Importing and exporting existing Google Cloud resources by name

This page describes the config-connector export command and how to use it to export Google Cloud resources into Config Connector YAML files which you can subsequently import into Config Connector.

With config-connector export you can export an existing Google Cloud resource. When you pass a resource's full name to config-connector export, config-connector generates a YAML manifest that you can import into Config Connector.

Before you begin

Before you begin, install the config-connector tool.

Exporting example

In this example, you create a PubSubTopic with the gcloud command-line tool and then import it into Config Connector.

1. Create a topic named sample-topic:

   gcloud pubsub topics create sample-topic
   

   You receive confirmation that the topic has been created.

   Created topic [projects/PROJECT_ID/topics/sample-topic].
   

   In the output, PROJECT_ID is replaced with your Google Cloud project.

2. Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:

   TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
   

3. To identify a resource, config-connector export uses the full resource name. Save the resource name of the topic into an environment variable with the following command:

   TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
   

4. Export the topic with config-connector export by running the following command:

   config-connector export ${TOPIC_RESOURCE_NAME}
   

   The output is a Config Connector resource in YAML format.

   ---
   apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
   kind: PubSubTopic
   metadata:
     annotations:
       cnrm.cloud.google.com/project-id: PROJECT_ID
     name: sample-topic
   ...
   

   In the output, PROJECT_ID is replaced with your Google Cloud project.

5. You can pass this resource into Config Connector with kubectl apply -f -. To pass the resource directly, run the following command:

   config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f -  --namespace CC_NAMESPACE
   

   Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

   Config Connector acquires the resource.

6. Confirm that Config Connector is managing the resource with kubectl describe:

   kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
   

   Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

Command-line options

The config-connector export command has the following options:

config-connector export RESOURCE_NAME \
    --output FILENAME \
    --oauth2-token TOKEN \
    --iam-format [policy | policymember | none] \
    --verbose

• --output: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.
• --oauth2-token: An OAUTH2 token as the Google Cloud identity. By default, config-connector uses the Cloud SDK default credentials.
• --iam-format: Specifies the kind of IAM resources output with your export. Options are policy (default), policymember, or none.
• --verbose: Enables verbose logging.

What's next

• Read about how Config Connector acquires existing Google Cloud resources