Google Sheets

Connector name	`agtgsheet`
Connector type	Executable
Type (UI field value)	Google Sheets
Connector status / support	Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security.
Installation / setup	Write a script file to define the Google spreadsheet ID, sheet ID and column header mapping which are used in the interaction between the Google Sheets file and the `agtgsheet` connector. A sample script, `agtgsheet`.cfg is contained in the <instance>\samples\ directory.

The following Bravura Security Fabric operations are supported by this connector:

create account
delete account
update attributes
List:
- attributes
- accounts
- computer objects

For a full list and explanation of each connector operation, see Connector operations.

Preparation

Before targeting Google Sheets:

Enable Google Sheets API in Google API console
Configure the Google Sheets API credentials
Write a script to configure connector behavior

Enable Google Sheets API in Google API console

The Google Sheets API lets you perform administrative operations on accounts and computers stored on a Google Sheets file. The Google Sheets API must be enabled before it can be used.

To enable Google Sheets API, log into the Google API console, select the Google Sheets API and click ENABLE.

Configure Google Sheets API credentials

The agtgsheet connector supports OAuth 2.0, which requires a service account to call Google Sheets API. The service account must be set up in the Google API Console with scope of access granted. In order to connect through Google Sheets API an encryption file also must be generated and saved on the instance server.

Go to Google API Console to create a new service account, or choose an existing account to use.
Do not use the Google default service accounts.
Assign the service account the "Editor" role.
Enable Google Sheets Domain-wide Delegation on the service account.
Take note of the Client ID for the Service account client that was generated after enabling Google Sheets Domain-wide Delegation. This will be used later.
Create a .P12 "private key" for the service account you are going to use.
Save the generated .P12 file on the instance server.
Take note of the service account ID and private key’s password. They will be used later.

For information on how to create a Google service account, enabling Google service account Domain-wide Delegation, assigning roles, or to generate a .P12 private key, refer to the "Console Help" in the Google API Console.

Your Google administrator may be able to provide the .P12 file and its private key’s password.

Once you have the encryption file, set the permissions to allow the instance to use the API:

Log into the Google Admin console.

In the Manage API client access section, enter:

In the Client Name field, enter the Client ID generated earlier.
In the One or More API Scopes field, enter

https://www.googleapis.com/auth/spreadsheets.readonly
https://www.googleapis.com/auth/spreadsheets
https://www.googleapis.com/auth/drive.readonly
https://www.googleapis.com/auth/drive

Click Authorize.

Writing a script to configure connector behavior

You must write a script file to define the Google spreadsheet ID, sheet ID and column header mapping, which are used in the interaction between the Google Sheets file and the agtgsheet connector.

A sample script, agtgsheet.cfg , is in the samples\* directory. If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed only with complete installations. You can select them in custom installations.

Note the sample script needs customizations to work with your Google Sheets.

# KVGROUP-V2.0
#
# Sample configuration file for agtgsheet.
#
agtgsheet = {
   

   # docid is required, and is the unique id of the Google spreadsheet.
   # This value can be pulled from the web-browser when viewing the
   # document, and it is in between the "/d/" and the "/edit" in the URL of
   # the spreadsheet. For example, consider the following URL that
   # references a Google spreadsheet:
   #
   # https://docs.google.com/spreadsheets/d/1_REoyijv6gpk_JrLLYyIPYGkclyoF8dkZmoJjk8grJc/edit#gid=0
   

  docid = 1_REoyijv6gpk_JrLLYyIPYGkclyoF8dkZmoJjk8grJc;

  # This section identifies the individual sheet within the Google
  # spreadsheet that holds user or account objects.
  #
  # If this section is removed, listing of accounts will be
  # considered an unsupported operation.
  #
   

  user sheet1 = {

    # Does the first row of the sheet contain the column headers for
   # the user attributes?  This configuration defaults to true, so the
    # connector will assume the first row contains the column headers.
    # If this is not the case this must be changed to false.
    #
    #
    # header = <true|false>;
    # If the first row contains headers (header = true; above), then map the columns
    # using the header names.  The connector has 4 pre-defined headers that are mapped
    # to internal values.   One of these is required, the other three are optional and
    # will be defaulted as described.
    #
    # o accountid - required.  This is the unique identifer for the
    #                          account or row.  When having header, if the column name happens to be accountid,
    #                          accountid=accountid; can be used for specifying the mapping.
    #
    # o shortid - optional.  If specified, this is the column that
    #                        represents the shortid (for auto
    #                        assoicate) if left empty, it will default
    #                        to the same value as accountid.
    #
    # o fullname - optional.  If specified represents the full name of
    #                         the user/account.  If not specified this
    #                         will be left blank.
    #
    # o stableid - opitonal.  Optional id for the row which does not
    #                         change if an account is renamed.  This
    #                         column can be used to track renames
    #                         within Bravura Security Fabric.
    #  stableid = "";  # no stableid default to accountid
   

                accountid = userid;
                shortid = userid;
                fullname = full_name;
   

