mirror of
				https://github.com/open-metadata/OpenMetadata.git
				synced 2025-10-26 00:04:52 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			269 lines
		
	
	
		
			7.6 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			269 lines
		
	
	
		
			7.6 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| title: Run Glue Pipeline Connector using the CLI
 | |
| slug: /connectors/pipeline/glue-pipeline/cli
 | |
| ---
 | |
| 
 | |
| # Run Glue Pipeline using the metadata CLI
 | |
| 
 | |
| In this section, we provide guides and references to use the Glue connector.
 | |
| 
 | |
| Configure and schedule Glue metadata and profiler workflows from the OpenMetadata UI:
 | |
| - [Requirements](#requirements)
 | |
| - [Metadata Ingestion](#metadata-ingestion)
 | |
| 
 | |
| ## Requirements
 | |
| 
 | |
| <InlineCallout color="violet-70" icon="description" bold="OpenMetadata 0.12 or later" href="/deployment">
 | |
| To deploy OpenMetadata, check the <a href="/deployment">Deployment</a> guides.
 | |
| </InlineCallout>
 | |
| 
 | |
| To run the Ingestion via the UI you'll need to use the OpenMetadata Ingestion Container, which comes shipped with
 | |
| custom Airflow plugins to handle the workflow deployment.
 | |
| 
 | |
| ### Python Requirements
 | |
| 
 | |
| To run the Glue ingestion, you will need to install:
 | |
| 
 | |
| ```bash
 | |
| pip3 install "openmetadata-ingestion[glue]"
 | |
| ```
 | |
| 
 | |
| ## Metadata Ingestion
 | |
| 
 | |
| All connectors are defined as JSON Schemas.
 | |
| [Here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/glueConnection.json)
 | |
| you can find the structure to create a connection to Glue.
 | |
| 
 | |
| In order to create and run a Metadata Ingestion workflow, we will follow
 | |
| the steps to create a YAML configuration able to connect to the source,
 | |
| process the Entities if needed, and reach the OpenMetadata server.
 | |
| 
 | |
| The workflow is modeled around the following
 | |
| [JSON Schema](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/workflow.json)
 | |
| 
 | |
| ### 1. Define the YAML Config
 | |
| 
 | |
| This is a sample config for Glue:
 | |
| 
 | |
| ```yaml
 | |
| source:
 | |
|   type: glue-pipeline
 | |
|   serviceName: local_glue
 | |
|   serviceConnection:
 | |
|     config:
 | |
|       type: GluePipeline
 | |
|       awsConfig:
 | |
|         awsAccessKeyId: KEY
 | |
|         awsSecretAccessKey: SECRET
 | |
|         awsRegion: us-east-2
 | |
|         # endPointURL: https://glue.us-east-2.amazonaws.com/
 | |
|         # awsSessionToken: TOKEN
 | |
|   sourceConfig:
 | |
|     config:
 | |
|       type: PipelineMetadata
 | |
|       # includeLineage: true
 | |
|       # pipelineFilterPattern:
 | |
|       #   includes:
 | |
|       #     - pipeline1
 | |
|       #     - pipeline2
 | |
|       #   excludes:
 | |
|       #     - pipeline3
 | |
|       #     - pipeline4
 | |
| sink:
 | |
|   type: metadata-rest
 | |
|   config: {}
 | |
| workflowConfig:
 | |
|   # loggerLevel: DEBUG  # DEBUG, INFO, WARN or ERROR
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: <OpenMetadata host and port>
 | |
|     authProvider: <OpenMetadata auth provider>
 | |
| 
 | |
| ```
 | |
| 
 | |
| #### Source Configuration - Service Connection
 | |
| 
 | |
| 
 | |
| - **awsAccessKeyId**: Enter your secure access key ID for your Glue connection. The specified key ID should be
 | |
|   authorized to read all databases you want to include in the metadata ingestion workflow.
 | |
| - **awsSecretAccessKey**: Enter the Secret Access Key (the passcode key pair to the key ID from above).
 | |
| - **awsRegion**: Enter the location of the amazon cluster that your data and account are associated with.
 | |
| - **awsSessionToken**: The AWS session token is an optional parameter. If you want, enter the details of your temporary
 | |
|   session token.
 | |
| - **endPointURL**: Your Glue connector will automatically determine the AWS Glue endpoint URL based on the region. You
 | |
|   may override this behavior by entering a value to the endpoint URL.
 | |
| 
 | |
| #### Source Configuration - Source Config
 | |
| 
 | |
| The `sourceConfig` is defined [here](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-spec/src/main/resources/json/schema/metadataIngestion/pipelineServiceMetadataPipeline.json):
 | |
| 
 | |
| - `dbServiceName`: Database Service Name for the creation of lineage, if the source supports it.
