Getting Credentials for C4C

You are required to perform some operations in Microsoft Azure to configure your Azure provider in our system. The images attached below will guide you. Pleaase follow the instructions below.

Project Creation

If you do not have any GCP project, please create a one firstly. Otherwise, you can skip this section.

1. Go to GCP Console and log in to your account.

2. Click the Select Project button top of the page.

3. Click on the 'New Project' button located in the upper-right corner of the opened section.

4. On the next page, you can define the desired Project name for the project.

5. Finally, click the 'Create' button.

Enabling APIs

This section, ensures that the necessary APIs are enabled in your GCP account. Check whether these APIs are active in your account.

• Enabled APIs List
  • Compute Engine API
  • Cloud Resouce Manager API
  • Identity and Access Management (IAM) API
  • Certificate Manager API
  • Storage Transfer API

If the APIs are not active, you can enable them by following the steps below.

1. Go to GCP Console and log in to your account.

2. Navigate to the project that you gonna use in our platform. Open the Navigation Menu by clicking on the icon located in the top left corner of the page.

3. Click the APIs and Services in the nagivation menu that opens.

4. To add the necessary APIs, click on the +ENABLE APIS AND SERVICES button located at the top of the page.

5. Repeat the steps below for all APIs listed in the Enabled APIs List mentioned above.

   1. Type one of the API names mentioned above into the search bar.
   2. Locate the relevant API on the opened page and click on it.
   3. After reaching the API's page, click on the Enable button to activate the required API.

warning

Compute Engine API requires a project with a billing account and for that configuration you must be an administrator of any billing accounts. You can create a new billing account or contact with your administrator to enable billing for you.

6. To check if the necessary APIs are enable in our project, click on the APIs & Services section in the navigation menu. On the opened page, scroll down to see the list of enabled APIs.

After ensuring that the required APIs are enabled in our project, you can proceed with the next steps.

Role Creation

1. Go to GCP Console and log in to your account.

Show the instruction with images

Firstly, we need to create a role with the necessary permissions for our product to have the required authorizations.

You can do this in one of four ways: Manual, gcloud CLI, Extra Permissions, and Full Access.

The Manual method provides you with the entire permission list, and you need to add them one by one from the list.

The gcloud CLI method offers a code block and a file containing all the required permissions. Running this code block in your terminal automatically creates a role.

The Extra Permissions method is similar to the Manual method, where you add permissions manually, but in this method we get the main permission with all subheadings. This way we have a little more permissions than needed, but it is easier for the user to implement.

The last option is Full Access. If you prefer to proceed with this method, you grant us all permissions in the system with a role that already exists in the GCP system.

You can proceed by selecting your preference.

Manuel

If you wish to proceed with this method, please follow the steps below.

2. Click the MENU icon on the very left side.
3. Click on Iam & Admin section, and select Roles from the opened menu.

Show the instruction with images

4. Then click CREATE ROLE button on the top.

Show the instruction with images

5. Enter your Title, and it will generate a ID automatically.
6. Click ADD PERMISSIONS button on the bottom.

Show the instruction with images

7. After ensuring that the following items are selected from the opened permissions list, click the Add button.

   Show the required permission names.