    # Attributes.  Define the attribute column mappings.  The key
    # represents the name of the attribute within Bravura Security Fabric
    #  for the target system.  The value represents the column
    # where the value exists.  Attributes are optional.
    #
   

                attributes =  {
                  email = email;
                  phone = work_phone;
                  mobile = cell_phone;
                };
   

    # If the sheet does not leverage headers in the first row, then you must
    # identify each column by its column name on the sheet.  This will be the
    # letter value of the column (e.g. A, B, C...).
    #
    # Example with no headers:
   #
    # header = false;  # disable headers.
    #
    #
    # accountid = A;
    # shortid = C;
    # fullname = D;
    #
    # attributes = {
    #   email = H;
    #   phone = I;
    #   mobile = J;
    # };
    #
        };
   

  # Asset configuration is for listing servers or other computer objects.
  #
  # If this section is removed, listing of computers will be
  # considered an unsupported operation.
  #
   

  asset sheet2 = {

    # Does the first row of the sheet contain the column headers for
    # the user attributes?  This configuration defaults to true, so the
    # connector will assume the first row contains the column headers.
    # If this is not the case this must be changed to false.
    #
    #
    # header = <true|false>;
   

    # If the first row contains headers (header = true; above), then map the columns
    # using the header names.  The connector has 4 pre-defined headers that are mapped
    # to internal values.   One of these is required, the other three are optional and
    # will be defaulted as described.
    #
   # o id - This is the unique identifier for this asset object.
    #        This mapping is required.
    #
    #
    # o desc - Description for the asset object.  This mapping is
    #          optional.
    #
    # o status - Column which holds the status (enabled/disabled) of
    #            the object.  This mapping is optional and will
    #            default to enabled if not specified.
    #
    # "disabled" and "deleted" are for defining what values from
    # "status" column are treated as disabled and deleted for the
    # assets in this sheet.
    #
    # disabled = disabled;
    # deleted = deleted;
    #
    #
    # Attributes.  Define the attribute column mappings.  The key
    # represents the name of the attribute within Bravura Security Fabric
    #  for the target system.  The value represents the column
    # where the value exists.  Attributes are optional.
   

    #
    header = true;
    id=ID;
    desc=description;
                attributes =  {
                  operating_system = os;
                  brand = manufacturer;
                  version = ver;
                };
   

    # If the sheet does not leverage headers in the first row, then you must
    # identify each column by its column name on the sheet.  This will be the
    # letter value of the column (e.g. A, B, C...).
    #
    # Example with no headers:
    #
    # header = false;  # disable headers.
    #
    #
    # id = A;
    # desc = C;
    # status = D;
    #
    # disabled = disabled;
    # deleted = deleted;
    #
    # attributes = {
    #   operating_system = H;
    #   brand = I;
    #   version = J;
    # }
    #
  };
};

Once you have added the script to the script directory, you can add Google Sheets as a target system to the Bravura Security Fabric instance.

Targeting Google Sheets

For Google Sheets, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).

Type is Google Sheets.
Address uses options described below.
The address is entered in the following syntax:
{server=<google api server>; port=<secure port number>; proxy=<proxy server>:<port>; impersonate=<administrator id>@<domain name>;domain=<domain name>; checkCert=<true|false>; cfgpath=<config file>;}
For example:
{server=www.googleapis.com; port=443; proxy=10.0.0.1:80;impersonate=google_admin@id-privilege.net; domain=id-privilege.net;checkCert=false; cfgpath=agtgsheet.CFG;}

The full list of target system parameters is explained in Target System Options .

Table 1. Google Sheets address configuration

Option	Description
Options marked with a are required.
Server	The IP address/domain name of the Google API server. This is set to www.googleapis.com by default. (key: server)
Port	Default is 443. (key: port)
Connection over SSL	(optional) Select to enforce SSL connections. Default is "true". (key: ssl)
Validate the server’s certificate when connecting	Determines whether to validate the server’s security certificate for SSL connections. Default is "true". (key: checkCert)
HTTP Network Proxy	(optional) specifies a proxy URL to use for connecting. (key: proxy)
Impersonate	Email address of the Google Sheets owner. (key: impersonate)
Domain	External domain name, used to map to the Google Sheets API. (key: domain)
Config file path	specify the name of the configuration file. It must be located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. (key: file)

Setting the administrator credentials

A Google Sheets target requires two sets of administrative credentials. One must use a system password. For the first administrator, add the following:

ID Full path to the .P12 encryption file (the C: drive is recommended)
Password The private key’s password given with the .P12 file.

For the second administrator, add the following:

ID The service account ID referred to in Configure Google Sheets API credentials (including the "@<domain>")
Password Any value (unused) System password Must be checked

The target should now be able to connect and interact with the Google Sheets API.

In this section: