You can enable the collecting and publishing of events from Google sources for a
specific Eventarc Advanced bus by creating a GoogleApiSource resource.
Events from Google sources are directly triggered by an unmediated event such as the creation of a Cloud Run function or a status change to a Dataflow job. For more information, see Google event types supported by Eventarc.
Note the following:
- By default, events are collected from the Google Cloud project where the
GoogleApiSourceresource exists. You can also use the gcloud CLI to collect events from multiple projects that are in the same organization as theGoogleApiSourceresource. For more information, in this document, see Publish events from multiple projects. - You can publish events to a bus that is in a different Google Cloud project
from the one in which the
GoogleApiSourceresource exists. You can configure this by using the gcloud CLI or by sending a request to the Eventarc API (but not through the Google Cloud console). - There is a limit of one
GoogleApiSourceresource per Google Cloud project per region.
Before you begin
Before you start, make sure that you have completed the following steps:
If you are using the Google Cloud CLI to run the commands on this page, install and then initialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running
gcloud components update.Enable the Eventarc API and the Eventarc Publishing API:
Console
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable eventarc.googleapis.com
eventarcpublishing.googleapis.com
Enable events from Google sources
To publish events from Google sources, you must create a
GoogleApiSource
resource. This resource represents a subscription to Google API events in a
specific Google Cloud project for a particular Eventarc Advanced bus.
You can enable the publishing of events from Google sources in the following ways:
- In the Google Cloud console
- By using the Google Cloud CLI in either your terminal or Cloud Shell
By sending a request to the Eventarc API
Console
In the Google Cloud console, go to the Eventarc > Bus page.
You can create a bus or, if you are updating a bus, click Edit.
On the Edit bus page, to add a message source, click Add source.
- In the Add message source pane, for the Google API message
provider, accept the default of
google-api-sourceor enter a different message source name. - Click Create.
- In the Add message source pane, for the Google API message
provider, accept the default of
Click Save.
gcloud
Open a terminal.
You can enable events from Google sources by using the
gcloud eventarc google-api-sources createcommand:gcloud eventarc google-api-sources create GOOGLE_API_SOURCE_NAME \ --destination-message-bus=BUS_NAME \ --destination-message-bus-project=BUS_PROJECT_ID
Replace the following:
GOOGLE_API_SOURCE_NAME: the ID or fully qualified identifier of yourGoogleApiSourceresource which represents a subscription to Google API events for a particular busBUS_NAME: the ID or fully qualified identifier of the bus for which you want to subscribe to Google API eventsBUS_PROJECT_ID: the Google Cloud project ID for the bus
Optional: You can also use the following flags:
--asyncto return from the command immediately, without waiting for the operation in progress to complete.--crypto-keyto specify the fully qualified name of a customer-managed encryption key; if unspecified, Google-owned and managed keys are used.--logging-configto configure the logging level which must be one of the following:NONE,DEBUG,INFO,NOTICE,WARNING,ERROR,CRITICAL,ALERT,EMERGENCY. For more information, seeLogSeverity.
REST API
To enable events from Google sources, use the
projects.locations.googleApiSources.create
method.
Before using any of the request data, make the following replacements:
GOOGLE_API_SOURCE_NAME: the display name of theGoogleApiSourceresource which represents a subscription to Google API events for a particular bus—for example,my_google_source.LABEL_KEYandLABEL_VALUE: optional. A map of label key and value pairs that help you organize your Google Cloud resources. For more information, see What are labels?ANNOTATION_KEYandANNOTATION_VALUE: optional. A map of annotation key and value pairs of free-form text. You can use them to attach arbitrary information associated with the resource. For more information, see Annotations.DESTINATION: the fully qualified identifier of the Eventarc Advanced bus to which Google source events should be published in the formatprojects/PROJECT_NAME/locations/LOCATION/messageBuses/BUS_NAME. For more information, see Create a bus to route messages.ENCRYPT_KEY: optional. A Cloud KMS key that theGoogleApiSourceresource should use for data encryption in the formatprojects/PROJECT_NAME/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME. For more information, see Use customer-managed encryption keys.PROJECT_ID: the Google Cloud project ID in which to create theGoogleApiSourceresource.LOCATION: the supported region in which to create theGoogleApiSourceresource—for example,us-central1.LOG_SEVERITY: optional. The minimum severity of the event described in a log entry. One of:NONE,DEBUG,INFO,NOTICE,WARNING,ERROR,CRITICAL,ALERT,EMERGENCY. The default isNONE. For more information, seeLogSeverity.
Request JSON body:
{
"displayName": "GOOGLE_API_SOURCE_NAME",
"labels": {"LABEL_KEY":"LABEL_VALUE"},
"annotations": {"ANNOTATION_KEY":"ANNOTATION_VALUE"},
"destination": "DESTINATION",
"cryptoKeyName": "ENCRYPT_KEY",
"loggingConfig": {"logSeverity":"LOG_SEVERITY"}
}
To send your request, expand one of these options:
If successful, the response body contains a newly created instance of
Operation:
{
"name": "projects/PROJECT_ID/locations/LOCATION/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.eventarc.v1.OperationMetadata",
"createTime": "2024-01-25T17:17:45.782370139Z",
"target": "projects/PROJECT_ID/locations/LOCATION/googleApiSources/GOOGLE_API_SOURCE_NAME",
"verb": "create",
"requestedCancellation": false,
"apiVersion": "v1"
},
"done": false
}
Events from Google sources in the same Google Cloud project as the
GoogleApiSource resource are now collected and published to the bus.
Disable events from Google sources
To disable the publishing of events from Google sources in a specific
Google Cloud project to an Eventarc Advanced bus, you must
delete the
GoogleApiSource
resource.
You can disable the publishing of events from Google sources in the following ways:
- In the Google Cloud console
- By using the gcloud CLI in either your terminal or Cloud Shell
By sending a request to the Eventarc API
Console
In the Google Cloud console, go to the Eventarc > Bus details page.
Click Edit.
On the Edit bus page, to delete the Google API message provider, click Delete resource for the google-api-source message source (or the name you have given it).
At the Delete resource prompt, click Confirm.
Click Save.
gcloud
Open a terminal.
You can disable events from Google sources by using the
gcloud eventarc google-api-sources deletecommand:gcloud eventarc google-api-sources delete GOOGLE_API_SOURCE_NAME \ --location=REGION
Replace the following:
GOOGLE_API_SOURCE_NAME: the ID or fully qualified identifier of theGoogleApiSourceresourceREGION: the location of theGoogleApiSourceresource
REST API
To disable events from Google sources, use the
projects.locations.googleApiSources.delete
method.
Before using any of the request data, make the following replacements:
PROJECT_ID: the Google Cloud project ID in which theGoogleApiSourceresource is created.LOCATION: the region in which theGoogleApiSourceresource is created—for example,us-central1.GOOGLE_API_SOURCE_NAME: the name of theGoogleApiSourceresource you want to delete.
To send your request, expand one of these options:
If successful, the response body contains a newly created instance of
Operation:
{
"name": "projects/PROJECT_ID/locations/LOCATION/operations/OPERATION_ID",
"metadata": {
"@type": "type.googleapis.com/google.cloud.eventarc.v1.OperationMetadata",
"createTime": "2024-01-25T17:17:45.782370139Z",
"target": "projects/PROJECT_ID/locations/LOCATION/googleApiSources/GOOGLE_API_SOURCE_NAME",
"verb": "delete",
"requestedCancellation": false,
"apiVersion": "v1"
},
"done": false
}
Events from Google sources in the same Google Cloud project as the deleted
GoogleApiSource resource are no longer collected and published.
Publish events from multiple projects
To collect and publish Google source events from multiple Google Cloud projects,
you must create a
GoogleApiSource
resource, and the projects must be in the same organization as the
GoogleApiSource resource. For more information about organizations, see
Resource hierarchy.
Note the following:
- Event publishing from multiple projects must be configured using the gcloud CLI and is not displayed in the Google Cloud console.
- If the project containing the
GoogleApiSourceresource is moved to a different organization, publishing events from multiple projects will no longer function as expected. You must update or re-create theGoogleApiSourceresource.
1. Grant the Eventarc service agent the appropriate IAM role
To collect events at the organization level, use the
gcloud organizations add-iam-policy-binding
command to grant the Eventarc service agent the appropriate
Identity and Access Management (IAM) role:
gcloud organizations add-iam-policy-binding ORGANIZATION_ID \ --member="SERVICE_AGENT_EMAIL" \ --role="roles/eventarc.multiProjectEventCollector"
Replace the following:
ORGANIZATION_ID: your organization resource ID.SERVICE_AGENT_EMAIL: the email address for the Eventarc primary service agent in the project where you are creating theGoogleApiSourceresource. The email address is in the following format:service-PROJECT_NUMBER@gcp-sa-eventarc.iam.gserviceaccount.comReplace
PROJECT_NUMBERwith your Google Cloud project number. You can find your project number on the Welcome page of the Google Cloud console or by running the following command:gcloud projects describe PROJECT_ID --format='value(projectNumber)'
2. Publish from all projects or a list of projects
To publish events from Google sources in multiple projects, use the
gcloud eventarc google-api-sources create
command in either of the following ways:
Publish from all Google Cloud projects in the same organization as the
GoogleApiSourceresource:gcloud eventarc google-api-sources create GOOGLE_API_SOURCE_NAME \ --location=REGION \ --destination-message-bus=BUS_NAME \ --destination-message-bus-project=BUS_PROJECT_ID \ --organization-subscription
Publish from a list of Google Cloud projects in the same organization as the
GoogleApiSourceresource:gcloud eventarc google-api-sources create GOOGLE_API_SOURCE_NAME \ --location=REGION \ --destination-message-bus=BUS_NAME \ --destination-message-bus-project=BUS_PROJECT_ID \ --project-subscriptions=LIST_OF_PROJECTS
Replace the following:
GOOGLE_API_SOURCE_NAME: the ID or fully qualified identifier of theGoogleApiSourceresourceREGION: the location of theGoogleApiSourceresourceBUS_NAME: the ID or fully qualified identifier of the bus for which you want to subscribe to Google API eventsBUS_PROJECT_ID: the Google Cloud project ID for the busLIST_OF_PROJECTS: a comma-delimited list of Google Cloud project IDs or project numbers. You can combine IDs and numbers in the same list. To publish events from the Google Cloud project containing theGoogleApiSourceresource, you must explicitly include the project ID or number in the list.
What's next
- Quickstart: Publish events from a Google source
- Publish events directly
- Format received events
- Transform received events