JupiterOne
Integration with graph-google-cloud failure on .env generation
When we are doing yarn starbase run to run the Google Cloud(graph-google-cloud) integration with Starbase, the .env in .integrations/graph-google-cloud is not generated correctly. Therefore nothing is imported into the Neo4J database. Would you please have a look at this issue and supply the fix?
Here is the config.xml in different format that I tested.
- Use filename for config.yaml[1] in Starbase
integrations:
- name: graph-google-cloud
instanceId: testInstanceId
directory: ./.integrations/graph-google-cloud
gitRemoteUrl: https://github.com/JupiterOne/graph-google-cloud.git
config:
SERVICE_ACCOUNT_KEY_FILE: sa-private-key.json
PROJECT_ID: "PROJECT_ID"
ORGANIZATION_ID: "ORGANIZATION_ID"
CONFIGURE_ORGANIZATION_PROJECTS: false
FOLDER_ID: ""
storage:
engine: neo4j
config:
username: neo4j
password: devpass
uri: bolt://localhost:7687
- Here is the
.envgenerated.integrations/graph-google-cloud. According to docs[2], this.envis expecting only string. The json file name is treated as a string which is not getting any correct connections with GCP.
SERVICE_ACCOUNT_KEY_FILE=sa-private-key.json
PROJECT_ID=PROJECT_ID
ORGANIZATION_ID=ORGANIZATION_ID
CONFIGURE_ORGANIZATION_PROJECTS=false
FOLDER_ID=
-
- Use the flattened GSA private key json string for config.yaml[1] in Starbase
integrations:
- name: graph-google-cloud
instanceId: testInstanceId
directory: ./.integrations/graph-google-cloud
gitRemoteUrl: https://github.com/JupiterOne/graph-google-cloud.git
config:
SERVICE_ACCOUNT_KEY_FILE: {"type":"service_account","project_id":"project_id","private_key_id":"private_key_id","private_key":"-----BEGIN PRIVATE KEY-----\n<encrypted string>\n-----END PRIVATE KEY-----\n","client_email":"client_email","client_id":"client_id","auth_uri":"auth_uri","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"client_x509_cert_url"}
PROJECT_ID: "PROJECT_ID"
ORGANIZATION_ID: "ORGANIZATION_ID"
CONFIGURE_ORGANIZATION_PROJECTS: false
FOLDER_ID: ""
storage:
engine: neo4j
config:
username: neo4j
password: devpass
uri: bolt://localhost:7687
- Here is the
.envgenerated.integrations/graph-google-cloud. According to docs[2], this.envis expecting only string. The json object is just converted into[object Object]which is not a json object anymore.
SERVICE_ACCOUNT_KEY_FILE=[object Object]
PROJECT_ID=PROJECT_ID
ORGANIZATION_ID=ORGANIZATION_ID
CONFIGURE_ORGANIZATION_PROJECTS=false
FOLDER_ID=
Referece: [1] https://github.com/JupiterOne/starbase/blob/main/README.md?plain=1#L170 [2] https://github.com/JupiterOne/graph-google-cloud/blob/main/docs/development.md?plain=1#L229
Hi there!
In the second configuration I think the only needed update is to surround the entire SERVICE_ACCOUNT_KEY_VALUE in single quotes, like:
SERVICE_ACCOUNT_KEY_FILE: '{"type":"service_account","project_id":"project_id",...}'
That should let Starbase see the value as a flattened string value instead of an object. Long term, we can look at better handling when Starbase sees config values as objects like this, but this should hopefully be a workaround for you to move forward now.
Thanks @adam-in-ict ! This workaround works. I will try this solution for the time being.