Google Cloud

Manage and use Google Cloud resources in your workflows

Triggers

Artifact Registry • On Artifact Analysis Trigger a workflow when a Container Analysis occurrence is published for an artifact

Artifact Registry • On Artifact Push Trigger a workflow when an artifact is pushed to GCP Artifact Registry

Cloud Build • On Build Complete Trigger a workflow when a GCP Cloud Build build reaches a terminal status

Compute • On VM Instance Listen to GCP Compute Engine VM instance lifecycle events

Monitoring • On Alert Trigger a workflow when a Cloud Monitoring alerting policy opens or closes an incident

Pub/Sub • On Message Trigger a workflow when a message is published to a GCP Pub/Sub topic

Actions

Artifact Registry • Get Artifact Retrieve artifact version details from GCP Artifact Registry

Artifact Registry • Get Artifact Analysis Retrieve Container Analysis occurrences (vulnerabilities, build provenance, attestations) for an artifact

Cloud Build • Create Build Create a Cloud Build build and wait for it to finish

Cloud Build • Get Build Retrieve a Cloud Build build by ID

Cloud Build • Run Trigger Run a Cloud Build trigger and wait for the build to finish

Cloud DNS • Create Record Create a DNS record in a Google Cloud DNS managed zone

Cloud DNS • Delete Record Delete a DNS record from a Google Cloud DNS managed zone

Cloud DNS • Update Record Update an existing DNS record in a Google Cloud DNS managed zone

Cloud Functions • Invoke Function Invoke a Google Cloud Function and return the response

Cloud SQL • Create Database Create a logical database inside a Cloud SQL instance

Cloud SQL • Delete Database Delete a logical database from a Cloud SQL instance

Cloud SQL • Get Database Fetch a logical database from a Cloud SQL instance

Compute • Create Static IP Reserve a regional external static IP address in a Google Cloud project

Compute • Delete Static IP Release a regional external static IP address from a Google Cloud project

Compute • Manage Static IP Attach or detach a static IP address to/from a Google Compute Engine VM instance

Compute • Create Image Create a Google Compute Engine custom image from a disk, snapshot, or another image

Compute • Create Virtual Machine Create a Google Compute Engine VM. Configure machine type, zone, provisioning model, and more.

Compute • Delete Image Permanently delete a Google Compute Engine custom image

Compute • Delete VM Instance Permanently delete a Google Compute Engine VM instance

Compute • Get VM Instance Fetch the current state of a Google Compute Engine VM instance

Compute • Get VM Metrics Fetch CPU and network metrics for a Google Compute Engine VM instance

Compute • Manage VM Power Perform power operations on a Google Compute Engine VM instance

Monitoring • Create Alerting Policy Create a Cloud Monitoring alerting policy that triggers when Compute Engine instance metrics cross thresholds

Monitoring • Delete Alerting Policy Permanently delete a Cloud Monitoring alerting policy

Monitoring • Get Alerting Policy Read the configuration and state of a Cloud Monitoring alerting policy

Monitoring • Update Alerting Policy Update an existing Cloud Monitoring alerting policy's conditions, combiner, severity, strategy, or notifications

Managed Prometheus • Query Run an instant PromQL query against Google Cloud Managed Service for Prometheus

Managed Prometheus • Query Range Run a PromQL range query against Google Cloud Managed Service for Prometheus

Pub/Sub • Create Subscription Create a GCP Pub/Sub subscription

Pub/Sub • Create Topic Create a GCP Pub/Sub topic

Pub/Sub • Delete Subscription Delete a GCP Pub/Sub subscription

Pub/Sub • Delete Topic Delete a GCP Pub/Sub topic

Pub/Sub • Publish Message Publish a message to a GCP Pub/Sub topic

Compute • Update Image Update a Google Compute Engine image: deprecate or obsolete it, and update its labels

Compute • Update VM Machine Type Change the machine type of a Google Compute Engine VM instance

Instructions

Connection method

Service Account Key

1. Go to IAM & Admin → Service Accounts in the Google Cloud Console.
2. Select a service account → Keys → Add Key → JSON.
3. Paste the downloaded JSON below.

Workload Identity Federation (keyless)

1. Create a Workload Identity Pool with an OIDC provider.
2. Set the Issuer URL to this SuperPlane instance’s URL.
3. Set the Audience to the pool provider resource name.
4. Grant the federated identity permission to impersonate a service account with the roles your workflows need.
5. Enter the pool provider resource name and Project ID below.

Required IAM roles

• roles/logging.configWriter — create logging sinks for event triggers
• roles/pubsub.admin — manage Pub/Sub topics, subscriptions, and IAM policies for event delivery
• Additional roles depending on which components you use (e.g. roles/compute.admin for VM management, roles/monitoring.viewer to read VM metrics, roles/cloudsql.admin to manage Cloud SQL databases)

Artifact Registry • On Artifact Analysis

Trigger key: gcp.artifactregistry.onArtifactAnalysis

The On Artifact Analysis trigger starts a workflow execution when Google Container Analysis publishes a new occurrence (e.g. vulnerability finding, build provenance, or attestation) for an artifact.

Trigger behavior: SuperPlane subscribes to the container-analysis-occurrences-v1 Pub/Sub topic that Container Analysis automatically publishes to.

Use Cases

• Security automation: React to new vulnerability findings for your container images
• Compliance workflows: Trigger policy enforcement when attestations are created
• Build provenance: React to new build provenance records

Setup

Required GCP setup: Ensure the Container Analysis API (containeranalysis.googleapis.com) and Pub/Sub API are enabled in your project. The service account must have roles/pubsub.admin and roles/containeranalysis.occurrences.viewer.

Configuration

• Occurrence Kinds: Filter by occurrence type. Leave empty to receive only DISCOVERY occurrences (one event per completed scan — recommended). Set explicitly to receive other types such as VULNERABILITY (one event per CVE found).
• Location / Repository / Package: Optional filters to scope events to a specific artifact.

Event Data

Each event contains the full Container Analysis Occurrence resource, including kind, resourceUri, noteName, and the occurrence-specific data (e.g. vulnerability for vulnerability findings).

Example Data

{
  "data": {
    "kind": "VULNERABILITY",
    "name": "projects/my-project/occurrences/vuln-001",
    "noteName": "projects/goog-vulnz/notes/CVE-2023-1234",
    "resourceUri": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123",
    "vulnerability": {
      "cvssScore": 7.5,
      "packageIssue": [
        {
          "affectedPackage": "libssl1.1",
          "affectedVersion": {
            "kind": "NORMAL",
            "name": "1.1.1n-0+deb11u3"
          },
          "fixedVersion": {
            "kind": "NORMAL",
            "name": "1.1.1n-0+deb11u5"
          }
        }
      ],
      "severity": "HIGH"
    }
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.artifactregistry.artifact.analysis"
}

Artifact Registry • On Artifact Push

Trigger key: gcp.artifactregistry.onArtifactPush

The On Artifact Push trigger starts a workflow execution when a Docker image or other container artifact is pushed to Artifact Registry.

Trigger behavior: SuperPlane subscribes to the gcr Pub/Sub topic that Artifact Registry automatically publishes to for container image push events.

