The Google Spanner connector is a Palantir-provided driver for Google Spanner.
To create a new Google Spanner source, follow the standard setup flow for Palantir-provided drivers, then use the sections below for Google Spanner-specific configuration and networking. For the complete property reference, see the official Google Spanner driver documentation ↗.
The properties below are mandatory or recommended.
| Property | Required? | Description | Default |
|---|---|---|---|
DatabaseDialect ↗ | Mandatory | The dialect type of the connected database. | GoogleStandardSQL |
AuthScheme ↗ | Recommended | The type of authentication to use when connecting to Google Spanner. | OAuthJWT |
Database ↗ | Recommended | The name of the Google Spanner database to connect to. | — |
InitiateOAuth ↗ | Recommended | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. | GETANDREFRESH |
InstanceId ↗ | Recommended | The id of the Google Spanner instance to which you are connecting. | — |
OAuthClientId ↗ | Recommended | Specifies the client Id that was assigned when the custom OAuth application was created. (Also known as the consumer key.) This ID registers the custom application with the OAuth authorization server. | — |
OAuthClientSecret ↗ | Recommended | Specifies the client secret that was assigned when the custom OAuth application was created. (Also known as the consumer secret). This secret registers the custom application with the OAuth authorization server. | — |
OAuthJWTCert ↗ | Recommended | The JWT Certificate store. | — |
OAuthJWTCertType ↗ | Recommended | The type of key store containing the JWT Certificate. | GOOGLEJSONBLOB |
OAuthJWTSubject ↗ | Recommended | The user subject for which the application is requesting delegated access. | — |
ProjectId ↗ | Recommended | The id of the project where your Google Spanner instance resides. | — |
The table below lists the domains that the source needs to be able to access in order to successfully run.
For each domain, add a corresponding egress policy. If the source is hosted on-premises and not directly reachable from Foundry, use an agent proxy egress policy instead; the agent host itself must also be able to reach the listed domains. See using an agent as a proxy for details.
| Domain | Required |
|---|---|
| accounts.google.com | Always. Required for OAuth |
| spanner.googleapis.com | Always. There is a hidden property Server that can override this with a different URL. |
| googleapis.com | Always |