Create a Google Cloud Platform connection to an Edge site
In Collibra 2024.05, we launched a new user interface (UI) for Collibra Data Intelligence Platform! You can learn more about this latest UI in the UI overview.
Use the following options to see the documentation in the latest UI or in the previous, classic UI:
After you created and installed an Edge site, you can create a connection to the Google Cloud Platform (GCP).
Available vaults
You can use a vault to add your data source information to your Edge site connection. |
None
AWS Secrets Manager
Azure Key Vault
CyberArk Vault
Google Secret Manager
HashiCorp Vault
|
|
|
Before you begin
- You have created and installed an Edge site.
Required permissions
- You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
- You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (
storage.buckets.list
) and objects in a bucket (storage.objects.list
). For information on GCP, go to the Google documentation. - If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions
dataplex.*.get
anddataplex.*.list
, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.
Steps
- Open an Edge site.
-
On the main toolbar, click
, and then click
Settings.
The Collibra settings page opens. -
In the tab pane, click Edge.
The Sites tab opens and shows a table with an overview of the Edge sites. - In the table, click the name of the Edge site whose status is Healthy.
The Edge site page opens.
-
On the main toolbar, click
, and then click
Settings.
- In the Connections section, click Create connection.
The Create connection page appears. - Enter the required information.
Field Description Required Connection settings
This section contains the general settings of your connection.
NameThe name of the Edge connection for Google Cloud Platform.
Yes DescriptionThe description of the connection.
No Connection providerThe connection provider, which determines the available connection parameters.
Select the GCP connection to connect to Google Cloud Platform.
Yes Connection parameters
This section contains the settings to connect to your data source. GCP Service AccountThe account to connect to the GCP.
Add the full content of the service account key JSON file.Example{
"type": "service_account",
"project_id": "PROJECT_ID",
"private_key_id": "KEY_ID",
"private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
"client_email": "SERVICE_ACCOUNT_EMAIL",
"client_id": "CLIENT_ID",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}Ensure the service account has the required permissions.
For more information about service account keys, go to the Google documentation.Yes Encryption optionsSelect the type of encryption used to store the Secret Access Key.
Yes Additional parameters
Your connection to GCP does not require any additional parameters.
Delete the existing blank property.
No - Click Create.
The connection is added to the Edge site.
What's next?
You can now add the GCS synchronization capability to an Edge site.
Before you begin
- You have created and installed an Edge site.
- You have added a vault to your Edge site.
- If your data source connection requires a file from your vault, the file must be encoded into Base64 and stored as a regular secret in your vault.
Required permissions
- You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
- You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (
storage.buckets.list
) and objects in a bucket (storage.objects.list
). For information on GCP, go to the Google documentation. - If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions
dataplex.*.get
anddataplex.*.list
, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.
Steps
- Open an Edge site.
-
On the main toolbar, click
, and then click
Settings.
The Collibra settings page opens. -
In the tab pane, click Edge.
The Sites tab opens and shows a table with an overview of the Edge sites. - In the table, click the name of the Edge site whose status is Healthy.
The Edge site page opens.
-
On the main toolbar, click
, and then click
Settings.
- In the Connections section, click Create connection.
The Create connection page appears. - Select the GCP connection to connect to Google Cloud Platform.
- Enter the required information.
Field Description Required Name The name of the Edge connection for Google Cloud Platform.
Yes Description The description of the connection.
No Vault The vault where you store your data source values. No GCP Service Account The account to connect to the GCP.
Add the full content of the service account key JSON file.Example{
"type": "service_account",
"project_id": "PROJECT_ID",
"private_key_id": "KEY_ID",
"private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
"client_email": "SERVICE_ACCOUNT_EMAIL",
"client_id": "CLIENT_ID",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}Ensure the service account has the required permissions.
For more information about service account keys, go to the Google documentation.How to use your vault...To use your vault, do the following:- In the Value Type field, select Vault Key.
- Enter the query value to identify the secret in your vault.Example
To use your vault, do the following:- In the Value Type field, select Vault Key.
- Enter the required information:
Name Description Secret Engine Type Select one of the following:
- Key Value
- Database
Engine Path The engine path to your vault where the value is stored. Secret Path The secret path to your vault where the value is stored. Field The name of the field to your vault where the value is stored.
Note Only available if you selected Key Value in the Secret Engine Type field.
Role The role specified in the Database engine.
Note Only available if you selected Database in the Secret Engine Type field.
Example
To use your vault, do the following:- In the Value Type field, select Vault Key.
- Enter the required information:
Name Description Vault Name The name of your Azure Key Vault in your Azure Key Vault service where the value is stored. Secret Name The name of the secret in your vault where the value is stored. Example
To use your vault, do the following:- In the Value Type field, select Vault Key.
- Enter the required information:
Name Description Secret Name The name of the secret in your vault where the value is stored. Field If the secret stored in your AWS Secrets Manager is a JSON value, for example
{"pass1": "my-password", "pass2": "my-password2"}
, then you need to specify the Field to point to the exact JSON value that should be used. For example,Secret Name: edge-db-customer; Field: pass
.Note If the secret stored in your AWS Secrets Manager is a plain string value, for example
my-password
, then you do not need to specify the Field.Example
To use your vault, do the following:- In the Value Type field, select Vault Key.
- Enter the name of the secret in your vault where the value is stored.
Example
Yes Property If your connection to GCP requires any additional parameters, click Add Property.
No - Click Create.
The connection is added to the Edge site.
What's next?
You can now add the GCS synchronization capability to an Edge site.