Use Cases

• Post-push automation: Trigger vulnerability scans, deployments, or notifications when a new image is pushed
• Release workflows: Promote artifacts through environments when a new tag is published
• Security automation: Kick off container analysis on every new push

Setup

Required GCP setup: Ensure the Artifact Registry API and Pub/Sub API are enabled in your project. The service account must have roles/pubsub.admin so SuperPlane can create the push subscription.

Configuration

• Location: Optional filter by Artifact Registry location. Leave empty to receive events for all locations.
• Repository: Optional filter by repository name. Leave empty to receive events for all repositories.

Event Data

Each event contains:

• action: Always INSERT for pushes
• digest: Full image digest URI (e.g. us-central1-docker.pkg.dev/project/repo/image@sha256:abc)
• tag: Full image tag URI (e.g. us-central1-docker.pkg.dev/project/repo/image:latest)

Example Data

{
  "data": {
    "action": "INSERT",
    "digest": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123def456",
    "tag": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image:latest"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.artifactregistry.artifact.push"
}

Cloud Build • On Build Complete

Trigger key: gcp.cloudbuild.onBuildComplete

The On Build Complete trigger starts a workflow execution when a GCP Cloud Build build finishes.

Trigger behavior: SuperPlane subscribes to the cloud-builds Pub/Sub topic that Cloud Build automatically publishes to. Build notifications are pushed to SuperPlane and matched to this trigger.

Use Cases

• Post-build automation: Deploy artifacts, send notifications, or update tickets after a build succeeds
• Failure handling: Alert teams or create incidents when builds fail
• Build pipelines: Chain multiple build steps across different projects

Setup

Required GCP setup: Ensure the Cloud Build API and Pub/Sub API are enabled in your project. The service account used by the integration must have roles/pubsub.admin so SuperPlane can automatically create the cloud-builds topic and its push subscription.

Configuration

• Statuses: Filter by terminal Cloud Build status.
• Build Source: Optionally limit events to trigger-based builds or direct/API builds. Leave empty to listen to both.
• Cloud Build Trigger: Filter to a specific Cloud Build trigger. This only applies to trigger-based builds and cannot be combined with Build Source = Direct/API Builds.

Event Data

Each event contains the full Cloud Build resource, including id, status (SUCCESS, FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, EXPIRED), buildTriggerId, logUrl, createTime, finishTime, and more.

Example Data

{
  "data": {
    "buildTriggerId": "abcdefgh-1234-5678-abcd-123456789012",
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Compute • On VM Instance

Trigger key: gcp.compute.onVMInstance

The On VM Instance trigger starts a workflow execution when a Compute Engine VM instance lifecycle event occurs.

Trigger behavior: SuperPlane creates a Cloud Logging sink that captures Compute Engine audit log events and routes them to a shared Pub/Sub topic. Events are pushed to SuperPlane and matched to this trigger automatically.

Use Cases

• Post-provisioning automation: Run configuration, monitoring, or security setup after a VM is created
• Inventory and compliance: Record new VMs or trigger audits
• Notifications: Notify teams or systems when new VMs appear in a project or zone

Setup

Required GCP setup: Ensure the Pub/Sub API is enabled in your project and the integration’s service account has roles/logging.configWriter and roles/pubsub.admin permissions.

SuperPlane automatically creates a Cloud Logging sink to capture VM instance events.

Event Data

Each event includes the audit log entry with resourceName (e.g. projects/my-project/zones/us-central1-a/instances/my-vm), serviceName (compute.googleapis.com), methodName (v1.compute.instances.insert), and the full log entry data.

Example Data

{
  "data": {
    "data": {
      "protoPayload": {
        "methodName": "v1.compute.instances.insert",
        "resourceName": "projects/my-project/zones/us-central1-a/instances/my-vm",
        "serviceName": "compute.googleapis.com"
      }
    },
    "logName": "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity",
    "methodName": "v1.compute.instances.insert",
    "resourceName": "projects/my-project/zones/us-central1-a/instances/my-vm",
    "serviceName": "compute.googleapis.com",
    "timestamp": "2025-02-14T12:00:00Z"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance"
}

Monitoring • On Alert

Trigger key: gcp.monitoring.onAlert

The On Alert trigger starts a workflow execution when a Cloud Monitoring alerting policy fires (opens) or resolves (closes) an incident.

Trigger behavior

When this trigger is set up, SuperPlane automatically creates a webhook notification channel in Cloud Monitoring that points back at SuperPlane. Cloud Monitoring POSTs the incident to SuperPlane whenever a policy attached to that channel changes state.

To route a policy’s incidents here, attach this trigger’s notification channel to the policy via the Create Alerting Policy or Update Alerting Policy component’s Notification Channels field. The channel’s resource name is shown on the node after setup.

Configuration

• States: Which incident states to emit on — open (fired) and/or closed (resolved). Defaults to open.

Event Data

Emits one gcp.monitoring.alert event per matching incident, including the incident id, state, policy and condition names, the affected resource and metric, the observed/threshold values, and the incident URL.

Important Notes

• Requires the roles/monitoring.notificationChannelEditor (or roles/monitoring.editor) IAM role so SuperPlane can create the webhook channel.
• Removing the trigger deletes the webhook notification channel it created.

Example Data

{
  "data": {
    "conditionName": "CPU utilization above threshold",
    "incidentId": "0.abcdef1234567890",
    "metricDisplayName": "CPU utilization",
    "metricType": "compute.googleapis.com/instance/cpu/utilization",
    "observedValue": "0.93",
    "policyName": "projects/my-project/alertPolicies/1234567890123456789",
    "resourceDisplayName": "my-vm",
    "resourceName": "my-vm",
    "scopingProjectId": "my-project",
    "startedAt": 1767225600,
    "state": "open",
    "summary": "CPU utilization for gce_instance my-vm is above the threshold of 0.8 with a value of 0.93.",
    "thresholdValue": "0.8",
    "url": "https://console.cloud.google.com/monitoring/alerting/incidents/0.abcdef1234567890?project=my-project"
  },
  "timestamp": "2026-01-01T00:00:00Z",
  "type": "gcp.monitoring.alert"
}

Pub/Sub • On Message

Trigger key: gcp.pubsub.onMessage

The On Message trigger starts a workflow execution when a message is published to a GCP Pub/Sub topic.

Trigger behavior: SuperPlane creates a push subscription on the selected topic. Published messages are pushed to SuperPlane and delivered to this trigger.

Use Cases

• Event-driven workflows: React to messages published by your applications
• Queue processing: Process tasks published to Pub/Sub topics
• System integration: Connect Pub/Sub events to downstream workflow steps

Setup

Required GCP setup: Ensure the Pub/Sub API is enabled in your project. The service account used by the integration must have roles/pubsub.admin to create push subscriptions on your topics.

Configuration

• Topic: Select the Pub/Sub topic to listen to.
• Subscription (optional): Reuse an existing subscription name. Leave empty to let SuperPlane create one.

Event Data

Each event contains the decoded message payload plus Pub/Sub metadata:

• data: The decoded message body
• messageId: The Pub/Sub message ID
• publishTime: When the message was published
• attributes: Any message attributes

Example Data

{
  "data": {
    "attributes": {
      "eventType": "order.created"
    },
    "data": "{\"event\":\"order.created\",\"orderId\":\"ord_abc123\"}",
    "messageId": "1234567890",
    "publishTime": "2025-01-01T00:00:00Z"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.message"
}

Artifact Registry • Get Artifact

Component key: gcp.artifactregistry.getArtifact

Retrieves the details of a specific artifact version from Google Artifact Registry.

Configuration

Provide either a Resource URL or the four fields below:

• Resource URL: Full resource URL of the image (e.g. https://us-central1-docker.pkg.dev/project/repo/image@sha256:abc). Use this to pass a digest directly from an upstream event such as On Artifact Push.
• Location: The GCP region where the repository is located.
• Repository: The Artifact Registry repository containing the artifact.
• Package: The package (image, library, etc.) within the repository.
• Version: The version or tag to retrieve.

Output

The full Version resource, including name, createTime, updateTime, description, relatedTags, and metadata.

Supported Formats

Artifact Registry supports all package formats when using Select from Registry mode. Resource URL mode is intended for container image URLs (for example from On Artifact Push events).

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "description": "my-image:latest",
    "fingerprints": [
      {
        "type": "DIRSUM_SHA256",
        "value": "Ac2PwnIxFXnnS6DfUou2JchB7F+krMAKv4f6sJr8VzM="
      }
    ],
    "metadata": {
      "buildTime": "1980-01-01T00:00:01Z",
      "imageSizeBytes": "20971520",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "name": "projects/my-project/locations/us-central1/repositories/my-repo/dockerImages/my-image@sha256:abc123def456"
    },
    "name": "projects/my-project/locations/us-central1/repositories/my-repo/packages/my-image/versions/sha256:abc123def456",
    "updateTime": "2025-01-01T00:05:00Z"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.artifactregistry.version"
}

Artifact Registry • Get Artifact Analysis

Component key: gcp.artifactregistry.getArtifactAnalysis

Retrieves existing Container Analysis occurrences for an artifact from Google Container Analysis.

Configuration

Provide either a Resource URL or the four fields below:

• Resource URL: Full resource URL of the image (e.g. https://us-central1-docker.pkg.dev/project/repo/image@sha256:abc). Use this to pass a digest directly from an upstream event such as On Artifact Push.
• Location: The GCP region where the repository is located.
• Repository: The Artifact Registry repository containing the artifact.
• Package: The package (image) within the repository.
• Version: The version (digest) to query.

Output

An analysis summary for the artifact, including:

• resourceUri: The analyzed artifact URI
• scanStatus: Discovery scan status (if available)
• Severity counts: critical, high, medium, low
• vulnerabilities: Total vulnerability occurrences
• fixAvailable: Count of vulnerabilities with fixes

Notes

• The Container Analysis API (containeranalysis.googleapis.com) must be enabled.
• The service account needs roles/containeranalysis.occurrences.viewer.
• This summarizes existing occurrences for the selected artifact.

Example Output

{
  "data": {
    "critical": 0,
    "fixAvailable": 1,
    "high": 1,
    "low": 0,
    "medium": 2,
    "resourceUri": "https://us-central1-docker.pkg.dev/my-project/my-repo/my-image@sha256:abc123",
    "scanStatus": "FINISHED_SUCCESS",
    "vulnerabilities": 3
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.containeranalysis.occurrences"
}

Cloud Build • Create Build

Component key: gcp.cloudbuild.createBuild

Creates and starts a Google Cloud Build build, then waits for the build to reach a terminal status.

Configuration

• Steps (required): JSON array of build steps. Each step needs at minimum a name (builder image) and optional args. Example: [{"name":"gcr.io/cloud-builders/docker","args":["build","-t","gcr.io/$PROJECT_ID/myapp","."]}]
• Source: Optional JSON object for the build source. This is the most flexible option and supports gitSource, repoSource, or storageSource. Example: {"gitSource":{"url":"https://github.com/org/repo.git","revision":"main"}}
• Connected Repository: Optional Cloud Build 2nd-gen repository path. Select a location, connection, repository, and branch/tag/commit directly from GCP. SuperPlane sends source.connectedRepository and creates the build in the repository’s region.
• Repository / Branch / Tag / Commit SHA: Convenience shortcut for repository-backed builds. If the repository value looks like a Git URL (https://..., ssh://..., or git@...), SuperPlane creates source.gitSource. Otherwise it treats the value as a Cloud Source Repository name and creates source.repoSource. Choose exactly one revision field.
• Images: Optional list of Docker image names to push after the build.
• Substitutions: JSON object of substitution key-value pairs (e.g. {"_ENV":"production"}).
• Timeout: Build timeout (e.g. 600s). Defaults to Cloud Build default (10 minutes).
• Project ID Override: Optionally run the build in a different project than the connected integration.

Output

The terminal Build resource, including id, status, logUrl, createTime, finishTime, and more.

Output Channels

• Passed: Emitted when Cloud Build finishes with SUCCESS.
• Failed: Emitted when Cloud Build finishes with any other terminal status, including FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, or EXPIRED.

Notes

• SuperPlane listens for Cloud Build notifications through the connected GCP integration and falls back to polling if an event does not arrive.
• SuperPlane automatically creates the shared cloud-builds Pub/Sub topic and push subscription when the GCP integration has roles/pubsub.admin and both the Cloud Build and Pub/Sub APIs are enabled.
• Cancelling the running execution from the UI sends a Cloud Build cancel request for the active build.

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud Build • Get Build

Component key: gcp.cloudbuild.getBuild

Retrieves the details of a specific Google Cloud Build build.

Configuration

• Build ID (required): The ID or full resource name of the Cloud Build build to retrieve.
• Project ID Override: Override the GCP project ID from the integration.

Output

The full Build resource, including id, status (SUCCESS, FAILURE, WORKING, QUEUED, etc.), logUrl, steps, images, createTime, finishTime, and more.

Example Output

{
  "data": {
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud Build • Run Trigger

Component key: gcp.cloudbuild.runTrigger

Runs an existing Cloud Build trigger and waits for the resulting build to reach a terminal status.

Configuration

• Trigger (required): The Cloud Build trigger to run. Select from triggers in the connected project.
• Branch or tag: Override the branch or tag to build from. Leave empty to use the trigger’s configured default. A 40-character hex string is treated as a commit SHA.
• Project ID Override: Optionally run the trigger in a different project than the connected integration.

Output

The terminal Build resource, including id, status, logUrl, createTime, finishTime, and more.

Output Channels

• Passed: Emitted when Cloud Build finishes with SUCCESS.
• Failed: Emitted when Cloud Build finishes with any other terminal status, including FAILURE, INTERNAL_ERROR, TIMEOUT, CANCELLED, or EXPIRED.

Notes

• SuperPlane listens for Cloud Build notifications through the connected GCP integration and falls back to polling if an event does not arrive.
• SuperPlane automatically creates the shared cloud-builds Pub/Sub topic and push subscription when the GCP integration has roles/pubsub.admin and both the Cloud Build and Pub/Sub APIs are enabled.
• Cancelling the running execution from the UI sends a Cloud Build cancel request for the active build.

Example Output

{
  "data": {
    "buildTriggerId": "abcdefgh-1234-5678-abcd-123456789012",
    "createTime": "2025-01-01T00:00:00Z",
    "finishTime": "2025-01-01T00:05:00Z",
    "id": "12345678-abcd-1234-5678-abcdef012345",
    "logUrl": "https://console.cloud.google.com/cloud-build/builds/12345678-abcd-1234-5678-abcdef012345",
    "projectId": "my-project",
    "status": "SUCCESS"
  },
  "timestamp": "2025-01-01T00:05:00Z",
  "type": "gcp.cloudbuild.build"
}

Cloud DNS • Create Record

Component key: gcp.clouddns.createRecord

The Create Record component creates a new DNS record set in a Google Cloud DNS managed zone.

Configuration

• Managed Zone (required): The Cloud DNS managed zone where the record will be created.
• Record Name (required): The DNS name for the record (e.g. api.example.com). A trailing dot is added automatically.
• Record Type (required): The DNS record type (A, AAAA, CNAME, TXT, MX, etc.).
• TTL (required): Time to live in seconds. Defaults to 300.
• Record Values (required): The values for the record (e.g. IP addresses for A records).

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

• change.id: The Cloud DNS change ID.
• change.status: The change status (done).
• change.startTime: When the change was submitted.
• record.name: The DNS record name.
• record.type: The DNS record type.

Example Output

{
  "data": {
    "change": {
      "id": "1",
      "startTime": "2026-01-28T10:30:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "api.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:30:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud DNS • Delete Record

Component key: gcp.clouddns.deleteRecord

The Delete Record component deletes a DNS record set from a Google Cloud DNS managed zone.

Configuration

• Managed Zone (required): The Cloud DNS managed zone containing the record.
• Record Name (required): The DNS name of the record to delete (e.g. api.example.com).
• Record Type (optional): The DNS record type to delete (A, AAAA, CNAME, TXT, MX, etc.). If not specified, all record sets with the given name are deleted.

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

• change.id: The Cloud DNS change ID.
• change.status: The change status (done).
• change.startTime: When the change was submitted.
• record.name: The DNS record name.
• record.type: The DNS record type (comma-separated when multiple types were deleted).

Example Output

{
  "data": {
    "change": {
      "id": "2",
      "startTime": "2026-01-28T10:31:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "old.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:31:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud DNS • Update Record

Component key: gcp.clouddns.updateRecord

The Update Record component updates an existing DNS record set in a Google Cloud DNS managed zone.

Configuration

• Managed Zone (required): The Cloud DNS managed zone containing the record.
• Record Name (required): The DNS name of the record to update (e.g. api.example.com).
• Record Type (required): The DNS record type (A, AAAA, CNAME, TXT, MX, etc.).
• TTL (required): New time to live in seconds.
• Record Values (required): The new values for the record.

Required IAM roles

The service account must have roles/dns.admin or roles/dns.editor on the project.

Output

• change.id: The Cloud DNS change ID.
• change.status: The change status (done).
• change.startTime: When the change was submitted.
• record.name: The DNS record name.
• record.type: The DNS record type.

Example Output

{
  "data": {
    "change": {
      "id": "3",
      "startTime": "2026-01-28T10:32:00.000Z",
      "status": "done"
    },
    "record": {
      "name": "api.example.com.",
      "type": "A"
    }
  },
  "timestamp": "2026-01-28T10:32:00.000Z",
  "type": "gcp.clouddns.change"
}

Cloud Functions • Invoke Function

Component key: gcp.cloudfunctions.invokeFunction

Invokes a Google Cloud Function and waits for the response.

Configuration

• Location (required): The GCP region where the function is deployed (e.g. us-central1).
• Function (required): The Cloud Function to invoke. Select from the list of deployed functions.
• Payload: Optional JSON object sent as the function’s input data.
• Project ID Override: Override the GCP project ID from the integration. Leave empty to use the integration’s project.

Required IAM roles

The service account used by the integration must have roles/cloudfunctions.developer (or roles/cloudfunctions.viewer + roles/cloudfunctions.invoker) on the project.

• roles/cloudfunctions.viewer — list locations and functions (required for dropdowns)
• roles/cloudfunctions.invoker — invoke the function
• roles/cloudfunctions.developer — covers both of the above

Output

The invocation result, including:

• functionName: Full resource name of the invoked function.
• executionId: Unique ID assigned to this invocation.
• result: The function’s response, parsed as JSON when possible.
• resultRaw: The raw string response (only present when the response is not valid JSON).

Example Output

{
  "data": {
    "executionId": "h7g2k9qw3x",
    "functionName": "projects/my-project/locations/us-central1/functions/my-function",
    "result": {
      "message": "Hello, World!",
      "status": "ok"
    }
  },
  "timestamp": "2025-01-01T00:00:05Z",
  "type": "gcp.cloudfunctions.invoke"
}

Cloud SQL • Create Database

Component key: gcp.cloudsql.createDatabase

The Create Database component adds a new logical database to an existing Cloud SQL instance.

Use Cases

• Application bootstrap: Create an application-specific database as part of environment setup
• Tenant provisioning: Add a dedicated database for a new customer or workspace
• Migration workflows: Prepare a destination database before importing data

Configuration

• Instance: The Cloud SQL instance that will contain the new database (required)
• Database Name: The name of the database to create (required, supports expressions)

Output

Emits a gcp.cloudsql.database payload with the created database’s name, instance, project, charset, collation, and selfLink.

Important Notes

• Requires the roles/cloudsql.admin (or roles/cloudsql.editor) IAM role on the integration’s service account, and the Cloud SQL Admin API enabled
• Cloud SQL database creation is asynchronous; this component waits for the operation to finish before emitting

Example Output

{
  "data": {
    "charset": "UTF8",
    "collation": "en_US.UTF8",
    "instance": "my-instance",
    "name": "app_db",
    "project": "my-project",
    "selfLink": "https://sqladmin.googleapis.com/v1/projects/my-project/instances/my-instance/databases/app_db"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.database"
}

Cloud SQL • Delete Database

Component key: gcp.cloudsql.deleteDatabase

The Delete Database component permanently deletes a logical database from a Cloud SQL instance.

Use Cases

• Teardown: Remove a database as part of decommissioning an environment
• Tenant offboarding: Delete a customer’s dedicated database
• Cleanup: Drop temporary databases created during a workflow

Configuration

• Instance: The Cloud SQL instance that contains the database (required)
• Database: The database to delete (required)

Output

Emits a gcp.cloudsql.database payload with the deleted database’s name and instance, and deleted: true.

Important Notes

• This permanently deletes the database and all its data — it is irreversible.
• Requires the roles/cloudsql.admin (or roles/cloudsql.editor) IAM role on the integration’s service account, and the Cloud SQL Admin API enabled
• Cloud SQL database deletion is asynchronous; this component waits for the operation to finish before emitting

Example Output

{
  "data": {
    "deleted": true,
    "instance": "my-instance",
    "name": "app_db"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.database"
}

Cloud SQL • Get Database

Component key: gcp.cloudsql.getDatabase

The Get Database component retrieves a logical database from a Cloud SQL instance.

Use Cases

• Existence checks: Confirm a database is present before acting on it
• Enrichment: Read a database’s charset/collation to feed a downstream step
• Auditing: Capture database details as part of a workflow

Configuration

• Instance: The Cloud SQL instance that contains the database (required)
• Database: The database to fetch (required)

Output

Emits a gcp.cloudsql.database payload with the database’s name, instance, project, charset, collation, and selfLink.

Important Notes

• Requires the roles/cloudsql.viewer (or roles/cloudsql.admin) IAM role on the integration’s service account, and the Cloud SQL Admin API enabled

Example Output

{
  "data": {
    "charset": "UTF8",
    "collation": "en_US.UTF8",
    "instance": "my-instance",
    "name": "app_db",
    "project": "my-project",
    "selfLink": "https://sqladmin.googleapis.com/v1/projects/my-project/instances/my-instance/databases/app_db"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.cloudsql.database"
}

Compute • Create Static IP

Component key: gcp.compute.createStaticIP

The Create Static IP component reserves a regional external static (reserved) IP address in Compute Engine.

A static IP keeps the same address across VM restarts and re-creations, unlike an ephemeral IP. Once reserved it can be attached to a VM instance with the Manage Static IP component.

Use Cases

• Stable endpoints: Give a service a fixed public address that survives VM replacement
• Blue/green deployments: Reserve the address ahead of time, then attach it to whichever VM is live
• DNS: Point an A record at a reserved address you control

Configuration

• Name: The name for the new address resource (required, lowercase RFC1035 — e.g. web-prod-ip)
• Region: The region to reserve the address in (required). Regional external IPs can only be attached to VMs in the same region.
• Network Tier: PREMIUM (default) or STANDARD
• Description: Optional human-readable description

Output

Returns the reserved address:

• name, address (the reserved IP), region, status, addressType, networkTier, selfLink

Important Notes

• Reserving and holding a static IP that is not attached to a running resource incurs charges
• The component waits for the underlying regional operation to complete before reading the address back

Example Output

{
  "data": {
    "address": "34.1.2.3",
    "addressType": "EXTERNAL",
    "name": "web-prod-ip",
    "networkTier": "PREMIUM",
    "region": "us-central1",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/addresses/web-prod-ip",
    "status": "RESERVED"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.staticIP.created"
}

Compute • Delete Static IP

Component key: gcp.compute.deleteStaticIP

The Delete Static IP component releases (deletes) a regional external static IP reservation.

Use Cases

• Cost optimization: Release reserved IPs that are no longer needed (idle reserved IPs are billed)
• Cleanup: Tear down addresses as part of environment teardown

Configuration

• Static IP: Pick from the reserved external IPs across all regions, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.compute.createStaticIP). The selection encodes both the region and the address name.

Output

Returns the released address:

• name: The name of the address that was released
• region: The region it was in

Important Notes

• A static IP that is still attached to a VM cannot be deleted — detach it first with Manage Static IP
• If the address is not found at the resolved region/name, the action fails so that misconfigured or stale expressions do not silently mask incomplete cleanup

Example Output

{
  "data": {
    "name": "web-prod-ip",
    "region": "us-central1"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.staticIP.deleted"
}

Compute • Manage Static IP

Component key: gcp.compute.manageStaticIP

The Manage Static IP component attaches a reserved external static IP to a VM instance, or detaches the instance’s current external IP.

Attaching works by managing the network interface’s external access config: any existing external IP on the interface is removed first, then the static IP is assigned. Detaching removes the external access config entirely (the instance keeps its internal IP but loses external connectivity unless another address is attached).

Use Cases

• Blue/green deployments: Move a stable public IP from the old VM to the new one with zero DNS changes
• Failover: Reassign a reserved IP from a failed VM to a healthy replacement
• Maintenance: Temporarily detach a public IP while a VM is serviced

Configuration

• Action: attach or detach (required)
• VM Instance: The target VM. The selection encodes both the zone and the instance name.
• Static IP (attach only): The reserved external IP to attach. Only IPs in the selected VM’s region are listed, since a regional IP can attach only to a VM in the same region.
• Network Interface: The interface to modify (default nic0)

Output

Returns the instance state after the operation:

• instanceId, name, zone, status, selfLink, machineType, internalIP, externalIP
• action: The action performed (attach or detach)

Important Notes

• A regional static IP can only be attached to a VM in the same region
• Attaching is idempotent: if the static IP is already the instance’s external IP, the component succeeds without changes
• Detaching is idempotent: if the interface already has no external IP, the component succeeds without changes
• The component waits for each underlying zone operation to complete before emitting

Example Output

{
  "data": {
    "action": "attach",
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.staticIP.attached"
}

Compute • Create Image

Component key: gcp.createImage

The Create Image component creates a custom Compute Engine image.

Use Cases

• Golden image pipelines: Build immutable, reusable images from validated disks
• Backup workflows: Capture disk state as a restorable image before changes
• Release automation: Produce versioned images as part of CI/CD

Configuration

• Image Name: Name for the new image (lowercase, numbers, hyphens; 1–63 chars).
• Source: Where the image is created from:
  • Disk: A persistent disk (pick the region, zone, then the disk).
  • Snapshot: A disk snapshot.
  • Image: Another custom image in the project.
• Image family: Optional family to group related images (e.g. my-app).
• Description: Optional human-readable description.
• Labels: Optional key-value labels (billing, environment, team).
• Storage location: Optional single region or multi-region to store the image (e.g. us or europe-west1). Defaults to the source’s region.
• Force create: When the source is a disk attached to a running instance, create the image anyway (may produce an inconsistent image).

Output

Emits the created image: name, selfLink, family, status, diskSizeGb, sourceDisk, labels, deprecationState, creationTimestamp.

Important Notes

• Creating an image from a disk attached to a running VM is not recommended unless Force create is enabled.
• The component waits for the underlying global operation to complete before emitting.

Example Output

{
  "data": {
    "creationTimestamp": "2026-06-02T12:00:00.000-07:00",
    "deprecationState": "ACTIVE",
    "diskSizeGb": 10,
    "family": "my-app",
    "imageId": "1234567890123456789",
    "labels": {
      "env": "production"
    },
    "name": "my-app-2026-06-02",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/global/images/my-app-2026-06-02",
    "sourceDisk": "my-disk",
    "status": "READY",
    "storageLocations": [
      "us"
    ]
  },
  "timestamp": "2026-06-02T12:00:00Z",
  "type": "gcp.compute.image.created"
}

Compute • Create Virtual Machine

Component key: gcp.createVM

Creates a new Google Compute Engine VM.

Steps

1. Machine Configuration – Region, zone, machine type, provisioning model (Spot/Standard), instance name.
2. OS & Storage – Boot disk source (public/custom image, snapshot, existing disk), disk type, size, snapshot schedule.
3. Security – Shielded VM (secure boot, vTPM, integrity monitoring), Confidential VM (AMD SEV/SEV-SNP, Intel TDX).
4. Identity & API access – VM service account, OAuth scopes, OS Login, block project-wide SSH keys.
5. Networking – VPC, subnet, NIC type, internal/external IP (including static), network tags, firewall rules.
6. Management – Metadata, startup script, automatic restart, on host maintenance, maintenance policy.
7. Advanced – GPU accelerators, placement policy (min node CPUs), sole-tenant/host affinity, resource policies.

Output

Emits a payload with instance details: instanceId, selfLink, internalIP, externalIP, status, zone, name, machineType.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.createVM.completed"
}

Compute • Delete Image

Component key: gcp.deleteImage

The Delete Image component permanently deletes a Compute Engine custom image.

Use Cases

• Cleanup: Remove temporary or test images after use
• Cost optimization: Delete unused images to reduce storage costs
• Lifecycle automation: Remove obsolete images as part of release pipelines

Configuration

• Image: The custom image to delete. Pick from the list of images in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createImage).

Output

Returns the name of the deleted image.

Important Notes

• This operation is permanent and cannot be undone.
• If the image is not found, the action fails so that misconfigured or stale expressions do not silently mask incomplete cleanup.
• Deleting an image does not affect VM instances or disks already created from it.

Example Output

{
  "data": {
    "imageName": "my-app-2026-06-02"
  },
  "timestamp": "2026-06-02T12:00:00Z",
  "type": "gcp.compute.image.deleted"
}

Compute • Delete VM Instance

Component key: gcp.deleteVMInstance

The Delete VM Instance component permanently deletes a Compute Engine VM instance.

Use Cases

• Cleanup: Remove temporary or test VMs after use
• Cost optimization: Automatically tear down unused infrastructure
• Automated workflows: Delete VMs as part of deployment rollback or cleanup processes
• Environment management: Remove ephemeral environments after testing

Configuration

• VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createVM). The selection encodes both the zone and the instance name.

Output

Returns information about the deleted instance:

• instanceName: The name of the instance that was deleted
• zone: The zone the instance was in

Important Notes

• This operation is permanent and cannot be undone
• All data on the instance will be lost unless boot/data disks have auto-delete disabled
• The instance will be stopped if running before deletion
• If the instance is not found at the resolved zone/name, the action fails so that misconfigured or stale expressions do not silently mask incomplete cleanup

Example Output

{
  "data": {
    "instanceName": "my-vm",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.deleted"
}

Compute • Get VM Instance

Component key: gcp.getVMInstance

The Get VM Instance component reads the current state of a Compute Engine VM instance and emits its details on the default output channel.

Use Cases

• Status checks: Verify a VM is in the expected state (e.g. RUNNING) before proceeding with downstream work.
• Detail lookup: Fetch IPs, machine type, or selfLink for use in later workflow steps.
• Health gates: Pair with a condition to branch a workflow based on instance status.

Configuration

• VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. selfLink from gcp.createVM). The selection encodes both the zone and the instance name.

Output

The emitted payload contains the full instance summary:

• instanceId, selfLink, status, zone, name, machineType
• internalIP, externalIP (when present)

Important Notes

• If the instance is not found at the resolved zone/name, the action fails so that misconfigured or stale expressions do not silently mask a missing resource.
• The integration’s bound project is authoritative; a chained selfLink pointing at a different project is rejected rather than silently rewritten.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.fetched"
}

Compute • Get VM Metrics

Component key: gcp.getVMInstanceMetrics

The Get VM Metrics component retrieves CPU utilization and network throughput metrics for a Compute Engine VM instance from Cloud Monitoring over a specified lookback window.

Use Cases

• Performance monitoring: Sample current resource utilization before scaling decisions
• Incident investigation: Pull recent metrics when responding to an alert
• Capacity planning: Gather trend data to inform right-sizing of infrastructure
• Automated scaling: Use metric outputs to conditionally trigger resize or power operations

Configuration

• VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node. The selection encodes both the zone and the instance name.
• Lookback Period: How far back to retrieve metrics — 1h, 6h, 24h, 7d, or 14d (required).

Output

Returns an averaged metrics payload over the lookback window:

• instanceId: The numeric ID of the queried instance
• name, zone: Instance identity
• start, end: ISO 8601 timestamps of the metrics window
• lookbackPeriod: The selected lookback period
• avgCpuUsagePercent: Average CPU utilization percentage over the window
• avgNetworkInboundBytesPerSec: Average received network throughput in bytes/sec
• avgNetworkOutboundBytesPerSec: Average sent network throughput in bytes/sec

All metric values are rounded to two decimal places.

Important Notes

• Requires the roles/monitoring.viewer IAM role on the integration’s service account.
• Metrics are read from Cloud Monitoring (compute.googleapis.com metrics), which are available for all Compute Engine instances by default.
• Data point resolution varies by window: shorter windows return finer-grained data.

Example Output

{
  "data": {
    "avgCpuUsagePercent": 23.47,
    "avgNetworkInboundBytesPerSec": 10485.76,
    "avgNetworkOutboundBytesPerSec": 8192.33,
    "end": "2025-02-14T12:00:00Z",
    "instanceId": "1234567890123456789",
    "lookbackPeriod": "1h",
    "name": "my-vm",
    "start": "2025-02-14T11:00:00Z",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.metrics"
}

Compute • Manage VM Power

Component key: gcp.manageVMInstancePower

The Manage VM Power component performs power management operations on a Compute Engine VM instance.

Use Cases

• Automated restarts: Reset instances on a schedule or in response to alerts
• Cost optimization: Stop instances during non-business hours
• Maintenance workflows: Stop instances before updates, start them after completion
• Recovery procedures: Reset instances experiencing issues

Configuration

• VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createVM). The selection encodes both the zone and the instance name.
• Operation: The power operation to perform (required):
  • start: Start a stopped (TERMINATED) instance
  • stop: Stop a running instance
  • reset: Hard reset a running instance (does not perform a clean shutdown)
  • suspend: Suspend a running instance, preserving memory state
  • resume: Resume a suspended instance

Output

Returns the instance state after the operation completes:

• instanceId, name, zone, status, selfLink, machineType, internalIP, externalIP
• operation: The power operation that was performed

Important Notes

• reset is a forced operation and does not perform a clean OS shutdown
• The component waits for the underlying zone operation to complete before emitting
• Operations may take several minutes depending on the instance state

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "e2-medium",
    "name": "my-vm",
    "operation": "power_off",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "TERMINATED",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.power.power_off"
}

Monitoring • Create Alerting Policy

Component key: gcp.monitoring.createAlertingPolicy

The Create Alerting Policy component creates a Cloud Monitoring alerting policy with one or more threshold conditions on Compute Engine instance metrics.

Use Cases

• Capacity management: Alert when CPU stays above a safe level
• Composite alerts: Combine multiple conditions (e.g. high CPU AND high network) with a combiner
• Severity routing: Tag policies Critical/Error/Warning and rate-limit or auto-close incidents

Configuration

• Display Name: Human-readable name for the policy (required)
• Conditions: One or more threshold conditions (required). Each has:
  • Metric, Comparison (above > or below <), Threshold, Duration
  • Optional Aligner, Rolling window, Group reducer + Group by fields (aggregation)
  • Optional Trigger by count or percent of time series
• Combiner: How multiple conditions combine — OR / AND / AND-with-matching-resource (default OR)
• Severity: Critical / Error / Warning (optional)
• Notification Channels: Existing channels to alert (optional)
• User Labels: Key/value labels on the policy (optional)
• Enabled: Whether the policy is active (default: true)
• Auto-close / Notification rate limit: Alert strategy (optional)
• Documentation / Documentation subject: Markdown shown in notifications (optional)

Output

Returns the created policy: name, id, displayName, enabled, combiner, severity, conditionsCount, and the first condition’s comparison, thresholdValue, duration, filter.

