Skip to main content

BigQuery

Ingesting metadata from BigQuery requires using the bigquery module. Certified

Important Capabilities

CapabilityStatusNotes
Asset ContainersEnabled by default
Data ProfilingOptionally enabled via configuration
Dataset UsageEnabled by default, can be disabled via configuration include_usage_statistics
DescriptionsEnabled by default
Detect Deleted EntitiesOptionally enabled via stateful_ingestion.remove_stale_metadata
DomainsSupported via the domain config field
Platform InstancePlatform instance is pre-set to the BigQuery project id
Schema MetadataEnabled by default
Table-Level LineageOptionally enabled via configuration

Prerequisites

To understand how BigQuery ingestion needs to be set up, first familiarize yourself with the concepts in the diagram below:

There are two important concepts to understand and identify:

  • Extractor Project: This is the project associated with a service-account, whose credentials you will be configuring in the connector. The connector uses this service-account to run jobs (including queries) within the project.
  • Bigquery Projects are the projects from which table metadata, lineage, usage, and profiling data need to be collected. By default, the extractor project is included in the list of projects that DataHub collects metadata from, but you can control that by passing in a specific list of project ids that you want to collect metadata from. Read the configuration section below to understand how to limit the list of projects that DataHub extracts metadata from.

Create a datahub profile in GCP

  1. Create a custom role for datahub as per BigQuery docs.
  2. Follow the sections below to grant permissions to this role on this project and other projects.
Basic Requirements (needed for metadata ingestion)
  1. Identify your Extractor Project where the service account will run queries to extract metadata.
permission                      Description                                                                                                                        Capability                                                              
bigquery.jobs.create          Run jobs (e.g. queries) within the project. This only needs for the extractor project where the service account belongs                                                                                                                       
bigquery.jobs.list            Manage the queries that the service account has sent. This only needs for the extractor project where the service account belongs                                                                                                             
bigquery.readsessions.create  Create a session for streaming large results. This only needs for the extractor project where the service account belongs                                                                                                                     
bigquery.readsessions.getDataGet data from the read session. This only needs for the extractor project where the service account belongs                      
  1. Grant the following permissions to the Service Account on every project where you would like to extract metadata from
info

If you have multiple projects in your BigQuery setup, the role should be granted these permissions in each of the projects.

permission                      Description                                                                                                Capability              Default GCP role which contains this permission                                                                
bigquery.datasets.get        Retrieve metadata about a dataset.                                                                          Table Metadata Extraction          roles/bigquery.metadataViewer
bigquery.datasets.getIamPolicyRead a dataset's IAM permissions.                                                                          Table Metadata Extraction          roles/bigquery.metadataViewer
bigquery.tables.list          List BigQuery tables.                                                                                      Table Metadata Extraction          roles/bigquery.metadataViewer
bigquery.tables.get          Retrieve metadata for a table.                                                                              Table Metadata Extraction          roles/bigquery.metadataViewer
bigquery.routines.get          Get Routines. Needs to retrieve metadata for a table from system table.                                                                                      Table Metadata Extraction          roles/bigquery.metadataViewer
bigquery.routines.list          List Routines. Needs to retrieve metadata for a table from system table                                                                              Table Metadata Extraction          roles/bigquery.metadataViewer
resourcemanager.projects.get  Retrieve project names and metadata.                                                                        Table Metadata Extraction          roles/bigquery.metadataViewer
bigquery.jobs.listAll        List all jobs (queries) submitted by any user. Needs for Lineage extraction.                                Lineage Extraction/Usage extractionroles/bigquery.resourceViewer
logging.logEntries.list      Fetch log entries for lineage/usage data. Not required if use_exported_bigquery_audit_metadata is enabled.Lineage Extraction/Usage extractionroles/logging.privateLogViewer
logging.privateLogEntries.listFetch log entries for lineage/usage data. Not required if use_exported_bigquery_audit_metadata is enabled.Lineage Extraction/Usage extractionroles/logging.privateLogViewer
bigquery.tables.getData      Access table data to extract storage size, last updated at, data profiles etc.Profiling                                                                                                                                         

