KB Article #180673
How to install and configure the Google Drive and Google Cloud Storage connectors for SecureTransport
This article discusses the installation and configuration of the Google Drive connector.
Table of contents
Introduction
The Google Drive Connector enables Axway SecureTransport (ST) to exchange files with Google Drive storage, specifically for Team Drives and individual user's My Drive. The connector is deployed as a plugin to an existing ST installation and adds a new Transfer Site named "Google Drive" to the list of available Transfer Sites. The Google Cloud Storage Connector similarly, is a pluging that enables file exchange with a Google Cloud Storage bucket, by adding a Transfer Site Named "Google Cloud Storage".
Installation
Download
The Google Drive Connector for ST can be downloaded from the Axway Support Portal from this link.
The Google Cloud Storage Connector for ST can be downloaded from the Axway Support Portal from this link.
Prerequisites
Before proceeding further, check the Prerequisites section of the README.md file, which is available in the Google Drive and Google Cloud Connector's zip archive.
Remove previous deployments
Make sure that there are no files/folders from previous versions of the Google Drive Connector. For that purpose, check the $FILEDRIVEHOME/plugins/transferSites/
folder, and remove everything related to Google Drive or Google Cloud from it.
Unzip the package
Extract the zip archive with the Google Connector in question into <FILEDRIVEHOME>/plugins/transferSites/
.
Add a logger
You need to add a dedicated Transaction Manager (TM) logger for the newly deployed Google Drive Connector, so that events related to the Connector are available in the Server Log. Follow the steps below.
Take a backup copy of the <FILEDRIVEHOME>/conf/tm-log4j.xml
file;
Open the <FILEDRIVEHOME>/conf/tm-log4j.xml
file for editing;
Add the following logger in the beginning of the loggers
section of the file, with the desired logging level:
<logger name="com.axway.st.plugins.site" additivity="false"> <level value="INFO" /> <appender-ref ref="ServerLog" /> </logger>
To enable debug logging, set the level value to debug
. However, change the value with caution. It is recommended to switch to levels different than INFO only temporarily, e.g. during troubleshooting sessions.
Save the file
Restart ST's services
<FILEDRIVEHOME>/bin/stop_all
<FILEDRIVEHOME>/bin/start_all
Verify the installation
The installation can be verified in the following way:
Transfer Site
Open an ST user account and create a new Transfer Site under Admin UI → Accounts → [user] → Transfer Sites → Add New. The Transfer Protocol dropdown should contain the relevant name of the Transfer Site in question - either "Google Drive" or "Google Cloud Storage".
Setup
Google Drive Side
Create a project
Create a project in the Google Cloud platform and enable the Google Cloud API function. Note that the project name used here will also be needed when configuring the Transfer Site in ST. If a Team Drive will be used, create a Team Drive. Again, note that the name of the Team Drive will be needed during Transfer site configuration.
Google Cloud Storage Side
Create a bucket
Create a bucket in the Google Cloud Storage platform and enable the Google Cloud API function. Note that the bucket name used here will also be needed when configuring the Transfer Site in ST.
The following steps are needed on both Google Drive and Google Cloud Storage sides.
Create a Service account
Create a Service account for this project and enable Google Apps Domain Wide delegation, then delegate domain wide authority to the Service account by adding it to the G Suite domain.
Obtain the credentials
Download the credentials for the Service account in a .p12 file format. This will be needed to authenticate the ST user to Google Cloud Storage. Retrieve the full email address of the Service account and save it for later use.
Grant access to the API
Proceed to grant access to the ST application, to the Google Cloud Storage API in the G Suite domain.
SecureTransport Side
Import the Google Drive Service account credentials .p12 file to a user account, by going to Admin UI → Accounts → [user] → Certificates → Private Certificates. Click the Import button, and import the .p12 file as an X509 format. Name the new certificate appropriately.
Create a Transfer Site under the same user and select "Google Drive" or "Google Cloud Storage" from the Protocol drop-down. Use the tooltips in the Transfer Site for more information about a particular field or option. The below section describes some of those options and fields, which are required and/or their tooltips don't offer sufficient details.
