def grant_access_to(self, entity, entity_type, role, grant_target_dict): """ Given an entity, grants it access to a permissioned dataset. """ conn = self.connections.get_thread_connection() client = conn.handle grant_target = GrantTarget.from_dict(grant_target_dict) dataset = client.get_dataset( self.connections.dataset_from_id(grant_target.render())) if entity_type == 'view': entity = self.connections.table_ref(entity.database, entity.schema, entity.identifier, conn).to_api_repr() access_entry = AccessEntry(role, entity_type, entity) access_entries = dataset.access_entries if access_entry in access_entries: logger.debug(f"Access entry {access_entry} " f"already exists in dataset") return access_entries.append(AccessEntry(role, entity_type, entity)) dataset.access_entries = access_entries client.update_dataset(dataset, ['access_entries'])
def test_to_access_entry(self): expected_access_entry1 = AccessEntry('OWNER', 'specialGroup', 'projectOwners') actual_access_entry1_1 = BigQueryAccessEntry.to_access_entry( BigQueryAccessEntry('OWNER', 'specialGroup', 'projectOwners')) self.assertEqual(expected_access_entry1, actual_access_entry1_1) actual_access_entry1_2 = BigQueryAccessEntry.to_access_entry( BigQueryAccessEntry('WRITER', 'specialGroup', 'projectWriters')) self.assertNotEqual(expected_access_entry1, actual_access_entry1_2) expected_access_entry2 = AccessEntry( None, 'view', { 'datasetId': 'test', 'projectId': 'test-project', 'tableId': 'test_table' }) actual_access_entry2_1 = BigQueryAccessEntry.to_access_entry( BigQueryAccessEntry( None, 'view', { 'datasetId': 'test', 'projectId': 'test-project', 'tableId': 'test_table' })) self.assertEqual(expected_access_entry2, actual_access_entry2_1) actual_access_entry2_2 = BigQueryAccessEntry.to_access_entry( BigQueryAccessEntry( None, 'view', { 'datasetId': 'test', 'projectId': 'test-project', 'tableId': 'foo_bar' })) self.assertNotEqual(expected_access_entry2, actual_access_entry2_2)
def test_bigquery_adapter_methods(self): from dbt.adapters.bigquery import GrantTarget from google.cloud.bigquery import AccessEntry self.run_dbt(['compile']) # trigger any compile-time issues self.run_sql_file("seed_bq.sql") self.run_dbt(['seed']) ae_role = "READER" ae_entity = "*****@*****.**" ae_entity_type = "userByEmail" ae_grant_target_dict = { 'project': self.default_database, 'dataset': self.unique_schema() } self.adapter.grant_access_to(ae_entity, ae_entity_type, ae_role, ae_grant_target_dict) conn = self.adapter.connections.get_thread_connection() client = conn.handle grant_target = GrantTarget.from_dict(ae_grant_target_dict) dataset = client.get_dataset( self.adapter.connections.dataset_from_id(grant_target.render())) expected_access_entry = AccessEntry(ae_role, ae_entity_type, ae_entity) self.assertTrue(expected_access_entry in dataset.access_entries) unexpected_access_entry = AccessEntry(ae_role, ae_entity_type, "*****@*****.**") self.assertFalse(unexpected_access_entry in dataset.access_entries)
def access_entry(self) -> AccessEntry: return AccessEntry(role=None, entity_type="view", entity_id=self.table.reference.to_api_repr())
def test_to_dataset(self): project = 'test' expected_dataset1 = make_dataset(project=project, dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US') actual_dataset1_1 = BigQueryDataset.to_dataset( project, BigQueryDataset(dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US')) self.assertEqual(expected_dataset1.dataset_id, actual_dataset1_1.dataset_id) self.assertEqual(expected_dataset1.friendly_name, actual_dataset1_1.friendly_name) self.assertEqual(expected_dataset1.description, actual_dataset1_1.description) self.assertEqual(expected_dataset1.default_table_expiration_ms, actual_dataset1_1.default_table_expiration_ms) self.assertEqual(expected_dataset1.location, actual_dataset1_1.location) self.assertEqual(expected_dataset1.labels, actual_dataset1_1.labels) self.assertEqual(expected_dataset1.access_entries, actual_dataset1_1.access_entries) actual_dataset1_2 = BigQueryDataset.to_dataset( project, BigQueryDataset(dataset_id='aaa', friendly_name='foo_bar', description='fizz_buzz', default_table_expiration_ms=60 * 60 * 1000, location='EU')) self.assertNotEqual(expected_dataset1.dataset_id, actual_dataset1_2.dataset_id) self.assertNotEqual(expected_dataset1.friendly_name, actual_dataset1_2.friendly_name) self.assertNotEqual(expected_dataset1.description, actual_dataset1_2.description) self.assertNotEqual(expected_dataset1.default_table_expiration_ms, actual_dataset1_2.default_table_expiration_ms) self.assertNotEqual(expected_dataset1.location, actual_dataset1_2.location) self.assertEqual(expected_dataset1.labels, actual_dataset1_2.labels) self.assertEqual(expected_dataset1.access_entries, actual_dataset1_2.access_entries) expected_dataset2 = make_dataset( project=project, dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US', access_entries=(AccessEntry('OWNER', 'specialGroup', 'projectOwners'), )) actual_dataset2_1 = BigQueryDataset.to_dataset( project, BigQueryDataset(dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US', access_entries=(BigQueryAccessEntry( 'OWNER', 'specialGroup', 'projectOwners'), ))) self.assertEqual(expected_dataset2.access_entries, actual_dataset2_1.access_entries) actual_dataset2_2 = BigQueryDataset.to_dataset( project, BigQueryDataset(dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US', access_entries=(BigQueryAccessEntry( None, 'view', { 'datasetId': 'test', 'projectId': 'test-project', 'tableId': 'test_table' }), ))) self.assertNotEqual(expected_dataset2.access_entries, actual_dataset2_2.access_entries) expected_dataset3 = make_dataset(project=project, dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US', labels={'foo': 'bar'}) actual_dataset3_1 = BigQueryDataset.to_dataset( project, BigQueryDataset(dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US', labels={'foo': 'bar'})) self.assertEqual(expected_dataset3.labels, actual_dataset3_1.labels) actual_dataset3_2 = BigQueryDataset.to_dataset( project, BigQueryDataset(dataset_id='test', friendly_name='test_friendly_name', description='test_description', default_table_expiration_ms=24 * 60 * 60 * 1000, location='US', labels={ 'foo': 'bar', 'fizz': 'buzz' })) self.assertNotEqual(expected_dataset3.labels, actual_dataset3_2.labels)