Product Documentation > ASAPIO Connector for Google Pub/Sub

Version: 9.32110-rev1 | Last update: February 08, 2022

Product Documentation > ASAPIO Connector for Google Pub/Sub

For connectivity with:

Learn more about Pub/Sub at the Google Cloud documentation page.

Overview

The integration solution leverages the following Add-ons and components to facilitate the integration of supported SAP NetWeaver® systems with Google Pub/Sub.

Add-on/component name Type
ASAPIO Integration Add-on – Framework Base component (required)
ASAPIO Integration Add-on – Connector for Google Pub/Sub Additional package

Key features:

  • Supports a wide range of SAP NetWeaver based systems, including SAP ERP, S/4HANA, BW, HCM and many more
  • Out-of-the-box connectivity to Google Pub/Sub
  • REST-based outbound communication
  • Supported communication direction: Outbound, Push
  • Switch between event-driven (single events) or batch mode (job-driven) calls
  • Batch mode allows multi-threading with multiple SAP work processes

Block Architecture:

Installation

Pre-requisites for SAP NetWeaver® system

SAP Component Name Release Service Pack Package
SAP_BASIS 731 0002 SAPKB73102
SAP_ABA 731 0002 SAPKA73102

Download and import

Please make sure you have the ASAPIO Shipment Info email at hand before proceeding.

Overview

The following Add-ons are required to be installed on the supported SAP NetWeaver® systems:

Add-on/component name Type
ASAPIO Integration Add-on – Framework Base component (required)
ASAPIO Integration Add-on – Connector (e.g. for Google® Pub/Sub®, Confluent®, Solace®  PubSub+® etc.) Additional package

Download location

Please download the packages from https://download.asapio.com, with User ID and Password as provided in the shipment e-mail (requires an active subscription contract).

Import sequence

Required? Import Sequence Download file
Required 1 ASAPIO ACI <Product/Version> Framework
Required 2 ASAPIO ACI <Product/Version> Event Content
Required 3 ASAPIO ACI <Product/Version> <Connector_Name>
Optional 4 ASAPIO ACI – Unlock Usage License
(only necessary for certain cases, e.g. license upgrades, and if provided by ASAPIO)

Import process

Install the packages by importing the transport request packages with SAP Change and Transport Management, make sure to keep the import sequence as specified. Install Add-on packages on SAP NetWeaver® system.

Please refer to the SAP standard system documentation on how to perform the following steps:

Unzip the SAP Transport Request archive, you will receive 2 files

  1. Upload the transport request packages from your local file system to the SAP server, e.g. as explained, using Transaction /nCG3Z
  2. Place the SAP Transport Request files to the following directories
  3. File starting with “R” must be placed in server folder: “/usr/sap/trans/data/”
  4. File starting with “K” must be placed in server folder: “/usr/sap/trans/cofiles/”
  5. Then use transaction SE09 and STMS to add the transport to the import queue and import the request.

Further info on CG3Z can be found at https://answers.sap.com/questions/440345/using-transactions-cg3z-and-cg3y.html

Uninstallation

Important info on the uninstallation procedure: Imported transport requests can only be uninstalled from SAP systems with manual deletion of the imported packages. Please refer to the installation section to find out about the relevant packages and objects.

Roles and Authorizations

Note
The following information is applicable for all scenarios and use cases of the ASAPIO Integration Add-On

Administrator role: For administrator users, role /ASADEV/ACI_ADMIN_ROLE, this role has all necessary authorization objects for configuration and support of the Integration Add-On. This role (or the containing authorization objects) have to be assigned to users who should configure, test, execute and monitor the solution.

Batch job role: For technical / system users, e.g. to run batch jobs, role /ASADEV/ACI_JOB_ROLE is provided. This role includes all necessary authorization objects to run the ASAPIO Integration Add-On.

