Google Cloud Pub/Sub - SYNQ Documentation

Overview

The SYNQ Google Cloud Pub/Sub integration automatically discovers all Pub/Sub topics and subscriptions in your Google Cloud project and creates custom entities in SYNQ for centralized asset management, governance, and cross-platform data lineage. This integration can also serve as a reference implementation for building custom integrations using the SYNQ Public API. Source code: github.com/getsynq/synq-google-cloud-pubsub

What It Does

The integration:

Discovers all Pub/Sub topics and subscriptions in your GCP project
Creates custom entities in SYNQ for each resource
Tracks relationships between topics and their subscriptions (optional)
Automatically cleans up entities when resources are deleted
Supports flexible filtering with include/exclude patterns

Use Cases

Data Catalog Management: Track all messaging infrastructure in one place
Resource Discovery: Automatically maintain an up-to-date inventory
Compliance Tracking: Monitor messaging configurations and subscriptions
Cross-Platform Lineage: Connect Pub/Sub topics with data pipelines, BigQuery tables, and other systems

Installation

Download Pre-built Binaries

Download the latest release for your platform from the releases page.

macOS

Intel:

curl -LO https://github.com/getsynq/synq-google-cloud-pubsub/releases/latest/download/synq-google-cloud-pubsub_darwin_amd64.tar.gz
tar -xzf synq-google-cloud-pubsub_darwin_amd64.tar.gz
sudo mv synq-google-cloud-pubsub /usr/local/bin/

Apple Silicon:

curl -LO https://github.com/getsynq/synq-google-cloud-pubsub/releases/latest/download/synq-google-cloud-pubsub_darwin_arm64.tar.gz
tar -xzf synq-google-cloud-pubsub_darwin_arm64.tar.gz
sudo mv synq-google-cloud-pubsub /usr/local/bin/

Linux

AMD64:

curl -LO https://github.com/getsynq/synq-google-cloud-pubsub/releases/latest/download/synq-google-cloud-pubsub_linux_amd64.tar.gz
tar -xzf synq-google-cloud-pubsub_linux_amd64.tar.gz
sudo mv synq-google-cloud-pubsub /usr/local/bin/

ARM64:

curl -LO https://github.com/getsynq/synq-google-cloud-pubsub/releases/latest/download/synq-google-cloud-pubsub_linux_arm64.tar.gz
tar -xzf synq-google-cloud-pubsub_linux_arm64.tar.gz
sudo mv synq-google-cloud-pubsub /usr/local/bin/

Windows

Download the .zip file from the releases page and extract it.

Build from Source

Requires Go 1.24 or later:

git clone https://github.com/getsynq/synq-google-cloud-pubsub.git
cd synq-google-cloud-pubsub
go build

Configuration

Required: SYNQ API Credentials

Create a .env file with your SYNQ API credentials:

SYNQ_CLIENT_ID=your_client_id_here
SYNQ_CLIENT_SECRET=your_client_secret_here

# GCP Project ID (optional if running on GCP or using gcloud)
GCP_PROJECT_ID=your-gcp-project-id

The GCP project ID can be auto-detected from:

Environment variables (GCP_PROJECT_ID, GOOGLE_CLOUD_PROJECT, GCLOUD_PROJECT)
gcloud CLI configuration
GCP metadata server (when running on GCP)

Optional: Advanced Configuration

For advanced customization, create a config.yaml file:

# SYNQ API Configuration (defaults shown for EU region)
synq:
  endpoint: "developer.synq.io:443"  # EU region (default)
  # For US region, use: "api.us.synq.io:443"
  oauth_url: "https://developer.synq.io/oauth2/token"  # EU region (default)
  # For US region, use: "https://api.us.synq.io/oauth2/token"

# GCP Configuration
gcp:
  user_agent: "synq-pubsub-client-v1.0.0"
  # project_id: "your-project-id"  # Alternative to GCP_PROJECT_ID env var
  # entity_group_id: "pubsub::custom-group-id"  # Defaults to pubsub::<project_id>

# Custom Entity Type IDs
types:
  topic_type_id: 20
  subscription_type_id: 21
  # topic_icon: "path/to/custom-topic-icon.svg"
  # subscription_icon: "path/to/custom-subscription-icon.svg"

# Resource Filters
filter:
  topics:
    include: []  # Empty means include all
    exclude: []  # Regex patterns to exclude

  subscriptions:
    include: []  # Empty means include all
    exclude:
      # Exclude auto-generated per-pod subscriptions
      - '-[a-z0-9]{9,10}-[a-z0-9]{5}\.subscription$'

# Relationship Management (disabled by default)
relationships:
  enabled: false  # Set to true to enable topic->subscription relationships
  filter:
    include: []  # Empty means include all (format: "topic_id->subscription_id")
    exclude: []  # Regex patterns to exclude relationship pairs
    # Examples:
    # include: ["important-topic->.*"]  # Only relationships for important-topic
    # exclude: ["test-.*->.*"]          # Skip relationships for test topics

Configuration precedence: defaults → config.yaml → environment variables → CLI flags

Network Requirements

If your GCP project has firewall rules that restrict outbound connections, whitelist SYNQ’s egress IP addresses:

EU Region (Default)
US Region

App: https://app.synq.io
API: https://developer.synq.io
Egress IP: 34.105.135.39

App: https://app.us.synq.io
API: https://api.us.synq.io
Egress IP: 35.238.250.82

See IP Addresses for the latest information.

