Versions Compared

Old Version 1

changes.mady.by.user Chichi

Saved on

compared with

New Version Current

changes.mady.by.user Sidney Chen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Scroll ignore
scroll-viewporttrue
scroll-pdftrue
scroll-officetrue
scroll-chmtrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-htmltrue
scroll-epubtrue

Open in new tab

About Collectors

Insert excerpt
Collector Method
Collector Method
nameabout

...

Pre-requisites

  • Python 3.6 - 3.10

  • Download the Latest Core Library and Athena whl . Both can be accessed via Platform Settings → SourcesDownload Collectors

  • Access to K landing directory

  • Access to Athena

Step 1: Establish Athena Access

Info

It is advised you create a new Role and a separate s3 bucket for the service user provided to KADA and have a policy that allows the below, see Identity and access management in Athena - Amazon Athena

The service user/account/role will require permissions to the following

  1. Execute queries against Athena with access to the INFORMATION_SCHEMA in particular the following tables:

    1. information_schema.views

    2. information_schema.tables

    3. information_schema.columns

  2. Executing queries in Athena requires an s3 bucket to temporary store results.
    The policy must also allow Read Write Listing access to objects within that bucket, conversely, the bucket must also have policy to allow to do the same.

  3. Call the following Athena APIs

    1. list_databases

    2. list_table_metadata

    3. list_query_executions

    4. list_work_groups

    5. batch_get_query_executions

    6. start_query_execution

    7. get_query_execution

  4. The service user/account/role will need permissions to access all workgroups to be able to extract all data, if you omit workgroups, that information will not be extracted and you may not see the complete picture in K.

  5. See IAM policies for accessing workgroups - Amazon Athena on how to add policy entries to have fine grain control at the workgroup level. Note that the extractor runs queries on Athena, If you do choose to restrict workgroup access, ensure that Query based actions (e.g. StartQueryExecution) are allowed for the workgroup the service user/account/role is associated to.

Info

Note that user usage will be associated to the workgroup level rather than individual users, these workgroups are published as users in K in the form “athena_workgroup_<name>”

Example Role Policy to allow Athena Access with least privileges for actions, this example allows the ACCOUNT ARN to assume the role. Note the variables ATHENA RESULTS BUCKET NAME. You may also choose to just assign the policy directly to a new user and use that user without assuming roles. In the scenario you do wish to assume a role, please note down the role ARN to be used when onbaording/extracting

Code Block
AWSTemplateFormatVersion: "2010-09-09"
Description: 'AWS IAM Role - Athena and Cloudtrail Access to KADA'
Resources: 
  KadaAthenaRole: 
    Type: "AWS::IAM::Role"
    Properties: 
      RoleName: "KadaAthenaRole"
      MaxSessionDuration: 43200
      Path: "/"
      AssumeRolePolicyDocument: 
        Version: "2012-10-17"
        Statement: 
        - Effect: "Allow"
          Principal:
            AWS: "[ACCOUNT ARN]"
          Action: "sts:AssumeRole"

  KadaAthenaPolicy: 
    Type: 'AWS::IAM::Policy'
    Properties:
      PolicyName: root
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Action: 
              - athena:BatchGetQueryExecution
              - athena:GetQueryExecution
              - athena:GetQueryResults
              - athena:GetQueryResultsStream
              - athena:ListQueryExecutions
              - athena:StartQueryExecution
              - athena:ListWorkGroups
              - athena:ListDataCatalogs
              - athena:ListDatabases
              - athena:ListTableMetadata
            Resource: '*'
          - Effect: Allow
            Action: 
              - s3:GetBucketLocation
              - s3:GetObject
              - s3:ListBucket
              - s3:ListBucketMultipartUploads
              - s3:ListMultipartUploadParts
              - s3:AbortMultipartUpload
              - s3:PutObject
              - s3:PutBucketPublicAccessBlock
              - s3:DeleteObject
            Resource:
              - arn:aws:s3:::[ATHENA RESULTS BUCKET NAME]
      Roles:
        - !Ref KadaAthenaRole

...

