Salesforce to Google Cloud, We Need to Talk

Publish Google Pub/Sub Message from Salesforce with Apex, Google Cloud Functions, and Python

Introduction

Publishing data to Google Pub/Sub can unlock various use cases for solution design and resource expansion in the areas enterprises have the greatest bottlenecks, especially CRM data. Leveraging Pub/Sub messages provide lightweight, dependable, and repeatable processes from a single transaction.

In this lesson, our challenge will be to:

• Create Salesforce Apex to Trigger on Order Creation/Update
• Create Salesforce Apex to Publish Order Data to GCP
• Create Custom Metadata to Store GCP References
• Create Salesforce Connected App to Secure
• Create a Google Pub/Sub Topic
• Create a Google Pub/Sub Subscription
• Create a *Protected Google Cloud Function to Publish message to Pub/Sub

Prerequisites

• Sign up for Salesforce Developer Edition
• Sign up for Google Free Tier
• Review article Integrating Salesforce CRM with protected Cloud Functions in enterprises

Architecture

Step 1: Google Cloud Platform: Create Pub/Sub Topic

Think of creating a topic as a channel of specific information for a particular purpose through the Pub/Sub framework. For our example, we’ll create a topic for orders from Salesforce. Another version of a topic could be cases or activities. Any object in Salesforce could be a topic or you can combine multiple objects or data to make your own version of a topic. These are the steps to create your topic

Steps:

• On the menu, Select Pub/Sub > Topics

• On the Topics page, select Create Topic

• On the Create Topic page, enter the name of the topic, provide the following
• Name = salesforce-orders

• When done, select Create Topic

Step 2: Google Cloud Platform: Create Pub/Sub Subscription

Coupled with a topic, a subscription serves as an endpoint for the message published to a topic to be consumed. There can also be multiple subscriptions to a topic, for example, an order published from Salesforce may be subscribed by an ERP for order fulfillment and a Marketing Stack for participation in New Customer campaigns.

Steps:

• On the menu, Select Subscriptions
• On the Subscriptions page, select Create Subscription

• On the Create Subscription, provide the following
• Subscription ID = salesforce-orders
• Select a Cloud Pub/Sub topic = projects/[project name]/topics/salesforce-orders
• Delivery Type = Pull
• Subscription expiration = Expire after this many days of inactivity / 31 days
• Acknowledgment deadline = 10 seconds
• Message retention duration = 7 days
• When finished, select Create

Step 3: Google Cloud Platform: Create Cloud Function (Python)

Cloud Functions can pose a security risk if left open to unauthenticated traffic. In order to publish Cloud Functions securely, we must first create a JWT (JSON Web Token) to bridge a secure connection GCP and Salesforce. Follow the command line steps starting here. Once this is done, you can proceed with creating a Cloud Function to only accept the HTTP POST from Salesforce, Parse the Message, and Publish to Google Pub/Sub

Steps

• From the Console, select the Google Cloud Platform menu
• On the menu, Select Cloud Functions
• On the Cloud Functions page, select Create Function

• On the Create Function page, provide the following
• Name = sec-salesforce-pubsub-orders
• Memory Allocated = 128 MiB
• Trigger = HTTP
• Authentication > Allow Unauthenticated invocations (Keep unchecked)
• Source Code > Inline editor (selected)
• Source Code > Runtime = Python 3.7
• Place the following in Main.py editor. This is the code where we will pass in data from the HTTP Post we receive from Salesforce and convert to a Pub/Sub message

Code Breakdown

Line 8 = Collects the JSON Posted to the function

Line 16–20 = Sets the Batch Settings for Publishing Messages

Line 25 = Creates a new instance of the Publisher Client

Line 28–31 = Defines the project and topic messages will be posted to

Line 35–39 = Iterates through all records contained in the JSON string and publishes separate messages for each record object

• Place the following in Requirements.txt editor. This adds dependencies for Python to reference Google Pub/Sub

• Function to execute = publish_message
• Select Environment Variables, Networking, Timeouts, and More
• Environment > Environment Variables select Add Variable

• Add Name = pubsub_topic, Value = salesforce-orders
• Add Name = gcp_project, Value = Your Project Name for GCP.

Step 4: Salesforce: Create a Connected App

To round out Security, within Salesforce, we need to create the handshake mechanism to store the private key created in GCP, documented here under SFDX CLI. Once the key has been obtained, proceed to create the Connected App in Salesforce

Steps:

• Log in to Salesforce as a System Administrator
• Select the Gear icon and select the Setup button
• Under Platform Tools > Apps, select App Manager
• On the App Manager page, select New Connected App
• On the Setup App Manager page, provide the following
• Connected App Name = Google Cloud Platform
• API Name = Google_Cloud_Platform
• Contact Email = your email address
• Enable OAuth Settings = Checked
• Enable for Device Flow = Checked
• Callback URL = http://localhost:1717/OauthRedirect
• Use digital signatures = Checked (upload the pubic.crt) file created on command line 3
• Selected OAuth Scopes
• (Select) Access and manage your data (API)
• (Select) Perform requests on your behalf at any time (refresh_token, offline_access)
• (Select) Provide access to your data via the Web (web)
• Require Secret for Web Server Flow = Checked
• Save the new Connected App

Step 5. Salesforce: Modify Policies on Connected App

Now that the app has been created, we also need to define the scope for access through this app and the profile which should be used for field/object level visibility.

