Google Cloud Platform (GCP)
  • 22 Jun 2023
  • 3 Minutes to read
  • Dark
    Light

Google Cloud Platform (GCP)

  • Dark
    Light

Article Summary

To use Google steps in your workflows, you'll need to create a GCP service account and delegate authority to that account for the services (scopes) you want to use in Torq, for example, Drive, Vault, Workspace, etc.

Google steps require a bearer token for authentication. For example, if you want to execute the Google Drive step List all files, you'll first need to execute the Google Drive step Generate a bearer token and use that token as an input parameter for the step List all files.

🗒️ NOTE
A bearer token is valid for one hour.

Configure a GCP service account

Perform these steps in your GCP console.

1. Create a project

A service account needs to be created within a project. You can skip to the next step if you already have a project.

  1. Go to IAM & Admin > Service Accounts.
  2. Click CREATE PROJECT.
  3. Type a meaningful name for the project.
  4. Select the Organization.
  5. Select the Location.
  6. Click CREATE.

Screenshot of creating a project in GCP.2. Create a service account and credentials

  1. Go to IAM & Admin > Service Accounts.
  2. Click +CREATE SERVICE ACCOUNT.Screenshot of creating a service account in GCP.
  3. Configure the service account settings:
    • Enter a meaningful name.
    • Enter a description.
    • (Optional) Modify the service account ID. You can keep the default service account ID.
  4. Click DONE.

3. Add a key for the service account

You should be directed to the Service Accounts page, where the service account you just created should appear in the table.

  1. Locate the service account you created, and in the Actions section, click the menu icon.
  2. Select Manage keys.Screenshot showing how to navigate to the keys section for service accounts.
  3. Click Add Key > Create new key.Screenshot showing how to create a new key for the service account.
  4. Select JSON and click CREATE.
  5. Save the file. You will use it when creating the GCP integration in Torq.

4. Enable GCP domain-wide delegation

  1. Go to Service Accounts.
  2. Locate the service account you created, and in the Actions section, click the menu icon.
  3. Select Manage details.Screenshot showing how to get to the details section of the service account.
  4. Under the DOMAIN-WIDE DELEGATION section in Advanced settings, copy the client ID. You will need this when delegating domain-wide authority to the service account.
  5. Click View Google Workspace Admin Console and continue with the instructions in the next section.Screenshot showing how to copy the client ID in the domain-wide delegation section.

5. Authorize the service account

For Torq to access your Google users' data (impersonating), you need to authorize the service account in your GCP admin console.

  1. Go to your Google Workspace domain's Admin console.
  2. Select Security > Access and data control > API controls from the main menu.
  3. In the Domain-wide delegation pane, select Manage Domain-Wide Delegation.
  4. Click Add new.
  5. Paste the Client ID that you copied in the previous step.
  6. In the OAuth Scopes field, enter a comma-separated list of the scopes you want to use in Torq.
    Refer to the complete list of OAuth 2.0 scopes for google APIs. For example, these are the scopes available for Gmail.
        Use these scopes for read/write access to Gmail, Drive, Sheets, and Workspace:
https://mail.google.com/,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/admin.directory.user.security,https://www.googleapis.com/auth/admin.directory.user,https://apps-apis.google.com/a/feeds/groups/,https://www.googleapis.com/auth/apps.alerts

     7. Click Authorize.

6. Enable APIs

After authorizing access to the services, you have to enable the API for each service.

  1. Go to your GCP console.
  2. From the main menu, select APIs & Services > Enabled APIs & services.
  3. Click + Enable APIs and Services.
    GCP enable APIs and services
  4. In the API Library, select the service for which you want to enable the API, for example, Gmail.
  5. Click Enable.

Use Google steps in a Torq workflow

You first need to create a GCP integration to use Google steps in your workflows. This integration enables you to upload the credentials file for your service account and allows Torq to take actions as that service account against the assets and APIs provided by the Google Cloud Platform.

1. Create a GCP integration

Perform these steps in Torq.

  1. Go to the Integrations page, locate the GCP card, and click Add.
  2. Enter a meaningful name for the integration.
  3. Upload the credentials file (JSON) you generated in a previous step.
  4. Click Add.
    Create a GCP integration in Torq

2. Use Google steps in a workflow

Perform these steps in Torq.

  1. Create a new workflow or open an existing one.
  2. Search the Steps Library for the Google service you want to use in the workflow—for example, Drive, Sheets, Workspace, Vault.
  3. Add the Generate bearer token step for that specific service.
  4. In the EMAIL_TO_IMPERSONATE field, enter the email address of the user/account you want to access the Google data for.
  5. Select the GCP integration you created in the previous step.
  6. Add the Google steps you need and populate the ACCESS_TOKEN input parameter with the token created in the previous step: {{ $.<generate_a_bearer_token_step_name>.access_token }}
    Use Google steps in Torq workflows

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.