Google Cloud Storage
This Integration is part of the Google Cloud Storage Pack.#
Use the Google Cloud Storage integration to manage files, buckets, bucket objects, and bucket policies.
This integration was integrated and tested with API version v1 of Google Cloud Storage.
Detailed Description
Create a Service Account:
- Go to the Google documentation and follow the procedure in the Creating a Service Account section. After you create a service account, a Service Account Private Key file is downloaded. You will need this file in step 3.
- Grant the Storage Admin permission to the Service Account to enable the Service Account to perform all Google Storage API commands.
- In Cortex XSOAR, configure an instance of the Google Cloud Storage integration. For the Service Account Private Key parameter, copy the JSON contents of the file you downloaded in step 1.
Configure Google Cloud Storage on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Google Cloud Storage.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Service Account Private Key file contents (JSON)
- Optional: Use system proxy settings
- Optional: Trust any certificate (not secure)
- Click Test to validate the new instance.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Retrieves the list of buckets: gcs-list-buckets
- Retrieves bucket information: gcs-get-bucket
- Creates a new bucket: gcs-create-bucket
- Deletes a bucket: gcs-delete-bucket
- Retrieves the list of objects in a bucket: gcs-list-bucket-objects
- Retrieves object data into a file: gcs-download-file
- Uploads a file (object) into a bucket: gcs-upload-file
- Retrieves the Access Control List of a bucket: gcs-list-bucket-policy
- Adds a new entity to a bucket's Access Control List: gcs-create-bucket-policy
- Updates an existing entity in a bucket's Access Control List: gcs-put-bucket-policy
- Removes an entity from a bucket's Access Control List: gcs-delete-bucket-policy
- Retrieves the Access Control List of an object: gcs-list-bucket-object-policy
- Adds a new entity to an object's Access Control List: gcs-create-bucket-object-policy
- Updates an existing entity in an object's Access Control List: gcs-put-bucket-object-policy
- Removes an entity from an object's Access Control List: gcs-delete-bucket-object-policy
1. Retrieve the list of buckets
Retrieve the list of buckets.
Base Command
gcs-list-buckets
Context Output
| Path | Type | Description |
|---|---|---|
| GCS.Bucket.Name | String | Bucket name (also ID). |
| GCS.Bucket.TimeCreated | Date | Bucket creation time. |
| GCS.Bucket.TimeUpdated | Date | Last time bucket was modified. |
| GCS.Bucket.OwnerID | String | Bucket owner ID. |
Command Example
gcs-list-buckets
Human Readable Output
Buckets in project my-project
| Name | Time Created | Time Updated | Owner ID |
|---|---|---|---|
| my-bucket | 2019-08-25T11:14:46 | 2019-08-25T11:14:49 | |
| another-bucket | 2019-09-01T15:31:45 | 2019-09-01T17:52:23 |
2. Retrieve bucket information
Retrieves bucket information.
Base Command
gcs-get-bucket
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket to retrieve. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| GCS.Bucket.Name | String | Bucket name (also ID). |
| GCS.Bucket.TimeCreated | Date | Bucket creation time. |
| GCS.Bucket.TimeUpdated | Date | Last time bucket was modified. |
| GCS.Bucket.OwnerID | String | Bucket owner ID. |
Command Example
gcs-get-bucket bucket_name=my-bucket
Human Readable Output
Bucket my-bucket
| Name | Time Created | Time Updated | Owner ID |
|---|---|---|---|
| my-bucket | 2019-08-25T11:14:46 | 2019-08-25T11:14:49 |
3. Create a new bucket
Creates a new bucket.
Base Command
gcs-create-bucket
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket to create. | Required |
| bucket_acl | Access Control List for the bucket. | Optional |
| default_object_acl | Default Access Control List for the object. | Optional |
| location | The location of the bucket, The default value is US. | Optional |
| uniform_bucket_level_access | Whether the bucket is configured to allow only IAM, The default value is false. | Optional |
Command Example
gcs-create-bucket bucket_name=my-bucket bucket_acl=publicRead default_object_acl=authenticatedRead
Human Readable Output
Bucket my-bucket was created successfully.