Steps:

• On the newly created Connected App (Google Cloud Platform), select the Manage button
• From the Google Cloud Platform page, select the Edit Policies button
• On the Connected App Edit page, provide the following
• Permitted Users = Admin approved users are pre-authorized
• IP Relaxation = Relax IP restrictions
• Refresh Token Policy = Refresh token is valid until revoked
• Select the Save button
• Scroll down to the Profiles section, select Manage Profiles
• Select System Administrator (or another profile with the proper permissions)

Step 5: Salesforce: Create Custom Metadata Type

Within Salesforce, we have a place to potentially store multiple Cloud Function references for future use. In this step, we’ll create a new Custom Metadata Type to store these references. Unlike Custom Settings, we also choose Custom Metadata Types as they can be deployed using Change Sets along with values.

Steps:

• On Setup, on Quick Find, type Custom Metadata
• Select Custom Metadata Types
• On the Setup > Custom Metadata Types page, select New Custom Metadata Types button
• On the New Custom Metadata Type, provide the following
• Label = GCP Key
• Plural Label = GCP Keys
• Object Name = GCP_Key
• Select Save
• Now, we’ll add custom fields to store endpoint and function references

• On the Custom Fields section, select the New button
• Enter the following Custom Fields with their respective Data Types

Step 6: Salesforce: Create GCP Custom Function Metadata Reference

Now that the Custom Metadata Type has been created, we’ll proceed to add values to reference our salesforce-orders protected Cloud Function

Steps:

• On the Custom Metadata “GCP Keys” select the Manage GCP Keys
• Select the New button, and provide the following
• Label = Salesforce PubSub Orders
• GCP Key Name = Salesforce_PubSub_Orders
• client email = function-invoker-sa@[project name].iam.gserviceaccount.com
• audience = https://us-central1-[project name].cloudfunctions.net/sec-salesforce-pubsub-orders
• token endpoint = https://www.googleapis.com/oauth2/v4/token
• function name = Salesforce_PubSub_Orders
• query fields = Id,OrderNumber,Status,AccountId
• object = Order
• Select the Save button

Step 7: Salesforce: Create GCP Authentication Apex Class

To authenticate with GCP from Salesforce, we’ll need to create a utility class that can be reused with multiple Apex classes.

Steps:

• From the Setup page, on Custom Code, select Apex Classes
• On the Apex Classes page, select the New button
• On the Apex Class Edit page, provide the following

Code Breakdown

Line 5–7 = Class to deserialize response from Google Token URL

Line 14–32 = GCP Service Account to return Endpoint, Query Parameters, Client Email, etc

Line 40–82 = Contstructs JWT and Google Auth Endpoint, returns token

Step 8: Salesforce: Create GCP Order Queueable Apex Batch Class

The Queueable Apex Batch will handle the query of Order data, authentication to GCP, and HTTP Post to the protected Google Cloud Function here’s how to set this up.

Steps:

• From the Setup page, on Custom Code, select Apex Classes
• On the Apex Classes page, select the New button
• On the Apex Class Edit page, provide the following

Code Breakdown

Line 12 = Creates new instance of GCPAuthManagementService

Line 13 = Passes in GCP Key Reference to retrieve Endpoint, Query Fields and Object from Custom Metadata

Line 19 = Creates a comma-separated list of fields

Line 24–43 = Generates JSON string based on query response from Order object.

Line 47–55 = HTTP Post sent to Protected Google Cloud Function

Step 9: Salesforce: Create an Apex Trigger on the Order object

In order to capture new and updated Order records from Salesforce, we need to create an Apex trigger on the Orders object. From here, we’ll pass in Trigger.new as a List of subjects into the GoogleOrderPubSubQueueable Queueable Apex Batch Class.

Steps:

• On the Setup page, select Object Manager
• Search for the Order object

• On the Order object, select the Trigger menu
• On the Trigger edit page, provide the following

Code Breakdown

Line 3 = Invoke the GoogleOrderPubSubQueueable class to start a Queueable Job

Step 10: Salesforce: Add Remote Site

Adding a Remote Site secures the domain(s) that you plan to connect to externally.

Steps

• On Quick Search, type “remote”
• Under Security, select Remote Site Settings

• On the All Remote Sites page, select New Remote Site
• On the Remote Site Edit page, provide the following
• Remote Site Name = GoogleAPI
• Remote Site URL = https://www.googleapis.com
• Select Save & New
• Remote Site Name = GooglePubSubFunction
• Remote Site URL = https://[location]-[project name].cloudfunctions.net
• Select Save

Step 11: Testing Using Salesforce (Order)

Now, we’ll test creating and updating an Order in Salesforce and will watch the messages get published to Google Pub/Sub

Steps

• In Salesforce, open the App Manager and search for Order
• Open an Existing Order
• On the Existing Order, select the Clone button

• On the new Order page, select the Save button to create a New Order

• In Google Cloud Console, select Pub/Sub > Subscription
• On Subscription, select salesforce-orders-subscription

• On the salesforce-orders-subscription page, select View Messages

What’s Next?

You made it!!! You’ve now been able to create a secure connection between Salesforce and Google Cloud Platform. Now you’re able to expand to other objects throughout Salesforce. But, keep going, there are many more tools available in GCP that can further empower your Salesforce data. Think about how to connect your data to BigQuery or triggering functions to other applications. Lastly, please continue to learn all that Google Cloud Platform has to expand your knowledge and Salesforce architecture enhancements options.

• Expand your Google Cloud Platform knowledge with Training & Certification
• Learn more about Cloud Functions
• Learn more about Pub/Sub
• Learn more Salesforce using Trailhead