docs: add sample for revoking dataset access #778
Conversation
|
Here is the summary of changes. You are about to add 4 region tags.
This comment is generated by snippet-bot.
|
product-auto-label
bot
added
the
api: bigquery
google-cla
bot
added
the
cla: yes
plamut
changed the title
samples/revoke_dataset_access.py
Outdated
| client = bigquery.Client() | ||
|
|
||
| # TODO(developer): Set dataset_id to the ID of the dataset to fetch. | ||
| # dataset_id = 'your-project.your_dataset' |
There was a problem hiding this comment.
I've gotten docs feedback from users skip over this comments and get confused. Could we instead follow this pattern where we set a real value and then immediately unset it?
I didn't add the TODO comment in that BQ Storage sample, but I do like that you have it.
samples/revoke_dataset_access.py
Outdated
| entries = list(dataset.access_entries) | ||
|
|
||
| for entry in entries: | ||
| if entry.entity_id == entity_id: |
There was a problem hiding this comment.
You use entity_id without showing an example value. Each code sample should be as copy-pasteable as possible. Add the setter for this by the setter for dataset_id.
…ython-bigquery into bigquery_remove_view_access merging in changes from remote branch
…hange parameter pattern for readibility
There was a problem hiding this comment.
Looks good, thanks for making the changes.
I'll let Tim comment on START/END section naming (in case there are some implicit conventions), although the changes look consistent with the linked pattern to me.
plamut
added
the
kokoro:force-run
yoshi-kokoro
removed
the
kokoro:force-run
There was a problem hiding this comment.
Whoops, it appears we need to add __init__.py to samples/snippets, it's currently not present:
/usr/local/lib/python3.6/importlib/__init__.py:126: in import_module
return _bootstrap._gcd_import(name[level:], package, level)
revoke_dataset_access_test.py:15: in <module>
from .. import update_dataset_access
E ImportError: attempted relative import with no known parent package
We'll also need to adjust the imports in the test, because both files are now in the same directory. The following will fail now:
from .. import revoke_dataset_access
If we do add it, then we'll need to change all the other tests to in |
Indeed. It's a bit more (one-time) work, but it will make the |
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| from .. import update_dataset_access |
There was a problem hiding this comment.
As mentioned in the comment, adding samples/snippets/__init__.py should fix this, but it'll break the other sample tests. You'll need to also update the tests in samples/snippets/ to use relative imports.
Alternatively, we can start making progress on migrating the snippets to samples/snippets (#790). You could make a copy of update_dataset_access.py and it's corresponding tests and put them in the samples/snippets directory in this PR. Then once you've pointed cloud.google.com at the new sample location, send a PR to remove the duplicate sample.
There was a problem hiding this comment.
I like the latter approach!
There was a problem hiding this comment.
done in latest commit!
| # limitations under the License. | ||
|
|
||
| from .. import update_dataset_access | ||
| from .. import revoke_dataset_access |
There was a problem hiding this comment.
This should be from . import revoke_dataset_access since it's the same directory as the test. (Also will need __init__.py for that to work.) If you go with the "copy" alternative (without __init__.py), then this should be import revoke_dataset_access.
| revoke_dataset_access.revoke_dataset_access(dataset_id, entity_id) | ||
|
|
||
| out, err = capsys.readouterr() | ||
| assert f"Updated dataset '{dataset_id}' with modified user permissions." in out |
There was a problem hiding this comment.
Could you look for a message specific to "revoke"? I worry that this could catch the original update and the revoke could be failing.
There was a problem hiding this comment.
Also, let's add some additional steps to call get_dataset and check that the dataset access was actually updated.
There was a problem hiding this comment.
would you recommend the pytest fixture pattern to create a bigquery client that I can call this on? I'm seeing it in some other snippets but not the update_access sample. I also need to move get_dataset to /snippets as well!
| entries = list(dataset.access_entries) | ||
|
|
||
| for entry in entries: | ||
| if entry.entity_id == entity_id: |
There was a problem hiding this comment.
Do you think we should we look at entity_type, too? Maybe not? I suppose there shouldn't be much conflict between whether an email address is associated with a group, service account, or user.
There was a problem hiding this comment.
once I get the tests updated I'll play around with it.
| dataset = client.update_dataset(dataset, ["access_entries"]) # Make an API request. | ||
|
|
||
| full_dataset_id = f"{dataset.project}.{dataset.dataset_id}" | ||
| print(f"Updated dataset '{full_dataset_id}' with modified user permissions.") |
There was a problem hiding this comment.
Including the word "revoked" and possibly the entity ID here could give us a better idea that this actually worked.
|
|
||
| for entry in entries: | ||
| if entry.entity_id == entity_id: | ||
| entry.role = None |
There was a problem hiding this comment.
I'm curious to see if this works as expected. The alternative is to remove the whole entry from the list.
There was a problem hiding this comment.
I'm going to remove it...
