Google Cloud Report APIs
CCKM provides options to generate key visibility reports based on:
Key-related activities between CCKM and Google Cloud key rings
Track keys by their expiration dates
Google Cloud reports are categorized as:
Key Activity Report: Inspect individual Google Cloud key histories by operations, for example, when they were refreshed, rotated, edited, or deleted. Also, use this report to compare key activities between CCKM and Google Cloud key ring.
Key Aging Report: Track keys by their expiration dates. Audit a range of dates, from past material deletions to future scheduled deletions, within the selected Google Cloud key ring.
Use the Google Cloud reports to:
Generate a report
View the list of existing reports
View details of a particular report
Delete a report from CCKM
Download the content of a report in CSV
Generating a Google Cloud Report
Use the post /v1/cckm/google/reports API to generate a report. This API starts the report generation. The content of the report can be verified by running the get /v1/cckm/google/reports/{id}/contents API. Refer to Viewing Content of Generated Google Cloud Reports.
Syntax
curl -k '<IP>/api/v1/cckm/google/reports' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<report name>",\n "start_time": "<start time>",\n "end_time": "<end time>",\n "report_type": "<report type>",\n "gcp_cloud_params": [<Googlecloud params>]\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| gcp_cloud_params | array of JSONs | Google Cloud parameters. Refer to Google Cloud Parameters for details. |
| name | string | Name for the report. |
| report_type | string | Type of the report. Possible types are: • key-report • key-aging The default type is key-report. |
| end_time | string | End time for the report. Default end time is the time when the call is initiated. |
| start_time | string | Start time from when the report is to be generated. Default start time is end_time-24hrs. |
If end_time and start_time are not specified, a report for the last 24 hours is generated.
Google Cloud Parameters
| Parameter | Type | Description |
|---|---|---|
| key_ring | string | Name of the Google Cloud key ring. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/reports' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjAxZDM2ZTY3LTI5NWQtNDNjZC05NDExLTk0OTdkYjQzMzQ4MyIsImlhdCI6MTU5NjAxMzM0OCwiZXhwIjoxNTk2MDEzNjQ4fQ.7jbUbvoZr9dZ8Yf1NmDUTw3jhq-XDzSHJzN-vQeYcbo' -H 'Content-Type: application/json' --data-binary $'{"name":"r1",\n "report_type": "key-report",\n "gcp_cloud_params": [\n {\n "key_ring": "projects/cckm-demo-proj/locations/us-central1/keyRings/ring"\n }\n ],\n "start_time": "2019-09-17T06:58:00Z",\n "end_time": "2020-09-17T07:02:00Z"\n}' --compressed
Example Response
{
"application/json": {
"id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
"uri": "kylo:kylo:cckm:reports:report-name",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-04-01T11:02:29.914913Z",
"name": "report-name",
"updatedAt": "2021-04-01T11:02:29.955818Z",
"overall_status": "in_progress",
"detailed_status": {
"projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo": "in_progress"
},
"abort": false,
"report_type": "key-report",
"key_rings": [
"projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo"
],
"start_time": "2021-04-15T06:37:07Z",
"end_time": "2021-06-15T06:37:07Z"
}
}
The output shows that the "overall_status" and "detailed_status" of the Google Cloud report is "in_progress" on the CipherTrust Manager. Wait for the report to complete. You can run the get /v1/cckm/google/reports (refer to Viewing List of Existing Google Cloud Reports) or get /v1/cckm/google/reports/{id} (refer to Viewing Details of a Particular Google Cloud Report) API to view the updated status of the report.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing List of Existing Google Cloud Reports
Use the get /v1/cckm/google/reports API to view the list of updated reports. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/google/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Internal ID of the Google Cloud report. |
| overall_status | string | Overall status of the Google Cloud report. The status can be: • completed• in progress• failed |
| name | string | Name of the Google Cloud report. |
| report_type | string | Type of the Google Cloud report. Possible types are: • key-report • key-aging |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjAxZDM2ZTY3LTI5NWQtNDNjZC05NDExLTk0OTdkYjQzMzQ4MyIsImlhdCI6MTU5NjAxMzM0OCwiZXhwIjoxNTk2MDEzNjQ4fQ.7jbUbvoZr9dZ8Yf1NmDUTw3jhq-XDzSHJzN-vQeYcbo' --compressed
Example Response
{
"application/json": {
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
"uri": "kylo:kylo:cckm:reports:report-name",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-04-01T11:02:29.914913Z",
"name": "report-name",
"updatedAt": "2021-04-01T11:02:29.955818Z",
"overall_status": "in_progress",
"detailed_status": {
"projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo": "in_progress"
},
"abort": false,
"report_type": "key-report",
"key_rings": [
"projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo"
],
"start_time": "2021-04-15T06:37:07Z",
"end_time": "2021-06-15T06:37:07Z"
}
]
}
}
The output shows that one Google Cloud report is available on the CipherTrust Manager.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of a Particular Google Cloud Report
Use the get /v1/cckm/google/reports/{id} API to view the details of a Google Cloud report.
Syntax
curl -k '<IP>/api/v1/cckm/google/reports/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed
Example Response
{
"application/json": {
"id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
"uri": "kylo:kylo:cckm:reports:report-name",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-04-01T11:02:29.914913Z",
"name": "report-name",
"updatedAt": "2021-04-01T11:05:53.617901Z",
"completed_at": "2021-04-01T11:05:53.617656Z",
"overall_status": "completed",
"detailed_status": {
"projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo": "completed"
},
"abort": false,
"report_type": "key-report",
"key_rings": [
"projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo"
],
"start_time": "2021-04-15T06:37:07Z",
"end_time": "2021-06-15T06:37:07Z"
}
}
The output shows the details of the Google Cloud report with the specified resource ID.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Content of Generated Google Cloud Reports
Use the get /v1/cckm/google/reports/{id}/contents API to view the content of a Google Cloud report on console. Use the request query parameters to filter the content of the report.
Syntax
curl -k '<IP>/api/v1/cckm/google/reports/{id}/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| key_name | string | Name of the Google Cloud key. |
| key_ring | string | Name of the Google Cloud key ring on CCKM. |
| project | string | Name of the Google Cloud project. |
| region | string | Region (location) of the Google Cloud key ring. |
| organization | string | Name of the Google Cloud organization. |
| key_activity | string | Activity of the Google Cloud key. |
| user_name | string | Name of the CCKM user who performed the operation. |
| cckm_operation | string | Operation performed from CCKM. |
| origin | Source of the key material. The origin of the key can be: • CCKM: Key material is created on CCKM. • Native: Key material is created on the cloud. • External (Unknown): Source of the key material is unknown. It is different than CCKM and the native cloud. | |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed
Example Response
{
"application/json": {
"skip": 0,
"limit": 1,
"total": 55,
"resources": [
{
"id": "a67b9ef0-9b47-4fbd-b30f-1646af4b4259",
"uri": "kylo:kylo:cckm:gcp-reports:c3d657fa-0782-4c16-a741-e3da541434e6",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-04-01T11:02:59.934312Z",
"updatedAt": "2021-04-01T11:02:59.929245Z",
"key_name": "projects/cckm-demo-proj/locations/us-central1/keyRings/key-ring-demo/cryptoKeys/19jan2021k1",
"key_ring": "key-ring-demo",
"project": "projects/cckm-demo-proj",
"region": "us-east1",
"key_activity": "CreateCryptoKey",
"modified_time": "2021-05-19T13:20:23.788785Z",
"key_expiration": null,
"user_name": "manas.khandeshe@thalesesecurity.com"
}
]
}
}
The output shows the content of the Google Cloud report with the specified resource ID.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Downloading Content of Google Cloud Reports in CSV
Use the get /v1/cckm/google/reports/{id}/download API to view the comma-separated Google Cloud report. If needed, you can copy this report and create a CSV file.
Syntax
curl -k '<IP>/api/v1/cckm/google/reports/{id}/download' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259/download' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed
Example Response
"Key Name,Key Ring,Key Activity,Project,Modified Date,Cloud"
Uploaded,pkv-softkeys::260ecbe7-777b-4d3c-84ea-887620498863,,KeyBackup,ef767cf9-61dd-4765-a4df-ebd65493c728,2020-12-04 10:06:14.16 +0000 UTC,260ecbe7-777b-4d3c-84ea-887620498863,AzureCloud
The output shows the comma-separated Google Cloud report. If needed, you can copy this report and create a CSV file.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Deleting a Report from CCKM
Use the delete /v1/cckm/google/reports/{id} API to delete a Google Cloud report from CCKM.
Syntax
curl -k '<IP>/api/v1/cckm/google/reports/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the Google Cloud report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/reports/a67b9ef0-9b47-4fbd-b30f-1646af4b4259' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI5ZDJiYmYxNC0zMDg1LTQ5YjAtYTY4MC1hMDQ5ODgyYjIwNDQiLCJzdWIiOiJsb2NhbHxhNDk0MmY1OS1mMGUxLTQ1ZWQtYWUxNS1kZGM3YWZhZDA4NzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNWU3MDBjY2UtMTRmYS00ZTVjLWI0YjMtNWQ4ZmE3ODgxYmI3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImJmZjI5NDEyLWNmMzMtNDkyMS1hYzEzLWZmM2IzZGIyZWQ1YyIsImlhdCI6MTU5NjAxMzY2MiwiZXhwIjoxNTk2MDEzOTYyfQ.pQ8y9tMSTrBGZ-RYfWAHh6JTFp7GJXMDL10UFGScJQU' --compressed
Example Response
{
"status": 204
}
The output shows that the Google Cloud report with the specified resource ID is deleted from CCKM.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.