Issues with Inbound Data with Google Pub/Sub Connector
If you use the default Google Pub/Sub connector that is created after activating Manufacturing Connect Edge (MCe) with Manufacturing Connect (MC) to create an inbound topic (Remote to Local - Inbound), you may get the following error message when trying to receive data from the topic:
gcloudpubsub/gcloudpubsub.go:84 failed to check remote topic status {"err": "rpc error: code = PermissionDenied desc = User not authorized to perform this action."
The error is caused by the configuration of the default Google Pub/Sub connector created during the activation of MCe with MC. The activation process automatically provides a service account to MCe, which only has a publishing permission to the MDE Google Pub/Sub topic. The MDE Pub/Sub topic is created during the deployment of MDE and is to be defined for MC during MC deployment. By default, this topic is input-messages. The service account does not give permissions for the connector to publish or subscribe to other topics.
To resolve this, you will need to do the following:
- Create a new Google Pub/Sub connector in Manufacturing Connect Edge. See Google Cloud Pub/Sub Integration Guide to learn more.
- Assign the appropriate Service Account to the connector. This Service Account must have the appropriate permissions to subscribe to GCP Pub/Sub topics at the project level, not the topic level. See Access Control with IAM to learn more.