datahub
datahub copied to clipboard
datahub-project
bigquery-beta shouldn't try to performance log based lineage when the recipe didn't enable lineage
I tried to run the bigquery-beta UI ingestion in v0.8.44 and granted my service account BigQuery User role in my project. I expected this to work because I didn't enable any lineage or profiling in my recipe.
But the ingestion failed with the following error. It would great if the ingestion don't try to read the logs for lineage so that we can minimize the permission that needs to be granted to the service account.
'[2022-09-21 18:20:19,907] INFO {datahub.ingestion.source.bigquery_v2.lineage:145} - Populating lineage info via GCP audit logs\n'
'[2022-09-21 18:20:19,959] INFO {datahub.ingestion.source.bigquery_v2.lineage:207} - Start loading log entries from BigQuery '
'start_time=2022-09-19T23:45:00Z and end_time=2022-09-21T18:35:06Z\n'
'[2022-09-21 18:20:20,316] ERROR {datahub.ingestion.source.bigquery_v2.lineage:79} - lineage-gcp-logs => Failed to get lineage gcp '
'logging. The error message was 403 POST https://logging.googleapis.com/v2/entries:list?prettyPrint=false: Permission '
"'logging.views.access' denied on resource (or it may not exist). [{'@type': 'type.googleapis.com/google.rpc.ErrorInfo', 'reason': "
"'IAM_PERMISSION_DENIED', 'domain': 'iam.googleapis.com', 'metadata': {'permission': 'logging.views.access'}}]\n"
'[2022-09-21 18:20:20,317] INFO {datahub.ingestion.source.bigquery_v2.lineage:433} - Built lineage map containing 0 entries.\n'
Recipe yaml with credential section removed and project id redacted:
source:
type: bigquery-beta
config:
credential:
...
project_id: "some project id"
stateful_ingestion:
enabled: true
This is a bug that will be addressed with the next release.
Great! Thank you @treff7es
@jinlintt the fixes for this bug have been released, so I'm closing the issue now.
