SFTP

The SFTP connector lets you connect to a SFTP server and perform file transfer operations.

Before you begin

Before using the SFTP connector, do the following tasks:

  • In your Google Cloud project:
    • Grant the roles/connectors.admin IAM role to the user configuring the connector.
    • Grant the following IAM roles to the service account that you want to use for the connector:
      • roles/secretmanager.viewer
      • roles/secretmanager.secretAccessor

      A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. If you don't have a service account, you must create a service account. For more information, see Creating a service account.

    • Enable the following services:
      • secretmanager.googleapis.com (Secret Manager API)
      • connectors.googleapis.com (Connectors API)

      To understand how to enable services, see Enabling services.

    If these services or permissions have not been enabled for your project previously, you are prompted to enable them when configuring the connector.

Configure the connector

Configuring the connector requires you to create a connection to your data source (backend system). A connection is specific to a data source. It means that if you have many data sources, you must create a separate connection for each data source. To create a connection, do the following steps:

  1. In the Cloud console, go to the Integration Connectors > Connections page and then select or create a Google Cloud project.

    Go to the Connections page

  2. Click + Create new to open the Create Connection page.
  3. In the Location section, choose the location for the connection.
    1. Region: Select a location from the drop-down list.

      For the list of all the supported regions, see Locations.

    2. Click Next.
  4. In the Connection Details section, complete the following:
    1. Connector: Select SFTP from the drop down list of available Connectors.
    2. Connector version: Select the Connector version from the drop down list of available versions.
    3. In the Connection Name field, enter a name for the Connection instance.

      Connection names must meet the following criteria:

      • Connection names can use letters, numbers, or hyphens.
      • Letters must be lower-case.
      • Connection names must begin with a letter and end with a letter or number.
      • Connection names cannot exceed 63 characters.
    4. Optionally, enter a Description for the connection instance.
    5. Optionally, enable Cloud logging, and then select a log level. By default, the log level is set to Error.
    6. Service Account: Select a service account that has the required roles.
    7. Optionally, configure the Connection node settings:

      • Minimum number of nodes: Enter the minimum number of connection nodes.
      • Maximum number of nodes: Enter the maximum number of connection nodes.

      A node is a unit (or replica) of a connection that processes transactions. More nodes are required to process more transactions for a connection and conversely, fewer nodes are required to process fewer transactions. To understand how the nodes affect your connector pricing, see Pricing for connection nodes. If you don't enter any values, by default the minimum nodes are set to 2 (for better availability) and the maximum nodes are set to 50.

    8. Remote Path: Folder path in the SFTP server.

      Consider setting this field only if you want to perform any of the entity operations like List, Create, Update, or Delete.

      If you are accessing entities (files or folders) in the root folder, or the immediate child folders of the root folder, you need not set any value to this field. However, if you want to access nested entities that are present at a depth of 2 levels or more from the root folder, you must set the value of this field to the base path of the folder that has the entities you want to access. For example, if you want to access the /folder_A/folder_B/folder_C/test.png file, you must set the Remote Path to /folder_A/folder_B/folder_C.

    9. Optionally, click + Add label to add a label to the Connection in the form of a key/value pair.
    10. Click Next.
  5. In the Destinations section, enter details of the remote host (backend system) you want to connect to.
    1. Destination Type: Select a Destination Type.
      • Select Host address from the list to specify the hostname or IP address of the destination.
      • If you want to establish a private connection to your backend systems, select Endpoint attachment from the list, and then select the required endpoint attachment from the Endpoint Attachment list.

      If you want to establish a public connection to your backend systems with additional security, you can consider configuring static outbound IP addresses for your connections, and then configure your firewall rules to allowlist only the specific static IP addresses.

      To enter additional destinations, click +Add destination.

    2. Click Next.
  6. In the Authentication section, enter the authentication details.
    1. Select an Authentication type and enter the relevant details.

      The following authentication types are supported by the SFTP connection:

      • Username and password
      • SSH_PUBLIC_KEY
    2. To understand how to configure these authentication types, see Configure authentication.

    3. Click Next.
  7. Review: Review your connection and authentication details.
  8. Click Create.

Configure authentication

Enter the details based on the authentication you want to use.

  • Username and password
    • Username: The SFTP username to use for the connection.
    • Password: Secret Manager Secret containing the password associated with the SFTP username.
  • SSH_PUBLIC_KEY
    • Username: The SFTP user account used to authenticate.
    • SSH Private Key: Private Key for SSH authentication.
    • SSH Private Key password: Passphrase/password protecting the private key, if any.
    • SSH Private Key type: Format of the Private Key.

Entities, operations, and actions

All the Integration Connectors provide a layer of abstraction for the objects of the connected application. You can access an application's objects only through this abstraction. The abstraction is exposed to you as entities, operations, and actions.

