GCP Device Groups
Last updated on 25 February, 2021Overview
You can use LogicMonitor’s REST API to manage Google Cloud Platform (GCP) groups. GCP groups are device groups with a few key differences. This document covers the differences, as well as how to add and update GCP groups.
URI: /device/groups
GCP Group Differentiators
GCP Specific groupType
GCP groups have a special groupType value. Specifically, normal and dynamic groups will have a groupType value of Normal, while GCP device groups will have a value of GCP/SERVICE, where SERVICE is the GCP service the group was created for (for example, ComputeEngine, CloudSQL, AppEngine, and so on). The GCP account level group will have a groupType value of GCP/GcpRoot.
GCP Specific Fields
The gcpRegionsInfo, gcpTestResult, and gcpTestResultCode are all read-only fields specific to GCP groups. More importantly, GCP group specific information such as GCP account credentials and GCP service/region configurations, are included in the “extra” object in the device group JSON.
Specifically the extra object includes the following information:
| Property | Description | Type | Example |
| default | The default service settings configured for the GCP group. This should include selectAll (can be used to select all regions for monitoring), monitoringRegions (can be used to select specific regions for monitoring), deadOperation (MANUALLY | KEEP_7_DAYS | KEEP_14_DAYS | KEEP_30_DAYS | IMMEDIATELY), useDefault (not applicable to default object), nameFilter (not applicable to default object), tags (used to specify tag filters), disableTerminatedHostAlerting | JSON Array | “default”: {“useDefault”: true, “selectAll”: false, “monitoringRegions”: [“us-west1″,”us-east1″,”us-central1″,”us-east4″,”northamerica-northeast1″,”southamerica-east1″,”europe-west1″,”europe-west2″,”europe-west3″,”europe-west4″,”asia-northeast1″,”asia-east1″,”asia-south1″,”asia-southeast1″,”australia-southeast1”], “tags”: [], “nameFilter”: [], “deadOperation”: “KEEP_7_DAYS”, “disableTerminatedHostAlerting”: true} |
| services | The service settings for the GCP group. This should include selectAll (can be used to select all regions for monitoring), monitoringRegions (can be used to select specific regions for monitoring), deadOperation (MANUALLY | KEEP_7_DAYS | KEEP_14_DAYS | KEEP_30_DAYS | IMMEDIATELY), useDefault (whether or not default settings should be applied), nameFilter, tags (used to specify tag filters), disableTerminatedHostAlerting, deviceDisplayNameTemplate, normalCollectorConfig | JSON Array | “COMPUTEENGINE”: {“useDefault”: false, “selectAll”: false, “monitoringRegions”:[“us-west1″,”us-east1″,”us-central1″,”us-east4″,”northamerica-northeast1″,”southamerica-east1″,”europe-west1″,”europe-west2″,”europe-west3″,”europe-west4″,”asia-northeast1″,”asia-east1″,”asia-south1″,”asia-southeast1″,”australia-southeast1”], “tags”: [], “nameFilter”: [], “deadOperation”: “KEEP_7_DAYS”, “disableTerminatedHostAlerting”: true, “deviceDisplayNameTemplate”: “”, “normalCollectorConfig”: {“enable”: false, “collectors”: []}} |
| account | The account level information for the GCP group. | JSON Array | “account”: {“projectId”: “development-198123”, “collectorId”: -2, “schedule”: “0 * * * *”, “serviceAccountKey”: { “type”: “service_account”, “project_id”: “development-198123”, “private_key_id”: “**********”, “private_key”: “**********”, “client_email”: “[email protected]”, “client_id”: “107550067926283000448”, “auth_uri”: “https://accounts.google.com/o/oauth2/auth”, “token_uri”: “https://oauth2.googleapis.com/token”, “Auth_provider_x509_cert_url”: “https://www.googleapis.com/oauth2/v1/certs”, “Client_x509_cert_url”: “https://www.googleapis.com/robot/v1/metadata/x509/youremail%40development-198123.iam.gserviceaccount.com”}} |
Adding a GCP Group
To authenticate API requests, LogicMonitor requires a GCP service account key and the cloud API of each service you wish to monitor to be enabled. For more information on creating the correct service account key and enabling your GCP APIs, follow the steps provided in Adding your GCP environment into LogicMonitor. After a service key has been created and the cloud APIs have been enabled, you will need to make a POST request to the /device/groups resource to add your GCP account into LogicMonitor.
Example: Post New GCP Group
The following Python script request adds a GCP group named “LM GCP” with the following parameters:
- The default service settings section only has two regions selected (us-west1 and us-east1) and resources are not set to be automatically deleted.
