Create a Google Cloud Platform connection to an Edge site

Important 

In Collibra 2024.05, we launched a new user interface (UI) for Collibra Data Intelligence Platform! You can learn more about this latest UI in the UI overview.

Use the following options to see the documentation in the latest UI or in the previous, classic UI:

After you created and installed an Edge site, you can create a connection to the Google Cloud Platform (GCP).

Available vaults

Tip 

You can use a vault to add your data source information to your Edge site connection.

None
AWS Secrets Manager
Azure Key Vault
CyberArk Vault
Google Secret Manager
HashiCorp Vault
 

Before you begin

  • You have created and installed an Edge site.

Required permissions

  • You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
  • You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (storage.buckets.list) and objects in a bucket (storage.objects.list). For information on GCP, go to the Google documentation.
  • If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions dataplex.*.get and dataplex.*.list, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.

Steps

  1. Open an Edge site.
    1. On the main toolbar, click Products icon, and then click Cogwheel icon Settings.
      The Collibra settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of the Edge sites.
    3. In the table, click the name of the Edge site whose status is Healthy.
      The Edge site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Enter the required information.
    FieldDescriptionRequired

    Connection settings

    This section contains the general settings of your connection.

    Name

    The name of the Edge connection for Google Cloud Platform.

    Yes
    Description

    The description of the connection.

    No
    Connection provider

    The connection provider, which determines the available connection parameters.

    Select the GCP connection to connect to Google Cloud Platform.

    Yes

    Connection parameters

    This section contains the settings to connect to your data source.
    GCP Service Account

    The account to connect to the GCP.
    Add the full content of the service account key JSON file.

    Example 

    {
    "type": "service_account",
    "project_id": "PROJECT_ID",
    "private_key_id": "KEY_ID",
    "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
    "client_email": "SERVICE_ACCOUNT_EMAIL",
    "client_id": "CLIENT_ID",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}

    Ensure the service account has the required permissions.
    For more information about service account keys, go to the Google documentation.

    Yes
    Encryption options

    Select the type of encryption used to store the Secret Access Key.

    Default: To be encrypted by Edge management server.

    Yes

    Additional parameters

    Your connection to GCP does not require any additional parameters.

    Delete the existing blank property.

    No
  4. Click Create.
    The connection is added to the Edge site.

What's next?

You can now add the GCS synchronization capability to an Edge site.

Before you begin

  • You have created and installed an Edge site.
  • You have added a vault to your Edge site.
  • If your data source connection requires a file from your vault, the file must be encoded into Base64 and stored as a regular secret in your vault.

Required permissions

  • You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
  • You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (storage.buckets.list) and objects in a bucket (storage.objects.list). For information on GCP, go to the Google documentation.
  • If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions dataplex.*.get and dataplex.*.list, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.

Steps

  1. Open an Edge site.
    1. On the main toolbar, click Products icon, and then click Cogwheel icon Settings.
      The Collibra settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of the Edge sites.
    3. In the table, click the name of the Edge site whose status is Healthy.
      The Edge site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Select the GCP connection to connect to Google Cloud Platform.
  4. Enter the required information.
    FieldDescriptionRequired
    Name

    The name of the Edge connection for Google Cloud Platform.

    Yes
    Description

    The description of the connection.

    No
    Vault The vault where you store your data source values. No
    GCP Service Account

    The account to connect to the GCP.
    Add the full content of the service account key JSON file.

    Example 

    {
    "type": "service_account",
    "project_id": "PROJECT_ID",
    "private_key_id": "KEY_ID",
    "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
    "client_email": "SERVICE_ACCOUNT_EMAIL",
    "client_id": "CLIENT_ID",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}

    Ensure the service account has the required permissions.
    For more information about service account keys, go to the Google documentation.

    Yes
    Property

    If your connection to GCP requires any additional parameters, click Add Property.

    No
  5. Click Create.
    The connection is added to the Edge site.

What's next?

You can now add the GCS synchronization capability to an Edge site.