Problem & Context
The MBPY utility enables schools to populate Google Spreadsheets and Google BigQuery with ManageBac data. To do this, MBPY must authenticate with the school's Google Cloud Platform (GCP) domain.
The following instructions explain how to connect MBPY to your school's GCP.
Creating a Service Account
A service account is a special account within GCP that allows applications to authenticate and interact with Google services. A user with Administrator privileges must create this account. Once set up, MBPY will use it for authentication.
The service account is required for either BigQuery or Spreadsheet services.
Steps to Create a Service Account
- Access the GCP dashboard
- Create a project, for example called "MBPY project". A project is the container for settings in the GCP, and will become the parent container for the service account that will be created in the next steps.
- Help on creating and managing projects is available via GCP help docs.
- Navigate to "IAM" (Identity Access Management) area, and navigate to that area within the project
- Go to "Service Accounts" section of the IAM area of the project.
- Click "Create Service Account"
- Google help file for creating service accounts is here.
- Fill out the service account name, ID, and description as desired
- Granting access to project or granting users to the service account is optional
- Download the service account credentials
- Click on the three dots of the service account, and select "Manage Keys"
- Click "Add Key"
- "Create new key"
- Key type: JSON
- The credentials will download to your computer
- This is the credentials file
For BigQuery Services
-
Assign permissions in IAM
-
In GCP, go to IAM & Admin (make sure you are on the project created for MB)
-
Click "Grant Access"
-
Add the service account you created earlier as 'New principal'
-
Give it an 'Data Editor' role
-
Give it the `bigquery.jobs.create` permission
-
-
Grant Access to BG
-
In BQ, create a dataset for MB, if not already,
-
Right-click and click on 'Copy ID'
-
Include this dataset ID in an email with the credentials file
-
The credentials file should be securely shared with your school's technology administrator, preferably via encrypted email.
For Spreadsheet Services
If this service account will be used to populate a Google Spreadsheet, please follow these additional instructions.
Enable Google Sheets API
If the service account will be used to populate Google Spreadsheets, follow these steps.
Follow these steps to allow the service account to access Google Spreadsheet APIs:
- With the project created in the previous step active, navigate to "APIs & Services"
- Click on "Enabled APIs & Services"
- Click "Enable APIs and Services"
- Type "Sheets" in the search bar
- Enable the "Google Sheets API"
Share spreadsheet with the service account
MBPY will populate a blank spreadsheet, which you can create yourself, and then share with the service account. These are the steps to activate the APIs for the service account:
- Navigate to the "IAM" and "Service Accounts"
- In the list of service accounts, there is an email address corresponding to the service account created that ends with `gserviceaccount.com`.
- Share the spreadsheet with this email address (with edit rights), in exactly the same way you would share with an individual.
Now the service account can be used to keep the spreadsheet updated.
Configure MBPY to use credentials
If you are setting up MBPY yourself, follow these steps. If using a service provided by Schools Technology, simply send the credentials file to your Faria contact.
- Place the downloaded files into a known location to you.
- Inspect the help file for the gspread loader:`mbpy extract - gspread --help` which contains the names of the environment variables that need to be set, specifically `MBPY_GSPREAD_SERVICE_ACCOUNT_PATH`.
- Set these variables in the configuration environment file.