Set up Google Cloud Storage Order Delivery¶
Permissions required: Admin
Last updated: June 15, 2022
Give Maxar ARD permissions to your Google Cloud Storage bucket¶
The files from an ARD order can be delivered to a Google Cloud Storage (GCS) location. Maxar ARD must have permission to write to your GCS delivery location.
To give Maxar ARD permission to write to your GCS bucket,
-
Set up your GCS service account with the following permissions:
storage.buckets.get storage.objects.create storage.objects.delete storage.objects.get storage.objects.list storage.objects.update -
Generate a service key for your account with "JSON" as the key type.
-
Convert the JSON key to a Base64-encoded string.
The MAX-ARD SDK handles the Base64 encoding. See Credentials Storage in the Max-Ard SDK documentation.
Your Base64-encoded string can be registered with the Maxar ARD Credentials Service or submitted directly in an order request body. These options are explained below.
Option 1: Register the Base64-encoded string with the ARD Credentials service¶
If you plan to use the same credentials for multiple orders, we recommend registering them with the ARD Credentials service. This creates a credential ID that can be shared with all users in the account, and is included in the order request.
The administrator for the account can register the credentials and give them a name, or credentials_ID. This ID can then be shared with all users in the account. The user includes the credentials ID in the request body when placing an order. See the example below.
-
An account can have more than one set of registered credentials.
-
Registered credentials can be deleted in the credentials service. Deleting means the credentials ID cannot be used to place new orders. Orders that are in progress when the credentials are deleted are not impacted.
-
Registered credentials can be updated. The credentials string and the description can be updated for an existing credentials record. Orders that are in progress when the credentials are updated are not impacted.
-
If the supplied credentials expire, any orders submitted with those credentials will fail. We recommend registering credentials with long-term expiration dates.
Register credentials¶
If you are an account administrator (admin), read the Credentials Guide to learn how register a set of credentials and create a credentials_id.
Example registration request:
{
"credentials": "Base64-encoded string goes here",
"description": "use for orders placed for demo purposes"
}
Submit the credentials ID in an order request¶
Once the credentials have been registered, the credentials ID is submitted with the order request.
This example shows using a credentials_id named "our-shared-credentials".
"output_config": {
"google_cloud_storage": {
"credentials_id": "our-shared-credentials",
"bucket": "my-ard-bucket",
"prefix": "prefix-1"
}
}
}
Option 2: Include the Base64-encoded string in the order request.¶
If you prefer to use different credentials for each order, you can send the Base64-encoded string in the order request instead of registering it with the credentials service.
note: For one-time use credentials, set an expiration date that allows 3-5 days to give plenty of time for order processing and delivery to your cloud storage location.
Example:
{
"output_config": {
"google_cloud_storage": {
"service_credentials": "... base64-encoded credentials string ...",
"bucket": "my-ard-bucket",
"prefix": "prefix-1"
}
}
}