--- title: Run Datalake Connector using the CLI slug: /connectors/database/datalake/cli --- # Run Datalake using the metadata CLI {% multiTablesWrapper %} | Feature | Status | | :----------------- | :--------------------------- | | Stage | PROD | | Metadata | {% icon iconName="check" /%} | | Query Usage | {% icon iconName="cross" /%} | | Data Profiler | {% icon iconName="check" /%} | | Data Quality | {% icon iconName="check" /%} | | Lineage | {% icon iconName="cross" /%} | | DBT | {% icon iconName="check" /%} | | Supported Versions | -- | | Feature | Status | | :----------- | :--------------------------- | | Lineage | {% icon iconName="cross" /%} | | Table-level | {% icon iconName="cross" /%} | | Column-level | {% icon iconName="cross" /%} | {% /multiTablesWrapper %} In this section, we provide guides and references to use the Datalake connector. Configure and schedule Datalake metadata and profiler workflows from the OpenMetadata UI: - [Requirements](#requirements) - [Metadata Ingestion](#metadata-ingestion) - [dbt Integration](#dbt-integration) ## Requirements {%inlineCallout icon="description" bold="OpenMetadata 0.12 or later" href="/deployment"%} To deploy OpenMetadata, check the Deployment guides. {%/inlineCallout%} To run the Ingestion via the UI you'll need to use the OpenMetadata Ingestion Container, which comes shipped with custom Airflow plugins to handle the workflow deployment. **Note:** Datalake connector supports extracting metadata from file types `JSON`, `CSV`, `TSV` & `Parquet`. ### S3 Permissions To execute metadata extraction AWS account should have enough access to fetch required data. The Bucket Policy in AWS requires at least these permissions: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::", "arn:aws:s3:::/*" ] } ] } ``` ### ADLS Permissions To extract metadata from Azure ADLS (Storage Account - StorageV2), you will need an **App Registration** with the following permissions on the Storage Account: - Storage Blob Data Contributor - Storage Queue Data Contributor ### Python Requirements If running OpenMetadata version greater than 0.13, you will need to install the Datalake ingestion for GCS or S3: #### S3 installation ```bash pip3 install "openmetadata-ingestion[datalake-s3]" ``` #### GCS installation ```bash pip3 install "openmetadata-ingestion[datalake-gcs]" ``` #### Azure installation ```bash pip3 install "openmetadata-ingestion[datalake-azure]" ``` #### If version <0.13 You will be installing the requirements together for S3 and GCS ```bash pip3 install "openmetadata-ingestion[datalake]" ``` ## Metadata Ingestion All connectors are defined as JSON Schemas. Here you can find the structure to create a connection to Datalake. In order to create and run a Metadata Ingestion workflow, we will follow the steps to create a YAML configuration able to connect to the source, process the Entities if needed, and reach the OpenMetadata server. The workflow is modeled around the following JSON Schema. ## 1. Define the YAML Config #### Source Configuration - Source Config using AWS S3 ### This is a sample config for Datalake using AWS S3: {% codePreview %} {% codeInfoContainer %} #### Source Configuration - Service Connection {% codeInfo srNumber=1 %} * **awsAccessKeyId**: Enter your secure access key ID for your DynamoDB connection. The specified key ID should be authorized to read all databases you want to include in the metadata ingestion workflow. * **awsSecretAccessKey**: Enter the Secret Access Key (the passcode key pair to the key ID from above). * **awsRegion**: Specify the region in which your DynamoDB is located. This setting is required even if you have configured a local AWS profile. * **schemaFilterPattern** and **tableFilternPattern**: Note that the `schemaFilterPattern` and `tableFilterPattern` both support regex as `include` or `exclude`. E.g., {% /codeInfo %} #### Source Configuration - Source Config {% codeInfo srNumber=2 %} The `sourceConfig` is defined [here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/databaseServiceMetadataPipeline.json): **markDeletedTables**: To flag tables as soft-deleted if they are not present anymore in the source system. **includeTables**: true or false, to ingest table data. Default is true. **includeViews**: true or false, to ingest views definitions. **databaseFilterPattern**, **schemaFilterPattern**, **tableFilternPattern**: Note that the filter supports regex as include or exclude. You can find examples [here](/connectors/ingestion/workflows/metadata/filter-patterns/database) {% /codeInfo %} #### Sink Configuration {% codeInfo srNumber=3 %} To send the metadata to OpenMetadata, it needs to be specified as `type: metadata-rest`. {% /codeInfo %} #### Workflow Configuration {% codeInfo srNumber=4 %} The main property here is the `openMetadataServerConfig`, where you can define the host and security provider of your OpenMetadata installation. For a simple, local installation using our docker containers, this looks like: {% /codeInfo %} {% /codeInfoContainer %} {% codeBlock fileName="filename.yaml" %} ```yaml source: type: datalake serviceName: local_datalake serviceConnection: config: type: Datalake ``` ```yaml {% srNumber=1 %} configSource: securityConfig: awsAccessKeyId: aws access key id awsSecretAccessKey: aws secret access key awsRegion: aws region bucketName: bucket name prefix: prefix ``` ```yaml {% srNumber=2 %} sourceConfig: config: type: DatabaseMetadata markDeletedTables: true includeTables: true includeViews: true # includeTags: true # databaseFilterPattern: # includes: # - database1 # - database2 # excludes: # - database3 # - database4 # schemaFilterPattern: # includes: # - schema1 # - schema2 # excludes: # - schema3 # - schema4 # tableFilterPattern: # includes: # - users # - type_test # excludes: # - table3 # - table4 ``` ```yaml {% srNumber=3 %} sink: type: metadata-rest config: {} ``` ```yaml {% srNumber=4 %} workflowConfig: openMetadataServerConfig: hostPort: "http://localhost:8585/api" authProvider: openmetadata securityConfig: jwtToken: "{bot_jwt_token}" ``` {% /codeBlock %} {% /codePreview %} ### This is a sample config for Datalake using GCS: {% codePreview %} {% codeInfoContainer %} #### Source Configuration - Service Connection {% codeInfo srNumber=5 %} * **type**: Credentials type, e.g. `service_account`. * **projectId** * **privateKey** * **privateKeyId** * **clientEmail** * **clientId** * **authUri**: [https://accounts.google.com/o/oauth2/auth](https://accounts.google.com/o/oauth2/auth) by default * **tokenUri**: [https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) by default * **authProviderX509CertUrl**: [https://www.googleapis.com/oauth2/v1/certs](https://www.googleapis.com/oauth2/v1/certs) by default * **clientX509CertUrl** * **bucketName**: name of the bucket in GCS * **Prefix**: prefix in gcs bucket {% /codeInfo %} #### Source Configuration - Source Config {% codeInfo srNumber=6 %} The `sourceConfig` is defined [here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/databaseServiceMetadataPipeline.json): **markDeletedTables**: To flag tables as soft-deleted if they are not present anymore in the source system. **includeTables**: true or false, to ingest table data. Default is true. **includeViews**: true or false, to ingest views definitions. **databaseFilterPattern**, **schemaFilterPattern**, **tableFilternPattern**: Note that the filter supports regex as include or exclude. You can find examples [here](/connectors/ingestion/workflows/metadata/filter-patterns/database) {% /codeInfo %} #### Sink Configuration {% codeInfo srNumber=7 %} To send the metadata to OpenMetadata, it needs to be specified as `type: metadata-rest`. {% /codeInfo %} #### Workflow Configuration {% codeInfo srNumber=8 %} The main property here is the `openMetadataServerConfig`, where you can define the host and security provider of your OpenMetadata installation. For a simple, local installation using our docker containers, this looks like: {% /codeInfo %} {% /codeInfoContainer %} {% codeBlock fileName="filename.yaml" %} ```yaml source: type: datalake serviceName: local_datalake serviceConnection: config: type: Datalake configSource: securityConfig: ``` ```yaml {% srNumber=5 %} gcsConfig: type: type of account projectId: project id privateKeyId: private key id privateKey: private key clientEmail: client email clientId: client id authUri: https://accounts.google.com/o/oauth2/auth tokenUri: https://oauth2.googleapis.com/token authProviderX509CertUrl: https://www.googleapis.com/oauth2/v1/certs clientX509CertUrl: clientX509 Certificate Url bucketName: bucket name prefix: prefix ``` ```yaml {% srNumber=6 %} sourceConfig: config: type: DatabaseMetadata markDeletedTables: true includeTables: true includeViews: true # includeTags: true # databaseFilterPattern: # includes: # - database1 # - database2 # excludes: # - database3 # - database4 # schemaFilterPattern: # includes: # - schema1 # - schema2 # excludes: # - schema3 # - schema4 # tableFilterPattern: # includes: # - users # - type_test # excludes: # - table3 # - table4 ``` ```yaml {% srNumber=7 %} sink: type: metadata-rest config: {} ``` ```yaml {% srNumber=8 %} workflowConfig: openMetadataServerConfig: hostPort: "http://localhost:8585/api" authProvider: openmetadata securityConfig: jwtToken: "{bot_jwt_token}" ``` {% /codeBlock %} {% /codePreview %} ### This is a sample config for Datalake using Azure: {% codePreview %} {% codeInfoContainer %} #### Source Configuration - Service Connection {% codeInfo srNumber=9 %} - **Client ID** : Client ID of the data storage account - **Client Secret** : Client Secret of the account - **Tenant ID** : Tenant ID under which the data storage account falls - **Account Name** : Account Name of the data Storage {% /codeInfo %} #### Source Configuration - Source Config {% codeInfo srNumber=10 %} The `sourceConfig` is defined [here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/databaseServiceMetadataPipeline.json): **markDeletedTables**: To flag tables as soft-deleted if they are not present anymore in the source system. **includeTables**: true or false, to ingest table data. Default is true. **includeViews**: true or false, to ingest views definitions. **databaseFilterPattern**, **schemaFilterPattern**, **tableFilternPattern**: Note that the filter supports regex as include or exclude. You can find examples [here](/connectors/ingestion/workflows/metadata/filter-patterns/database) {% /codeInfo %} #### Sink Configuration {% codeInfo srNumber=11 %} To send the metadata to OpenMetadata, it needs to be specified as `type: metadata-rest`. {% /codeInfo %} #### Workflow Configuration {% codeInfo srNumber=12 %} The main property here is the `openMetadataServerConfig`, where you can define the host and security provider of your OpenMetadata installation. For a simple, local installation using our docker containers, this looks like: {% /codeInfo %} {% /codeInfoContainer %} {% codeBlock fileName="filename.yaml" %} ```yaml # Datalake with Azure source: type: datalake serviceName: local_datalake serviceConnection: config: type: Datalake configSource: ``` ```yaml {% srNumber=9 %} securityConfig: clientId: client-id clientSecret: client-secret tenantId: tenant-id accountName: account-name prefix: prefix ``` ```yaml {% srNumber=10 %} sourceConfig: config: type: DatabaseMetadata markDeletedTables: true includeTables: true includeViews: true # includeTags: true # databaseFilterPattern: # includes: # - database1 # - database2 # excludes: # - database3 # - database4 # schemaFilterPattern: # includes: # - schema1 # - schema2 # excludes: # - schema3 # - schema4 # tableFilterPattern: # includes: # - users # - type_test # excludes: # - table3 # - table4 ``` ```yaml {% srNumber=11 %} sink: type: metadata-rest config: {} ``` ```yaml {% srNumber=12 %} workflowConfig: openMetadataServerConfig: hostPort: "http://localhost:8585/api" authProvider: openmetadata securityConfig: jwtToken: "{bot_jwt_token}" ``` {% /codeBlock %} {% /codePreview %} ### Workflow Configs for Security Provider We support different security providers. You can find their definitions [here](https://github.com/open-metadata/OpenMetadata/tree/main/openmetadata-spec/src/main/resources/json/schema/security/client). ## Openmetadata JWT Auth - JWT tokens will allow your clients to authenticate against the OpenMetadata server. To enable JWT Tokens, you will get more details [here](/deployment/security/enable-jwt-tokens). ```yaml workflowConfig: openMetadataServerConfig: hostPort: "http://localhost:8585/api" authProvider: openmetadata securityConfig: jwtToken: "{bot_jwt_token}" ``` - You can refer to the JWT Troubleshooting section [link](/deployment/security/jwt-troubleshooting) for any issues in your JWT configuration. If you need information on configuring the ingestion with other security providers in your bots, you can follow this doc [link](/deployment/security/workflow-config-auth). ### 2. Run with the CLI First, we will need to save the YAML file. Afterward, and with all requirements installed, we can run: ```bash metadata ingest -c ``` Note that from connector to connector, this recipe will always be the same. By updating the YAML configuration, you will be able to extract metadata from different sources. ## dbt Integration You can learn more about how to ingest dbt models' definitions and their lineage [here](/connectors/ingestion/workflows/dbt).