  • ThoughtSpot

  • Local User Permissions

    • Local user must be authenticated with Username and Password not SSO

    • Access to the following v1 APIs

      • tspublic/v1/metadata/list

      • tspublic/v1/metadata/details

      • tspublic/v1/session/orgs

      • tspublic/v1/session/org

      • tspublic/v1/session/login

Note

This collector is a metadata only collector and no usage information can be extracted at this stage. Ensure that the meta_only property value is set to true.

...

Step 1: Create the Source in K

Create an Athena ThoughtSpot source in K

  • Go to Settings, Select Sources and click Add Source

  • Select “Load from File system” option

    Image Removed

  • Give the source a Name - e.g. Athena ThoughtSpot Production

  • Add the Host name for the Athena ThoughtSpot Server

  • Click Finish Setup

...

Step 3: Getting Access to the Source Landing Directory

...

Some python packages also have dependencies on the OS level packages, so you may be required to install additional OS packages if the below fails to install.

You can download the latest Core Library and ThoughtSpot whl via Platform Settings → SourcesDownload Collectors

...

Run the following command to install the collector

Code Block
pip install kada_collectors_extractors_athenathoughtspot-3.0.0-py3-none-any.whl

You will also need to install the common library kada_collectors_lib -1.0.0 for this collector to function properly.

info
Code Block
pip install kada_collectors_lib-1.01.01-py3-none-any.whl
Under the covers this uses boto3 and may have OS dependencies see https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html
...
Step 5: Configure the Collector
The collector requires a set of parameters to connect to and extract metadata from AthenaThoughtSpot
FIELD
FIELD TYPE
DESCRIPTION
EXAMPLE
key
username
string
Key for the AWS user
“xcvsdsdfsdf”
secret
Username to log into the Thoughtspot account
“myuser”
password
string
Secret for the AWS user
“sgsdfdsfg”
server
string
This is the host that was onboarded in K for Athena
“athena.cloud”
bucket
string
Bucket location to temporary store Athena query results, the extractor will use the user to execute queries and store results in this bucket location, it should be the full path starting with s3://
“s3://mybucket/myathenaresults”
catalogs
list<string>
List of catalogs to extract from Athena, most cases this is only AwsDataCatalog unless you have self managed catalogs.
[“AwsDataCatalog”]
region
string
Set the region for AWS for where Athena exists
ap-southeast-2
role
string
If your access requires role assumption, place the full arn value here, otherwise leave it blank
“”
Password to log into the Thoughtspot account
 
org_ids
list<integer>
A list of organisation ids you wish to extract from
If you are unable to locate the Organisation ID through the Admin console, you may use this python script instead to list the IDs
 Code Block
import requests
import json
BASE_URL = 'REPLACE BASE URL' # e.g. https://kada.thoughtspot.cloud
LOGIN_URL = BASE_URL + '/callosum/v1/tspublic/v1/session/login'  
ORG_URL = BASE_URL + '/callosum/v1/tspublic/v1/session/orgs'  
data = {
    'username': "REPLACE USERNAME",
    'password': "REPLACE PASSWORD"
}
with requests.Session() as session:
    session.post(LOGIN_URL, verify=True, data=data)