Running the Integration

Basic Usage

# Minimal setup: just create .env with credentials
cp .env.example .env
# Edit .env and add your credentials

# Run with defaults
./synq-google-cloud-pubsub

# Run with debug logging
LOG_LEVEL=DEBUG ./synq-google-cloud-pubsub

# Run with JSON logging for production
LOG_FORMAT=json ./synq-google-cloud-pubsub

Enabling Relationships

To track relationships between topics and subscriptions:

# Enable relationships via command-line
./synq-google-cloud-pubsub --relationships.enabled

# Or configure in config.yaml
# relationships:
#   enabled: true

Relationships are disabled by default. Enable them only if you need to track topic-to-subscription connections in your data lineage.

Dry-Run Mode

Preview what entities would be created without making API calls:

# Dry-run mode (no SYNQ API calls)
./synq-google-cloud-pubsub --dry-run

# Dry-run with debug logging and relationships
LOG_LEVEL=DEBUG ./synq-google-cloud-pubsub --dry-run --relationships.enabled

In dry-run mode, the integration scans Pub/Sub resources and shows what would be created, but does not call the SYNQ API or require credentials.

Command-Line Options

Common flags:

--dry-run - Preview changes without calling SYNQ API
--gcp.project-id - Specify GCP project ID
--relationships.enabled - Enable topic-to-subscription relationships
--filter.topics.include - Topic name patterns to include
--filter.topics.exclude - Topic name patterns to exclude
--filter.subscriptions.include - Subscription name patterns to include
--filter.subscriptions.exclude - Subscription name patterns to exclude
--types.topic-type-id - Custom entity type ID for topics (default: 20)
--types.subscription-type-id - Custom entity type ID for subscriptions (default: 21)
--synq.endpoint - SYNQ API endpoint (EU or US region)

For US region:

./synq-google-cloud-pubsub \
  --synq.endpoint=api.us.synq.io:443 \
  --synq.oauth-url=https://api.us.synq.io/oauth2/token

Run ./synq-google-cloud-pubsub --help for all available options.

How It Works

Authenticates with SYNQ API using OAuth2 client credentials
Creates/updates custom entity types for topics and subscriptions
Discovers all Pub/Sub topics and subscriptions in your project
Creates entities in SYNQ for each resource
Manages relationships between topics and subscriptions (if enabled)
Uses entity groups to enable automatic cleanup of deleted resources

Entity Groups

The integration uses entity groups to track all entities created in each run. When the group is updated, SYNQ automatically removes entities that were in the previous group but not in the current one, enabling automatic cleanup of deleted resources.

Relationship Management

When enabled, the integration creates relationships between topics and their subscriptions. The system:

Deduplicates relationships to avoid recreating existing ones
Cleans up relationships that no longer exist
Supports filtering with include/exclude patterns

Custom Identifiers

All entities use custom identifiers with pubsub:: prefix for namespace isolation. Subscriptions use composite identifiers: pubsub::<topic_id>::<subscription_id>.

Scheduling with Cron

To keep your Pub/Sub inventory up-to-date, schedule the integration to run periodically:

# Run every hour
0 * * * * cd /path/to/integration && ./synq-google-cloud-pubsub

# Run every 6 hours with relationships
0 */6 * * * cd /path/to/integration && ./synq-google-cloud-pubsub --relationships.enabled

Using as a Public API Example

This integration demonstrates best practices for using the SYNQ Public API:

OAuth2 authentication with client credentials
Creating and managing multiple custom entity types
Using entity groups for automatic cleanup
Managing relationships between entities
Implementing filtering and dry-run modes
Handling regional deployments

See the source code and API documentation for more details.

Troubleshooting

Authentication errors

Verify your SYNQ credentials are correct in the .env file. Ensure you’re using the correct endpoint for your region (EU or US).

GCP project not detected

Set the GCP_PROJECT_ID environment variable explicitly or configure gcloud CLI with your project:

gcloud config set project YOUR_PROJECT

Permission denied errors

Ensure your GCP credentials have the following permissions:

pubsub.topics.list
pubsub.subscriptions.list

Too many auto-generated subscriptions

Use the default filter to exclude auto-generated per-pod subscriptions, or customize the filter patterns:

filter:
  subscriptions:
    exclude:
      - '-[a-z0-9]{9,10}-[a-z0-9]{5}\.subscription$'
      - 'test-.*'

Network connectivity issues

If running behind a firewall, verify that outbound connections to the SYNQ API endpoint are allowed. Check your network configuration and firewall rules.

Support

For issues or questions:

GitHub Issues: github.com/getsynq/synq-google-cloud-pubsub/issues
SYNQ Support: support

Get Started

Alerts

Monitors

Monitors Types

Data Products

Scout AI

Ownership

Incidents

Analytics

Lineage

BI Integrations

Data Warehouse Integrations

Transactional databases

Code Integrations

dbt Integrations

SQLMesh Integrations

Orchestration Tool Integrations

Alerting Integrations

Catalogs

Google Cloud Integrations

Admin

Security

Support

Developer API

​Overview

​What It Does

​Use Cases

​Installation

​Download Pre-built Binaries

​Configuration

​Required: SYNQ API Credentials

​Optional: Advanced Configuration

​Network Requirements

​Running the Integration

​Basic Usage

​Enabling Relationships

​Dry-Run Mode

​Command-Line Options

​How It Works

​Entity Groups

​Relationship Management

​Custom Identifiers

​Scheduling with Cron

​Using as a Public API Example

​Troubleshooting

​Support

Overview

What It Does

Use Cases

Installation

Download Pre-built Binaries

Configuration

Required: SYNQ API Credentials

Optional: Advanced Configuration

Network Requirements

Running the Integration

Basic Usage

Enabling Relationships

Dry-Run Mode

Command-Line Options

How It Works

Entity Groups

Relationship Management

Custom Identifiers

Scheduling with Cron

Using as a Public API Example

Troubleshooting

Support