4. Delete a bucket
Deletes a bucket.
Base Command
gcs-delete-bucket
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket to delete. | Required |
| force | Forces the bucket to delete (if not empty). | Required |
Command Example
gcs-delete-bucket bucket_name=my-bucket force=true
Human Readable Output
Bucket my-bucket was deleted successfully.
5. Retrieve a list of objects in a bucket
Retrieves the list of objects in a bucket.
Base Command
gcs-list-bucket-objects
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which to list objects. | Required |
| prefix | Specify to limit blobs within a "folder" i.e., "folder-1/" if blob is "folder-1/file.txt". | Optional |
| delimiter | Use a delimiter if you want to limit results within a specific "folder" and without any nested blobs i.e., "/". | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| GCS.BucketObject.Name | String | Object name. |
| GCS.BucketObject.Bucket | String | Name of the bucket containing the object. |
| GCS.BucketObject.ContentType | String | Content-Type of the object data. |
| GCS.BucketObject.TimeCreated | Date | Object creation time. |
| GCS.BucketObject.TimeUpdated | Date | Last time object was modified. |
| GCS.BucketObject.TimeDeleted | Date | Object deletion time (available if the object is archived). |
| GCS.BucketObject.Size | Number | Object size in bytes. |
| GCS.BucketObject.MD5 | String | MD5 hash of the data in Base64. |
| GCS.BucketObject.OwnerID | String | Object owner ID. |
| GCS.BucketObject.CRC32c | String | CRC32c checksum (as described in RFC 4960, Appendix B ), encoded using Base64 in big-endian byte order. |
| GCS.BucketObject.EncryptionAlgorithm | String | The encryption algorithm. |
| GCS.BucketObject.EncryptionKeySHA256 | String | SHA256 hash value of the encryption key. |
Command Example
gcs-list-bucket-objects bucket_name=my-bucket prefix=some/path/ delimiter=/
Human Readable Output
Objects in bucket my-bucket
| Name | Bucket | Content Type | Time Created | Time Updated | Time Deleted | Size | MD5 | Owner ID | CRC32c | Encryption Algorithm | Encryption Key SHA256 |
|---|---|---|---|---|---|---|---|---|---|---|---|
| /some/path/file1.txt | my-bucket | text/plain | 2019-08-25T11:15:48 | 2019-08-25T11:15:48 | 29 | TMPFaqwyxk3L8lVD+4GKXA== | 0B/wfQ== | ||||
| /some/path/file2.txt | my-bucket | text/plain | 2019-09-01T14:08:15 | 2019-09-01T14:08:15 | 29 | Ao3wKBgCODPKqSnqx2GGAc== | xL/6R5== |
6. Retrieve object data into a file
Retrieves object data into a file.
Base Command
gcs-download-file
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which the object resides. | Required |
| object_name | Name of the object to download. | Required |
| saved_file_name | Name of the file in which the object is downloaded (if not specified, the name is derived from the object name, but this may fail if the object contains invalid filename characters). | Optional |
Command Example
gcs-download-file bucket_name=my-bucket object_name=/some/path/file1.txt
Human Readable Output
Link to the retrieved file.
7. Upload a file (object) into a bucket
Uploads a file (object) into a bucket.
Base Command
gcs-upload-file
Input
| Argument Name | Description | Required |
|---|---|---|
| entry_id | ID of a context entry containing the file to upload. | Required |
| bucket_name | Name of the bucket in which to upload the object. | Required |
| object_name | Name of the uploaded object within the bucket. | Required |
| object_acl | Access Control List for the uploaded object. | Optional |
Command Example
gcs-upload-file entry_id=889@a7c34bf4-a552-49b2-83b6-e95590596286 bucket_name=my-bucket object_name=/some/path/my_file.txt object_acl=bucketOwnerRead
Human Readable Output
File some_source_file.txt was successfully uploaded to bucket my-bucket as /some/path/my_file.txt
8. Retrieve the Access Control List of a bucket
Retrieves the Access Control List of a bucket.