Important Notes

• Requires the roles/monitoring.editor IAM role on the integration’s service account
• Conditions monitor the metric across all Compute Engine instances in the project
• Up to 6 conditions per policy

Example Output

{
  "data": {
    "combiner": "OR",
    "comparison": "COMPARISON_GT",
    "conditionsCount": 1,
    "displayName": "High CPU on production instances",
    "duration": "300s",
    "enabled": true,
    "filter": "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\"",
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789",
    "notificationChannels": [
      "projects/my-project/notificationChannels/9876543210"
    ],
    "thresholdValue": 0.8
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.created"
}

Monitoring • Delete Alerting Policy

Component key: gcp.monitoring.deleteAlertingPolicy

The Delete Alerting Policy component permanently deletes a Cloud Monitoring alerting policy.

Use Cases

• Cleanup: Remove policies for decommissioned services
• Environment teardown: Delete alerting as part of tearing down ephemeral environments

Configuration

• Alerting Policy: Pick from the policies in your project, or pass an expression chained from an upstream node (e.g. the name emitted by gcp.monitoring.createAlertingPolicy).

Output

Returns the deleted policy reference:

• name: The resource name that was deleted
• id: The policy ID

Important Notes

• This operation is permanent and cannot be undone
• Requires the roles/monitoring.editor IAM role on the integration’s service account
• If the policy is not found, the action fails so stale expressions don’t silently mask incomplete cleanup

Example Output

{
  "data": {
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.deleted"
}

Monitoring • Get Alerting Policy

Component key: gcp.monitoring.getAlertingPolicy

The Get Alerting Policy component reads the configuration and state of a Cloud Monitoring alerting policy.

Use Cases

• Auditing: Inspect a policy’s threshold, comparison, and enabled state
• Conditional workflows: Branch on whether a policy is enabled or how it’s configured
• Chaining: Read a policy created upstream before updating or deleting it

Configuration

• Alerting Policy: Pick from the policies in your project, or pass an expression chained from an upstream node (e.g. the name emitted by gcp.monitoring.createAlertingPolicy).

Output

Returns the policy:

• name, id, displayName, enabled, combiner, conditionsCount
• comparison, thresholdValue, duration, filter: the first condition’s threshold
• notificationChannels: attached channels (when any)

Important Notes

• Requires the roles/monitoring.viewer IAM role on the integration’s service account
• If the policy is not found, the action fails so stale expressions don’t silently mask a problem

Example Output

{
  "data": {
    "combiner": "OR",
    "comparison": "COMPARISON_GT",
    "conditionsCount": 1,
    "displayName": "High CPU on production instances",
    "duration": "300s",
    "enabled": true,
    "filter": "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\"",
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789",
    "notificationChannels": [
      "projects/my-project/notificationChannels/9876543210"
    ],
    "thresholdValue": 0.8
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.fetched"
}

Monitoring • Update Alerting Policy

Component key: gcp.monitoring.updateAlertingPolicy

The Update Alerting Policy component modifies an existing Cloud Monitoring alerting policy in place. Only the fields you set are changed (sent as an update mask).

Use Cases

• Threshold tuning: Adjust a condition’s threshold as baselines change
• Enable/disable: Toggle a policy during maintenance windows
• Re-route: Change notification channels, severity, or alert strategy

Configuration

• Alerting Policy: The policy to update (required, supports expressions)
• Conditions: Provide to replace the policy’s conditions (each: metric, comparison, threshold, duration, optional aggregation/trigger)
• Combiner: OR / AND / AND-with-matching-resource
• Severity: Critical / Error / Warning
• Enabled: Enable, disable, or leave unchanged
• Notification Channels: Replace channels (provide empty to clear)
• User Labels: Replace user labels
• Auto-close / Notification rate limit: Replace the alert strategy
• Documentation / subject: Replace the documentation

Output

Returns the updated policy: name, id, displayName, enabled, combiner, severity, conditionsCount, and the first condition summary.

Important Notes

• At least one field must be provided
• Providing Conditions replaces all existing conditions
• Auto-close, rate limit, documentation content, and documentation subject are each updated independently — changing one leaves the others untouched
• Requires the roles/monitoring.editor IAM role

Example Output

{
  "data": {
    "combiner": "OR",
    "comparison": "COMPARISON_GT",
    "conditionsCount": 1,
    "displayName": "High CPU on production instances",
    "duration": "300s",
    "enabled": false,
    "filter": "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\"",
    "id": "1234567890123456789",
    "name": "projects/my-project/alertPolicies/1234567890123456789",
    "thresholdValue": 0.9
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.monitoring.alertingPolicy.updated"
}

Managed Prometheus • Query

Component key: gcp.prometheus.query

The Query component runs an instant PromQL query against Google Cloud Managed Service for Prometheus (GMP).

GMP stores Prometheus metrics in Cloud Monitoring (Monarch) and exposes a Prometheus-compatible HTTP frontend. This component calls GET /v1/projects/<project>/location/global/prometheus/api/v1/query and returns the result at a single point in time.

Use Cases

• Threshold checks: Evaluate an expression (e.g. up or rate(...)) and branch on the value
• Spot readings: Read the current value of a metric to enrich a workflow
• Chaining: Feed a metric value into a downstream notification or decision node

Configuration

• Query: Required PromQL expression to evaluate (supports expressions). Example: up

The expression is evaluated at execution time (“now”).

Output

Emits one gcp.prometheus.query payload:

• resultType: vector, scalar, etc.
• result: the Prometheus result (series with their labels and value)
• seriesCount: number of series returned

Important Notes

• Requires the roles/monitoring.viewer IAM role on the integration’s service account
• An invalid PromQL expression fails the action with the Prometheus error message

Example Output

{
  "data": {
    "result": [
      {
        "metric": {
          "__name__": "up",
          "instance": "10.0.0.5:9090",
          "job": "prometheus"
        },
        "value": [
          1767225600,
          "1"
        ]
      }
    ],
    "resultType": "vector",
    "seriesCount": 1
  },
  "timestamp": "2026-01-01T00:00:00Z",
  "type": "gcp.prometheus.query"
}

Managed Prometheus • Query Range

Component key: gcp.prometheus.queryRange

The Query Range component runs a PromQL range query against Google Cloud Managed Service for Prometheus (GMP) over an explicit time range.

GMP stores Prometheus metrics in Cloud Monitoring (Monarch) and exposes a Prometheus-compatible HTTP frontend. This component calls GET /v1/projects/<project>/location/global/prometheus/api/v1/query_range and returns a matrix of samples between start and end at the given step resolution.