Create a service account in the Extractor Project

  1. Setup a ServiceAccount as per BigQuery docs and assign the previously created role to this service account.
  2. Download a service account JSON keyfile. Example credential file:
{
"type": "service_account",
"project_id": "project-id-1234567",
"private_key_id": "d0121d0000882411234e11166c6aaa23ed5d74e0",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIyourkey\n-----END PRIVATE KEY-----",
"client_email": "test@suppproject-id-1234567.iam.gserviceaccount.com",
"client_id": "113545814931671546333",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%suppproject-id-1234567.iam.gserviceaccount.com"
}
  1. To provide credentials to the source, you can either:

    Set an environment variable:

    $ export GOOGLE_APPLICATION_CREDENTIALS="/path/to/keyfile.json"

    or

    Set credential config in your source based on the credential json file. For example:

    credential:
    project_id: project-id-1234567
    private_key_id: "d0121d0000882411234e11166c6aaa23ed5d74e0"
    private_key: "-----BEGIN PRIVATE KEY-----\nMIIyourkey\n-----END PRIVATE KEY-----\n"
    client_email: "test@suppproject-id-1234567.iam.gserviceaccount.com"
    client_id: "123456678890"

Lineage Computation Details

When use_exported_bigquery_audit_metadata is set to true, lineage information will be computed using exported bigquery logs. On how to setup exported bigquery audit logs, refer to the following docs on BigQuery audit logs. Note that only protoPayloads with "type.googleapis.com/google.cloud.audit.BigQueryAuditMetadata" are supported by the current ingestion version. The bigquery_audit_metadata_datasets parameter will be used only if use_exported_bigquery_audit_metadat is set to true.

Note: the bigquery_audit_metadata_datasets parameter receives a list of datasets, in the format $PROJECT.$DATASET. This way queries from a multiple number of projects can be used to compute lineage information.

Note: Since bigquery source also supports dataset level lineage, the auth client will require additional permissions to be able to access the google audit logs. Refer the permissions section in bigquery-usage section below which also accesses the audit logs.

Profiling Details

For performance reasons, we only profile the latest partition for partitioned tables and the latest shard for sharded tables. You can set partition explicitly with partition.partition_datetime property if you want, though note that partition config will be applied to all partitioned tables.

Caveats

  • For materialized views, lineage is dependent on logs being retained. If your GCP logging is retained for 30 days (default) and 30 days have passed since the creation of the materialized view we won't be able to get lineage for them.

CLI based Ingestion

Install the Plugin

pip install 'acryl-datahub[bigquery]'

Starter Recipe

Check out the following recipe to get started with ingestion! See below for full configuration options.

For general pointers on writing and running a recipe, see our main recipe guide.

source:
type: bigquery
config:
# `schema_pattern` for BQ Datasets
schema_pattern:
allow:
- finance_bq_dataset
table_pattern:
deny:
# The exact name of the table is revenue_table_name
# The reason we have this `.*` at the beginning is because the current implmenetation of table_pattern is testing
# project_id.dataset_name.table_name
# We will improve this in the future
- .*revenue_table_name
include_table_lineage: true
include_usage_statistics: true
profiling:
enabled: true
profile_table_level_only: true

sink:
# sink configs

Config Details

Note that a . is used to denote nested fields in the YAML recipe.

FieldDescription
bigquery_audit_metadata_datasets
array(string)
bucket_duration
Enum
Size of the time window to aggregate usage stats.
Default: DAY
capture_dataset_label_as_tag
boolean
Capture BigQuery dataset labels as DataHub tag
Default: False
capture_table_label_as_tag
boolean
Capture BigQuery table labels as DataHub tag
Default: False
column_limit
integer
Maximum number of columns to process in a table. This is a low level config property which should be touched with care. This restriction is needed because excessively wide tables can result in failure to ingest the schema.
Default: 300
convert_urns_to_lowercase
boolean
Convert urns to lowercase.
Default: False
debug_include_full_payloads
boolean
Include full payload into events. It is only for debugging and internal use.
Default: False
enable_legacy_sharded_table_support
boolean
Use the legacy sharded table urn suffix added.
Default: True
end_time
string(date-time)
Latest date of usage to consider. Default: Current time in UTC
extra_client_options
object
Additional options to pass to google.cloud.logging_v2.client.Client.
Default: {}
extract_lineage_from_catalog
boolean
This flag enables the data lineage extraction from Data Lineage API exposed by Google Data Catalog. NOTE: This extractor can't build views lineage. It's recommended to enable the view's DDL parsing. Read the docs to have more information about: https://cloud.google.com/data-catalog/docs/concepts/about-data-lineage
Default: False
include_external_url
boolean
Whether to populate BigQuery Console url to Datasets/Tables
Default: True
include_table_lineage
boolean
Option to enable/disable lineage generation. Is enabled by default.
Default: True
include_table_location_lineage
boolean
If the source supports it, include table lineage to the underlying storage location.
Default: True
include_tables
boolean
Whether tables should be ingested.
Default: True
include_usage_statistics
boolean
Generate usage statistic
Default: True
include_views
boolean
Whether views should be ingested.
Default: True
incremental_lineage
boolean
When enabled, emits lineage as incremental to existing lineage already in DataHub. When disabled, re-states lineage on each run.
Default: True
lineage_parse_view_ddl
boolean
Sql parse view ddl to get lineage.
Default: True
lineage_sql_parser_use_raw_names
boolean
This parameter ignores the lowercase pattern stipulated in the SQLParser. NOTE: Ignored if lineage_use_sql_parser is False.
Default: False
lineage_use_sql_parser
boolean
Use sql parser to resolve view/table lineage. Only invoked on tables with both upstream tables and views. Used to distinguish between direct/base objects accessed, to only emit upstream lineage for directly accessed objects.
Default: True
log_page_size
integer
The number of log item will be queried per page for lineage collection
Default: 1000
match_fully_qualified_names
boolean
Whether dataset_pattern is matched against fully qualified dataset name <project_id>.<dataset_name>.
Default: False
max_query_duration
number(time-delta)
Correction to pad start_time and end_time with. For handling the case where the read happens within our time range but the query completion event is delayed and happens after the configured end time.
Default: 900.0
number_of_datasets_process_in_batch_if_profiling_enabled
integer
Number of partitioned table queried in batch when getting metadata. This is a low level config property which should be touched with care. This restriction is needed because we query partitions system view which throws error if we try to touch too many tables.
Default: 200
options
object
Any options specified here will be passed to SQLAlchemy.create_engine as kwargs.
platform_instance
string
The instance of the platform that all assets produced by this recipe belong to
project_id
string
[deprecated] Use project_id_pattern or project_ids instead.
project_ids
array(string)
project_on_behalf
string
[Advanced] The BigQuery project in which queries are executed. Will be passed when creating a job. If not passed, falls back to the project associated with the service account.
rate_limit
boolean
Should we rate limit requests made to API.
Default: False
requests_per_min
integer
Used to control number of API calls made per min. Only used when rate_limit is set to True.
Default: 60
scheme
string
Default: bigquery
sharded_table_pattern
string
The regex pattern to match sharded tables and group as one table. This is a very low level config parameter, only change if you know what you are doing,
Default: ((.+)[_$])?(\d{8})$
sql_parser_use_external_process
boolean
When enabled, sql parser will run in isolated in a separate process. This can affect processing time but can protect from sql parser's mem leak.
Default: False
start_time
string(date-time)
Earliest date of usage to consider. Default: Last full day in UTC (or hour, depending on bucket_duration)
store_last_lineage_extraction_timestamp
boolean
Enable checking last lineage extraction date in store.
Default: False
store_last_profiling_timestamps
boolean
Enable storing last profile timestamp in store.
Default: False
store_last_usage_extraction_timestamp
boolean
Enable checking last usage timestamp in store.
Default: True
temp_table_dataset_prefix
string
If you are creating temp tables in a dataset with a particular prefix you can use this config to set the prefix for the dataset. This is to support workflows from before bigquery's introduction of temp tables. By default we use _ because of datasets that begin with an underscore are hidden by default https://cloud.google.com/bigquery/docs/datasets#dataset-naming.
