Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rockset Query Runner: Fetch collections when api key is access limited #6661

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Rockset Query Runner: Fetch collections when api key is access limited #6661

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 8 additions & 5 deletions redash/query_runner/rockset.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,8 @@

def collection_columns(self, workspace, collection):
response = self.query('DESCRIBE "{}"."{}" OPTION(max_field_depth=1)'.format(workspace, collection))
return sorted(set([x["field"][0] for x in response["results"]]))
if "results" in response:
return sorted(set([x["field"][0] for x in response["results"]]))

def query(self, sql):
query_path = "queries"
Expand Down Expand Up @@ -100,10 +101,12 @@
for workspace in self.api.list_workspaces():
for collection in self.api.list_collections(workspace):
table_name = collection if workspace == "commons" else "{}.{}".format(workspace, collection)
schema[table_name] = {
"name": table_name,
"columns": self.api.collection_columns(workspace, collection),
}
columns = self.api.collection_columns(workspace, collection)

Check warning on line 104 in redash/query_runner/rockset.py

View check run for this annotation

Codecov / codecov/patch

redash/query_runner/rockset.py#L104 

Added line #L104 was not covered by tests
if columns:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to give up showing a table name as well if columns is None?
Doesn't this work?

schema[name] = {"name": name, "columns": []}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally feel it doesn't make sense to show collections & tables where the user does not have access to the data?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MaxBer I see... Can you run a query with your API key?

Copy link
Author

@MaxBer MaxBer Dec 18, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling list_workspaces & list_collections requires an access level within Rockset which yields all the workspaces available (even ones I do not have "data read" access to), and the request does not seem to provide me with any indication if I have access or not.

In this case the role has access to read data in a specific workspace but not the other ones, and when it attempts to list a collection where I do not have access I do not get a result.

Example of output from collection_columns() where my key does not have access:

{'message': 'Your role does not have sufficient privileges to query data in workspace commons.', 'message_key': None, 'type': 'FORBIDDEN', 'line': None, 'column': None...

schema[table_name] = {

Check warning on line 106 in redash/query_runner/rockset.py

View check run for this annotation

Codecov / codecov/patch

redash/query_runner/rockset.py#L106 

Added line #L106 was not covered by tests
"name": table_name,
"columns": columns,
}
return sorted(schema.values(), key=lambda x: x["name"])

def run_query(self, query, user):
Expand Down