-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consistent get_<DATA_ASSET> permissions - S3_Datasets #1727
Changes from 10 commits
621a606
a95e8c8
dcb3a1b
253d75e
9c3b192
9ff55b4
cb9fbd0
85f5fc4
8dc491e
79eeb31
af21526
4b675f3
c192c89
c6d1896
6c0a444
6b93b81
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,7 @@ | |
get_dataset_statistics, | ||
get_dataset_glossary_terms, | ||
resolve_dataset_stack, | ||
get_dataset_restricted_information, | ||
) | ||
from dataall.core.environment.api.enums import EnvironmentPermission | ||
|
||
|
@@ -23,6 +24,22 @@ | |
], | ||
) | ||
|
||
DatasetRestrictedInformation = gql.ObjectType( | ||
name='DatasetRestrictedInformation', | ||
fields=[ | ||
gql.Field(name='AwsAccountId', type=gql.String), | ||
gql.Field(name='region', type=gql.String), | ||
gql.Field(name='S3BucketName', type=gql.String), | ||
gql.Field(name='GlueDatabaseName', type=gql.String), | ||
gql.Field(name='IAMDatasetAdminRoleArn', type=gql.String), | ||
gql.Field(name='KmsAlias', type=gql.String), | ||
gql.Field(name='importedS3Bucket', type=gql.Boolean), | ||
gql.Field(name='importedGlueDatabase', type=gql.Boolean), | ||
gql.Field(name='importedKmsKey', type=gql.Boolean), | ||
gql.Field(name='importedAdminRole', type=gql.Boolean), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. did we also want to include the following share expiration / config related information as part of restricted?
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Initially yes, but this information is fetched when opening a share request. At the end the user needs it for the share request creation |
||
], | ||
) | ||
|
||
Dataset = gql.ObjectType( | ||
name='Dataset', | ||
fields=[ | ||
|
@@ -35,29 +52,13 @@ | |
gql.Field(name='created', type=gql.String), | ||
gql.Field(name='updated', type=gql.String), | ||
gql.Field(name='admins', type=gql.ArrayType(gql.String)), | ||
gql.Field(name='AwsAccountId', type=gql.String), | ||
gql.Field(name='region', type=gql.String), | ||
gql.Field(name='S3BucketName', type=gql.String), | ||
gql.Field(name='GlueDatabaseName', type=gql.String), | ||
gql.Field(name='GlueCrawlerName', type=gql.String), | ||
gql.Field(name='GlueCrawlerSchedule', type=gql.String), | ||
gql.Field(name='GlueProfilingJobName', type=gql.String), | ||
gql.Field(name='GlueProfilingTriggerSchedule', type=gql.String), | ||
gql.Field(name='IAMDatasetAdminRoleArn', type=gql.String), | ||
gql.Field(name='KmsAlias', type=gql.String), | ||
gql.Field(name='bucketCreated', type=gql.Boolean), | ||
gql.Field(name='glueDatabaseCreated', type=gql.Boolean), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: making note we can remove the following from data model if we wanted to clean up sometime in the future
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I did not want to add a migration script because backfilling it in 2.6.2 was going to be a pain; but totally agree on the cleanup |
||
gql.Field(name='iamAdminRoleCreated', type=gql.Boolean), | ||
gql.Field(name='lakeformationLocationCreated', type=gql.Boolean), | ||
gql.Field(name='bucketPolicyCreated', type=gql.Boolean), | ||
gql.Field(name='SamlAdminGroupName', type=gql.String), | ||
gql.Field(name='businessOwnerEmail', type=gql.String), | ||
gql.Field(name='businessOwnerDelegationEmails', type=gql.ArrayType(gql.String)), | ||
gql.Field(name='importedS3Bucket', type=gql.Boolean), | ||
gql.Field(name='importedGlueDatabase', type=gql.Boolean), | ||
gql.Field(name='importedKmsKey', type=gql.Boolean), | ||
gql.Field(name='importedAdminRole', type=gql.Boolean), | ||
gql.Field(name='imported', type=gql.Boolean), | ||
gql.Field( | ||
name='restricted', | ||
type=DatasetRestrictedInformation, | ||
resolver=get_dataset_restricted_information, | ||
), | ||
gql.Field( | ||
name='environment', | ||
type=gql.Ref('EnvironmentSimplified'), | ||
|
@@ -130,8 +131,6 @@ | |
name='GlueCrawler', | ||
fields=[ | ||
gql.Field(name='Name', type=gql.ID), | ||
gql.Field(name='AwsAccountId', type=gql.String), | ||
gql.Field(name='region', type=gql.String), | ||
gql.Field(name='status', type=gql.String), | ||
], | ||
) |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,7 @@ | |
resolve_dataset, | ||
get_glue_table_properties, | ||
resolve_glossary_terms, | ||
get_dataset_table_restricted_information, | ||
) | ||
|
||
TablePermission = gql.ObjectType( | ||
|
@@ -21,6 +22,15 @@ | |
gql.Field(name='nodes', type=gql.ArrayType(TablePermission)), | ||
], | ||
) | ||
DatasetTableRestrictedInformation = gql.ObjectType( | ||
name='DatasetTableRestrictedInformation', | ||
fields=[ | ||
gql.Field(name='AwsAccountId', type=gql.String), | ||
gql.Field(name='GlueDatabaseName', type=gql.String), | ||
gql.Field(name='GlueTableName', type=gql.String), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. similar to call out above that ++ to note I would think best if anything would be to restrict on open search and keep the other server side restricted logic the same There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this might be the solution, restricting it also in OpenSearch |
||
gql.Field(name='S3Prefix', type=gql.String), | ||
], | ||
) | ||
|
||
DatasetTable = gql.ObjectType( | ||
name='DatasetTable', | ||
|
@@ -35,12 +45,11 @@ | |
gql.Field(name='created', type=gql.String), | ||
gql.Field(name='updated', type=gql.String), | ||
gql.Field(name='admins', type=gql.ArrayType(gql.String)), | ||
gql.Field(name='AwsAccountId', type=gql.String), | ||
gql.Field(name='GlueDatabaseName', type=gql.String), | ||
gql.Field(name='GlueTableName', type=gql.String), | ||
gql.Field(name='LastGlueTableStatus', type=gql.String), | ||
gql.Field(name='S3Prefix', type=gql.String), | ||
gql.Field(name='GlueTableConfig', type=gql.String), | ||
gql.Field( | ||
name='restricted', type=DatasetTableRestrictedInformation, resolver=get_dataset_table_restricted_information | ||
), | ||
gql.Field( | ||
name='GlueTableProperties', | ||
type=gql.String, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: A call out that these 2 fields (
S3BucketName
andGlueDatabaseName
) are a part of index in opensearch (backend/dataall/modules/s3_datasets/indexers/dataset_indexer.py
) - not sure really how "restricted" they are treated if that information can be found elsewhere