…ke_access and update_access
removed nested START/END tags Co-authored-by: Tim Swast <swast@google.com>
update readability in API request Co-authored-by: Tim Swast <swast@google.com>
|
Hi @tswast This is ready for a final/next review! |
| ) | ||
|
|
||
| entries = list(dataset.access_entries) | ||
| entries.append(entry) |
There was a problem hiding this comment.
I'm a bit confused as to why we'd add the entry and then remove it on line 42. Perhaps a copy-paste error?
There was a problem hiding this comment.
I think it's a redundancy - I was adding a specific entry to alter but I think that'll be covered in the test case and sort of muddies the water in the sample itself. I'll refactor.
| entry = bigquery.AccessEntry( | ||
| role="READER", | ||
| entity_type="groupByEmail", | ||
| entity_id="cloud-developer-relations@google.com", |
There was a problem hiding this comment.
Should this be entity_id=entity_id?
There was a problem hiding this comment.
Makes sense to me!
|
|
||
| entry = bigquery.AccessEntry( | ||
| role="READER", | ||
| entity_type="groupByEmail", |
There was a problem hiding this comment.
We should add a comment saying that the developer will need to set this to the correct type.
Although, perhaps we can delete this whole line 32-36? A code sample should only contain the logic necessary for the developer to understand the concept we're trying to teach them.
| entry = bigquery.AccessEntry( | ||
| role="READER", | ||
| entity_type="groupByEmail", | ||
| entity_id="cloud-developer-relations@google.com", |
There was a problem hiding this comment.
Do we want to use the entity_id fixture here? If so, we should add a variable above.
There was a problem hiding this comment.
Added, changed test as well!
|
|
||
| entry = bigquery.AccessEntry( | ||
| role="READER", | ||
| entity_type="groupByEmail", |
There was a problem hiding this comment.
This needs a comment explaining the various options available, or at least a link to the docs where these are described.
| @@ -0,0 +1,49 @@ | |||
| # Copyright 2021 Google LLC | |||
There was a problem hiding this comment.
Nit: In the filename, "access" and "permissions" are redundant. Let's call it dataset_access_test.py.
There was a problem hiding this comment.
Done in latest commit!
samples/snippets/README.rst
Outdated
| @@ -48,7 +47,7 @@ Install Dependencies | |||
| .. _Python Development Environment Setup Guide: | |||
| https://cloud.google.com/python/setup | |||
|
|
|||
| #. Create a virtualenv. Samples are compatible with Python 3.6+. | |||
| #. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+. | |||
There was a problem hiding this comment.
@loferris Please revert the changes to this file.
Co-authored-by: Tim Swast <swast@google.com>
Co-authored-by: Tim Swast <swast@google.com>
Co-authored-by: Tim Swast <swast@google.com>
Co-authored-by: Tim Swast <swast@google.com>
|
All comments addressed! @tswast |
| client = bigquery.Client() | ||
|
|
||
| # TODO(developer): Set dataset_id to the ID of the dataset to fetch. | ||
| # dataset_id = 'your-project.your_dataset' |
There was a problem hiding this comment.
Looks like we missed this one.
Co-authored-by: Tim Swast <swast@google.com>
Co-authored-by: Tim Swast <swast@google.com>
Co-authored-by: Tim Swast <swast@google.com>
| dataset = client.get_dataset(dataset_id) # Make an API request. | ||
|
|
||
| entries = list(dataset.access_entries) | ||
| dataset.access_entries = entries |
There was a problem hiding this comment.
This line confuses me. It gets overwritten in the next line of code, so looks unnecessary. Possibly leftover from a debugging?
* revoke dataset access setup * basic template for sample * sample + test * revoke dataset access sample * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * docs: add sample for revoking dataset access - update year and string formatting * docs: add sample for revoking dataset access - move to snippets and change parameter pattern for readibility * moving update_dataset to /snippets and adjusting imports on both revoke_access and update_access * Update samples/snippets/revoke_dataset_access.py removed nested START/END tags Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/revoke_dataset_access.py update readability in API request Co-authored-by: Tim Swast <swast@google.com> * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * updated test * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md * change after running test * resolving linting failure, rewriting test * removed relative import errors * remove relative mport from update_dataset_access * adding fixture to conftest.py * updated sample * updating sample to match new update_access sample * fixing region tags * consolidated tests into one file for both methods * updating test to full_dataset format * updated revoke sample * updating test * refactored sample * Update samples/snippets/conftest.py * Update samples/snippets/revoke_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/update_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/revoke_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/revoke_dataset_access.py Co-authored-by: Tim Swast <swast@google.com> * refactoring entry * added comment for entry access * Update samples/snippets/README.rst Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/dataset_access_test.py Co-authored-by: Tim Swast <swast@google.com> * Update samples/snippets/dataset_access_test.py Co-authored-by: Tim Swast <swast@google.com> * added develper TODO in sample * add comments to samples Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Tim Swast <swast@google.com> Co-authored-by: Peter Lamut <plamut@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com> Co-authored-by: meredithslota <meredithslota@google.com>
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly: