New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(bigtable): Backup Level IAM #3222
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@@ -1243,6 +1248,88 @@ func TestIntegration_TableIam(t *testing.T) { | |||
} | |||
} | |||
|
|||
func TestIntegration_BackupIAM(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given this is an integration test file, it feels like we shouldn't be mocking out the interactions. It's probably enough to follow the pattern of TestIntegration_TableIam
(which should be IAM
, but that's another story 🙃).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1. @kolea2 do you know how other languages are handling this testing, and if we will face any quota-related issues?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's strange, but I got an error while comparing policies without mocking. I had an Etag
mismatch, even in the read-modify-write cycle.
From documentation:
It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy.
Will wait for response!
P.S. Anyway, I can also rename TestIntegration_TableIam
to TestIntegration_TableIAM
here :)
It's related to this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Etag should only change when there is a modification. So, something else must have modified the value between the initial read and the subsequent attempted write. Mind uploading the updated test without the mock, even if it isn't passing yet?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, sure!
Uploaded.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tritone for Java we take the existing IAM policy and reset it. Probably could be improved: https://github.com/googleapis/java-bigtable/blob/master/google-cloud-bigtable/src/test/java/com/google/cloud/bigtable/admin/v2/it/BigtableTableAdminClientIT.java#L194-L217. I haven't seen any quota related issues so far.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-authored-by: Tyler Bui-Palsulich <26876514+tbpg@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@@ -1243,6 +1248,88 @@ func TestIntegration_TableIam(t *testing.T) { | |||
} | |||
} | |||
|
|||
func TestIntegration_BackupIAM(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Etag should only change when there is a modification. So, something else must have modified the value between the initial read and the subsequent attempted write. Mind uploading the updated test without the mock, even if it isn't passing yet?
bigtable/admin.go
Outdated
func (ac *AdminClient) TableIAM(tableID string) *iam.Handle { | ||
return iam.InternalNewHandleGRPCClient(ac.tClient, | ||
"projects/"+ac.project+"/instances/"+ac.instance+"/tables/"+tableID) | ||
} | ||
|
||
// BackupIAM creates an IAM Handle specific to a given Cluster and Backup. | ||
func (ac *AdminClient) BackupIAM(ctx context.Context, cluster, backup string) *iam.Handle { | ||
backupPath := ac.instancePrefix() + "/clusters/" + cluster + "/backups/" + backup |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this anywhere else in the code? If not, it seems useful as a common utility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've met this code in few places. In UpdateBackup, BackupInfo, RestoreTable, DeleteBackup methods.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cool - I think it would be worth it to refactor this as a utility helper then in this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the delay here, I had an emergency.
Done, thanks for advice!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries, lgtm thank you!
Implementing Backup Level IAM methods.