Authorizations of Administrator role (/ASADEV/ACI_ADMIN_ROLE)

Authorization Object Settings
S_TCODE TCD = /ASADEV/68000202, /ASADEV/68000203, /ASADEV/68000204, /ASADEV/68000205, /ASADEV/68000206, /ASADEV/68000207, /ASADEV/68000212, /ASADEV/68000216, /ASADEV/68000217, /ASADEV/68000218, /ASADEV/ACI_MONITOR, /ASADEV/ACI, /ASADEV/SCI_CP_RESET, /ASADEV/SCI_TPW, BD52, BD61, RBDCPCLR, SE38, SPRO, WE81, SOAMANAGER
/ASADEV/AR /ASADEV/CO/ = *

/ASADEV/OB/ = *

/ASADEV/CU All possibilities
/ASADEV/IN /ASADEV/CO/ = *

/ASADEV/IN/ = *

/ASADEV/ML /ASADEV/CO/ = *

/ASADEV/ML/ = *

/ASADEV/RC /ASADEV/RF = *
S_GUI ACTVT = Export
S_TABU_DIS ACTVT = Change, Display

DICBERCLS = ALE0, EDI0

S_TABU_NAM ACTVT = Change, Display

TABLE = /ASADEV/*

S_DEVELOP ACTVT = Display, Execute

DEVCLASS = SALE

OBJNAME = RBDCPCLR

OBJTYPE = PROG

S_APPL_LOG ACTVT = Display

ALG_OBJECT = /ASADEV/AMR_LOG

ALG_SUBOBJ = *

S_IDOCDEFT ACTVT = Display

EDI_TCD = WE30

S_SRT_CF_C ACTVT = Create or generate, Change, Display, Delete, Activate, generate
SRT_NAME = /ASADEV/*
S_IDOCMONI ACTVT = Change, Display
EDI_DIR = Outbound, Inbound
EDI_MES = *
EDI_PRN = *
EDI_PRT = *
EDI_TCD = *

Authorizations of Batch job role (/ASADEV/ACI_JOB_ROLE)

Authorization Object Settings
S_TCODE TCD = /ASADEV/ACI
/ASADEV/AR /ASADEV/CO/ = *

/ASADEV/OB/ = *

/ASADEV/IN /ASADEV/CO/ = *

/ASADEV/IN/ = *

/ASADEV/ML /ASADEV/CO/ = *

/ASADEV/ML/ = *

/ASADEV/RC /ASADEV/RF = *

Authorization Objects

Following table shows the available authorization objects and the corresponding description:

Authorization Object Description
/ASADEV/AR Used to restrict the execution of outbound objects as defined in the ASAPIO Cloud Integrator Customizing (Values: Instance, Object)
/ASADEV/CU General access to the ASAPIO Cloud Integrator Customizing
/ASADEV/IN Used to restrict the execution of inbound objects as defined in the ASAPIO Cloud Integrator Customizing (Values: Instance, Object)
/ASADEV/ML Used to restrict the execution of multiline outbound objects as defined in the ASAPIO Cloud Integrator Customizing (Values: Instance, Object) – Not required for event-messaging use cases (e.g. for the Google Pub/Sub connector)
/ASADEV/RC General execution of ASAPIO Cloud Integrator functionality (Field: /ASADEV/RF, Values: DATA_PROC, FRAMEWORK)

Data Processing is checked in all extraction FM and Framework in all other places of execution

Connector for Google® Pub/Sub®

Overview

Pre-requisites for Google Pub/Sub services

Note
The following settings are specific to the connector for Google Pub/Sub.

A Google Cloud account is required with access to the Google Pub/Sub service.

Steps required to establish connectivity

To establish connectivity with the Google Pub/Sub service, please proceed with the following activities and refer to the specific documentation chapters:

  1. Create RFC destinations to Google Cloud platform in the SAP system settings
  2. Set-up authentication to Google Cloud platform
  3. Set-up basic configuration to lay the foundation of using the Google Pub/Sub connector
  4. Set-up connection instance to Google Pub/Sub in ASAPIO Integration Add on
  5. See chapter Send example outbound message for a simple example to test connectivity

Create RFC destinations

Add Certificate to Trust Store

  • Download all certificates (root and intermediate) from the GlobalSign website: support.globalsign.com
  • In transaction STRUST, double click the node “SSL Client (Anonymous)”.

  • In the very bottom press the “Import certificate” button and select the downloaded certificate file
  • Press the “Add to Certificate List” button. Confirm by pressing “Save” button at the very top.

Create RFC destination for OAuth2 Authentication

Create a new RFC destination of type “G” (HTTP Connection to External Server).

