- Service Account
- Application Default
- Refresh Token (OAuth)
Service Account
Setting | Description |
---|---|
Service Account Key Path | The path to the service account key JSON file. The key must be present and readable at the path and on every driver node. QueryGrid must have read access to the key. The Service Account Key Path property is mutually exclusive from the Service Account Key parameter. |
Service Account Key | The contents of the service account key JSON file can be placed in this property. The key is redacted from Viewpoint and logs. The Service Account Key property is mutually exclusive from the Service Account Key Path parameter. |
{ "type": "service_account", "project_id": "9999xyz", "private_key_id": "9999fe35b147fa097777461661d741cf616c57b8f386", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEBBoIJKOD/exGQ3gBrdQBY\n/vLPhTH8oLTgsK/v5wHQpJoqOxNLQ87YYj8lz1xyaNByWGtpKvXleIGKVXGUCD6V\nohZp4bSKOmH4kXad6sUMawFvPh93L4SyvsnfvhyGE3u+e6peABntBVL+g57GOs4C\nUAV3IcM2K+TpGZb6EpuY+y+z3iZ6/j0V5SRBo8DGLuv2DsKUWehu6+DGdE7OLxGd\n7E7wNuNd08TUjdatIqi9ynbxgzqWY0nRO+7zsaJX2TJXe8R9GGxdWEoKOatDHPCY\naouDHqTVlkbwxSSkBb7rPArmvkkYoMemfSBEYbhKD9Qe16eKL7nkIKVVmDBmLWf0\niBFC3yLNAgMBAAECggEAAW7/yACMKux1VDU/HCP4e9Zi2aEjsBLKsK/gIkYkSYFN\nyyZGfWylWeCZruwlNw8F8vHesRUdWekLOZOSbLiD4YUOYWNgFU6XVcB3V53fc8T8\npASe/k3Yvig8hPCSwKFqOvFkmFiOl8KuSCt73v3MYwYbxfhVvl7lS1VAxi1ORx1y\nMVeX062qffDg8zHQQ1b1Om6WaaRr7oYgsecra9fm26nh6YV8uIelAU6LJ7ecw1B1\nhaZaLjpsJMMtquOGvLlPZDsPKYlIF2je/IMbhnCG40dh4MRlwKRuDvBF86Lgr3Wk\nViPeoHiyLyst2mr0V1qXZjMleZLt540HsTfvguhbAQKBgQDi1feEnp3pFiuwXjUP\nUAa50A2gIeZvq5CYQo586ilQ8gOwjbQXXE1AbyTh5OCrYcs78wTdl8KYaa4O4w6O\nmHSAXWvdQdL6vPEpoMTSZArH9m878FKQ2AIVW+Ql4XKMFQEBH0Sao0e+3LdBBXM+\nl0EKn26XYvvtVA/YKqJ87gjuzwKBgQDYGW5nq0mUahSB0NflcqT5Bp3P08Vl8j19\ng8j0oCU0vB9Bzh7WnHgVuVEq04n2Br0u2s1qy55/OacWjNjiSMofXqUW6Ctn0Myd\nM8W0I+uEoA4XcgsAeMnnzW5i+x++k80ZbK2v4tiWtxHH1MwDkhkTB4qScQIZbc1C\nyhdJG9zbowKBgQDDNDqzKATgZzHlrsyehtGi6cYv/bxecRgXz37rRF+Vxw8hynAm\ngkoAnyTwOJSXJ6tLxdB0GXteyeL98KvATrZDGSIP3+t910b5+d4m5+zXM915iVCk\nUR9J3jAx4RdAMXsRyiSxpr3BJBOXoucP//369ESphociL2sLLXVzaSzKxQKBgBUt\n0OM6J1jzWJUseaxUIxUA8ACJWcRXDG27t7s54subUFjrsZwI87/1TJ4s402IdYwd\nB5ra3+rKJLUSEsOCrMSMSxPGp1JiZVtW0p6IErIJ2be0hp2COQ+N067Bu+e6ppRC\nUXd2fRGwWX7DPUdwTyLNT2hwyOrjFwXfto6Eu42PAoGAAZ5ntTJXNin4jRD1vnn8\nI5FxkegjnQgoSrX4dGAiieqxdSry1wcJZ7C/jCcmlGbLXcaHae7xmgMW6X8peiIW\nB04bCr2oOs+Em8RnqavwaexPGzbBmi7zqyjGLnoWUCxnRRl5jAU/qPzaIftD1XzR\noNZF8KEf3Xbr0C1VL5MbhJk=\n-----END PRIVATE KEY-----\n", "client_email": "xyz@xyz.iam.gserviceaccount.com", "client_id": "123456789012345678901234", "auth_uri": "9999https://xyz.google.com/o/oauth2/auth", "token_uri": "https://xyz.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/sa-uda-querygrid-000%40uda-querygrid.iam.gserviceaccount.com" }
Application Default
Google Cloud can associate credentials with a virtual machine (VM). By selecting the Application Default authentication mechanism, QueryGrid can use the credentials provided to the Google Cloud Compute instance. The Application Default mechanism uses the Service Account credentials associated to the resource (such as the VM instance in Google Cloud) that is running the driver that accesses BigQuery. Application Default credentials is only applicable when the VM container is on Google Cloud.
Application Default is not intended for use when running the QueryGrid BigQuery connector driver on-premises or on other cloud platforms. The authentication mechanism does not depend on any additional connector properties. BigQuery connector settings use the Application Default as the default mechanism to access the data source.
Refresh Token (OAuth)
Setting | Description |
---|---|
Client Id | The Authorization Object Client ID used with a refresh token |
Client Secret | The OAuth Client Secret used with a refresh token |
OAuth Refresh Token | The Refresh Token used with OAuth Authentication |
{clientSecret}{singlespace}{refreshToken} e.g. "testsecret123 testtoken456"