1. Using Oracle Autonomous Database on Shared Exadata Infrastructure
  2. Using Autonomous Database
  3. Accessing Cloud Resources by Configuring Policies and Roles
  4. Use Google Service Account to Access Google Cloud Platform Resources
  5. Enable Google Service Account and Find the GCP Service Account Name

Enable Google Service Account and Find the GCP Service Account Name

Prior to using a Google Cloud Platform (GCP) resource with a Google service account you need to enable GCP access for your Autonomous Database instance.

  1. Enable Google service account authentication with DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH.

    For example, to enable Google service account authentication for the ADMIN user: 

    BEGIN
    DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH(
        provider => 'GCP' );
END;
/

    Enable Google service account authentication for a non-ADMIN user, adb_user as follows: 

    BEGIN
    DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH(
        provider => 'GCP',
        username => 'adb_user');
END;
/

    If you want the specified user to have privileges to enable Google service account authentication for other users, set the params parameter grant_option to TRUE. 

    BEGIN
    DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH(
        provider => 'GCP',
        username => 'adb_user',
        params   => JSON_OBJECT('grant_option' value TRUE));
END;
/

    After you run DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH with grant_option set to TRUE, adb_user can enable Google service account authentication for another user. For example, if you connect as adb_user, you can run the following command to enable GCP service account access for adb_user2: 

    BEGIN
    DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH(
        provider => 'GCP',
        username => 'adb_user2');
END;
/
  2. When DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH runs it creates a Google service account. Query CLOUD_INTEGRATIONS to obtain the service account details for your Autonomous Database instance.
    SELECT * FROM CLOUD_INTEGRATIONS WHERE param_name = 'gcp_service_account';

PARAM_NAME           PARAM_VALUE
---------------------------------------------------------------------------
gcp_service_account  GCP-SA-22222-32222@gcp-example.iam.gserviceaccount.com
  3. Note the gcp_service_account parameter value as you must supply this value when you configure GCP resources.

See ENABLE_PRINCIPAL_AUTH Procedure for more information.