Manage catalogs in the Google Cloud console

The Apache Iceberg REST catalog endpoint in the Lakehouse runtime catalog creates interoperability between your query engines by offering a single source of truth for Google Cloud Lakehouse.

This document describes Apache Iceberg REST catalog management actions that can be performed in the Google Cloud console.

Before you begin

1. Verify that billing is enabled for your Google Cloud project.

2. Enable the BigLake API.

   Roles required to enable APIs

   To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

   Enable the API

Required roles

To get the permissions that you need to use the Lakehouse runtime catalog in the Google Cloud console, ask your administrator to grant you the following IAM roles on your project:

• BigLake Admin (roles/biglake.admin)
• Storage Admin (roles/storage.admin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create a catalog

1. In the Google Cloud console, open the Lakehouse page.

   Go to Google Cloud Lakehouse

2. Click add_box Create catalog. The Create catalog page opens.

3. For Select a Cloud Storage bucket, enter the name of the Cloud Storage bucket to use with your catalog. Alternatively, click Browse to choose from a list of existing buckets or to create a new one. You can only have one catalog per Cloud Storage bucket.

4. For Authentication method, select either End-user credentials or Credential vending mode.

5. Click Create.

   Your catalog is created and the Catalog details page opens.

6. Under Authentication method, click Set bucket permissions.

7. In the dialog, click Confirm.

   This verifies that your catalog's service account has the Storage Object User role on your storage bucket.

Enable credential vending

If the authentication method for your catalog is set to end-user credentials, you can switch it to credential vending mode.

1. In the Google Cloud console, open the Lakehouse page.

   Go to Google Cloud Lakehouse

2. In the row of the catalog that you're updating, click more_vert More catalog actions > Edit authentication.

3. In the authentication dialog, select Credential vending mode.

4. Click Save.

   Your catalog is updated and the Catalog details page opens.

5. Under Authentication method, click Set bucket permissions.

6. In the dialog, click Confirm.

   This verifies that your catalog's service account has the Storage Object User role on your storage bucket.

Get catalog details

1. In the Google Cloud console, open the Lakehouse page.

   Go to Google Cloud Lakehouse

2. Click the name of any catalog.

3. On the Catalog Details page, explore information about the catalog such as catalog ID, creation timestamp, REST catalog URI, authentication method, and service account.

Delete a catalog

1. In the Google Cloud console, open the Lakehouse page.

   Go to Google Cloud Lakehouse

2. In the row of the catalog that you're deleting, click more_vert More catalog actions > Delete.

3. In the delete dialog, enter DELETE and click Delete.

View audit logs

1. In the Google Cloud console, open the Lakehouse page.

   Go to Google Cloud Lakehouse

2. In the row of the catalog that you're viewing, click more_vert More catalog actions > View audit logs.

Pricing

For pricing details, see Google Cloud Lakehouse pricing.

What's next

Learn more about the Apache Iceberg REST catalog endpoint.