 | |
| - `pipelineFilterPattern` and `chartFilterPattern`: Note that the `pipelineFilterPattern` and `chartFilterPattern` both support regex as include or exclude. E.g.,
 | |
| 
 | |
| ```yaml
 | |
| pipelineFilterPattern:
 | |
|   includes:
 | |
|     - users
 | |
|     - type_test
 | |
| ```
 | |
| 
 | |
| #### Sink Configuration
 | |
| 
 | |
| To send the metadata to OpenMetadata, it needs to be specified as `type: metadata-rest`.
 | |
| 
 | |
| #### Workflow Configuration
 | |
| 
 | |
| The main property here is the `openMetadataServerConfig`, where you can define the host and security provider of your OpenMetadata installation.
 | |
| 
 | |
| For a simple, local installation using our docker containers, this looks like:
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: openmetadata
 | |
|     securityConfig:
 | |
|       jwtToken: '{bot_jwt_token}'
 | |
| ```
 | |
| 
 | |
| We support different security providers. You can find their definitions [here](https://github.com/open-metadata/OpenMetadata/tree/main/openmetadata-spec/src/main/resources/json/schema/security/client).
 | |
| You can find the different implementation of the ingestion below.
 | |
| 
 | |
| <Collapse title="Configure SSO in the Ingestion Workflows">
 | |
| 
 | |
| ### Openmetadata JWT Auth
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: openmetadata
 | |
|     securityConfig:
 | |
|       jwtToken: '{bot_jwt_token}'
 | |
| ```
 | |
| 
 | |
| ### Auth0 SSO
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: auth0
 | |
|     securityConfig:
 | |
|       clientId: '{your_client_id}'
 | |
|       secretKey: '{your_client_secret}'
 | |
|       domain: '{your_domain}'
 | |
| ```
 | |
| 
 | |
| ### Azure SSO
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: azure
 | |
|     securityConfig:
 | |
|       clientSecret: '{your_client_secret}'
 | |
|       authority: '{your_authority_url}'
 | |
|       clientId: '{your_client_id}'
 | |
|       scopes:
 | |
|         - your_scopes
 | |
| ```
 | |
| 
 | |
| ### Custom OIDC SSO
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: custom-oidc
 | |
|     securityConfig:
 | |
|       clientId: '{your_client_id}'
 | |
|       secretKey: '{your_client_secret}'
 | |
|       domain: '{your_domain}'
 | |
| ```
 | |
| 
 | |
| ### Google SSO
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: google
 | |
|     securityConfig:
 | |
|       secretKey: '{path-to-json-creds}'
 | |
| ```
 | |
| 
 | |
| ### Okta SSO
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: http://localhost:8585/api
 | |
|     authProvider: okta
 | |
|     securityConfig:
 | |
|       clientId: "{CLIENT_ID - SPA APP}"
 | |
|       orgURL: "{ISSUER_URL}/v1/token"
 | |
|       privateKey: "{public/private keypair}"
 | |
|       email: "{email}"
 | |
|       scopes:
 | |
|         - token
 | |
| ```
 | |
| 
 | |
| ### Amazon Cognito SSO
 | |
| 
 | |
| The ingestion can be configured by [Enabling JWT Tokens](https://docs.open-metadata.org/deployment/security/enable-jwt-tokens)
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: auth0
 | |
|     securityConfig:
 | |
|       clientId: '{your_client_id}'
 | |
|       secretKey: '{your_client_secret}'
 | |
|       domain: '{your_domain}'
 | |
| ```
 | |
| 
 | |
| ### OneLogin SSO
 | |
| 
 | |
| Which uses Custom OIDC for the ingestion
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: custom-oidc
 | |
|     securityConfig:
 | |
|       clientId: '{your_client_id}'
 | |
|       secretKey: '{your_client_secret}'
 | |
|       domain: '{your_domain}'
 | |
| ```
 | |
| 
 | |
| ### KeyCloak SSO
 | |
| 
 | |
| Which uses Custom OIDC for the ingestion
 | |
| 
 | |
| ```yaml
 | |
| workflowConfig:
 | |
|   openMetadataServerConfig:
 | |
|     hostPort: 'http://localhost:8585/api'
 | |
|     authProvider: custom-oidc
 | |
|     securityConfig:
 | |
|       clientId: '{your_client_id}'
 | |
|       secretKey: '{your_client_secret}'
 | |
|       domain: '{your_domain}'
 | |
| ```
 | |
| 
 | |
| </Collapse>
 | |
| 
 | |
| ### 2. Run with the CLI
 | |
| 
 | |
| First, we will need to save the YAML file. Afterward, and with all requirements installed, we can run:
 | |
| 
 | |
| ```bash
 | |
| metadata ingest -c <path-to-yaml>
 | |
| ```
 | |
| 
 | |
| Note that from connector to connector, this recipe will always be the same. By updating the YAML configuration,
 | |
| you will be able to extract metadata from different sources.
 | 