Default: _
upstream_lineage_in_report
boolean
Useful for debugging lineage information. Set to True to see the raw lineage created internally.
Default: False
use_date_sharded_audit_log_tables
boolean
Whether to read date sharded tables or time partitioned tables when extracting usage from exported audit logs.
Default: False
use_exported_bigquery_audit_metadata
boolean
When configured, use BigQueryAuditMetadata in bigquery_audit_metadata_datasets to compute lineage information.
Default: False
env
string
The environment that all assets produced by this connector belong to
Default: PROD
credential
BigQueryCredential
BigQuery credential informations
credential.client_email 
string
Client email
credential.client_id 
string
Client Id
credential.private_key 
string
Private key in a form of '-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n'
credential.private_key_id 
string
Private key id
credential.project_id 
string
Project id to set the credentials
credential.auth_provider_x509_cert_url
string
Auth provider x509 certificate url
credential.auth_uri
string
Authentication uri
credential.client_x509_cert_url
string
If not set it will be default to https://www.googleapis.com/robot/v1/metadata/x509/client_email
credential.token_uri
string
Token uri
credential.type
string
Authentication type
Default: service_account
dataset_pattern
AllowDenyPattern
Regex patterns for dataset to filter in ingestion. Specify regex to only match the schema name. e.g. to match all tables in schema analytics, use the regex 'analytics'
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
dataset_pattern.allow
array(string)
dataset_pattern.deny
array(string)
dataset_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
domain
map(str,AllowDenyPattern)
A class to store allow deny regexes
domain.key.allow
array(string)
domain.key.deny
array(string)
domain.key.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
profile_pattern
AllowDenyPattern
Regex patterns to filter tables (or specific columns) for profiling during ingestion. Note that only tables allowed by the table_pattern will be considered.
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
profile_pattern.allow
array(string)
profile_pattern.deny
array(string)
profile_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
project_id_pattern
AllowDenyPattern
Regex patterns for project_id to filter in ingestion.
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
project_id_pattern.allow
array(string)
project_id_pattern.deny
array(string)
project_id_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
schema_pattern
AllowDenyPattern
Regex patterns for schemas to filter in ingestion. Specify regex to only match the schema name. e.g. to match all tables in schema analytics, use the regex 'analytics'
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
schema_pattern.allow
array(string)
schema_pattern.deny
array(string)
schema_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
table_pattern
AllowDenyPattern
Regex patterns for tables to filter in ingestion. Specify regex to match the entire table name in database.schema.table format. e.g. to match all tables starting with customer in Customer database and public schema, use the regex 'Customer.public.customer.*'
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
table_pattern.allow
array(string)
table_pattern.deny
array(string)
table_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
usage
BigQueryUsageConfig
Usage related configs
Default: {'bucket_duration': 'DAY', 'end_time': '2023-07-11...
usage.apply_view_usage_to_tables
boolean
Whether to apply view's usage to its base tables. If set to False, uses sql parser and applies usage to views / tables mentioned in the query. If set to True, usage is applied to base tables only.
Default: False
usage.bucket_duration
Enum
Size of the time window to aggregate usage stats.
Default: DAY
usage.end_time
string(date-time)
Latest date of usage to consider. Default: Current time in UTC
usage.format_sql_queries
boolean
Whether to format sql queries
Default: False
usage.include_operational_stats
boolean
Whether to display operational stats.
Default: True
usage.include_read_operational_stats
boolean
Whether to report read operational stats. Experimental.
Default: False
usage.include_top_n_queries
boolean
Whether to ingest the top_n_queries.
Default: True
usage.max_query_duration
number(time-delta)
Correction to pad start_time and end_time with. For handling the case where the read happens within our time range but the query completion event is delayed and happens after the configured end time.
Default: 900.0
usage.start_time
string(date-time)
Earliest date of usage to consider. Default: Last full day in UTC (or hour, depending on bucket_duration)
usage.top_n_queries
integer
Number of top queries to save to each table.
Default: 10
usage.user_email_pattern
AllowDenyPattern
regex patterns for user emails to filter in usage.
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
usage.user_email_pattern.allow
array(string)
usage.user_email_pattern.deny
array(string)
usage.user_email_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
view_pattern
AllowDenyPattern