- The App Engine, Compute Engine, and Cloud SQL services are selected for monitoring, where Cloud SQL has a tag filter applied, two regions selected, and resources are set to be automatically deleted after seven days.
- The Auto Discovery frequency for the account is not set and will default to every hour.
- Additionally, a property named “customer” is added to the group and set to the value “customerA”.
#!/bin/env python
import requests
import json
import hashlib
import base64
import time
import hmac
#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'
#Request Info
httpVerb ='POST'
resourcePath = '/device/groups'
queryParams =''
data = '{"parentId": "1", "name": "LM GCP", "description": "awesome google cloud group", "customProperties": [{"name": "customer", "value":"customerA"}], "groupType": "GCP/GcpRoot", "extra": {"account": {"projectId": "development-198123", "collectorId": -2, "schedule": "0 * * * *", "serviceAccountKey": { "type": "service_account", "project_id": "development-198123", "private_key_id": "**********", "private_key": "**********", "client_email": "[email protected]", "client_id": "107550067926283000448", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "Auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "Client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/youremail%40development-198123.iam.gserviceaccount.com"}}, "default": {"useDefault": true, "selectAll": false, "monitoringRegions": ["us-west1", "us-east1"], "tags": [], "nameFilter": [], "deadOperation": "KEEP_7_DAYS", "disableTerminatedHostAlerting": true}, "services": {"APPENGINE": {"useDefault": true, "selectAll": false, "monitoringRegions": [], "tags": [], "nameFilter": [], "deadOperation": "KEEP_7_DAYS", "disableTerminatedHostAlerting": true}, "COMPUTEENGINE": {"useDefault": false, "selectAll": false, "monitoringRegions": ["us-east1"], "tags": [], "nameFilter": [], "deadOperation": "KEEP_7_DAYS", "disableTerminatedHostAlerting": true, "deviceDisplayNameTemplate": "", "customNSPSchedule": "", "normalCollectorConfig": {"enable": false, "collectors": []}}, "CLOUDSQL": {"useDefault": false, "selectAll": false, "monitoringRegions": ["us-east1", "us-west1"], "tags": [{"name": "system.gcp.tag.foo", "operation": "include", "value": "bar"}], "nameFilter": [], "deadOperation": "KEEP_7_DAYS", "disableTerminatedHostAlerting": true}}}}'
#Construct URL
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath + queryParams
#Get current time in milliseconds
epoch = str(int(time.time() * 1000))
#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath
#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())
#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}
#Make request
response = requests.post(url, data=data, headers=headers)
#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)Updating a GCP Group
If you’re updating a GCP group, we recommend first making a GET request to get the group JSON, parsing the output, replacing the desired values, and then using PUT to update the resource.
Example: Update GCP Group
The following Python script makes a GET request to get device group 39 (which happens to be the GCP root group), parses out the response, replaces the assigned Collector, adds the configuration object, and then makes a PUT request to update the group 39. Use your account information and your GCP accounts device group to update your GCP group.
#!/bin/env python
import requests
import json
import hashlib
import base64
import time
import hmac
#Account Info
AccessId ='48v2wRzfK94y53sq5EuF'
AccessKey ='H_D9i(f5~B^U36^K6i42=^nS~e75gy382Bf6{)P+'
Company = 'api'
#Request Info
httpVerb ='GET'
resourcePath = '/device/groups/39'
#Construct URL
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath
#Get current time in milliseconds
epoch = str(int(time.time() * 1000))
#Concatenate Request details
requestVars = httpVerb + epoch + resourcePath
#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())
#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}
#Make request
response = requests.get(url, headers=headers)
#Parse response
jsonResponse = json.loads(response.content)
#Change Collector Id and add configuration object
group = jsonResponse['data']
group['extra']['account']['collectorId'] = 218
#PUT Request Info
httpVerb ='PUT'
resourcePath = '/device/groups/39'
queryParams =''
data = str(json.dumps(group))
#Construct URL
url = 'https://'+ Company +'.logicmonitor.com/santaba/rest' + resourcePath +queryParams
#Get current time in milliseconds
epoch = str(int(time.time() * 1000))
#Concatenate Request details
requestVars = httpVerb + epoch + data + resourcePath
#Construct signature
hmac1 = hmac.new(AccessKey.encode(),msg=requestVars.encode(),digestmod=hashlib.sha256).hexdigest()
signature = base64.b64encode(hmac1.encode())
#Construct headers
auth = 'LMv1 ' + AccessId + ':' + signature.decode() + ':' + epoch
headers = {'Content-Type':'application/json','Authorization':auth}
#Make request
putResponse = requests.put(url, data=data, headers=headers)
#Print status and body of response
print('Response Status:',response.status_code)
print('Response Body:',response.content)