Google Cloud
Automate your team's infrastructure and ensure resource access is automatically kept in sync with team membership.
Setup
1. Create or sign into your Google Cloud account
2. Create an Organization in your Google Cloud account
- Create Organization if one does not already exist.
- A Google Cloud organization ID is required for the next steps.
3. Add the Hyphen domain to allowed domains on your Google Cloud Organization
-
Make sure you have the Organization Policy Administrator role.
-
In the Google Cloud console, go to the Organization policies page
-
From the project picker, select the organization you want to set the organization policy to add Hyphen.
-
On the Organization policies page, select Domain Restricted Sharing from the list of constraints. You may need to go to the second page in the list of policies.
-
On the Policy details page, click Manage policy.
-
Under Applies to, select Override parent's policy.
-
Click Add a rule.
-
Under Policy values, select custom.
-
Under Policy type, select Allow.
-
Under Custom values, enter the following into the field.
principalSet://iam.googleapis.com/organizations/617983688015 -
Click Done.
4. Grant Hyphen service account permissions to your Google Cloud Organization
-
In the Google Cloud console, go to the IAM page.
-
From the project picker, select the organization you want to grant Hyphen access.
-
Click Grant access.
-
Enter the following identifier for the principal.
[email protected] -
Add the following roles to the Hyphen service account:
- Folder Creator
- Organization Administrator
- Project Creator
-
Click Save.
5. Connect Google Cloud
- Submit your Google Cloud Organization ID to connect it to Hyphen.
- Google Cloud Organization ID
Configuration
| Field | Type | Description |
|---|---|---|
googleCloudOrganizationId | string (required) | Unique Google Cloud Organization ID set by the user. Used for future requests and retrieving organization details. |
googleCloudOrganizationName | string | Pulled during the integration setup. Used for reference. |
Connections
Permission Group
Permission group connections correspond to Google Workspace distribution lists and require an existing Google Workspace integration within the Hyphen organization. Connections can link to existing Groups in Google Workspace, or a new group will be created if no input is provided.
If a distribution list already exists for the same resource in Google Workspace, it will be used as the Permission Group connection.
When creating a new Group in Google Workspace, the Hyphen team name will be used as the group name.
Configuration
| Field | Type | Description |
|---|---|---|
groupId | string | Unique group ID in Google Workspace. |
groupName | string | Display name of the group in Google Workspace. |
groupEmail | string | Unique group email used for reference in future requests. |
Connection Input
Provide the Google Workspace group email to create a connection to an existing Group.
Verification
| Scenario | Action |
|---|---|
| Group has an owner | Verification handled by the owner. |
| No owner exists | A verification email is sent to the group email. |
Folder
Folder connections can link to existing folders in Google Cloud, or a new folder will be created if no input is provided.
When creating a new folder in Google Cloud, the Hyphen project name will be used as the folder name, adjusted to include only alphanumeric characters.
Configuration
| Field | Type | Description |
|---|---|---|
folderId | string | Unique folder ID in Google Cloud. |
folderPath | string | Path in the format folders/{folderId}. |
folderName | string | Display name of the folder in Google Cloud. |
Connection Input
Provide the Google Cloud folder ID to create a connection to an existing Folder.
Cloud Workspace
Cloud Workspace connections can link to existing projects in Google Cloud, or a new project will be created if no input is provided.
A Google Cloud project relies on a Folder. If no Folder connection exists for the Hyphen project, a new Folder will be created.
When creating a new project in Google Cloud, the project name will combine the Hyphen project name and the Hyphen project environment name.
Configuration
| Field | Type | Description |
|---|---|---|
projectId | string | Unique project ID in Google Cloud. |
projectPath | string | Path in the format projects/{projectId}. |
projectName | string | Display name of the project in Google Cloud. |
Connection Input
Provide the Google Cloud project ID to create a connection to an existing Project.
Access
A Team connection will be added with the "Owner" role when added to the project.
User
User connections correspond to Google Workspace users and require an existing Google Workspace integration within the Hyphen organization.
User connections can only link to existing users in Google Workspace. If no input is provided, the member email will be used to locate the user.
Configuration
| Field | Type | Description |
|---|---|---|
userId | string | Unique user ID in Google Workspace. |
email | string | Unique user email in Google Workspace. |
Connection Input
A connection to an existing user can be created by providing the user email.
Updated 5 days ago