PrivateServiceConnectUris

A comma-separated list of base URIs to substitute when accessing Private Service Connect URLs. The following are valid URIs:

  • SERVER_NAME: The baseline Google APIs service URI, used to perform authentication retries for proxy issues in Windows only. The default value is: https://www.googleapis.com.

    For example:

    SERVER_NAME=https://<myprivateserver>.p.googleapis.com

  • ACCOUNTS: The baseline accounts service URI, used only for interactive authentication (hidden OAuthMechanism value 3). The default value is: https://accounts.google.com.

    For example:

    ACCOUNTS=https://accounts-<myprivateserver>.p.googleapis.com

  • OAUTH2: The baseline OAuth 2.0 service URI, used to retrieve access tokens for OAuth 2.0 authentication flows. The default value is: https://oauth2.googleapis.com.

    For example:

    OAUTH2=https://oauth2-<myprivateserver>.p.googleapis.com

  • STS: The baseline security token service, used to retrieve access tokens for External Account Authentication flows. The default value is: https://sts.googleapis.com.

    For example:

    STS=https://sts-<myprivateserver>.p.googleapis.com

  • BIGQUERY: The baseline BigQuery REST API service, used to interface with the BigQuery data source, via the REST API. The default value is: https://bigquery.googleapis.com.

    For example:

    BIGQUERY=https://bigquery-<myprivateserver>.p.googleapis.com

  • READ_API: The host and port required to access the BigQuery Storage Read API service, used to read data from tables via the Storage Read API. The default value is: bigquerystorage.googleapis.com:443.

    For example:

    READ_API=bigquerystorage-<myprivateserver>.p.googleapis.com:443

    Note:

    The format must be [Host]:[Port], with no protocol specifier or URL components.

Note:

  • When the connector is configured to use Service Authentication (OAuthMechanism=0), the connector prioritizes the OAUTH2 URI from the key file specified in the KeyFile or KeyFilePath property. In order, the precedence is:
    1. KeyFile{_Enc}/KeyFilePath{_Enc}
    2. PrivateServiceConnectUris=...,OAUTH2=<YOUR_OAUTH2_URL>,...
    3. Default
  • When the connector is configured to use External Account Authentication (OAuthMechanism=4), the connector prioritizes the STS URI from either the configuration file specified in the KeyFile or KeyFilePath property, or, from the BYOID_TokenUri property. In order, the precedence is:
    1. KeyFile/KeyFilePath{_Enc}
    2. BYOID_TokenUri
    3. PrivateServiceConnectUris=...,STS=<YOUR_STS_URL>,...
    4. Default
  • For more information about Private Service Connect, see "Private Service Connect" in the Google Cloud documentation: https://cloud.google.com/vpc/docs/private-service-connect.
  • The IMPERSONATION value is now supported by the PrivateServiceConnectUris connection property.

Key Name Default Value Required

PrivateServiceConnectUris

None

No