account for use by the GCE virtual machine. For more information, refer to [Create new service account](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createanewserviceaccount).
- Verify that the GCE virtual machine instance is running as the service account that you created. For more information, refer to [setting up an instance to run as a service account](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#using).
- Allow access to the specified API scope.
For more information about creating and enabling service accounts for GCE instances, refer to [enabling service accounts for instances in Google documentation](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances).
Reference in New Issue View Git Blame Copy Permalink