New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CT-2605] Add restrict_access option to package dependencies #7713
Comments
Let's do this one! IMO differentiation between Let's call it # packages.yml
packages:
- git: https://my-org/upstream-project
enforce_access: True # default is False |
Digging into this more, it could be pretty tricky to get this config within Have we considered having this configuration be something the package maintainer specifies at the project-level (i.e. in dbt_project.yml)? Are there other (current or suggested in issues) configurations that would make sense in the context of the project being installed as a package in a downstream project? Having this value defined in the package's dbt_project.yml would also enable configuring transitive dependencies with |
The more I think about this, the more sense it makes. It's better, much better. Considerations
Confirmed that this "override" is possible, even when private models are in the mix. My package: # mypkg/models/schema.yml
groups:
- name: mygroup
owner:
name: jerco
models:
- name: my_pkg_private_model
config:
group: mygroup
access: private -- mypkg/models/private_model.sql
select 1 as id -- mypkg/models/protected_model.sql
{{ config(group = "mygroup") }}
select * from {{ ref("private_model") }} # mypkg/dbt_project.yml
name: mypkg My root project: # dbt_project.yml
name: my_dbt_project
profile: <profile>
models:
mypkg:
protected_model:
+enabled: false # dependencies.yml
packages:
- local: mypkg -- models/protected_model.sql
{{ config(group = "mygroup") }}
-- my override
select * from {{ ref("private_model") }}
Following the proposal in this issue, if |
If the same project is specified as both a "package" dependency and "project" dependency:
ref
to a public model in that project, prefer the installed package (source code) over publication artifact (metadata)ref
to non-public models, raise an error**How do we avoid breaking existing projects with installed modeling packages (e.g. Fivetran packages), where users regularly have single-arg
ref
to protected models in another installed package/project?Options:
projects
andpackages
dependencies, we respect the distinction between protected & public access. If it's only specified in thepackages
dependencies, we allowref
(two-arg or single-arg) to both protected & public models in the package.require_public_access
.False
by default to avoid breaking existing projectsThe text was updated successfully, but these errors were encountered: