Add Cloud Account (GCP)

POST 
https://api.prismacloud.io/cas/v1/gcp_account

Onboard a new gcp cloud account onto the Prisma Cloud platform.

Prerequisite: Generate the GCP credentials by calling Generate and Download the GCP Terraform template API

Request

Query Parameters

skipStatusChecks boolean

true = Skip account status checks to improve response time

application/json

Bodyrequired

Cloud Account

cloudAccount objectrequired
accountIdstringrequired
Organization resource ID if accountType is organization.
Project ID if accountType is account or masterServiceAccount.
Workspace domain name if accountType is workspace_domain.
accountTypestringrequired
Cloud Account Type.
account: GCP Project
organization: GCP Organization
masterServiceAccount: Onboards all GCP projects that are accessible by the service account
workspace_domain: GCP Workspace.
Possible values: [account, masterServiceAccount, organization, workspace_domain]
enabledboolean
Enable or disable this account on Prisma Cloud.
Default value: false
namestringrequired
Account name for the GCP account that will be onboarded on Prisma Cloud. (must be unique)
projectIdstring
ID of the project.
Get the project ID from the credentials json file that is generated from the GCP Terraform template.
groupIdsstring[]
List of Account Groups that must be mapped to this account. To get the account group ids,call List Account Groups API
credentials objectrequired
The content of the credentials object is the Service Account Key for your Google Cloud service account
token_uristring
private_key_idstring
client_x509_cert_urlstring
project_idstring
auth_uristring
auth_provider_x509_cert_urlstring
client_emailstring
private_keystring
typestring
client_idstring
compressionEnabledboolean
Enable or disable compressed network flow log generation.
Default value: false
dataflowEnabledProjectstring
Project ID where the Dataflow API is enabled .
Required if compressionEnabled is set to true and if the accountType is organization.
Optional if the accountType is account or masterServiceAccount
flowLogStorageBucketstring
Cloud Storage Bucket name that is used store the flow logs.
accountGroupCreationModestring
Default value: MANUAL
MANUAL: Account will be mapped to the account group mentioned in defaultAccountGroupId.
AUTO: Automatically creates account groups for each top-level folder in the hierarchy.
RECURSIVE: Automatically creates account groups for the folders that are nested within the GCP organization hierarchy.
Applicable only if the accountType is organization.
Possible values: [MANUAL, AUTO, RECURSIVE]
defaultAccountGroupIdstringrequired
Applicable only
• If accountType is organization and accountGroupCreationMode is MANUAL.

• If accountType is masterServiceAccount.
hierarchySelection object[]
Applicable only if accountType is organization.
Include/Exclude a list of GCP folders, GCP projects under the organization.
Array [
resourceIdstring
To get the list of resource IDs and its details, Refer List Children of Parent (GCP)
Example: root
displayNamestring
To get the display name of resource, Refer List Children of Parent (GCP). Display name is the organization name if nodeType is ORG
Example: Root
nodeTypestring
Member account node type. Supported values are ORG, FOLDER, or PROJECT
selectionTypestring
Organization Member accounts Selection type.
ALL: Include the resource and all its children
INCLUDE: Include the specified resource
EXCLUDE: Exclude the specified resource
Possible values: [ALL, INCLUDE, EXCLUDE]
]
organizationNamestring
GCP Organization name
features object[]
Features to be enabled and/ or disabled. To get a list of all the supported features, see Fetch Supported Features endpoint
Array [
namestring
Feature name obtained from Fetch Supported Features endpoint
Example: Remediation
statestring
Feature state. Whether to be enabled or disabled
Possible values: [enabled, disabled]
defaultMemberStatestring
Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.
Possible values: [enabled, disabled]
]

Responses

200

successful operation

400

duplicate_cloud_account_name / duplicate_cloud_account / invalid_account_id_format / duplicate_cloud_account_needs_upgrade / cannot_select_zero_account_groups / invalid_account_group_ids

404

invalid_account_type

Authorization: x-redlock-auth

name: x-redlock-authtype: apiKeydescription: The x-redlock-auth value is a JSON Web Token (JWT).in: header

• curl
• python
• go
• nodejs
• csharp
• php

• CURL

curl -L 'https://api.prismacloud.io/cas/v1/gcp_account' \
-H 'Content-Type: application/json' \
-H 'x-redlock-auth: <x-redlock-auth>' \
-d '{
  "cloudAccount": {
    "accountId": "string",
    "accountType": "account",
    "enabled": true,
    "name": "string",
    "projectId": "string",
    "groupIds": [
      "string"
    ]
  },
  "credentials": {
    "token_uri": "string",
    "private_key_id": "string",
    "client_x509_cert_url": "string",
    "project_id": "string",
    "auth_uri": "string",
    "auth_provider_x509_cert_url": "string",
    "client_email": "string",
    "private_key": "string",
    "type": "string",
    "client_id": "string"
  },
  "compressionEnabled": true,
  "dataflowEnabledProject": "string",
  "flowLogStorageBucket": "string",
  "accountGroupCreationMode": "MANUAL",
  "defaultAccountGroupId": "string",
  "hierarchySelection": [
    {
      "resourceId": "root",
      "displayName": "Root",
      "nodeType": "string",
      "selectionType": "ALL"
    }
  ],
  "organizationName": "string",
  "features": [
    {
      "name": "Remediation",
      "state": "enabled",
      "defaultMemberState": "enabled"
    }
  ]
}'

Request Collapse all

Base URL

https://api.prismacloud.io

Auth

x-redlock-auth

Parameters

skipStatusChecks — query

---truefalse

Body required

{
  "cloudAccount": {
    "accountId": "string",
    "accountType": "account",
    "enabled": true,
    "name": "string",
    "projectId": "string",
    "groupIds": [
      "string"
    ]
  },
  "credentials": {
    "token_uri": "string",
    "private_key_id": "string",
    "client_x509_cert_url": "string",
    "project_id": "string",
    "auth_uri": "string",
    "auth_provider_x509_cert_url": "string",
    "client_email": "string",
    "private_key": "string",
    "type": "string",
    "client_id": "string"
  },
  "compressionEnabled": true,
  "dataflowEnabledProject": "string",
  "flowLogStorageBucket": "string",
  "accountGroupCreationMode": "MANUAL",
  "defaultAccountGroupId": "string",
  "hierarchySelection": [
    {
      "resourceId": "root",
      "displayName": "Root",
      "nodeType": "string",
      "selectionType": "ALL"
    }
  ],
  "organizationName": "string",
  "features": [
    {
      "name": "Remediation",
      "state": "enabled",
      "defaultMemberState": "enabled"
    }
  ]
}