    res = session.get(ORG_URL, verify=True)
    res_json = json.loads(res.text)
    for org in res_json.get('orgs', []):
        print("Org Name: {}, Org Id: {}".format(org['orgName'], org['orgId']))
[123, 34]
output_path
string
Absolute path to the output location where files are to be written
“/tmp/output”
mask
boolean
To enable masking or not
true
timeout
integer
Timeout in seconds allowed against the powerbi APIs, for slower connections we recommend 30, default is 20
20
mapping
JSON
Mapping file of data source names against the onboarded host and database name in K
Assuming I have a “myDSN” data source name in powerbi, I’ll map it to host “myhost” and database “mydatabase” onboarded in K, snowflake type references are handled automatically
 Code Block
{
        "myDSN": {
            "host": "myhost",
            "database": "mydatabase"
        }
    }
compress
boolean
To gzip the output or not
true
meta_only
boolean
To only extract metadata or not. Only true is supported for this source
true
base_api_url
string
Should be in the form https://x.thoughtspot.cloud depending on your account
https://kada.thoughtspot.cloud
These parameters can be added directly into the run or you can use pass the parameters in via a JSON file. The following is an example you can use that is included in the example run code below.
kada_athenathoughtspot_extractor_config.json
 Code Block
{
    "keyusername": "",
    "secretpassword": "",
    "serverorg_ids": "athena"[],
    "bucketoutput_path": "s3:/tmp/examplebucket/examplefolderoutput",
    "catalogstimeout": ["AwsDataCatalog"]20,
    "regionmapping": "ap-southeast-2"{},
    "rolecompress": ""true,
    "outputmeta_pathonly": "/tmp/output"true,
    "maskbase_api_url": true,
    "compress": true"https://sample.thoughtspot.cloud"
}
...
Step 6: Run the Collector
...
This can be executed in any python environment where the whl has been installed. It will produce and read a high water mark file from the same directory as the execution called athenathoughtspot_hwm.txt and produce files according to the configuration JSON.
This is the wrapper script: kada_athenathoughtspot_extractor.py
 Code Block
import os
import argparse
from kada_collectors.extractors.utils import load_config, get_hwm, publish_hwm, get_generic_logger
from kada_collectors.extractors.athenathoughtspot import Extractor

get_generic_logger('root') # Set to use the root logger, you can change the context accordingly or define your own logger

_type = 'athenathoughtspot'
dirname = os.path.dirname(__file__)
filename = os.path.join(dirname, 'kada_{}_extractor_config.json'.format(_type))

parser = argparse.ArgumentParser(description='KADA AthenaThoughtspot Extractor.')
parser.add_argument('--config', '-c', dest='config', default=filename, help='Location of the configuration json, default is the config json in the same directory as the script.')
args = parser.parse_args()

start_hwm, end_hwm = get_hwm(_type)

ext = Extractor(**load_config(args.config))
ext.test_connection()
ext.run(**{"start_hwm": start_hwm, "end_hwm": end_hwm})

publish_hwm(_type, end_hwm)
...
 Code Block
from kada_collectors.extractors.snowflakethoughtspot import Extractor

kwargs = {my args} # However you choose to construct your args
hwm_kwrgs = {"start_hwm": "end_hwm": } # The hwm values

ext = Extractor(**kwargs)
ext.run(**hwm_kwrgs)
...
 Code Block
class Extractor(keyusername: str = None,
secret: str = None, serverpassword: str = None,
\       bucket: str = None, catalogs: org_ids: list = ['AwsDataCatalog'],
\    mapping: dict  region: str = 'ap-southeast-2', role: str = None, \= {},
    timeout: int = 10,
       output_path: str = './output',
    mask: bool = False,
    compress: bool = False,
    meta_only: bool = True
) -> None
key: AWS Access Keyusername: Thoughtspot username.
secretpassword: AWS SecretThoughtspot password.
region: Region.
server: Athena host that was onboarded on K.
role: AWS Role ARN if required to assume a role. bucket: s3 bucket used to temporary store results in the form s3://xxx.
catalogs: list of Catalogs from Athena to extract, by default this is just AwsDataCatalog.
org_ids: List of organisation ids that should be extracted, should be a numeric ID.
mapping: Dict of project ids to corresponding database hosts
timeout: Timeout for the API call
output_path: full or relative path to where the outputs should go
mask: To mask the META/DATABASE_LOG files or not
compress: To gzip output files or not
meta_only: To extract metadata only or not
...
Step 7: Check the Collector Outputs 
...
A high water mark file is created in the same directory as the execution called athenathoughtspot_hwm.txt and produce files according to the configuration JSON. This file is only produced if you call the publish_hwm method. 
...