Tableau Connector for Google Data Catalog

Build 21.0.7930

Configuring a Connection

The connector comes with a connection builder which allows you to build and test your connection settings outside of Tableau. It also allows you to create a connection string, which can be used to provide options not listed in the connection dialog in Tableau.

Configuring a Connection Builder

There are two ways to access the connection builder:

  • On Windows, there will be a shortcut called Connection Builder in the start menu, under the CData Google Data Catalog Tableau Data Connector folder.
  • The connection builder can also be started by going to the driver install directory and running the .jar file in the lib directory.

In the connection builder, you can set values for connection properties and click the Test Connection button to validate that they work. You can also use the Copy to Clipboard button to save the connection string for use with Tableau.

Connecting to Google Data Catalog

Provide the following connection properties before adding the authentication properties.

  • OrganizationId: The ID associated with the Google Cloud Platform organization resource you would like to connect to. Find this by navigating to the cloud console.
    Click the project selection drop-down, and select your organization from the list. Then, click More -> Settings. The organization ID is displayed on this page.
  • ProjectId The ID associated with the Google Cloud Platform project resource you would like to connect to.
    Find this by navigating to the cloud console dashboard and selecting your project from the Select from drop-down. The project ID will be present in the Project info card.

Authenticating to Google Data Catalog

All connections to Google Data Catalog are authenticated using OAuth. The connector supports using user accounts, service accounts and GCP instance accounts for authentication.

Authenticate with a User Account

AuthScheme must be set to OAuth in all of the user account flows. For desktop applications, the connector's default application is the simplest way to authenticate. The only additional requirement is to set InitiateOAuth to GETANDREFRESH.

When the driver starts, it will open a browser and Google Data Catalog will request your login information. The connector will use the credentials you provide to access your Google Data Catalog data. These credentials will be saved and automatically refreshed as needed.

See Using OAuth Authentication for a authentication guide covering all the supported methods in detail.

Authenticate with a Service Account

To authenticate using a service account, you must create a new service account and have a copy of the accounts certificate.

For a JSON file, you will need to set these properties:

  • AuthScheme: Required. Set this to OAuthJWT.
  • InitiateOAuth: Required. Set this to GETANDREFRESH.
  • OAuthJWTCertType: Required. Set this to GOOGLEJSON.
  • OAuthJWTCert: Required. Set this to the path to the .json file provided by Google.
  • OAuthJWTSubject: Optional. Only set this value if the service account is part of a GSuite domain and you want to enable delegation. The value of this property should be the email address of the user whose data you want to access.

For a PFX file, you will need to set these properties instead:

  • AuthScheme: Required. Set this to OAuthJWT.
  • InitiateOAuth: Required. Set this to GETANDREFRESH.
  • OAuthJWTCertType: Required. Set this to PFXFILE.
  • OAuthJWTCert: Required. Set this to the path to the .pfx file provided by Google.
  • OAuthJWTCertPassword: Optional. Set this to the .pfx file password. In most cases this will need to be provided since Google encrypts PFX certificates.
  • OAuthJWTCertSubject: Optional. Set this only if you are using a OAuthJWTCertType which stores multiple certificates. Should not be set for PFX certificates generated by Google.
  • OAuthJWTIssuer: Required. Set this to the email address of the service account. This address will usually include the domain iam.gserviceaccount.com.
  • OAuthJWTSubject: Optional. Only set this value if the service account is part of a GSuite domain and you want to enable delegation. The value of this property should be the email address of the user whose data you want to access.

If you do not already have a service account, you can create one by following the procedure in Creating a Custom OAuth App.

Authenticate with a GCP Instance Account

When running on a GCP virtual machine, the connector can authenticate using a service account tied to the virtual machine. To use this mode, set AuthScheme to GCPInstanceAccount.

Next Step

See Getting Data for the next step, which includes authenticating to the Google Data Catalog APIs.

Copyright (c) 2021 CData Software, Inc. - All rights reserved.
Build 21.0.7930