   • certificatemanager.certs
     • certificatemanager.certs.create
     • certificatemanager.certs.delete
     • certificatemanager.certs.get
     • certificatemanager.certs.list
     • certificatemanager.certs.update
     • certificatemanager.certs.use
   • compute.backendBuckets
     • compute.backenBuckets.addSignedUrlKey
     • compute.backenBuckets.create
     • compute.backenBuckets.createTagBinding
     • compute.backenBuckets.delete
     • compute.backenBuckets.deleteSignedUrlKey
     • compute.backenBuckets.get
     • compute.backenBuckets.getIamPolicy
     • compute.backenBuckets.list
     • compute.backenBuckets.setSecurityPolicy
     • compute.backenBuckets.update
     • compute.backenBuckets.use
   • compute.globalAdresses
     • compute.globalAdresses.create
     • compute.globalAdresses.createInternal
     • compute.globalAdresses.delete
     • compute.globalAdresses.deleteInternal
     • compute.globalAdresses.get
     • compute.globalAdresses.list
     • compute.globalAdresses.setLabels
     • compute.globalAdresses.use
   • compute.globalForwardingRules
     • compute.globalForwardingRules.cerate
     • compute.globalForwardingRules.delete
     • compute.globalForwardingRules.get
     • compute.globalForwardingRules.list
     • compute.globalForwardingRules.update
   • compute.instances
     • compute.instances.delete
     • compute.instances.get
     • compute.instances.list
     • compute.instances.reset
     • compute.instances.start
     • compute.instances.stop
   • compute.regionSslCertificates
     • compute.regionSslCertificates.create
     • compute.regionSslCertificates.delete
     • compute.regionSslCertificates.get
     • compute.regionSslCertificates.list
   • compute.targetHttpProxies
     • compute.targetHttpProxies.create
     • compute.targetHttpProxies.createTagBinding
     • compute.targetHttpProxies.delete
     • compute.targetHttpProxies.deleteTagBinding
     • compute.targetHttpProxies.get
     • compute.targetHttpProxies.list
     • compute.targetHttpProxies.listEffectiveTags
     • compute.targetHttpProxies.listTagBindings
     • compute.targetHttpProxies.setUrlMap
     • compute.targetHttpProxies.update
     • compute.targetHttpProxies.use
   • compute.targetHttpsProxies
     • compute.targetHttpsProxies.create
     • compute.targetHttpsProxies.createTagBinding
     • compute.targetHttpsProxies.delete
     • compute.targetHttpsProxies.deleteTagBinding
     • compute.targetHttpsProxies.get
     • compute.targetHttpsProxies.list
     • compute.targetHttpsProxies.listEffectiveTags
     • compute.targetHttpsProxies.listTagBindings
     • compute.targetHttpsProxies.setCertificateMap
     • compute.targetHttpsProxies.setQuicOverride
     • compute.targetHttpsProxies.setSslCertificates
     • compute.targetHttpsProxies.setSslPolicy
     • compute.targetHttpsProxies.setUrlMap
     • compute.targetHttpsProxies.update
     • compute.targetHttpsProxies.use
   • compute.targetInstances
     • compute.targetInstances.create
     • compute.targetInstances.createTagBinding
     • compute.targetInstances.delete
   • compute.urlMaps
     • compute.urlMaps.create
     • compute.urlMaps.createTagBinding
     • compute.urlMaps.delete
     • compute.urlMaps.deleteTagBinding
     • compute.urlMaps.get
     • compute.urlMaps.invalidateCache
     • compute.urlMaps.list
     • compute.urlMaps.listEffectiveTags
     • compute.urlMaps.listTagBindings
     • compute.urlMaps.update
     • compute.urlMaps.use
     • compute.urlMaps.validate
   • iam.roles
     • iam.roles.create
     • iam.roles.delete
     • iam.roles.get
     • iam.roles.list
   • storage.buckets
     • storage.buckets.create
     • storage.buckets.createTagBinding
     • storage.buckets.delete
     • storage.buckets.deleteTagBinding
     • storage.buckets.get
     • storage.buckets.getIamPolicy
     • storage.buckets.getObjectInsights
     • storage.buckets.list
     • storage.buckets.listEffectiveTags
     • storage.buckets.listTagBindings
     • storage.buckets.setIamPolicy
     • storage.buckets.update
   • storage.objects
     • storage.objects.create
     • storage.objects.delete
     • storage.objects.get
     • storage.objects.getIamPolicy
     • storage.objects.list
     • storage.objects.setIamPolicy
     • storage.objects.update
   • storagetransfer.agentpools
     • storagetransfer.agentpools.create
     • storagetransfer.agentpools.delete
     • storagetransfer.agentpools.get
     • storagetransfer.agentpools.list
   • storagetransfer.jobs
     • storagetransfer.jobs.create
     • storagetransfer.jobs.delete
     • storagetransfer.jobs.get
     • storagetransfer.jobs.list
     • storagetransfer.jobs.run
     • storagetransfer.jobs.update
   • storagetransfer.operations.get
   • storagetransfer.projects.getServiceAccount
   • compute.regions.get
   • compute.regions.list
   • monitoring.timeSeries.list
   • resourcemanager.projects.getIamPolicy

Show the instruction with images

8. After confirming that all the permissions in the table have been added, click the Create button located at the bottom of the page.

   warning

   Please be sure, all required permission are selected.

Show the instruction with images

gcloud CLI

If you wish to proceed with this method, please follow the steps below.

2. At first, you need to install the gcloud CLI. Please follow the steps outlined in the documentation.

3. After initializing gcloud, the terminal will prompt you to log in to your GCP account. Please contine with 'Y'.

Show the instruction with images

4. After entering 'Y' in the terminal, the gcloud login page will automatically open in your browser. Please log in to your account.

Show the instruction with images

5. Then go back to terminal, it will prompt you to select your Google Cloud project. Locate your project from the list and enter its numeric or text value in the terminal. Now we are in our project. (Please do not close your teminal.)

To facilitate your access to our service, we have created a file containing the necessary permissions. Before proceeding to the next step, please download this file.

tip

After downloading the file, it is recommended to rename and abbreviate the file name.

Show the instruction with images

6. Customize the code below according to your own project and run the code in the terminal.

gcloud iam roles create ROLE_ID --project=PROJECT_ID --file=YAML_FILE_PATH 

ROLE_ID, is the name of the role, such as myRole. You can select any name for it.

PROJECT_ID, is the name of your project such as myProject.

YAML_FILE_PATH is the path to the location of your YAML file that you downloaded early step.

Show the instruction with images

7. After running this code in the terminal, it will ask for confirmation due to some permissions being in the testing stage. Please confirm by entering 'Y' into the terminal.

Show the instruction with images

Upon successful execution of the code block, a role containing the necessary permissions will be created in your project.

Extra Permission

If you wish to proceed with this method, please follow the steps below. If you wish, you can review the additional permissions that we obtain from here.

2. Click the MENU icon on the very left side.
3. Click on Iam & Admin section, and select Roles from the opened menu.

Show the instruction with images

4. Then click CREATE ROLE button on the top.

Show the instruction with images

5. Enter your role Title, and it will generate a ID automatically.
6. Click ADD PERMISSIONS button on the bottom.

Show the instruction with images

7. 1. In the opened table, click on the section that says Enter property name or value, type one of the permission names from the list below without a star (*) assignment, and press Enter.

   2. Afterward, click on the square located next to the permission tab to select all the listed permissions.

   3. After ensuring that all checkboxes are selected, delete the entered permission name. Repeat these steps for all permissions listed below.

      Show the Permission List.

      • certificatemanager.certs*
      • compute.backendBuckets*
      • compute.globalAddresses*
      • compute.globalForwardingRules*
      • compute.instances*
      • compute.regionSslCertificates*
      • compute.regions*
      • compute.sslCertificates*
      • compute.targetHttpProxies*
      • compute.targetHttpsProxies.*
      • compute.targetInstances*
      • compute.urlMaps*
      • iam.roles*
      • monitoring.timeSeries*
      • storage.buckets*
      • storage.objects*
      • storagetransfer.agentpools*
      • storagetransfer.jobs*
      • storagetransfer.operations*
      • storagetransfer.projects*

Show the instruction with images

8. After confirming that all the permissions in the table have been added, click the Create button located at the bottom of the page.

Show the instruction with images

Full Access

If you want to continue in this way please skip the Service Account Creation.

Service Account Creation

We have created a role with the necessary permissions; now, we need to create an account to which we will assign this role.

1. Go to GCP Console and log in to your account.
2. Go to Service accounts from the left menu, under IAM & Admin.

Show the instruction with images

3. Click CREATE SERVICE ACCOUNT button on the top.

Show the instruction with images

4. Enter your Service account name, and it will generate a service account ID.

   optional

   You can enter a description under Service account description to better identify the created account.

5. After that click CREATE AND CONTINUE.

Show the instruction with images

6. In the second opened stage, click on Select a role and proceed according to the method you chose when creating the role:

   warning

   If you chose to continue with Manuel method for creating the role, you should choose the role you created with the title you assign it under the Custom section.

   warning

   If you chose to continue with gcloud CLI method for creating the role, you should choose c4c Custom role under the Custom section.

   warning

   If you chose to continue with Extra Permission method for creating the role, you should choose the role you created with the title you assign it under the Custom section.

   warning

   If you chose to continue with Full Access method for creating the role, you should choose the Owner role under the Basic section.

Show the instruction with images

7. After selecting the relevant role, click on the CONTINUE button.

Show the instruction with images

8. In the third stage, you have the option to edit the Grant users accesses if you wish.

9. Lastly, click DONE.

   tip

   After clicking the Done button, you should find yourself back in the Service Accounts page. However, if you are not, click on the Service Accounts section again from the menu on the left.

Show the instruction with images

10. Check from the list whether your service account has been created or not.

Managing Key

In this section, we will create the key file that we need in our platform.

1. Locate the user we created on the Service Accounts page. Navigate to the Actions tab for the respective user, and click on the Three dots(...) button and select Manage keys.

Show the instruction with images

2. Click on the ADD KEY button on the opened page, and select Create new key.

Show the instruction with images

3. After selecting your key type, click CREATE and the key has been generated will be downloaded to your computer.

Show the instruction with images

danger

Do not forget to check your downloads. Make sure you keep the downloaded credential file in a reachable field.

Now that everything is set up properly, it's time to go and set up our platform.