  • Entity: An entity can be thought of as an object, or a collection of properties, in the connected application or service. The definition of an entity differs from a connector to a connector. For example, in a database connector, tables are the entities, in a file server connector, folders are the entities, and in a messaging system connector, queues are the entities.

    However, it is possible that a connector doesn't support or have any entities, in which case the Entities list will be empty.

  • Operation: An operation is the activity that you can perform on an entity. You can perform any of the following operations on an entity:

    Selecting an entity from the available list, generates a list of operations available for the entity. For a detailed description of the operations, see the Connectors task's entity operations. However, if a connector doesn't support any of the entity operations, such unsupported operations aren't listed in the Operations list.

  • Action: An action is a first class function that is made available to the integration through the connector interface. An action lets you make changes to an entity or entities, and vary from connector to connector. Normally, an action will have some input parameters, and an output parameter. However, it is possible that a connector doesn't support any action, in which case the Actions list will be empty.

System limitations

The SFTP connector can process 1 transaction per second, per node, and throttles any transactions beyond this limit. By default, Integration Connectors allocates 2 nodes (for better availability) for a connection.

For information on the limits applicable to Integration Connectors, see Limits.

Actions

This section lists some of the actions supported by the connector. To understand how to configure the actions, see Action examples.

Upload action

The following table describes the input parameters of the Upload action.

Parameter name Data type Required Description
Content String No Content to upload as a file.
ContentBytes String No Bytes content (as a Base64 string) to upload as a file. Use this to upload binary data.
HasBytes Boolean No Specifies if the content should be uploaded as bytes. The default value is false.
RemoteFile String Yes The file name on the remote host.
Overwrite Boolean No Specifies if the remote file should be overwritten. The default value is false.

For examples on how to configure the Upload action, see Examples.

Download action

The following table describes the input parameters of the Download action.

Parameter name Data type Required Description
RemoteFile String Yes The file name on the remote host.
HasBytes Boolean No Specifies if the content should be downloaded as bytes. The default value is false.

For examples on how to configure the Download action, see Examples.

MoveFile action

The following table describes the input parameters of the MoveFile action.

Parameter name Data type Required Description
RemoteFile String Yes The path of the remote file to be moved.
DestinationPath String Yes The new path you want to move the file to.

For examples on how to configure the MoveFile action, see Examples.

RenameFile action

The following table describes the input parameters of the RenameFile action.

Parameter name Data type Required Description
RemoteFile String Yes Remote file path and name to be renamed.
NewFileName String Yes New name of the remote file.

For examples on how to configure the RenameFile action, see Examples.

Examples

This section describes how to perform some of the entity operations and actions in this connector. The examples describe the following operations:

  • List all files in the root directory
  • List files that match a pattern in a directory
  • Move a file
  • Rename a file
  • Delete a file
  • Upload an ASCII text file
  • Upload a binary file
  • Download an ASCII text file
  • Download a binary file

The following table lists the sample scenarios and the corresponding configuration in the Connectors task:

Task Sample command Configuration
List all files in the root directory ls /
  1. In the Configure connector task dialog, click Entities.
  2. Select the Root entity and then select the List operation.
  3. Click Done.
List .csv files in a directory ls /tmp/*.csv
  1. In the Configure connector task dialog, click Entities.
  2. Select the base directory (/tmp) from the Entity list.
  3. Select the List operation, and then click Done.
  4. Set the filter clause. To set the clause, in the Task Input section of the Connectors task, click filterClause and then enter FilePath LIKE '/tmp/%.csv' in the Default Value field.
Move a file mv /tmp/dir_A/hello_world.txt /dir_B/dir_C/
  1. In the Configure connector task dialog, click Actions.
  2. Select the MoveFile action, and then click Done.
  3. In the Task Input section of the Connectors task, click connectorInputPayload and then enter a value similar to the following in the Default Value field:
    {
    "RemoteFile": "/tmp/dir_A/hello_world.txt",
    "DestinationPath": "/dir_B/dir_C/"
    }

This example moves the /tmp/dir_A/hello_world.txt file to the /dir_B/dir_C/ directory. Running this example, returns a response smiliar to the following in the Connector task's connectorOutputPayload output variable:

[{
"Success":"true"
}]
Rename a file mv /tmp/hello_world.txt /tmp/hello_world_new.txt
  1. In the Configure connector task dialog, click Actions.
  2. Select the RenameFile action, and then click Done.
  3. In the Task Input section of the Connectors task, click connectorInputPayload and then enter a value similar to the following in the Default Value field:
    {
    "RemoteFile": "/tmp/hello_world.txt",
    "NewFilename": "hello_world_new.txt"
    }

This example renames the hello_world.txt file to hello_world_new.txt. Running this example, returns a response smiliar to the following in the Connector task's connectorOutputPayload output variable:

[{
"Success":"true"
}]
Delete a file rm /tmp/myfile.csv
  1. In the Configure connector task dialog, click Entities.
  2. From the Entity list, select the base directory that has the file to be moved.
  3. Select the Delete operation, and then click Done.
  4. Set the entity ID to the file's full path. To set the entity ID, in the Task Input section of the Connectors task, click entityId and then enter /tmp/myfile.csv in the Default Value field.

