forked from googleapis/python-bigquery
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add sample for revoking dataset access (googleapis#778)
* revoke dataset access setup * basic template for sample * sample + test * revoke dataset access sample * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * docs: add sample for revoking dataset access - update year and string formatting * docs: add sample for revoking dataset access - move to snippets and change parameter pattern for readibility * moving update_dataset to /snippets and adjusting imports on both revoke_access and update_access * Update samples/snippets/revoke_dataset_access.py removed nested START/END tags Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/revoke_dataset_access.py update readability in API request Co-authored-by: Tim Swast <swast@google.com> * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * updated test * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * change after running test * resolving linting failure, rewriting test * removed relative import errors * remove relative mport from update_dataset_access * adding fixture to conftest.py * updated sample * updating sample to match new update_access sample * fixing region tags * consolidated tests into one file for both methods * updating test to full_dataset format * updated revoke sample * updating test * refactored sample * Update samples/snippets/conftest.py * Update samples/snippets/revoke_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/update_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/revoke_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/revoke_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * refactoring entry * added comment for entry access * Update samples/snippets/README.rst Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/dataset_access_test.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/dataset_access_test.py Co-authored-by: Tim Swast <swast@google.com> * added develper TODO in sample * add comments to samples Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Tim Swast <swast@google.com> Co-authored-by: Peter Lamut <plamut@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com> Co-authored-by: meredithslota <meredithslota@google.com>
- Loading branch information
1 parent
be6eb34
commit effd673
Showing
5 changed files
with
180 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# Copyright 2021 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# https://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
import revoke_dataset_access | ||
import update_dataset_access | ||
|
||
|
||
def test_dataset_access_permissions(capsys, dataset_id, entity_id, bigquery_client): | ||
original_dataset = bigquery_client.get_dataset(dataset_id) | ||
update_dataset_access.update_dataset_access(dataset_id, entity_id) | ||
full_dataset_id = "{}.{}".format( | ||
original_dataset.project, original_dataset.dataset_id | ||
) | ||
|
||
out, err = capsys.readouterr() | ||
assert ( | ||
"Updated dataset '{}' with modified user permissions.".format(full_dataset_id) | ||
in out | ||
) | ||
|
||
updated_dataset = bigquery_client.get_dataset(dataset_id) | ||
updated_dataset_entries = list(updated_dataset.access_entries) | ||
updated_dataset_entity_ids = {entry.entity_id for entry in updated_dataset_entries} | ||
assert entity_id in updated_dataset_entity_ids | ||
revoke_dataset_access.revoke_dataset_access(dataset_id, entity_id) | ||
revoked_dataset = bigquery_client.get_dataset(dataset_id) | ||
revoked_dataset_entries = list(revoked_dataset.access_entries) | ||
|
||
full_dataset_id = f"{updated_dataset.project}.{updated_dataset.dataset_id}" | ||
out, err = capsys.readouterr() | ||
assert ( | ||
f"Revoked dataset access for '{entity_id}' to ' dataset '{full_dataset_id}.'" | ||
in out | ||
) | ||
assert len(revoked_dataset_entries) == len(updated_dataset_entries) - 1 | ||
revoked_dataset_entity_ids = {entry.entity_id for entry in revoked_dataset_entries} | ||
assert entity_id not in revoked_dataset_entity_ids |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# Copyright 2021 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# https://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
|
||
def revoke_dataset_access(dataset_id: str, entity_id: str): | ||
original_dataset_id = dataset_id | ||
original_entity_id = entity_id | ||
|
||
# [START bigquery_revoke_dataset_access] | ||
|
||
# TODO(developer): Set dataset_id to the ID of the dataset to fetch. | ||
dataset_id = "your-project.your_dataset" | ||
|
||
# TODO(developer): Set entity_id to the ID of the email or group from whom you are revoking access. | ||
entity_id = "user-or-group-to-remove@example.com" | ||
# [END bigquery_revoke_dataset_access] | ||
dataset_id = original_dataset_id | ||
entity_id = original_entity_id | ||
# [START bigquery_revoke_dataset_access] | ||
|
||
from google.cloud import bigquery | ||
|
||
# Construct a BigQuery client object. | ||
client = bigquery.Client() | ||
|
||
dataset = client.get_dataset(dataset_id) # Make an API request. | ||
|
||
entries = list(dataset.access_entries) | ||
dataset.access_entries = [ | ||
entry for entry in entries if entry.entity_id != entity_id | ||
] | ||
|
||
dataset = client.update_dataset( | ||
dataset, | ||
# Update just the `access_entries` property of the dataset. | ||
["access_entries"], | ||
) # Make an API request. | ||
|
||
full_dataset_id = f"{dataset.project}.{dataset.dataset_id}" | ||
print(f"Revoked dataset access for '{entity_id}' to ' dataset '{full_dataset_id}.'") | ||
# [END bigquery_revoke_dataset_access] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
# Copyright 2019 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# https://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
|
||
def update_dataset_access(dataset_id: str, entity_id: str): | ||
original_dataset_id = dataset_id | ||
original_entity_id = entity_id | ||
|
||
# [START bigquery_update_dataset_access] | ||
|
||
# TODO(developer): Set dataset_id to the ID of the dataset to fetch. | ||
dataset_id = "your-project.your_dataset" | ||
|
||
# TODO(developer): Set entity_id to the ID of the email or group from whom | ||
# you are adding access. Alternatively, to the JSON REST API representation | ||
# of the entity, such as a view's table reference. | ||
entity_id = "user-or-group-to-add@example.com" | ||
|
||
# TODO(developer): Set entity_type to the type of entity you are granting access to. | ||
# Common types include: | ||
# | ||
# * "userByEmail" -- A single user or service account. For example "fred@example.com" | ||
# * "groupByEmail" -- A group of users. For example "example@googlegroups.com" | ||
# * "view" -- An authorized view. For example | ||
# {"projectId": "p", "datasetId": "d", "tableId": "v"} | ||
# | ||
# For a complete reference, see the REST API reference documentation: | ||
# https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets#Dataset.FIELDS.access | ||
entity_type = "groupByEmail" | ||
|
||
# TODO(developer): Set role to a one of the "Basic roles for datasets" | ||
# described here: | ||
# https://cloud.google.com/bigquery/docs/access-control-basic-roles#dataset-basic-roles | ||
role = "READER" | ||
# [END bigquery_update_dataset_access] | ||
dataset_id = original_dataset_id | ||
entity_id = original_entity_id | ||
# [START bigquery_update_dataset_access] | ||
|
||
from google.cloud import bigquery | ||
|
||
# Construct a BigQuery client object. | ||
client = bigquery.Client() | ||
|
||
dataset = client.get_dataset(dataset_id) # Make an API request. | ||
|
||
entries = list(dataset.access_entries) | ||
entries.append( | ||
bigquery.AccessEntry(role=role, entity_type=entity_type, entity_id=entity_id,) | ||
) | ||
dataset.access_entries = entries | ||
|
||
dataset = client.update_dataset(dataset, ["access_entries"]) # Make an API request. | ||
|
||
full_dataset_id = "{}.{}".format(dataset.project, dataset.dataset_id) | ||
print( | ||
"Updated dataset '{}' with modified user permissions.".format(full_dataset_id) | ||
) | ||
# [END bigquery_update_dataset_access] |