AlloyDB

The AlloyDB connector lets you perform insert, delete, update, and read operations on AlloyDB database.

Before you begin

Before using the AlloyDB connector, do the following tasks:

  • In your Google Cloud project:
    • Ensure that network connectivity is set up. For information about network patterns, see Network connectivity.
    • Grant the roles/connectors.admin IAM role to the user configuring the connector.
    • Grant the following IAM roles to the service account that you want to use for the connector:
      • roles/secretmanager.viewer
      • roles/secretmanager.secretAccessor

      A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. If you don't have a service account, you must create a service account. For more information, see Creating a service account.

    • Enable the following services:
      • secretmanager.googleapis.com (Secret Manager API)
      • connectors.googleapis.com (Connectors API)

      To understand how to enable services, see Enabling services.

    If these services or permissions have not been enabled for your project previously, you are prompted to enable them when configuring the connector.

Configure the connector

Configuring the connector requires you to create a connection to your data source (backend system). A connection is specific to a data source. It means that if you have many data sources, you must create a separate connection for each data source. To create a connection, do the following steps:

  1. In the Cloud console, go to the Integration Connectors > Connections page and then select or create a Google Cloud project.

    Go to the Connections page

  2. Click + Create new to open the Create Connection page.
  3. In the Location section, choose the location for the connection.
    1. Region: Select a location from the drop-down list.

      Supported regions for connectors include:

      For the list of all the supported regions, see Locations.

    2. Click Next.
  4. In the Connection Details section, complete the following:
    1. Connector: Select AlloyDB from the drop down list of available Connectors.
    2. Connector version: Select the Connector version from the drop down list of available versions.
    3. In the Connection Name field, enter a name for the Connection instance.

      Connection names must meet the following criteria:

      • Connection names can use letters, numbers, or hyphens.
      • Letters must be lower-case.
      • Connection names must begin with a letter and end with a letter or number.
      • Connection names cannot exceed 49 characters.
    4. Optionally, enter a Description for the connection instance.
    5. Optionally, enable Cloud logging, and then select a log level. By default, the log level is set to Error.
    6. Service Account: Select a service account that has the required roles.
    7. Optionally, configure the Connection node settings:

      • Minimum number of nodes: Enter the minimum number of connection nodes.
      • Maximum number of nodes: Enter the maximum number of connection nodes.

      A node is a unit (or replica) of a connection that processes transactions. More nodes are required to process more transactions for a connection and conversely, fewer nodes are required to process fewer transactions. To understand how the nodes affect your connector pricing, see Pricing for connection nodes. If you don't enter any values, by default the minimum nodes are set to 2 (for better availability) and the maximum nodes are set to 50.

    8. Database: The name of the AlloyDB database.
    9. Browse Partitions: By default, the provider exposes the super table and its partitions by metadata. You may hide sub partitions by setting this property to false.
    10. Browsable Schemas: This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.
    11. Visibility: Visibility restrictions used to filter exposed metadata for tables with privileges granted to them for the current user.
    12. Optionally, click + Add label to add a label to the Connection in the form of a key/value pair.
    13. Click Next.
  5. In the Destinations section, enter details of the remote host (backend system) you want to connect to.
    1. Destination Type: Select a Destination Type. In the Host address field, specify the hostname or IP address of the destination. For more information on how to configure the destination, see Configure destination.

      To enter additional destinations, click +ADD DESTINATION.

    2. Click Next.
  6. In the Authentication section, enter the authentication details.
    1. Select an Authentication type and enter the relevant details.

      The following authentication types are supported by the AlloyDB connection:

      • Username and password
    2. To understand how to configure these authentication types, see Configure authentication.

    3. Click Next.
  7. Review: Review your connection and authentication details.
  8. Click Create.

Configure authentication

Enter the details based on the authentication you want to use.

  • Username and password
    • Username: Username for connector
    • Password: Secret Manager Secret containing the password associated with the connector.

Configure destination

The AlloyDB connector can connect to your AlloyDB backend only through the AlloyDB Auth Proxy. This is applicable for both private and public connectivity.

  • If you want to establish a private connection to your backend systems, follow these steps:
    1. Create a AlloyDB Auth Proxy.
    2. Create a PSC service attachment.
    3. Create an endpoint attachment, and then enter the details of the endpoint attachment in the Host address field.
    4. The following diagram shows a sample setup of AlloyDB for private connectivity:

      private connectvity for alloy db private connectvity for alloy db
  • If you want to establish a public connection to your backend systems, create a AlloyDB Auth Proxy, and then enter the IP address of the auth proxy VM in the Host address field.

    The following diagram shows a sample setup of AlloyDB for public connectivity:

    public connectvity for alloy db public connectvity for alloy db

Entities, operations, and actions

All the Integration Connectors provide a layer of abstraction for the objects of the connected application. You can access an application's objects only through this abstraction. The abstraction is exposed to you as entities, operations, and actions.

  • Entity: An entity can be thought of as an object, or a collection of properties, in the connected application or service. The definition of an entity differs from a connector to a connector. For example, in a database connector, tables are the entities, in a file server connector, folders are the entities, and in a messaging system connector, queues are the entities.

    However, it is possible that a connector doesn't support or have any entities, in which case the Entities list will be empty.

  • Operation: An operation is the activity that you can perform on an entity. You can perform any of the following operations on an entity:

    Selecting an entity from the available list, generates a list of operations available for the entity. For a detailed description of the operations, see the Connectors task's entity operations. However, if a connector doesn't support any of the entity operations, such unsupported operations aren't listed in the Operations list.

  • Action: An action is a first class function that is made available to the integration through the connector interface. An action lets you make changes to an entity or entities, and vary from connector to connector. Normally, an action will have some input parameters, and an output parameter. However, it is possible that a connector doesn't support any action, in which case the Actions list will be empty.

System limitations

The AlloyDB connector can process 10 transaction per second, per node, and throttles any transactions beyond this limit. By default, Integration Connectors allocates 2 nodes (for better availability) for a connection.

For information on the limits applicable to Integration Connectors, see Limits.

Use terraform to create connections

You can use the Terraform resource to create a new connection.

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.

To view a sample terraform template for connection creation, see sample template.

When creating this connection by using Terraform, you must set the following variables in your Terraform configuration file:

Parameter name Data type Required Description
database STRING True The name of the AlloyDB database.
browse_partitions BOOLEAN False By default, the provider exposes the super table and its partitions by metadata. You may hide sub partitions by setting this property to false.
browsable_schemas STRING False This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.
visibility STRING False Visibility restrictions used to filter exposed metadata for tables with privileges granted to them for the current user.

Use the AlloyDB connection in an integration

After you create the connection, it becomes available in both Apigee Integration and Application Integration. You can use the connection in an integration through the Connectors task.

  • To understand how to create and use the Connectors task in Apigee Integration, see Connectors task.
  • To understand how to create and use the Connectors task in Application Integration, see Connectors task.

Get help from the Google Cloud community

You can post your questions and discuss this connector in the Google Cloud community at Cloud Forums.

What's next