Base Command
gcs-list-bucket-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket for the Access Control List. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| GCS.BucketPolicy.Bucket | String | Name of the bucket holding the Access Control List. |
| GCS.BucketPolicy.Entity | String | The entity holding the permission. |
| GCS.BucketPolicy.Email | String | Email address associated with the entity (if any). |
| GCS.BucketPolicy.Role | String | The access permission for the entity. |
| GCS.BucketPolicy.Team | String | Project team associated with the entity (if any). |
Command Example
gcs-list-bucket-policy bucket_name=my-bucket
Human Readable Output
ACL policy for bucket my-bucket
| Bucket | Entity | Role | Team | |
|---|---|---|---|---|
| my-bucket | project-owners-12345 | OWNER | owners | |
| my-bucket | user-alice@company.com | alice@company.com | WRITER | writers |
| my-bucket | allUsers | WRITER |
9. Add a new entity to a bucket's Access Control List
Adds a new entity to a bucket's Access Control List. Note: use the gcs-put-bucket-policy command to update an existing entry.
Base Command
gcs-create-bucket-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which to modify the Access Control List. | Required |
| entity |
Entity to add into the Access Control List. Common entity formats are:
* user-<userId or email> * group-<groupId or email> * allUsers * allAuthenticatedUsers For more options and details, see this reference |
Required |
| role | The access permission for the entity. | Required |
Command Example
gcs-create-bucket-policy bucket_name=my-bucket entity=user-alice@company.com role=Writer
Human Readable Output
Added entity user-alice@company.com to ACL of bucket my-bucket with role Writer
10. Updates an existing entity in a bucket's Access Control List
Updates an existing entity in a bucket's Access Control List. Note: use the gcs-create-bucket-policy command to create a new entry.
Base Command
gcs-put-bucket-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which to modify the Access Control List. | Required |
| entity |
The entity to update in the Access Control List.
Common entity formats are: * user-<userId or email> * group-<groupId or email> * allUsers * allAuthenticatedUsers For more options and details, see this reference |
Required |
| role | The access permissions for the entity. | Required |
Command Example
gcs-put-bucket-policy bucket_name=my-bucket entity=user-alice@company.com role=Reader
Human Readable Output
Updated ACL entity user-alice@company.com in bucket my-bucket to role Reader
11. Removes an entity from a bucket's Access Control List
Removes an entity from a bucket's Access Control List.
Base Command
gcs-delete-bucket-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which to modify the Access Control List. | Required |
| entity |
Entity to remove from the Access Control List. Common entity formats are:
* user-<userId or email> * group-<groupId or email> * allUsers * allAuthenticatedUsers For more options and details, see this reference |
Required |
Command Example
gcs-delete-bucket-policy bucket_name=my-bucket entity=user-alice@company.com
Human Readable Output
Removed entity user-alice@company.com from ACL of bucket my-bucket
12. Retrieves the Access Control List of an object
Retrieves the Access Control List of an object.
Base Command
gcs-list-bucket-object-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which the object resides. | Required |
| object_name | Name of the object in which to list access controls. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| GCS.BucketObjectPolicy.Bucket | String | Name of the bucket in which the object resides. |
| GCS.BucketObjectPolicy.Object | String | Name of the object holding the Access Control List. |
| GCS.BucketObjectPolicy.Entity | String | The entity holding the permission. |
| GCS.BucketObjectPolicy.Email | String | Email address associated with the entity (if any). |
| GCS.BucketObjectPolicy.Role | String | The access permission for the entity. |
| GCS.BucketObjectPolicy.Team | String | Project team associated with the entity (if any). |
Command Example
gcs-list-bucket-object-policy bucket_name=my-bucket object_name=/some/path/my_file.txt
Human Readable Output
ACL policy for object foo/bar/moshe.txt
| Bucket | Object | Entity | Role | Team | |
|---|---|---|---|---|---|
| my-bucket | /some/path/my_file.txt | allAuthenticatedUsers | READER | ||
| my-bucket | /some/path/my_file.txt | user-alice@company.com | alice@company.com | OWNER | owners |
13. Adds a new entity to an object's Access Control List
Adds a new entity to an object's Access Control List. Note: use the gcs-put-bucket-object-policy command to update an existing entry.