Bucket name: For a Google Cloud Storage site, specify the bucket name instead of Google Drive information.
Site Name: Define a name of the Google Drive Site.
Project Name: Input the exact name of the project created in Google.
Access Level – It is recommended to use "Public" if yu are going to use the Site in an Advanced Router (AR) Subscriptions at some point.
Storage: Choose either Team Drive or My Drive in the drop down menu. If Team Drive is used, input the exact name of the Team Drive in the Team Drive Name field.
Note that only a single Team Drive may be used in a Transfer Site. If multiple Team Drives must be accessed, each Team Drive must have its own Transfer Site.
Network Zone: the according proxy for uploads/downloads.
Service Account Key: select the name of the imported .p12 certificate, holding the Service account credentials. In Service Account Email field put the service account's email address which was retrieved in the Google side section of this article.
User Email: an optional field, where the email of a Google account may be set. When transferring files, ST will act on behalf of the account set in this field. Expression Language is supported.
If this field is not used, the Service account itself must be provided with access to the Team Drive folder and the file author parameter on transferred files will appear as "unknown".
Important: Make sure that network connectivity including DNS resolution to the Google Drive service is possible and traffic from/to the following hostname on port 443 is allowed on the local network firewall:
www.googleapis.com
Test the setup
Server Initiated Pull by ST from Google Drive or Google Cloud Storage
- Create a Subscription to a Basic Application (BA).
- in the For Files Received from this Account or its Partners section, select "Automatically retrieve files from" and select the newly created Google Transfer Site from the drop-down.
- Set a schedule or alternatively, use the Retrieve Files Now button after the Subscription was saved (i.e. save the Subscription, re-open it and then use the button).
- [optional] Under For Files Sent to this Account or its Partners, select "Send Files Directly To" and select a different Site where the test file should be sent to (local or remote location) after it's pulled from Google remote site.
- Save the Subscription.
- Place a test file in the Google Drive or Google bucket in the folder that was defined under "Download Settings" of the Google remote site in ST.
- Wait for the scheduler to trigger or use the "Retrieve Files Now" button in the Subscription.
- Go to Operations → File Tracking, and make sure each of the transfers succeeded with green check Transfer Status icon.
Server Initiated Push from ST to Google Drive or Google Cloud Storage
- Create another Subscription to a Basic Application (BA).
- Under For Files Sent to this Account or its Partners, select "Send Files Directly To" and select the Google Transfer Site.
- Login to ST with the user account and upload a test file in the Subscription Folder. Wait for a few seconds.
- Go to Operations → File Tracking, and make sure each of the transfers succeeded with green check Transfer Status icon.
- If all have succeeded, go to the Google Drive or Google bucket and check the folder defined under "Upload Settings" of the Google Site in ST.
Troubleshooting
When a transfer to the Google remote site has failed, the steps below can be used as guidelines how to troubleshoot the issue. Yet, as a first step, you should always verify that the certificate, the Service Account's name and email, and the Drive's name in the Google Drive Transfer Site are correct and up to date.
- Click on the red X Transfer Status icon related to the failed transfer, expand the window and take a screenshot of the entire content. The screenshot will be requested by Axway Support in case it is needed to open a Support ticket.
- Check the information under Protocol Commands in the transfer details pop-up. The error may provide directions to the root cause.
- Click on the SessionID link, which redirects to the Server Log with filtered results related to the transfer session.
- Add an additional filter for ERROR log level and hit Go.
- Inspect the messages related to the transfer session.
- The detailed error/root cause is likely to be presented in these event messages. Click on the timestamp link next to the message that might hold the error. Expand the window. Detailed error message/stack trace is presented.
In case the error does not provide an explanation what had happened, take a screenshot of the window mentioned in the last bullet point and/or export the log results using the "Export Log" button and open a ticket with Axway Support for further investigation. In case the Transaction Manager (TM) log is exported in flat file, send an archived copy of the TM log to Axway Support, along with the timeframe/timestamp details of the failed transfer.