Create a Google Cloud Platform connection to an Edge site

Important 

In Collibra 2024.02, we've launched a new user interface (UI) in beta for Collibra Data Intelligence Platform! You can learn more about this latest UI in the UI overview.

Use the following options to see the documentation in the latest UI or in the previous, classic UI:

After you created and installed an Edge site, you can create a connection to the Google Cloud Platform (GCP).

Available vaults

Tip 

You can use a vault to add your data source information to your Edge site connection.
None
AWS Secrets Manager
Azure Key Vault
CyberArk Vault
Google Secret Manager
HashiCorp Vault
  

Before you begin

Required permissions

  • You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
  • You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (storage.buckets.list) and objects in a bucket (storage.objects.list). For information on GCP, go to the Google documentation.
  • If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions dataplex.*.get and dataplex.*.list, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.

Steps

  1. Open an Edge site.
    1. On the main toolbar, click Products icon, and then click Cogwheel icon Settings.
      The Collibra settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of the Edge sites.
    3. In the table, click the name of the Edge site whose status is Healthy.
      The Edge site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Enter the required information.
    FieldDescriptionRequired

    Connection settings

    This section contains the general settings of your connection.

    Name

    The name of the Edge connection for Google Cloud Platform.

    		 Yes
    Description

    The description of the connection.

    		 No
    Connection provider

    The connection provider, which determines the available connection parameters.

    Select the GCP connection to connect to Google Cloud Platform.

    		Yes

    Connection parameters

    		This section contains the settings to connect to your data source.
    GCP Service Account

    The account to connect to the GCP.
    Add the full content of the service account key JSON file.

    Example 

    {
    "type": "service_account",
    "project_id": "PROJECT_ID",
    "private_key_id": "KEY_ID",
    "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
    "client_email": "SERVICE_ACCOUNT_EMAIL",
    "client_id": "CLIENT_ID",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}

    Ensure the service account has the required permissions.
    For more information about service account keys, go to the Google documentation.

    		 Yes
    Encryption options

    Select the type of encryption used to store the Secret Access Key.

    Default: To be encrypted by Edge management server.

    		 Yes

    Additional parameters

    Your connection to GCP does not require any additional parameters.

    Delete the existing blank property.

    		 No
  4. Click Create.
    The connection is added to the Edge site.

What's next?

You can now add the GCS synchronization capability to an Edge site.

Before you begin

Required permissions

  • You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
  • You need a Google Cloud Platform Service Account that can read the Google Cloud Storage (GCS) file system that you want to integrate. This means the Service Account must have the permissions to list buckets (storage.buckets.list) and objects in a bucket (storage.objects.list). For information on GCP, go to the Google documentation.
  • If you use Dataplex, the Service Account must be able to detect file schemas in GCS resources from Dataplex. This means the Service Account must have the following permissions dataplex.*.get and dataplex.*.list, for example, via the Dataplex Viewer role. For information on GCP service account, go to the Google documentation. For information on Dataplex roles, go to the Google documentation.

Steps

  1. Open an Edge site.
    1. On the main toolbar, click Products icon, and then click Cogwheel icon Settings.
      The Collibra settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of the Edge sites.
    3. In the table, click the name of the Edge site whose status is Healthy.
      The Edge site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Select the GCP connection to connect to Google Cloud Platform.
  4. Enter the required information.
    FieldDescriptionRequired
    Name

    The name of the Edge connection for Google Cloud Platform.

    		 Yes
    Description

    The description of the connection.

    		 No
    Vault The vault where you store your data source values. No
    GCP Service Account

    The account to connect to the GCP.
    Add the full content of the service account key JSON file.

    Example 

    {
    "type": "service_account",
    "project_id": "PROJECT_ID",
    "private_key_id": "KEY_ID",
    "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
    "client_email": "SERVICE_ACCOUNT_EMAIL",
    "client_id": "CLIENT_ID",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"}

    Ensure the service account has the required permissions.
    For more information about service account keys, go to the Google documentation.

    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the query value to identify the secret in your vault.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret Engine Type

      Select one of the following:

      • Key Value
      • Database
      Engine PathThe engine path to your vault where the value is stored.
      Secret PathThe secret path to your vault where the value is stored.
      Field

      The name of the field to your vault where the value is stored.

      Note Only available if you selected Key Value in the Secret Engine Type field.

      Role

      The role specified in the Database engine.

      Note Only available if you selected Database in the Secret Engine Type field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Vault NameThe name of your Azure Key Vault in your Azure Key Vault service where the value is stored.
      Secret NameThe name of the secret in your vault where the value is stored.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret NameThe name of the secret in your vault where the value is stored.
      Field

      If the secret stored in your AWS Secrets Manager is a JSON value, for example {"pass1": "my-password", "pass2": "my-password2"}, then you need to specify the Field to point to the exact JSON value that should be used. For example, Secret Name: edge-db-customer; Field: pass.

      Note If the secret stored in your AWS Secrets Manager is a plain string value, for example my-password, then you do not need to specify the Field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the name of the secret in your vault where the value is stored.
      Example 
    		 Yes
    Property

    If your connection to GCP requires any additional parameters, click Add Property.

    		No
  5. Click Create.
    The connection is added to the Edge site.

What's next?

You can now add the GCS synchronization capability to an Edge site.