Querying federated tables (Google Drive) via BigQuery python api

3
votes

(There are a lot of similar threads here but unfortunately I couldn't find the answer to my error anywhere here or on Goolge)

I'm trying to query a federated table in BigQuery which is pointing to a spreadsheet in Drive.

I've run the following command to create default application credentials for gcloud:

$ gcloud auth application-default login

But this doesn't include Drive into the scope so I'm getting the following error message (which makes sense): Forbidden: 403 Access Denied: BigQuery BigQuery: No OAuth token with Google Drive scope was found.

Then I've tried to auth with explicit Drive scope:

$ gcloud auth application-default login --scopes=https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/bigquery

After that I'm getting the following error when I try to use bigquery python api:

"Forbidden: 403 Access Denied: BigQuery BigQuery: Access Not Configured. Drive API has not been used in project 764086051850 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/drive.googleapis.com/overview?project=764086051850 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."

The project number above does not exist in our organisation and the provided link leads to a page which says: The API "drive.googleapis.com" doesn't exist or you don't have permission to access it

Drive API is definitely enabled for the default project, so the error message doesn't make much sense. I can also query the table from the terminal using bq query_string command.

I'm currently out of ideas on how to debug this further, anyone suggestions?

Configuration:
Google Cloud SDK 187.0.0
Python 2.7
google-cloud 0.27.0
google-cloud-bigquery 0.29.0

1
pythongoogle-bigquerygcloud
Have you gone through the 3 steps as outlined here: stackoverflow.com/questions/40731823/…Graham Polley
@GrahamPolley thanks for your answer! I'm not using a service account but login through my own one. But yes, Drive API is enabled and I have access to the spreadsheet (i can query the table through $ bq query). Drive scope is requested as you see above. Or is $ gcloud auth application-default login only supposed to work with service accounts?Dimitri Masin
As I've described above the error messages mentions a project which is not even part of our org. Not to mention that it's not the default project that I've setup on $ gcloud initDimitri Masin
don't quite understand it. Are you using the credentials created by gcloud init in your python script?Willian Fuks
I'm using application default credentials in my python script. Like here: from google.cloud import bigquery client = bigquery.Client() query = "SELECT * FROM tablename LIMIT 5" query_job = client.query(query) rows = query_job.result() for row in rows: print(row.name)Dimitri Masin

1 Answers

2
votes

There might be issues when using the default credentials. However, you can use a service account, save the credentials in a JSON file and add the necessary scopes. I did a quick test and this code worked for me:

from google.cloud import bigquery
from google.oauth2.service_account import Credentials

scopes = (
        'https://www.googleapis.com/auth/bigquery',
        'https://www.googleapis.com/auth/cloud-platform',
        'https://www.googleapis.com/auth/drive'
)
credentials = Credentials.from_service_account_file('/path/to/credentials.json')
credentials = credentials.with_scopes(scopes)
client = bigquery.Client(credentials=credentials)

query = "SELECT * FROM dataset.federated_table LIMIT 5"
query_job = client.query(query)
rows = query_job.result()
for row in rows: print(row)

If you get a 404 not found error is because you need to share the spreadsheet with the service account (view permission)