Community
Integration Blog Posts
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Integrating Using Google Cloud Storage Adapter (GCP Authentication & adapter config)

MirunaliniV
Explorer
‎2026 Feb 20 9:23 AM
666

Google Storage Adapter

Introduction to GCS (Google Cloud Storage) :

GCS is a robust and RESTful service for storing and retrieving the data like documents, videos and photos. It stores as a object and provides high performance designed specifically for enterprises. GCS also provide encryption/ decryption capabilities. Our Integration suites provides a adapter to connect with GCS in accessing the object. In this blog, we are going to see how to create service account in Google cloud platform and use it in SAP integration suite for authentication and basic configuration for uploading and retrieving a file.

Advantages of using GCS Adapter: 

  • Integration suite has built-in for GCS adapter, so no need to manually construct REST endpoints.
  • Built-in support for Buckets and Object operation.
  • No manual OAuth token handling and no custom scripts for token generation.
  • Config driven Object operations like upload (Put Object), Download (Get Object), Delete Object and List Objects.
  • Few integration steps and faster development.
  • Built-in Error handling and Validation. The adapter Validates bucket and Object Configuration.
  • Dynamic File and Path Handling. You can dynamically define Buckets. Object Paths and File names.
  • Key security benefits includes secure key storage and compliance with SAP security Standards

How to get Create Service Account ?

Step 1:  Create Service Account in GCP

  • Navigate to  IAM & Admin -> Service Accounts.
  • Click service account and give a name and add required roles. (You need ‘Storage Object Admin’ role for uploading and reading the file).

image (1).png

Step 2: Generating Key

  • Click on the email that’s been created on service accounts.
  • In the Keys tab, Click ‘Add key’. (Create or upload key).
  • Generate and download. (You have an option to download JSON or p12 file).

image (2).png

Note: If your organisation does not allow downloading the JSON key or P12 you will have to change the org policies. To override you should use Tag.

  • Navigate to your Org from ‘Project Picker’.
  • Move to Tag menu.
  • Create a Tag key (eg: EnableServiceKeyCreation). Open the Tag Key that you created now.
  • Create Tag values for the Tag Key. (Eg: true, false).

image (3).png

Attaching the Tag to your Project:

  • Navigate to Manage resources and select your Project.
  • Click on the ‘Tag’ and your Org in ‘Select scope for your tags’.
  • Now in the ‘key 1’ you can see the tag key you created earlier listed. And its corresponding values in the ‘Value1’ drop down.
  • Select whether you want enable/disable the service account creation.

image (6).png

  • Select ‘Organisation Policies’ and select ‘iam.managed.disableServiceAccountCreation’.
  • Click Manage policy.
  • Change to ‘Override Parent Policy’.
  • To override you  need to configure the policy with Rule. One for ‘Enforcement’ and one for ‘Not enforced’
  • Any one rule has to be default.

image (4).png

  • Condition needs to added for any one of the rule. Here in this example, I have added the key and if the tag value  true then the policy will be enforced.
  • Click Save

image (5).png

  • Click ‘Set Policy’. ( you will need Org Policy admin, Org Admin, Org Viewer, cloud asset, Tag Admin roles). Only after this you can download the JSON or P12.

Step 3: Creating Private key alias

P12 file :

  • you can just download the file and a password with be given by the GCS.
  • Upload the file as Key pair in SAP Integration Suite and give a name for the alias and enter the same password that GCS given to you.

JSON File:

  • Extract the private key from the JSON. (Remove the /n and “).
  • Save it as <filename>.pem
  • Create ‘public certificate’
  • Create p12 file
  • Now, upload this p12 file as Key pair in SAP Integration Suite and give the name for alias and enter the same password that you set before.

How to Configure the Adapter:

  • Use the alias we created in the ‘Private Key Alias’ and the service account email that was created in GCS.

image (7).png

How to configure Google Storage Receiver adapter to Upload a file?

  • Operation : Create to upload a file.
  • Directory: Folder path to upload file.
  • Object Name : file name
  • Content type: file content type
  • Existing file handling:
    • override - Creates a new object or replaces the object with new one.
    • Ignore - Skip object creation and no error
    • Fail - throws error

image (8).png

How to Configure the Google Storage Sender to read a file?

  • Directory: Folder to read the file from
  • Object Name: File name to read
  • Post processing: after processing you can Archive or delete or keep the object.

image (9).png

After deploying your Iflow you can see the file is created  / retrieved to/from your specified location in GCS. Explore more on the object where you can do archive or delete the file once it is fetched by the Iflow.

Useful Links: 

SAP Documentation: SAP Google Storage Adapter Guide | SAP Google Storage Adapter Help 

2 Comments