Regex patterns for views to filter in ingestion. Note: Defaults to table_pattern if not specified. Specify regex to match the entire view name in database.schema.view format. e.g. to match all views starting with customer in Customer database and public schema, use the regex 'Customer.public.customer.*'
Default: {'allow': ['.*'], 'deny': [], 'ignoreCase': True}
view_pattern.allow
array(string)
view_pattern.deny
array(string)
view_pattern.ignoreCase
boolean
Whether to ignore case sensitivity during pattern matching.
Default: True
profiling
GEProfilingConfig
Default: {'enabled': False, 'limit': None, 'offset': None, ...
profiling.catch_exceptions
boolean
Default: True
profiling.enabled
boolean
Whether profiling should be done.
Default: False
profiling.field_sample_values_limit
integer
Upper limit for number of sample values to collect for all columns.
Default: 20
profiling.include_field_distinct_count
boolean
Whether to profile for the number of distinct values for each column.
Default: True
profiling.include_field_distinct_value_frequencies
boolean
Whether to profile for distinct value frequencies.
Default: False
profiling.include_field_histogram
boolean
Whether to profile for the histogram for numeric fields.
Default: False
profiling.include_field_max_value
boolean
Whether to profile for the max value of numeric columns.
Default: True
profiling.include_field_mean_value
boolean
Whether to profile for the mean value of numeric columns.
Default: True
profiling.include_field_median_value
boolean
Whether to profile for the median value of numeric columns.
Default: True
profiling.include_field_min_value
boolean
Whether to profile for the min value of numeric columns.
Default: True
profiling.include_field_null_count
boolean
Whether to profile for the number of nulls for each column.
Default: True
profiling.include_field_quantiles
boolean
Whether to profile for the quantiles of numeric columns.
Default: False
profiling.include_field_sample_values
boolean
Whether to profile for the sample values for all columns.
Default: True
profiling.include_field_stddev_value
boolean
Whether to profile for the standard deviation of numeric columns.
Default: True
profiling.limit
integer
Max number of documents to profile. By default, profiles all documents.
profiling.max_number_of_fields_to_profile
integer
A positive integer that specifies the maximum number of columns to profile for any table. None implies all columns. The cost of profiling goes up significantly as the number of columns to profile goes up.
profiling.max_workers
integer
Number of worker threads to use for profiling. Set to 1 to disable.
Default: 20
profiling.offset
integer
Offset in documents to profile. By default, uses no offset.
profiling.partition_datetime
string(date-time)
For partitioned datasets profile only the partition which matches the datetime or profile the latest one if not set. Only Bigquery supports this.
profiling.partition_profiling_enabled
boolean
Default: True
profiling.profile_if_updated_since_days
number
Profile table only if it has been updated since these many number of days. If set to null, no constraint of last modified time for tables to profile. Supported only in snowflake and BigQuery.
profiling.profile_table_level_only
boolean
Whether to perform profiling at table-level only, or include column-level profiling as well.
Default: False
profiling.profile_table_row_count_estimate_only
boolean
Use an approximate query for row count. This will be much faster but slightly less accurate. Only supported for Postgres.
Default: False
profiling.profile_table_row_limit
integer
Profile tables only if their row count is less then specified count. If set to null, no limit on the row count of tables to profile. Supported only in snowflake and BigQuery
Default: 5000000
profiling.profile_table_size_limit
integer
Profile tables only if their size is less then specified GBs. If set to null, no limit on the size of tables to profile. Supported only in snowflake and BigQuery
Default: 5
profiling.query_combiner_enabled
boolean
This feature is still experimental and can be disabled if it causes issues. Reduces the total number of queries issued and speeds up profiling by dynamically combining SQL queries where possible.
Default: True
profiling.report_dropped_profiles
boolean
Whether to report datasets or dataset columns which were not profiled. Set to True for debugging purposes.
Default: False
profiling.turn_off_expensive_profiling_metrics
boolean
Whether to turn off expensive profiling or not. This turns off profiling for quantiles, distinct_value_frequencies, histogram & sample_values. This also limits maximum number of fields being profiled to 10.
Default: False
stateful_ingestion
StatefulStaleMetadataRemovalConfig
Base specialized config for Stateful Ingestion with stale metadata removal capability.
stateful_ingestion.enabled
boolean
The type of the ingestion state provider registered with datahub.
Default: False
stateful_ingestion.ignore_new_state
boolean
If set to True, ignores the current checkpoint state.
Default: False
stateful_ingestion.ignore_old_state
boolean
If set to True, ignores the previous checkpoint state.
Default: False
stateful_ingestion.remove_stale_metadata
boolean
Soft-deletes the entities present in the last successful run but missing in the current run with stateful_ingestion enabled.
Default: True

Code Coordinates

  • Class Name: datahub.ingestion.source.bigquery_v2.bigquery.BigqueryV2Source
  • Browse on GitHub

Questions

If you've got any questions on configuring ingestion for BigQuery, feel free to ping us on our Slack.