New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support for Table ACLs #653
Conversation
Codecov Report
@@ Coverage Diff @@
## master #653 +/- ##
============================================
- Coverage 81.49% 81.07% -0.43%
- Complexity 1226 1236 +10
============================================
Files 77 78 +1
Lines 6220 6329 +109
Branches 691 702 +11
============================================
+ Hits 5069 5131 +62
- Misses 792 833 +41
- Partials 359 365 +6
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!, except clir and codecov.
add clirr-ignored-differences.xml for new methods added to interfaces
This PR adds support for table-level permissions to BigQuery, which is implemented via the IAM meta API.
There's three mechanisms exposed: getIamPolicy, setIamPolicy, and testIamPermissions.
The service exposes a service-centric version of the responses, so we include a policy converter to map to/from the more general cloud IAM messages.
Differences from the other veneer (java-storage):
changed the response format of TestIamPermissions. The general pattern is to pass in a resource (table) and a list of permissions to check, and it returns the subset of that permission list which the caller actually holds on the resource. The storage veneer chose to implement this as a list of bools instead, which is nonstandard.
Policy conversion is much more forgiving. In java-storage, it's only top-level resources which return policies, so there's an expectation that all responses have actual bindings. Tables in BQ are nested within other elements that also convey permissions, so it's far more common and likely to have empty bindings on policies.