Google Cloud Pub/Sub Integration Guide

review the following guide for setting up an integration between manufacturing connect edge and google pub/sub service https //cloud google com/pubsub/docs/overview once the integration is set up, you can use it for the following publishing data from a topic in your edge device to a subscription topic in the google cloud platform subscribing to data published by a publication topic in the google cloud platform note you can use the following authentication methods to configure the google cloud pub/sub connector using gcp auth type service account key using gcp auth type workload identity federation see configuring workload identity federation authorization docid\ lbp47yslpmuwttx2lk4ar to learn more before you begin you need to create a google service account make sure the account has the correct roles and permissions required for setting up the connection refer to the following google resources for learning more about pub/sub and configuring connections google pub/sub service https //cloud google com/pubsub/docs/overview configure private google access for on premises hosts > domain options (information regarding private access to gcp services) supported products and limitations > pub/sub (information regarding private access to gcp services) sdk on publish settings publish messages to topics service account key credentials you have two options for configuring the service account key parameter in the google pub/sub connector gcp sa key authentication and gcp workload identity federation (oidc) see configuring workload identity federation authorization docid\ lbp47yslpmuwttx2lk4ar to learn more service account keys each google service account is associated with a public/private rsa key pair the service account credentials api uses this internal key pair to create short lived service account credentials, and to sign blobs and json web tokens (jwts) this key pair is known as the google managed key pair in addition, you can create multiple public/private rsa key pairs, known as user managed key pairs , and use the private key to authenticate with google apis this private key is known as a service account key see service account keys to learn more workload identity federation workload identity federation allows you to can grant on premises or multi cloud workloads access to google cloud resources without using a service account key you may select to use this option because service account keys are powerful credentials, so they can present a security risk if they are not managed correctly with identity federation, you can use identity and access management (iam) to grant external identities iam roles, including the ability to impersonate service accounts this approach eliminates the maintenance and security burden associated with service account keys workload identity pools a workload identity pool is an entity that lets you manage external identities you will review and have the option to customize this parameter when setting up these credentials workload identity pool providers a workload identity pool provider is the entity that describes the relationship between google cloud and your identity provider (idp) workload identity federation follows the oauth 2 0 token exchange https //tools ietf org/html/rfc8693 specification you provide a credential from your idp to the security token service https //cloud google com/iam/docs/reference/sts/rest , which verifies the identity on the credential, and then returns a federated token in exchange see the following to learn more workload identity federation iam roles set up the outbound connection (publish to google pub/sub) follow the steps below to set up the outbound connection step 1 create publication topic in google cloud platform in the google cloud platform, create a publication topic a matching subscription topic is created automatically, with the sub suffix appended to the topic name step 2 add device follow the steps to connect a device docid\ rfvijdxz7dbad8mwbisma the device will be used to store tags that will be eventually used to create outbound topics in the connector make sure to select the enable data store checkbox step 3 add tags after connecting the device in manufacturing connect edge, you can add tags docid\ ioanzd2awqnkuppgee3eh to the device create tags that you want to use to create outbound topics for the connector step 4 add connector follow the steps to add a connector docid\ m2nifnaadyphcvzwmcoto and select the google cloud pub/sub connector provider for more information about message publication settings, see the sdk on publish settings configure the following parameters name enter a name for the connector service account key ( json) create a service account key in your google cloud platform in json format copy or save all the content from the json file and paste or upload it here you have the option to use workload identity federation authorization in the service account key file see configuring workload identity federation authorization docid\ lbp47yslpmuwttx2lk4ar to learn more the project id of the cloud project copy the id from your google cloud platform and paste it here the private key id of the cloud project copy the key id from your google cloud platform and paste it here the client email of the cloud project enter the email from your google cloud platform integration topic copy the name of the publication topic (without the " sub" suffix) from your google cloud platform and paste it here custom attributes you can add custom attributes in key/value pairs for further data processing refer to the following to learn more use custom attributes in the google cloud pub/sub connector docid\ iyqiau mqkbpue8dmrkpw google documentation for using attributes parallel publish count the number of messages being published simultaneously the default value is 100 parallel byte threshold the minimum size of a batch (in bytes) for the batch to be published the default value is zero, which means that there is no threshold (limit) publish count threshold the minimum number of messages in a batch for the batch to be published the default value is zero, which means that there is no threshold (limit) publish delay threshold (milliseconds) the maximum time that the client will attempt to publish a batch of messages the default value is zero, which means that there is no threshold (limit) throttling limit the maximum number of messages per second to be processed the default value is zero, which means that there is no limit persistent storage when enabled, this will cause messages to undergo a store and forward procedure messages will be stored within manufacturing connect edge when cloud providers are online queue mode select the queue mode as lifo (last in first out) or fifo (first in first out) selecting lifo means that the last data entry is processed first, and selecting fifo means the first data entry is processed first step 5 enable the connector after adding the connector, click the toggle in the connector tile to enable it if you see a failed status, you can review the manage connectors docid\ zz28hztqbk7od xsj81o8 and relevant error messages step 6 create outbound topics for connector you will now need to import the tags you added in step 2 to the connector as topics to create outbound topics click the connector tile the connector dashboard appears click the topics tab click the import from devicehub tags icon the devicehub import dialog box appears select all the tags to import and click import after importing the tag(s), do the following edit the tag and configure the remote data topic copy and paste the name of the subscription topic (with the sub suffix) from your google cloud platform make sure the connector has a connected status step 7 enable topics because you imported devicehub tags for a connected connector, all topics will be disabled to enable the topics, return to the topics tab and click the enable all topics icon step 8 verify connection in google cloud platform to verify the connection in google cloud platform pull the subscription topic to see messages it receives from the manufacturing connect edge outbound topics created previously view the subscription statistics set up the inbound connection (subscribe to google pub/sub) follow the steps below to set up the inbound connection see publish messages to topics to learn more about publishing messages in google pub/sub step 1 create publication topic in google cloud platform in the google cloud platform, create a publication topic step 2 add connector follow the steps to add a connector docid\ m2nifnaadyphcvzwmcoto and select the google cloud pub/sub connector provider configure the following parameters name enter a name for the connector service account key ( json) create a service account key in your google cloud platform in json format copy or save all the content from the json file and paste or upload it here the project id of the cloud project copy the id from your google cloud platform and paste it here the private key id of the cloud project copy the key id from your google cloud platform and paste it here the client email of the cloud project enter the email from your google cloud platform integration topic copy the name of the publication topic from your google cloud platform and paste it here custom attributes you can add custom attributes in key/value pairs for further data processing refer to the following to learn more use custom attributes in the google cloud pub/sub connector docid\ iyqiau mqkbpue8dmrkpw google documentation for using attributes parallel publish count the number of messages being published simultaneously the default value is 100 parallel byte threshold the minimum size of a batch (in bytes) for the batch to be published the default value is zero, which means that there is no threshold (limit) publish count threshold the minimum number of messages in a batch for the batch to be published the default value is zero, which means that there is no threshold (limit) publish delay threshold (milliseconds) the maximum time that the client will attempt to publish a batch of messages the default value is zero, which means that there is no threshold (limit) throttling limit the maximum number of messages per second to be processed the default value is zero, which means that there is no limit persistent storage when enabled, this will cause messages to undergo a store and forward procedure messages will be stored within manufacturing connect edge when cloud providers are online queue mode select the queue mode as lifo (last in first out) or fifo (first in first out) selecting lifo means that the last data entry is processed first, and selecting fifo means the first data entry is processed first step 3 enable the connector after adding the connector, click the toggle in the connector tile to enable it if you see a failed status, you can review the manage connectors docid\ zz28hztqbk7od xsj81o8 and relevant error messages step 4 create inbound topics for connector you will now need to create a topic in manufacturing connect edge from the google cloud platform publication topic created in step 1 to create inbound topics navigate to integration click the connector tile click the topics tab click the add a new subscription icon the data integration dialog box appears configure the following parameters data direction select remote to local inbound local data topic enter a name for the topic name in manufacturing connect edge remote data topic copy and paste the publication topic from your google cloud platform enable select the toggle to enable the topic click yes to add the topic from the connector tile, ensure the connector is not disabled and still shows a connected status also verify the topic shows an enabled status step 5 send messages in google cloud platform start sending messages through the publication topic (created in step 1) from the google cloud platform see publish messages to topics to learn more step 9 verify connection in manufacturing connect edge you can do one of the following to verify the connection in manufacturing connect edge when configuring the flow or application, use the the local data topic name configured in step 4 create a flow docid\ veeod3n3slcasdleedzbr to view the messages coming from google pub/sub through the connector you created visualize the incoming data using one of the dedicated applications docid\ upktm t efggssljz6e7s