Importing and exporting existing Google Cloud resources by name


This page describes the config-connector export command and how to use it to export Google Cloud resources into Config Connector YAML files which you can subsequently import into Config Connector.

With config-connector export you can export an existing Google Cloud resource. When you pass a resource's full name to config-connector export, config-connector generates a YAML manifest that you can import into Config Connector.

If the Google Cloud resource that you want to import into Config Connector already exists with the same name, then Config Connector takes control of the resource and manages it with the YAML that you provide. Config Connector doesn't throw an error in this situation unless the provided YAML contains changes to immutable fields or has other issues in the configuration.

Before you begin

Before you begin, install the config-connector tool.

Exporting example

In this example, you create a PubSubTopic with the Google Cloud CLI and then import it into Config Connector.

  1. Create a topic named sample-topic:

    gcloud pubsub topics create sample-topic
    

    You receive confirmation that the topic has been created.

    Created topic [projects/PROJECT_ID/topics/sample-topic].
    

    In the output, PROJECT_ID is replaced with your Google Cloud project.

  2. Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:

    TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
    
  3. To identify a resource, config-connector export uses the full resource name. Save the resource name of the topic into an environment variable with the following command:

    TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
    
  4. Export the topic with config-connector export by running the following command:

    config-connector export ${TOPIC_RESOURCE_NAME}
    

    The output is a Config Connector resource in YAML format.

    ---
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    metadata:
      annotations:
        cnrm.cloud.google.com/project-id: PROJECT_ID
      name: sample-topic
    ...
    

    In the output, PROJECT_ID is replaced with your Google Cloud project.

  5. You can pass this resource into Config Connector with kubectl apply -f -. To pass the resource directly, run the following command:

    config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f -  --namespace CC_NAMESPACE
    

    Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

    Config Connector acquires the resource.

  6. Confirm that Config Connector is managing the resource with kubectl describe:

    kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
    

    Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

Supported resources

You can print the list of resources for the config-connector tool along with resource name formats by running the following command:

config-connector print-resources

Command-line options

The config-connector export command has the following options:

config-connector export RESOURCE_NAME \
    --output FILENAME \
    --oauth2-token TOKEN \
    --iam-format [policy | policymember | none] \
    --filter-deleted-iam-members [true | false] \
    --verbose
  • --output: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.
  • --oauth2-token: An OAUTH2 token as the Google Cloud identity. By default, config-connector uses the Google Cloud CLI default credentials.
  • --iam-format: Specifies the kind of IAM resources output with your export. Options are policy (default), policymember, or none.
  • --filter-deleted-iam-members: Specifies whether to filter out deleted IAM principals. Options are true or false. The default value is false.
  • --verbose: Enables verbose logging.

What's next