From 0c092e06cdf47882a38901e8e4814afa87c7eba4 Mon Sep 17 00:00:00 2001
From: Praful Makani <praful@qlogic.io>
Date: Fri, 17 Jul 2020 22:16:22 +0530
Subject: [PATCH] docs(samples): add grant view access (#563)

* docs(samples): add grant view access

* docs(samples): add comment
---
 .../com/example/bigquery/GrantViewAccess.java |  73 +++++++++++++
 .../example/bigquery/GrantViewAccessIT.java   | 103 ++++++++++++++++++
 2 files changed, 176 insertions(+)
 create mode 100644 samples/snippets/src/main/java/com/example/bigquery/GrantViewAccess.java
 create mode 100644 samples/snippets/src/test/java/com/example/bigquery/GrantViewAccessIT.java

diff --git a/samples/snippets/src/main/java/com/example/bigquery/GrantViewAccess.java b/samples/snippets/src/main/java/com/example/bigquery/GrantViewAccess.java
new file mode 100644
index 000000000..72858af47
--- /dev/null
+++ b/samples/snippets/src/main/java/com/example/bigquery/GrantViewAccess.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example.bigquery;
+
+// [START bigquery_grant_view_access]
+import com.google.cloud.bigquery.Acl;
+import com.google.cloud.bigquery.BigQuery;
+import com.google.cloud.bigquery.BigQueryException;
+import com.google.cloud.bigquery.BigQueryOptions;
+import com.google.cloud.bigquery.Dataset;
+import com.google.cloud.bigquery.DatasetId;
+import com.google.cloud.bigquery.Table;
+import java.util.ArrayList;
+import java.util.List;
+
+// Sample to grant view access on dataset
+public class GrantViewAccess {
+
+  public static void runGrantViewAccess() {
+    // TODO(developer): Replace these variables before running the sample.
+    String srcDatasetId = "MY_DATASET_ID";
+    String viewDatasetId = "MY_VIEW_DATASET_ID";
+    String viewId = "MY_VIEW_ID";
+    grantViewAccess(srcDatasetId, viewDatasetId, viewId);
+  }
+
+  public static void grantViewAccess(String srcDatasetId, String viewDatasetId, String viewId) {
+    try {
+      // Initialize client that will be used to send requests. This client only needs to be created
+      // once, and can be reused for multiple requests.
+      BigQuery bigquery = BigQueryOptions.getDefaultInstance().getService();
+
+      Dataset srcDataset = bigquery.getDataset(DatasetId.of(srcDatasetId));
+      Dataset viewDataset = bigquery.getDataset(DatasetId.of(viewDatasetId));
+      Table view = viewDataset.get(viewId);
+
+      // First, we'll add a group to the ACL for the dataset containing the view. This will allow
+      // users within that group to query the view, but they must have direct access to any tables
+      // referenced by the view.
+      List<Acl> viewAcl = new ArrayList<>();
+      viewAcl.addAll(viewDataset.getAcl());
+      viewAcl.add(Acl.of(new Acl.Group("example-analyst-group@google.com"), Acl.Role.READER));
+      viewDataset.toBuilder().setAcl(viewAcl).build().update();
+
+      // Now, we'll authorize a specific view against a source dataset, delegating access
+      // enforcement. Once this has been completed, members of the group previously added to the
+      // view dataset's ACL no longer require access to the source dataset to successfully query the
+      // view
+      List<Acl> srcAcl = new ArrayList<>();
+      srcAcl.addAll(srcDataset.getAcl());
+      srcAcl.add(Acl.of(new Acl.View(view.getTableId())));
+      srcDataset.toBuilder().setAcl(srcAcl).build().update();
+      System.out.println("Grant view access successfully");
+    } catch (BigQueryException e) {
+      System.out.println("Grant view access was not success. \n" + e.toString());
+    }
+  }
+}
+// [END bigquery_grant_view_access]
diff --git a/samples/snippets/src/test/java/com/example/bigquery/GrantViewAccessIT.java b/samples/snippets/src/test/java/com/example/bigquery/GrantViewAccessIT.java
new file mode 100644
index 000000000..9ee22a785
--- /dev/null
+++ b/samples/snippets/src/test/java/com/example/bigquery/GrantViewAccessIT.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example.bigquery;
+
+import static com.google.common.truth.Truth.assertThat;
+import static junit.framework.TestCase.assertNotNull;
+
+import com.google.cloud.bigquery.Field;
+import com.google.cloud.bigquery.Schema;
+import com.google.cloud.bigquery.StandardSQLTypeName;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.util.UUID;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class GrantViewAccessIT {
+
+  private String datasetName;
+  private String tableName;
+  private String viewName;
+  private ByteArrayOutputStream bout;
+  private PrintStream out;
+
+  private static final String PROJECT_ID = requireEnvVar("GOOGLE_CLOUD_PROJECT");
+  private static final String BIGQUERY_DATASET_NAME = requireEnvVar("BIGQUERY_DATASET_NAME");
+
+  private static String requireEnvVar(String varName) {
+    String value = System.getenv(varName);
+    assertNotNull(
+        "Environment variable " + varName + " is required to perform these tests.",
+        System.getenv(varName));
+    return value;
+  }
+
+  @BeforeClass
+  public static void checkRequirements() {
+    requireEnvVar("GOOGLE_CLOUD_PROJECT");
+    requireEnvVar("BIGQUERY_DATASET_NAME");
+  }
+
+  @Before
+  public void setUp() {
+    bout = new ByteArrayOutputStream();
+    out = new PrintStream(bout);
+    System.setOut(out);
+
+    // create a temporary dataset, table and view to be deleted.
+    datasetName = "MY_DATASET_NAME_TEST_" + UUID.randomUUID().toString().substring(0, 8);
+    tableName = "MY_TABLE_NAME_TEST_" + UUID.randomUUID().toString().substring(0, 8);
+    viewName = "MY_VIEW_NAME_TEST_" + UUID.randomUUID().toString().substring(0, 8);
+
+    CreateDataset.createDataset(datasetName);
+
+    Schema schema =
+        Schema.of(
+            Field.of("timestampField", StandardSQLTypeName.TIMESTAMP),
+            Field.of("stringField", StandardSQLTypeName.STRING),
+            Field.of("booleanField", StandardSQLTypeName.BOOL));
+    CreateTable.createTable(BIGQUERY_DATASET_NAME, tableName, schema);
+
+    String query =
+        String.format(
+            "SELECT timestampField, stringField, booleanField FROM %s.%s",
+            BIGQUERY_DATASET_NAME, tableName);
+    CreateView.createView(BIGQUERY_DATASET_NAME, viewName, query);
+
+    bout = new ByteArrayOutputStream();
+    out = new PrintStream(bout);
+    System.setOut(out);
+  }
+
+  @After
+  public void tearDown() {
+    // Clean up
+    DeleteTable.deleteTable(BIGQUERY_DATASET_NAME, viewName);
+    DeleteTable.deleteTable(BIGQUERY_DATASET_NAME, tableName);
+    DeleteDataset.deleteDataset(PROJECT_ID, datasetName);
+    System.setOut(null);
+  }
+
+  @Test
+  public void testGrantViewAccess() {
+    GrantViewAccess.grantViewAccess(datasetName, BIGQUERY_DATASET_NAME, viewName);
+    assertThat(bout.toString()).contains("Grant view access successfully");
+  }
+}