  • Transaction: SM59
  • Create new destination of type “G”
  • On “Technical Settings” tab, specify Target Host: oauth2.googleapis.com

  • On “Logon & Security” tab activate SSL and select ANONYM SSL Client
  • On “Special Options” tab set HTTP version to HTTP 1.0 and Accept Cookie to Yes (All)

  • Save and press on “Connection Test”, which should result in HTTP status code 404

Create RFC destination for Google Pub/Sub messaging

  • Transaction: SM59
  • Create new destination of type “G”
  • On “Technical Settings” tab, specify Target Host: pubsub.googleapis.com

  • On “Logon & Security” tab, activate SSL and select ANONYM SSL Client

  • On “Special Options” tab, the default values are sufficient
  • Save and press on “Connection Test”, which will result in HTTP status code 404

Set-up Authentication

Create Service Account in Google Cloud Platform

To facilitate server to server connectivity you have to create a service account using the following steps:

  1. Create a new IAP-secured Web App User:

Navigate to IAM & Admin -> Service accounts and create a new service account. Type in a name and description and press create. On the next screen you have to select a role. Type in IAP in the search and select the role IAP-secured Web App User.

  1. Go to Actions > Manage keys and add a new P12 Key. Note down the password for later use.

Create new SSF Application

  1. Create a new entry in table SSFAPPLIC.
    Transaction: SE16
    Search for table SSFAPPLIC

Choose Execute

Create a new entry:

  1. Go to transaction: SSFA
    Add new entry for the newly created SSF Application and set properties as shown in the screenshot (note especially the SSF Profile Name):

Import Service Account Certificate

The creation of the SSF application has created a new node in transaction STRUST.

For newer releases the following steps can be used:

  • Transaction: STRUST
  • Go into “Edit” mode
  • In the menu bar choose PSE > Import and Import the .p12 file that you downloaded earlier

Note
If the import of the .p12 file was not possible, use the command line to convert the .p12 file to a .pse file as described in the next section

  • On the top menu select PSE > Save as
  • Select “SSF Application” and select the SSF application you have created in the previous step
  • Confirm and save

For older releases that dont support P12 Files follow these steps:

  • Copy the P12 Key into a directory of your choice: <drive>:\usr\exe
  • Open a command window and navigate to the executables directory
  • Execute the sapgenpse command:

sapgenpse import_p12 -p <drive>:\usr\<SSF_Profile> <key_name>.p12

Example :

sapgenpse import_p12 -p D:\usr\SAPJWT_S2100.pse project-messaging-339506-323631149f29.p12

  • Enter the password from your Google service account, that was shown while creating the P12 key.
  • Go to transaction: STRUST
  • In the menu bar choose PSE > Import and Import the just created .pse file
  • On the top menu select PSE > Save as
  • Select “SSF Application” and select the SSF application you have created earlier
  • Confirm and save

Set-up basic settings

Note
The following settings are specific to the connector for Google Pub/Sub

Configure cloud adapter for Google Pub/Sub

Add an entry for the connector to the list of cloud adapters:

  • Transaction: SPRO
  • Go to IMG > ASAPIO Cloud IntegratorMaintain Cloud Adapter. Add New Entry and specify:
  • Cloud Type
  • ACI Handler Class: /ASADEV/CL_ACI_GPUBSUB_HANDLER

Set-up Codepages

Specify codepages used in the integration:

  • Transaction: SPRO
  • Go to IMG > ASAPIO Cloud IntegratorMaintain Cloud Codepages
  • Add New Entry and specify the code pages to be used:

Set-up connection instance

Create the connection instance customizing together with the RFC destination created earlier and the cloud connector type:

  • Transaction: SPRO
  • Go to IMG > ASAPIO Cloud IntegratorConnection and Replication Object Customizing
  • Add New Entry and specify:
    • Field Instance: a name for this connection in
    • Field RFC Dest. (Upload): the RFC destination create for the messaging endpoint
    • Field ISO Code: the code page to use
    • Field Cloud Type: GOOGLE_PS (or the name you chose when adding the connector)

Set-up Authentication

For OAuth based authentication using GCP, provide the following Default Attribute Values:

Mandatory Default Attribute Values:

  • GCP_EMAIL_SERVICEACCT_JWT_ISS: The email address of your google service account created earlier.
  • GCP_TOKEN_DESTINATION: The RFC destination created for the OAuth2 endpoint.
  • GCP_SSF_PROFILE: Name for the PSE containing the certificate for the service account

Optional Default Attribute Values:

  • GCP_EXPIRATION_TIME_JWT_EXP: The offset for the expiration time of the assertion, specified as seconds. This value has a maximum of 1 hour after the issued time.
  • GCP_PERMISSION_JWT_SCOPE : A space-delimited list of the permissions that the application requests.

Send example outbound message

Create Message Type

For each object to be sent via ACI you have to create a message type:

  • Transaction: WE81
  • Add New Entry and specify:
    • Message Type: unique name for the integration
    • Description: description of the purpose

Activate Message Type

The created message type has to be activated:

  • Transaction: BD50
  • Add New Entry and specify:
    • Message Type: the created message type
    • Active: tick the checkbox

Create Outbound Object Configuration

Create an outbound object configuration:

  • Transaction: SPRO
  • Go to IMG > ASAPIO Cloud IntegratorConnection and Replication Object Customizing
  • Or go directly to transaction: /ASADEV/68000202
  • Select the created Connection
  • Go to section Outbound Objects
  • Add New Entry and specify:
    • Object: name of the outbound configuration
    • Extraction Func. Module: /ASADEV/ACI_SIMPLE_NOTIFY
    • Load Type: Incremental Load
    • Trace: activate for testing purposes
    • Formatting Func.: /ASADEV/ACI_EVNT_FORMATTER_GCP

This example uses the built-in notification event.

To utilize the built-in data events change the configuration of these fields:

  • Extraction Func. Module: /ASADEV/ACI_GEN_VIEW_EXTRACTOR
  • Formatting Function: /ASADEV/ACI_GEN_VIEWFORM_GCP
  • Extraction View Name: Z_MARM_TEST

If you want to create different events with more data or different information in them then you can also create a custom extractor function module.

For more complex events we recommend splitting the extraction and formatting of the data by using the Formatting Function as well.

Set-up target endpoint in Header Attributes

Configure the topic / queue / event hub name to send the events to:

  • Go to section Header Attributes
  • Mandatory Header Attribute:
  • Add New Entry and specify:
    • Header Attribute: GOOGLE_TOPIC
    • Header Attribute Value: projects/*********/topics/aci-messaging-topic

Set-up Business Object Event Linkage

Link the configuration of the outbound object to a Business Object event:

  • Go to section Event Linkage
  • Add New Entry and specify:
    • Object Category: BOR Object Type
    • Object Type: The Business Object Type sending the event
    • Event: Event to react to
    • Receiver Function Module: /ASADEV/ACI_EVENTS_TRIGGER
    • Type linkage active: tick the checkbox

Monitoring and Logging

The ASAPIO Integration Add-on provides monitoring and logging features.
With the add-on you can perform many monitoring and logging activities, such as:

  • View statistical and graphical analysis of data volume, times, and errors
  • Logging of HTTP return codes and messages
  • Logging of requests (RAW data) can be switched on/off in application customizing (IMG)
  • Retransmission control through SAP change pointers (to ensure event delivery) if errors occur
  • Notification and/or escalation to system administrators (or through SAP Workflow) if errors occur
  • Use transaction /ASADEV/ACI_MONITOR for monitoring and logging purposes.

Display log

The following screenshots show a search for a particular Cloud Instance Name, and the accompanying results list:

Trace with payload

If tracing is activated for an outbound object, you can also view the sent payload using the menu option Views >  Show Trace:

Note
Tracing functionality is not enabled by default. If you want to have tracing active, please maintain the checkbox while creating the outbound object ( à chapter 3.6.3)
In case of transmission errors, the traces are written regardless of this setting. There is no need to activate it in the production system.

Display SLG1 log

Click the button on the monitoring toolbar (highlighted in the following screenshot) to view the application log in transaction SLG1:

Re-processing

A failed communication will always keep a change pointer for this specific event in an unprocessed status.
To re-process these change pointers schedule a batch job of report /ASADEV/AMR_REPLICATOR.

Create Variant

To create the variant needed for the job go to:

  • Transaction /ASADEV/ACI
  • Select Cloud Instance as Connection ➀
  • Select the Replication Object ➁
  • Save as variant

Schedule Job

To schedule the job to re-process the change pointers go to:

  • Transaction SM36
  • Specify a Job Name
  • Create a Step and specify
    • ABAP program Name
    • Variant
  • Specify a Start condition and periodic schedule

Scroll to Top