Base Command
gcs-create-bucket-object-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which the object resides. | Required |
| object_name | Name of the object in which to modify the Access control List. | Required |
| entity |
Entity to add into the Access Control List. Common entity formats are:
* user-<userId or email> * group-<groupId or email> * allUsers * allAuthenticatedUsers For more options and details, see this reference |
Required |
| role | The access permission for the entity. | Required |
Command Example
gcs-create-bucket-object-policy bucket_name=my-bucket object_name=/some/path/my_file.txt entity=allUsers role=Reader
Human Readable Output
Added entity allUsers to ACL of object /some/path/my_file.txt with role Reader
14. Update an existing entity in an object's Access Control List
Updates an existing entity in an object's Access Control List. Note: use gcs-create-bucket-object-policy command to create a new entry.
Base Command
gcs-put-bucket-object-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which the object resides. | Required |
| object_name | Name of the object in which to modify access controls. | Required |
| entity |
The entity to update in the Access Control List. Common entity formats are:
* user-<userId or email> * group-<groupId or email> * allUsers * allAuthenticatedUsers For more options and details, see this reference |
Required |
| role | The access permissions for the entity. | Required |
Command Example
gcs-put-bucket-object-policy bucket_name=my-bucket object_name=/some/path/my_file.txt entity=allUsers role=Owner
Human Readable Output
Updated ACL entity allUsers in object /some/path/my_file.txt to role Owner
15. Remove an entity from an object's Access Control List
Removes an entity from an object's Access Control List.
Base Command
gcs-delete-bucket-object-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket in which the object resides. | Required |
| object_name | Name of the object in which to modify access controls. | Required |
| entity |
Entity to remove from the Access Control List.
Common entity formats are: * user-<userId or email> * group-<groupId or email> * allUsers * allAuthenticatedUsers For more options and details, see this reference |
Required |
Command Example
gcs-delete-bucket-object-policy bucket_name=my-bucket object_name=/some/path/my_file.txt entity=allUsers
Human Readable Output
Removed entity allUsers from ACL of object /some/path/my_file.txt
16. Copy an object from one bucket to another
Copies an object from one bucket to another.
Base Command
gcs-copy-file
Input
| Argument Name | Description | Required |
|---|---|---|
| source_bucket_name | Name of the Bucket to copy the object from. If not specified, operation will be performed on the default bucket parameter. | Optional |
| destination_bucket_name | Name of the Bucket to copy the object to | Required |
| source_object_name | Name of the object to copy | Required |
| destination_object_name | Name of the object in the destination bucket. If not specified, operation will be performed with the source_object_name parameter. | Optional |
Command Example
gcs-copy-file source_bucket_name="my-bucket" destination_bucket_name="another-bucket" source_object_name="/some/path/my_file.txt"
Human Readable Output
File was successfully copied to bucket "another-bucket" as /some/path/my_file.txt
17. Use public access prevention
Blocks public access to a specified Google Cloud Storage bucket by enabling public access prevention, ensuring only authorized users can access the bucket.
Base Command
gcs-block-public-access-bucket
Input
| Argument Name | Description | Required |
|---|---|---|
| bucket_name | Name of the bucket to which public access policy is to be applied. | Optional |
| public_access_prevention | Defines the public access prevention mode for the bucket. - enforced: Completely blocks public access to the bucket, ensuring only authorized users can access it. - inherited: The bucket will inherit the public access prevention setting from its parent project. | Required |
Command Example
gcs-block-public-access-bucket source_bucket_name="my-bucket" public_access_prevention="enforced"
Human Readable Output
Public access prevention is set to enforced for my-bucket.