Create a Google Cloud Platform connection to an Edge site

After you created and installed an Edge site, you can create a connection to the Google Cloud Platform (GCP).

Available vaults

Tip 

You can use a vault to add your data source information to your Edge site connection.
None
AWS Secrets Manager
Azure Key Vault
CyberArk Vault
Google Secret Manager
HashiCorp Vault
  

Before you begin

Required permissions

  • You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
  • You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (storage.buckets.list) and objects in a bucket (storage.objects.list). For information on GCP, go to the Google documentation.
  • If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions dataplex.*.get and dataplex.*.list, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.
  • If you want to have Project IDs available for selection when you add Project IDs on the Synchronize Metadata page, ensure that the service account has the resourcemanager.projects.get permission to GCP Projects where Dataplex is enabled. If the service account does not have this permission, you can enter the Project IDs manually on the Synchronize Metadata page.

Steps

  1. Open an Edge site.
    1. On the main toolbar, click Products icon, and then click Cogwheel icon Settings.
      The Collibra settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of the Edge sites.
    3. In the table, click the name of the Edge site whose status is Healthy.
      The Edge site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Select the GCP connection to connect to Google Cloud Platform.
  4. Enter the required information.
    FieldDescriptionRequired
    Name

    The name of the Edge connection for Google Cloud Platform.

    		 Yes
    Description

    The description of the connection.

    		 No
    Vault The vault where you store your data source values. No
    GCP Service Account

    The account to connect to the GCP.
    Add the full content of the service account key JSON file.

    Example 

    {
    "type": "service_account",
    "project_id": "PROJECT_ID",
    "private_key_id": "KEY_ID",
    "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
    "client_email": "SERVICE_ACCOUNT_EMAIL",
    "client_id": "CLIENT_ID",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}

    Ensure the service account has the required permissions.
    For more information about service account keys, go to the Google documentation.

    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the query value to identify the secret in your vault.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret Engine Type

      Select one of the following:

      • Key Value
      • Database
      Engine PathThe engine path to your vault where the value is stored.
      Secret PathThe secret path to your vault where the value is stored.
      Field

      The name of the field to your vault where the value is stored.

      Note Only available if you selected Key Value in the Secret Engine Type field.

      Role

      The role specified in the Database engine.

      Note Only available if you selected Database in the Secret Engine Type field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Vault NameThe name of your Azure Key Vault in your Azure Key Vault service where the value is stored.
      Secret NameThe name of the secret in your vault where the value is stored.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret NameThe name of the secret in your vault where the value is stored.
      Field

      If the secret stored in your AWS Secrets Manager is a JSON value, for example {"pass1": "my-password", "pass2": "my-password2"}, then you need to specify the Field to point to the exact JSON value that should be used. For example, Secret Name: edge-db-customer; Field: pass.

      Note If the secret stored in your AWS Secrets Manager is a plain string value, for example my-password, then you do not need to specify the Field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the name of the secret in your vault where the value is stored.
      Example 
    		 Yes
    Property

    If your connection to GCP requires any additional parameters, click Add Property.

    		No
  5. Click Create.
    The connection is added to the Edge site.

What's next?

You can now add the Google Dataplex Catalog synchronization capability to an Edge site.