Importing and exporting existing Google Cloud resources by name

This page describes the config-connector export command and how to use it to export Google Cloud resources into Config Connector YAML files which you can subsequently import into Config Connector.

With config-connector export you can export an existing Google Cloud resource. When you pass a resource's full name to config-connector export, config-connector generates a YAML manifest that you can import into Config Connector.

Before you begin

Before you begin, install the config-connector tool.

Exporting example

In this example, you create a PubSubTopic with the gcloud command-line tool and then import it into Config Connector.

Create a topic named sample-topic:
```
gcloud pubsub topics create sample-topic
```
You receive confirmation that the topic has been created.
```
Created topic [projects/PROJECT_ID/topics/sample-topic].
```
In the output, PROJECT_ID is replaced with your Google Cloud project.
Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:
```
TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
```
To identify a resource, config-connector export uses the full resource name. Save the resource name of the topic into an environment variable with the following command:
```
TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
```

Export the topic with config-connector export by running the following command:

config-connector export ${TOPIC_RESOURCE_NAME}

The output is a Config Connector resource in YAML format.

---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  annotations:
    cnrm.cloud.google.com/project-id: PROJECT_ID
  name: sample-topic
...

In the output, PROJECT_ID is replaced with your Google Cloud project.

You can pass this resource into Config Connector with kubectl apply -f -. To pass the resource directly, run the following command:
```
config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f -  --namespace CC_NAMESPACE
```
Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

Config Connector acquires the resource.
Confirm that Config Connector is managing the resource with kubectl describe:
```
kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
```
Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

Command-line options

The config-connector export command has the following options:

config-connector export RESOURCE_NAME \
    --output FILENAME \
    --oauth2-token TOKEN \
    --iam-format [policy | policymember | none] \
    --filter-deleted-iam-members [true | false] \
    --verbose

--output: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.
--oauth2-token: An OAUTH2 token as the Google Cloud identity. By default, config-connector uses the Cloud SDK default credentials.
--iam-format: Specifies the kind of IAM resources output with your export. Options are policy (default), policymember, or none.
--filter-deleted-iam-members: Specifies whether to filter out deleted IAM principals. Options are true or false. The default value is false.
--verbose: Enables verbose logging.

What's next

Read about how Config Connector acquires existing Google Cloud resources