    Alternately, instead of specifying the entityId, you can also set the filterClause to FilePath LIKE '/tmp/myfile.csv'.

Upload an ASCII text file put file_1.txt /tmp/file_1.txt
  1. In the Configure connector task dialog, click Actions.
  2. Select the Upload action, and then click Done.
  3. In the Task Input section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
    {
      "Content": "This is a sample text!\r\n",
      "RemoteFile": "/tmp/file_1.txt",
      "Overwrite": true
    }
  4. This sample creates the file_1.txt file that has the content This is a sample text! in the SFTP server's /tmp directory. And any existing file with the same name is overwritten because the Overwrite attribute value is true.

    Setting the Overwrite attribute is optional; by default, the value is false.

Upload a binary file put image_1.png /tmp/image_1.png To upload a binary content, you must first encode the content in the Base64 format. You can choose a tool of your choice to encode the content. Steps for encoding the content are out of the scope of this document. After you have the content as a Base64 string, perform the following steps:
  1. In the Configure connector task dialog, click Actions.
  2. Select the Upload action, and then click Done.
  3. In the Task Input section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
    {
      "ContentBytes": "SGVsbG8gd29ybGQ=",
      "RemoteFile": "/tmp/image_1.png",
      "Overwrite": true,
      "HasBytes": true
    }
  4. This sample creates the image_1.png file with the content as specified in the ContentBytes field. The file is created in the SFTP server's /tmp directory. And any existing file with the same name is overwritten because the Overwrite attribute value is true.

    Setting the Overwrite attribute is optional; by default the value is false.

Download an ASCII text file get /tmp/myfile.txt
  1. In the Configure connector task dialog, click Actions.
  2. Select the Download action, and then click Done.
  3. In the Task Output section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
    {
    "RemoteFile": "/tmp/myfile.txt"
    }

The content of the downloaded file is available as a string in the Content field of the Connector task's connectorOutputPayload response parameter.

Download a binary file get /tmp/myfile.png
  1. In the Configure connector task dialog, click Actions.
  2. Select the Download action, and then click Done.
  3. In the Task Output section of the Connectors task, click connectorInputPayload and then enter the following in the Default Value field:
    {
    "RemoteFile": "/tmp/myfile.png",
    "HasBytes" : true
    }

The content of the downloaded file is available as a Base64 encoded string in the ContentBytes field of the Connector task's connectorOutputPayload response parameter.

JSON schema for payload

All the entity objects in a SFTP connection have a pre-defined JSON schema. Having a good understanding of the schema, lets you easily configure the input or output payload values. The entity objects in a SFTP connection use the following JSON schema:

  {
    "type": "object",
    "properties": {
      "FilePath": {
        "type": "string",
        "readOnly": false
      },
      "Filename": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false,
        "description": "The name of the file or directory."
      },
      "FileSize": {
        "type": [
          "number",
          "null"
        ],
        "readOnly": false,
        "description": "The size of the file."
      },
      "LastModified": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false
      },
      "IsDirectory": {
        "type": [
          "boolean",
          "null"
        ],
        "readOnly": false
      },
      "Permissions": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false
      },
      "Owner": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false
      },
      "OwnerId": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false
      },
      "Group": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false
      },
      "GroupId": {
        "type": [
          "string",
          "null"
        ],
        "readOnly": false
      }
    }
  }

Dynamic configuration of filterClause

For the List, Update, and Delete operations, you can set the value of the filterClasue input variable dynamically at runtime by using the Data Mapping task in your integration. For example, you might want to send the filter clause's value when invoking the API trigger in your integration. The following image shows a sample mapping for the filterClause variable in the Data Mapping editor of the Data Mapping task: set filter clause in the data mapping editor

Use terraform to create connections

You can use the Terraform resource to create a new connection.

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.

To view a sample terraform template for connection creation, see sample template.

When creating this connection by using Terraform, you must set the following variables in your Terraform configuration file:

Parameter name Data type Required Description
remote_path STRING False The current path in the SFTP server.

Use the SFTP connection in an integration

After you create the connection, it becomes available in both Apigee Integration and Application Integration. You can use the connection in an integration through the Connectors task.

  • To understand how to create and use the Connectors task in Apigee Integration, see Connectors task.
  • To understand how to create and use the Connectors task in Application Integration, see Connectors task.

Get help from the Google Cloud community

You can post your questions and discuss this connector in the Google Cloud community at Cloud Forums.

What's next