BigQuery Data Transfer Service features an API that allows developers to create transfer jobs from data sources to BigQuery. These sample Java applications demonstrate how to access the BigQuery Data Transfer API using the BigQuery Data Transfer Service Client Library for Java.
Please do the following, to set up GCP project with necessary APIs, service accounts, and permissions:
-
Install the gcloud SDK
-
Enable the following APIs in the Google Developers Console.
- BigQuery Data Transfer API
- Cloud Pub/Sub API
gcloud services enable bigquerydatatransfer.googleapis.com gcloud services enable pubsub.googleapis.com
-
Create an operational IAM Service Account and download credentials for running your source. Running these commands
- Creates a new Service Account named
bq-dts-[SOURCE]@[PROJECT_ID].iam.gserviceaccount.com
- Grants
roles/bigquery.admin
,roles/pubsub.subscriber
,roles/storage.objectAdmin
- Downloads a Service-Account key called
.gcp-service-account.json
SOURCE="example-source" # Change to your own name PROJECT_ID=$(gcloud config get-value core/project) PARTNER_SA_NAME="bq-dts-${SOURCE}" PARTNER_SA_EMAIL="${PARTNER_SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" # Creating a Service Account gcloud iam service-accounts create ${PARTNER_SA_NAME} --display-name ${PARTNER_SA_NAME} # Granting Service Account required roles gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${PARTNER_SA_EMAIL}" --role='roles/bigquery.admin' gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${PARTNER_SA_EMAIL}" --role='roles/pubsub.subscriber' gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${PARTNER_SA_EMAIL}" --role='roles/storage.objectAdmin' # Create service account credentials and store it locally needed for starting/running data sources. gcloud iam service-accounts keys create --iam-account "${SERVICE_ACCOUNT_EMAIL}" .gcp-service-account.json
- Creates a new Service Account named
-
Create an administrative IAM Service Account and store credentials locally for creating data source.
- Creates a new Service Account named
bq-dts-admin@[PROJECT_ID].iam.gserviceaccount.com
- Grants
roles/project.owner
- Downloads a Service-Account key called
.gcp-service-account.json
PROJECT_ID=$(gcloud config get-value core/project) PARTNER_SA_NAME="bq-dts-admin" PARTNER_SA_EMAIL="${PARTNER_SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" # Creating a Service Account gcloud iam service-accounts create ${PARTNER_SA_NAME} --display-name ${PARTNER_SA_NAME} gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${PARTNER_SA_EMAIL}" --role='roles/owner' # Create service account credentials and store it locally needed for creating data source gcloud iam service-accounts keys create --iam-account "${PARTNER_SA_EMAIL}" .gcp-service-account-owner.json
For more information on service account authentication, please refer to Authenticate using a service account.
- Creates a new Service Account named
-
Grant permissions to a GCP-managed Service Account
- Creates a custom role -
bigquerydatatransfer.connector
with permissionclientauthconfig.clients.getWithSecret
- Grants project-specific role
bigquerydatatransfer.connector
PROJECT_ID=$(gcloud config get-value core/project) GCP_SA_EMAIL="[email protected]" # Creating a custom role gcloud iam roles create bigquerydatatransfer.connector --project ${PROJECT_ID} --title "BigQuery Data Transfer Service Connector" --description "Custom role for GCP-managed Service Account for BQ DTS" --permissions "clientauthconfig.clients.getWithSecret" --stage ALPHA # Granting Service Account required roles gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${GCP_SA_EMAIL}" --role="projects/${PROJECT_ID}/roles/bigquerydatatransfer.connector"
- Creates a custom role -
-
Create an OAuth Consent Screen
-
Join BigQuery Data Transfer Service Partner-level whitelists. Reach out to your Google Cloud Platform contact to get whitelisted for these APIs.
-
Set up environment variables:
export PROJECT_ID="<your project id>" export GOOGLE_APPLICATION_CREDENTIALS=.gcp-service-account-owner.json
-
Build and run the example program that calls BigQuery Data Transfer Service APIs. The example program can be built using either Maven or Gradle. Gradle Wrapper is included in the repository so you don't need to install Gradle.
- Using Maven
Install Maven. The example program that makes
mvn install -DskipTests cd partner-examples mvn exec:java -Dexec.classpathScope=compile \ -Dexec.mainClass=com.example.bigquerydatatransfer.DataTransferServiceClientSample -e \ -Dexec.args="${PROJECT_ID}" -Dexec.cleanupDaemonThreads=false
- Using Gradle
./gradlew install cd partner-examples ../gradlew run -Pexec.args="${PROJECT_ID}"
For illustration purpose, the example calls the following two BigQuery Data Transfer API methods:
Note that the 2nd method is only visible to whitelisted partner projects. Plese talk to your Google Cloud Platform contact.