Use Cases

• Trend analysis: Pull a metric over a window to summarise or chart it downstream
• Incident investigation: Fetch samples for a specific time range when responding to an alert
• Anomaly checks: Evaluate an expression across time before acting

Configuration

• Query: Required PromQL expression to evaluate (supports expressions). Example: rate(prometheus_http_requests_total[5m])
• Start: Required start timestamp in RFC3339 or Unix format (supports expressions). Example: 2026-01-01T00:00:00Z
• End: Required end timestamp in RFC3339 or Unix format (supports expressions). Example: 2026-01-02T00:00:00Z
• Step: Required query resolution step (e.g. 15s, 1m)

Output

Emits one gcp.prometheus.queryRange payload:

• resultType: typically matrix
• result: the Prometheus result (series with their labels and values over time)
• seriesCount: number of series returned
• start, end, step: the query window

Important Notes

• Requires the roles/monitoring.viewer IAM role on the integration’s service account
• An invalid PromQL expression fails the action with the Prometheus error message

Example Output

{
  "data": {
    "end": "2026-01-01T01:00:00Z",
    "result": [
      {
        "metric": {
          "__name__": "up",
          "instance": "10.0.0.5:9090",
          "job": "prometheus"
        },
        "values": [
          [
            1767225600,
            "1"
          ],
          [
            1767225660,
            "1"
          ],
          [
            1767225720,
            "0"
          ]
        ]
      }
    ],
    "resultType": "matrix",
    "seriesCount": 1,
    "start": "2026-01-01T00:00:00Z",
    "step": "60s"
  },
  "timestamp": "2026-01-01T01:00:00Z",
  "type": "gcp.prometheus.queryRange"
}

Pub/Sub • Create Subscription

Component key: gcp.pubsub.createSubscription

The Create Subscription component creates a new GCP Pub/Sub subscription on a topic.

Use Cases

• Provisioning workflows: Wire up subscriptions as part of service deployment
• Pull queue setup: Create pull subscriptions for batch processing workflows
• Push integration: Create push subscriptions that deliver messages to an HTTP endpoint

Example Output

{
  "data": {
    "name": "projects/my-project/subscriptions/my-subscription",
    "subscription": "my-subscription",
    "topic": "my-topic",
    "type": "pull"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.subscription"
}

Pub/Sub • Create Topic

Component key: gcp.pubsub.createTopic

The Create Topic component creates a new GCP Pub/Sub topic.

Use Cases

• Provisioning workflows: Create topics as part of environment setup
• Dynamic routing: Create topics on demand for new services or tenants
• Automation bootstrap: Prepare messaging infrastructure before publishing

Example Output

{
  "data": {
    "name": "projects/my-project/topics/my-topic",
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.topic"
}

Pub/Sub • Delete Subscription

Component key: gcp.pubsub.deleteSubscription

The Delete Subscription component deletes a GCP Pub/Sub subscription.

Use Cases

• Cleanup workflows: Remove subscriptions as part of service teardown
• Lifecycle management: Decommission subscriptions that are no longer needed
• Rollback automation: Remove subscriptions created in failed provisioning runs

Example Output

{
  "data": {
    "deleted": true,
    "subscription": "my-subscription"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.subscription.deleted"
}

Pub/Sub • Delete Topic

Component key: gcp.pubsub.deleteTopic

The Delete Topic component deletes a GCP Pub/Sub topic.

Use Cases

• Cleanup workflows: Remove temporary topics after execution
• Lifecycle management: Decommission unused messaging resources
• Rollback automation: Remove topics created in failed provisioning runs

Example Output

{
  "data": {
    "deleted": true,
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.topic.deleted"
}

Pub/Sub • Publish Message

Component key: gcp.pubsub.publishMessage

The Publish Message component sends a message to a GCP Pub/Sub topic.

Use Cases

• Event fan-out: Broadcast workflow results to multiple subscribers
• Notifications: Publish operational updates to downstream systems
• Automation: Trigger Pub/Sub-based pipelines from workflows

Example Output

{
  "data": {
    "messageId": "1234567890",
    "topic": "my-topic"
  },
  "timestamp": "2025-01-01T00:00:00Z",
  "type": "gcp.pubsub.message.published"
}

Compute • Update Image

Component key: gcp.updateImage

The Update Image component updates an existing Compute Engine custom image. It can change the image’s deprecation status (including marking it deprecated or obsolete) and update its labels.

Use Cases

• Release lifecycle: Mark older images deprecated or obsolete as newer ones ship
• Pointing consumers forward: Set a replacement image so users are guided to the current version
• Inventory hygiene: Keep image labels accurate for billing, environment, and ownership

Configuration

• Image: The custom image to update.
• Deprecation state: Optionally change the image lifecycle state:
  • No change: Leave the current deprecation state untouched.
  • Active: Clear any deprecation (make the image fully usable again).
  • Deprecated: Mark the image deprecated (still usable; warns on use).
  • Obsolete: Mark the image obsolete (cannot be used to create new resources).
  • Deleted: Mark the image as logically deleted.
• Replacement image: Optional image to recommend in place of this one (name or URL). Applies when setting a deprecation state.
• Labels: Optional key-value labels to add or update on the image. Labels you provide are merged with the image’s existing labels; existing labels you don’t list are left unchanged.

Output

Emits the updated image: name, selfLink, family, status, diskSizeGb, labels, deprecationState, replacement, creationTimestamp.

Important Notes

• Setting the deprecation state to Active clears an existing deprecation.
• Updating labels merges with the image’s existing labels; labels you don’t list are preserved.
• The component waits for each underlying global operation to complete before emitting.

Example Output

{
  "data": {
    "creationTimestamp": "2026-06-02T12:00:00.000-07:00",
    "deprecationState": "DEPRECATED",
    "diskSizeGb": 10,
    "family": "my-app",
    "imageId": "1234567890123456789",
    "labels": {
      "env": "production",
      "team": "platform"
    },
    "name": "my-app-2026-06-02",
    "replacement": "https://www.googleapis.com/compute/v1/projects/my-project/global/images/my-app-v2",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/global/images/my-app-2026-06-02",
    "status": "READY"
  },
  "timestamp": "2026-06-02T12:00:00Z",
  "type": "gcp.compute.image.updated"
}

Compute • Update VM Machine Type

Component key: gcp.updateVMInstanceType

The Update VM Machine Type component changes the machine type (size) of an existing Compute Engine VM instance.

Use Cases

• Vertical scaling: Resize an instance up or down in response to load
• Cost optimization: Move to a smaller machine type during off-peak hours
• Right-sizing: Adjust machine type based on observed utilization

Configuration

• VM Instance: Pick from the list of VMs in your project, or pass an expression chained from an upstream node (e.g. the selfLink emitted by gcp.createVM). The selection encodes both the zone and the instance name.
• Machine Type: The new machine type name, e.g. e2-medium or n2-standard-4 (required, supports expressions).
• Restart after update: Whether to start the instance again after the machine type is changed. Enabled by default. Compute Engine requires the instance to be stopped to change its machine type, so a running instance is always stopped first.

Output

Returns the instance state after the update completes:

• instanceId, name, zone, status, selfLink, machineType, internalIP, externalIP

Important Notes

• Changing the machine type requires the instance to be stopped (TERMINATED). A running instance is stopped automatically before the change.
• If Restart after update is enabled, the instance is started again once the new machine type is applied.
• The new machine type must be available in the instance’s zone.
• The component waits for each underlying zone operation to complete before proceeding.

Example Output

{
  "data": {
    "externalIP": "34.1.2.3",
    "instanceId": "1234567890123456789",
    "internalIP": "10.0.0.2",
    "machineType": "n2-standard-4",
    "name": "my-vm",
    "selfLink": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-central1-a/instances/my-vm",
    "status": "RUNNING",
    "zone": "us-central1-a"
  },
  "timestamp": "2025-02-14T12:00:00Z",
  "type": "gcp.compute.vmInstance.machineTypeUpdated"
}