In the console they have quotas for Discovery, Administrative, Publish and Subscribe but I cannot find anywhere a definition of these four categories.
If I list subscriptions is that Discovery? If I get a subscription is that Discovery? If I create or delete topics or subscriptions is that Administrative?
thanks
Paul
edit: you can see the Pub/Sub dquota docs here but they do not answer this question.
https://cloud.google.com/pubsub/quotas
"Discovery" relates to calls on the API Discovery Service related to Pub/Sub, so it is largely not relevant for you. The quotas documentation mentions which operations are considered administrative: "The administrative operations consist of Get, List, Create, Delete, ModifyPushConfig, SetIamPolicy, GetIamPolicy, TestIamPermissions." Basically, any operation that isn't a publish, pull, ack, or push is an administrative operation.
Related
I'm working on integration with Google Directory and create subscription channels to watch users updates using this API https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/watch
POST https://admin.googleapis.com/admin/directory/v1/users/watch
I created some channels and don't have their id and resourceId to stop them according to this documentation and now I can't create any new channels https://developers.google.com/admin-sdk/directory/reference/rest/v1/channels/stop
I didn't find any API endpoint to list all my current customer id channels to stop them. How can I stop any subscription (watch) channels related to the customer id so I can create new watchers?
Unfortunately, Google has not enabled support for a way to list (i.e: a LIST method) active subscriptions enabled for a given admin user/domain. The only method they've exposed is a STOP method to stop an existing subscription, but it requires the caller already know the channel metadata associated with the subscription.
The good news here is if you did not store this information upon creation, you should be able to find the required parameters as a part of an event notification. I believe they might be in the headers accompanying each notification event.
I would like to get the audit logs for the Vault using the API, in order to get the audit logs in the API and monitor the logs in the SIEM.
I followed various links, but did not get any useful information.
https://support.google.com/vault/answer/4239060?hl=en
https://googleapis.github.io/google-api-python-client/docs/dyn/vault_v1.html
https://developers.google.com/vault/reference/rest
Is there an API to handle vault audit logs in the first place? If so, can you provide me with API endpoints and instructions or links on how to use them?
Audit logs are not currently available in Vault API.
There's currently a feature request in Issue Tracker regarding the implementation of this functionality. I'd suggest you to click the star on the top-left in order to keep track of this request and to help prioritizing its implementation:
Audit reporting functionality #api #audit-logs
I have some alerts set up in Stackdriver to warn me if there are no pull requests for Pub/Sub subscriptions (implying that all my servers are down or broken). However, I noticed these alerts stopped working.
When I pull up the alert in Stackdriver, the Metric is highlighted in red. If I try to set up another alert with the subscription/pull_request_count metric, it's not listed. The metric is also listed in the Pub/Sub monitoring docs, so I'd expect that it's valid.
How can I get this alert working again, or if for some reason this is no longer valid, is there another way to ensure that there are active subscribers at all times?
pubsub.googleapis.com/subscription/pull_request_count is still the correct name for this metric. The red metric is an indication of missing data. It looks like something is wrong with the underlying data for your project. Can you open a ticket with Google Cloud support and provide your project ID information so we can investigate further? Please reference this Stackoverflow question in your ticket.
Does the release notes statement that Cloud pub/sub is available now in a specific region mean that the data movement (pushing into the topic, subscribing to a topic, storing message) happens within that region only?
GDPR requirement (Data residency) that data shall not move from the geography where the data originated from.
Please confirm.
Google Cloud Pub/Sub is a global service, available from everywhere. It is not possible to choose where you want your Pub/Sub service to be, but it will be in the closest region to your project location. The fact that is available in a new region means that now that region has the necessary infrastructure to host a Pub/Sub service.
Here you can see the location of Google Cloud products, and also the release notes on Pub/Sub
[EDIT]
Despite this, there are some ways to help you ensure compliance:
As mentioned above, Pub/Sub takes the best effort to keep your data in the closest location to you the source of publication, and once it is stored, that data will not moved without your explicit action.
Pub/Sub provides monitoring on data storage location, thus you can track any potential violations and take action by discarding the backlog using Pub/Sub's seek's functionality or ensuring that it is quickly processed.
Risk can be limited by reducing message retention duration.
Pub/Sub now supports controlling where your message data is stored. Specifically, a topic now has a configurable message storage policy which is a list of GCP regions where Pub/Sub is allowed to store message data on disk. When a message is published to a region not in this list, the request is forwarded to the nearest allowed region for processing. The policy can be configured on a topic or as an organizational policy for a project, project folder or an entire organization. When an organization policy is configured, individual topic policy can be changed only in ways that do not violate the organization policy. See: https://cloud.google.com/pubsub/docs/resource-location-restriction.
I'm looking at the Create Subscription API documentation.
I would like to understand how many subscribers can I register for an app. Our system has 2000+ users and we are looking to set up a webhook subscription per user.
This is documented
https://learn.microsoft.com/en-us/graph/webhooks
Maximum subscription quotas:
Per app: 50,000 total subscriptions
Per tenant: 35 total subscriptions across all apps
Per app and tenant combination: 7 total subscriptions
The limits depend on the type of resources you are subscribing to.
For example, if you are subscribing to /users or /groups, then there are limits documented here.
Note that you would likely need a single subscription per tenant to track changes to all users/groups.
If you are subscribing to /messages, then you can create a subscription for each user mailbox.