Feature: Inject all upstream nodes, and enable cross-project access checks #43
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description and Motivation
A common feature request has been to see all upstream nodes from an injected project. For some time, this has not been available for a simple technical reason: dbt-core's access checks do not fire if you are not injecting dbt Labs' undocumented
dependency
structure at runtime. The consequence of this is that all access checks would break, allowing for private models to be ref-ed outside of groups if the referrer is in a different project. Unfortunately, dbt-core is designed in a purposefully obfuscated way to prevent mere mortals for leveraging thisdepenedency
argument, so extra measures were required.To that end, I've implemented some patches that allow us to wrap the existing reference access checks with injections that allow for dependency checks to occur as expected!
With this out of the way, we now have the following features:
ModelArgNodes
) for all upstreamModels
.refs
that reference non-public models fail with a Parsing Error as expected.Resolves: #40