Introduction
This guide takes you through setting up Google BigQuery for use with Cyclr, as well as installing a Google BigQuery Connector.
You will need a Google Cloud Platform account.
Authentication Types
The Google BigQuery Connector supports 2 Authentication Types, which are explained in this guide:
- OAuth 2.0 Authorization Code – requires user interaction to install the Connector.
- Service Account – impersonates a domain account and requires less user interaction.
Remote Setup in Google Cloud Console – performed by Cyclr Partner
Depending on the Authentication Type you choose, the setup is slightly different but there is some “common setup” described later on.
Jump to the appropriate section below:
OAuth 2.0 Authorization Code Setup
To authenticate the Connector using the “OAuth 2.0 Authorization Code” Authentication Type, you need to create a web application inside your Google Cloud Platform account to get your OAuth 2.0 credentials:
- From the Google Cloud Platform Credentials page, select CREATE CREDENTIALS > OAuth client ID. Create a project with the following settings:
| Setting | Value |
|---|---|
| Application type | Web application |
| Authorised redirect URIs | A URL containing your Cyclr Service Domain. This can be found under Settings > General Settings > Service Domain in your Cyclr console. For example, https://{ServiceDomain}/connector/callback |
- Make note of the Client ID and Client secret.
For more information, see Google’s guide on how to create client credentials.
Skip the next section and continue Common Setup.
Service Account Setup
To authenticate the Connector using the “Service Account” Authentication Type, you need to do the following:
- Enable the Google BigQuery API for a project within your workspace
- Create a service account
- Enable domain-wide delegation for the service account
Creating a Service Account
A service account needs to be created to allow admin-level access to Google BigQuery within your workspace. Google’s documentation on how to do this can be found here. When creating the service account, set up the fields below as follows:
- Grant this service account access to project: Set the service account role to
Owner. - Grant users access to this service account: Set the Service account admins role field to any users that will be administering the service account.
Make note of the OAuth 2 client ID and Email for your service account. You will need these to enable domain-wide delegation and to authorize your account with Cyclr. You can find this on the service accounts page.
When adding the service account key, set the Key type to JSON, then open the downloaded .json key file and make note of the private_key field. You need this to authorize your account with Cyclr.
Enabling Domain-wide delegation for your Service Account
Domain-wide delegation needs to be enabled for your service account to allow it to access user data on behalf of users in your workspace. You need to be a “super administrator” of the workspace to configure this. Google’s documentation on how to do this can be found here. When enabling domain-wide delegation, set up the fields below as follows:
- Client ID: Set to the OAuth 2 client ID from the previous section.
- OAuth scopes (comma-delimited): Add the following scope:
https://www.googleapis.com/auth/bigqueryfor BigQuery access.
Move straight on to the next section Common Setup.
Common Setup – Enabling the Google BigQuery API
Note: Both Authentication Types require the following setup to be performed.
After creating a Google Project within the Google Cloud Platform, you will need to enable the Google BigQuery API within the project in your workspace. Google’s documentation on how to do this can be found here.
Setup in Cyclr Console
Having performed the appropriate setup described above, go to your Cyclr Partner Console:
- Go to Connectors > Application Connector Library.
- Use the search box to locate the Google BigQuery Connector entry.
- Select the Pencil button.
- Select the Settings tab.
- Enter the below values:
| Property | Description |
|---|---|
| Client ID | The default client ID to use. Only used with “OAuth 2.0 Authorization Code” Authentication. Leave blank if using “Serivce Account“. |
| Client Secret | The default client secret to use. Only used with “OAuth 2.0 Authorization Code” Authentication. Leave blank if using “Serivce Account“. |
| Scopes | The scopes you want to use.Cyclr uses a default scope of https://www.googleapis.com/auth/bigquery if you don’t set this value. |
- Select Save Changes.
Note: If you leave these values blank, they must be provided each time the Connector is installed.
Cyclr Connector Installation
Depending on the Authentication Type you’ve chosen, the installation of a Google BigQuery Connector is slightly different, as explained below.
You’ll also be able to provide a Project ID and a Dataset ID, but neither are required unless you wish to use the Methods in the Connector’s Tables Category. See the Obtaining Project ID and Dataset ID Values section below for details.
OAuth 2.0 Authorization Code Installation
You can provide the following values:
| Property | Description |
|---|---|
| Project ID | The project ID of the project to use. This must be entered to use methods in the Connector’s Tables method category. |
| Dataset ID | The dataset ID of the dataset to use. This must be entered to use methods in the Connector’s Tables method category. |
Service Account Installation
You can provide the following values:
| Property | Description |
|---|---|
| Service Account Email | The email address of the service account. |
| Service Account Administrator Email | The email address of the administrator of the service account. |
| Service Account Private Key | The private key of the service account. |
| Project ID | The project ID of the project to use. This must be entered to use methods in the Connector’s Tables method category. |
| Dataset ID | The dataset ID of the dataset to use. This must be entered to use methods in the Connector’s Tables method category. |