Skip to content
Permalink
Browse files
docs(samples): add grant view access (#563)
* docs(samples): add grant view access

* docs(samples): add comment
  • Loading branch information
Praful Makani committed Jul 17, 2020
1 parent a049d2b commit 0c092e06cdf47882a38901e8e4814afa87c7eba4
@@ -0,0 +1,73 @@
/*
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.example.bigquery;

// [START bigquery_grant_view_access]
import com.google.cloud.bigquery.Acl;
import com.google.cloud.bigquery.BigQuery;
import com.google.cloud.bigquery.BigQueryException;
import com.google.cloud.bigquery.BigQueryOptions;
import com.google.cloud.bigquery.Dataset;
import com.google.cloud.bigquery.DatasetId;
import com.google.cloud.bigquery.Table;
import java.util.ArrayList;
import java.util.List;

// Sample to grant view access on dataset
public class GrantViewAccess {

public static void runGrantViewAccess() {
// TODO(developer): Replace these variables before running the sample.
String srcDatasetId = "MY_DATASET_ID";
String viewDatasetId = "MY_VIEW_DATASET_ID";
String viewId = "MY_VIEW_ID";
grantViewAccess(srcDatasetId, viewDatasetId, viewId);
}

public static void grantViewAccess(String srcDatasetId, String viewDatasetId, String viewId) {
try {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests.
BigQuery bigquery = BigQueryOptions.getDefaultInstance().getService();

Dataset srcDataset = bigquery.getDataset(DatasetId.of(srcDatasetId));
Dataset viewDataset = bigquery.getDataset(DatasetId.of(viewDatasetId));
Table view = viewDataset.get(viewId);

// First, we'll add a group to the ACL for the dataset containing the view. This will allow
// users within that group to query the view, but they must have direct access to any tables
// referenced by the view.
List<Acl> viewAcl = new ArrayList<>();
viewAcl.addAll(viewDataset.getAcl());
viewAcl.add(Acl.of(new Acl.Group("example-analyst-group@google.com"), Acl.Role.READER));
viewDataset.toBuilder().setAcl(viewAcl).build().update();

// Now, we'll authorize a specific view against a source dataset, delegating access
// enforcement. Once this has been completed, members of the group previously added to the
// view dataset's ACL no longer require access to the source dataset to successfully query the
// view
List<Acl> srcAcl = new ArrayList<>();
srcAcl.addAll(srcDataset.getAcl());
srcAcl.add(Acl.of(new Acl.View(view.getTableId())));
srcDataset.toBuilder().setAcl(srcAcl).build().update();
System.out.println("Grant view access successfully");
} catch (BigQueryException e) {
System.out.println("Grant view access was not success. \n" + e.toString());
}
}
}
// [END bigquery_grant_view_access]
@@ -0,0 +1,103 @@
/*
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.example.bigquery;

import static com.google.common.truth.Truth.assertThat;
import static junit.framework.TestCase.assertNotNull;

import com.google.cloud.bigquery.Field;
import com.google.cloud.bigquery.Schema;
import com.google.cloud.bigquery.StandardSQLTypeName;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.util.UUID;
import org.junit.After;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

public class GrantViewAccessIT {

private String datasetName;
private String tableName;
private String viewName;
private ByteArrayOutputStream bout;
private PrintStream out;

private static final String PROJECT_ID = requireEnvVar("GOOGLE_CLOUD_PROJECT");
private static final String BIGQUERY_DATASET_NAME = requireEnvVar("BIGQUERY_DATASET_NAME");

private static String requireEnvVar(String varName) {
String value = System.getenv(varName);
assertNotNull(
"Environment variable " + varName + " is required to perform these tests.",
System.getenv(varName));
return value;
}

@BeforeClass
public static void checkRequirements() {
requireEnvVar("GOOGLE_CLOUD_PROJECT");
requireEnvVar("BIGQUERY_DATASET_NAME");
}

@Before
public void setUp() {
bout = new ByteArrayOutputStream();
out = new PrintStream(bout);
System.setOut(out);

// create a temporary dataset, table and view to be deleted.
datasetName = "MY_DATASET_NAME_TEST_" + UUID.randomUUID().toString().substring(0, 8);
tableName = "MY_TABLE_NAME_TEST_" + UUID.randomUUID().toString().substring(0, 8);
viewName = "MY_VIEW_NAME_TEST_" + UUID.randomUUID().toString().substring(0, 8);

CreateDataset.createDataset(datasetName);

Schema schema =
Schema.of(
Field.of("timestampField", StandardSQLTypeName.TIMESTAMP),
Field.of("stringField", StandardSQLTypeName.STRING),
Field.of("booleanField", StandardSQLTypeName.BOOL));
CreateTable.createTable(BIGQUERY_DATASET_NAME, tableName, schema);

String query =
String.format(
"SELECT timestampField, stringField, booleanField FROM %s.%s",
BIGQUERY_DATASET_NAME, tableName);
CreateView.createView(BIGQUERY_DATASET_NAME, viewName, query);

bout = new ByteArrayOutputStream();
out = new PrintStream(bout);
System.setOut(out);
}

@After
public void tearDown() {
// Clean up
DeleteTable.deleteTable(BIGQUERY_DATASET_NAME, viewName);
DeleteTable.deleteTable(BIGQUERY_DATASET_NAME, tableName);
DeleteDataset.deleteDataset(PROJECT_ID, datasetName);
System.setOut(null);
}

@Test
public void testGrantViewAccess() {
GrantViewAccess.grantViewAccess(datasetName, BIGQUERY_DATASET_NAME, viewName);
assertThat(bout.toString()).contains("Grant view access successfully");
}
}

0 comments on commit 0c092e0

Please sign in to comment.