google-cloud-bigquery 1.14.0 → 1.42.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +17 -54
- data/CHANGELOG.md +377 -0
- data/CONTRIBUTING.md +328 -116
- data/LOGGING.md +1 -1
- data/OVERVIEW.md +21 -20
- data/TROUBLESHOOTING.md +2 -8
- data/lib/google/cloud/bigquery/argument.rb +197 -0
- data/lib/google/cloud/bigquery/convert.rb +155 -173
- data/lib/google/cloud/bigquery/copy_job.rb +74 -26
- data/lib/google/cloud/bigquery/credentials.rb +5 -12
- data/lib/google/cloud/bigquery/data.rb +109 -18
- data/lib/google/cloud/bigquery/dataset/access.rb +474 -52
- data/lib/google/cloud/bigquery/dataset/list.rb +7 -13
- data/lib/google/cloud/bigquery/dataset/tag.rb +67 -0
- data/lib/google/cloud/bigquery/dataset.rb +1044 -287
- data/lib/google/cloud/bigquery/external/avro_source.rb +107 -0
- data/lib/google/cloud/bigquery/external/bigtable_source/column.rb +404 -0
- data/lib/google/cloud/bigquery/external/bigtable_source/column_family.rb +945 -0
- data/lib/google/cloud/bigquery/external/bigtable_source.rb +230 -0
- data/lib/google/cloud/bigquery/external/csv_source.rb +481 -0
- data/lib/google/cloud/bigquery/external/data_source.rb +771 -0
- data/lib/google/cloud/bigquery/external/json_source.rb +170 -0
- data/lib/google/cloud/bigquery/external/parquet_source.rb +148 -0
- data/lib/google/cloud/bigquery/external/sheets_source.rb +166 -0
- data/lib/google/cloud/bigquery/external.rb +50 -2256
- data/lib/google/cloud/bigquery/extract_job.rb +226 -61
- data/lib/google/cloud/bigquery/insert_response.rb +1 -3
- data/lib/google/cloud/bigquery/job/list.rb +10 -14
- data/lib/google/cloud/bigquery/job.rb +289 -14
- data/lib/google/cloud/bigquery/load_job.rb +810 -136
- data/lib/google/cloud/bigquery/model/list.rb +5 -9
- data/lib/google/cloud/bigquery/model.rb +247 -16
- data/lib/google/cloud/bigquery/policy.rb +432 -0
- data/lib/google/cloud/bigquery/project/list.rb +6 -11
- data/lib/google/cloud/bigquery/project.rb +509 -250
- data/lib/google/cloud/bigquery/query_job.rb +594 -128
- data/lib/google/cloud/bigquery/routine/list.rb +165 -0
- data/lib/google/cloud/bigquery/routine.rb +1227 -0
- data/lib/google/cloud/bigquery/schema/field.rb +413 -63
- data/lib/google/cloud/bigquery/schema.rb +221 -48
- data/lib/google/cloud/bigquery/service.rb +204 -112
- data/lib/google/cloud/bigquery/standard_sql.rb +269 -53
- data/lib/google/cloud/bigquery/table/async_inserter.rb +86 -43
- data/lib/google/cloud/bigquery/table/list.rb +6 -11
- data/lib/google/cloud/bigquery/table.rb +1470 -377
- data/lib/google/cloud/bigquery/time.rb +6 -0
- data/lib/google/cloud/bigquery/version.rb +1 -1
- data/lib/google/cloud/bigquery.rb +4 -6
- data/lib/google-cloud-bigquery.rb +14 -13
- metadata +66 -38
@@ -35,7 +35,7 @@ module Google
|
|
35
35
|
# access.add_owner_group "owners@example.com"
|
36
36
|
# access.add_writer_user "writer@example.com"
|
37
37
|
# access.remove_writer_user "readers@example.com"
|
38
|
-
# access.add_reader_special :
|
38
|
+
# access.add_reader_special :all_users
|
39
39
|
# end
|
40
40
|
#
|
41
41
|
class Access
|
@@ -48,18 +48,23 @@ module Google
|
|
48
48
|
|
49
49
|
# @private
|
50
50
|
SCOPES = {
|
51
|
-
"
|
52
|
-
"user_by_email" => :user_by_email,
|
53
|
-
"userByEmail" => :user_by_email,
|
51
|
+
"domain" => :domain,
|
54
52
|
"group" => :group_by_email,
|
55
53
|
"group_by_email" => :group_by_email,
|
56
54
|
"groupByEmail" => :group_by_email,
|
57
|
-
"
|
55
|
+
"iam_member" => :iam_member,
|
56
|
+
"iamMember" => :iam_member,
|
57
|
+
"routine" => :routine,
|
58
58
|
"special" => :special_group,
|
59
59
|
"special_group" => :special_group,
|
60
60
|
"specialGroup" => :special_group,
|
61
|
-
"
|
61
|
+
"user" => :user_by_email,
|
62
|
+
"user_by_email" => :user_by_email,
|
63
|
+
"userByEmail" => :user_by_email,
|
64
|
+
"view" => :view,
|
65
|
+
"dataset" => :dataset
|
62
66
|
}.freeze
|
67
|
+
attr_reader :rules
|
63
68
|
|
64
69
|
# @private
|
65
70
|
GROUPS = {
|
@@ -74,7 +79,9 @@ module Google
|
|
74
79
|
"projectWriters" => "projectWriters",
|
75
80
|
"all" => "allAuthenticatedUsers",
|
76
81
|
"all_authenticated_users" => "allAuthenticatedUsers",
|
77
|
-
"allAuthenticatedUsers" => "allAuthenticatedUsers"
|
82
|
+
"allAuthenticatedUsers" => "allAuthenticatedUsers",
|
83
|
+
"all_users" => "allUsers",
|
84
|
+
"allUsers" => "allUsers"
|
78
85
|
}.freeze
|
79
86
|
|
80
87
|
##
|
@@ -148,6 +155,26 @@ module Google
|
|
148
155
|
add_access_role_scope_value :reader, :group, email
|
149
156
|
end
|
150
157
|
|
158
|
+
##
|
159
|
+
# Add reader access to some other type of member that appears in the IAM
|
160
|
+
# Policy but isn't a user, group, domain, or special group.
|
161
|
+
#
|
162
|
+
# @param [String] identity The identity reference.
|
163
|
+
#
|
164
|
+
# @example
|
165
|
+
# require "google/cloud/bigquery"
|
166
|
+
#
|
167
|
+
# bigquery = Google::Cloud::Bigquery.new
|
168
|
+
# dataset = bigquery.dataset "my_dataset"
|
169
|
+
#
|
170
|
+
# dataset.access do |access|
|
171
|
+
# access.add_reader_iam_member "entity@example.com"
|
172
|
+
# end
|
173
|
+
#
|
174
|
+
def add_reader_iam_member identity
|
175
|
+
add_access_role_scope_value :reader, :iam_member, identity
|
176
|
+
end
|
177
|
+
|
151
178
|
##
|
152
179
|
# Add reader access to a domain.
|
153
180
|
#
|
@@ -172,7 +199,7 @@ module Google
|
|
172
199
|
# Add reader access to a special group.
|
173
200
|
#
|
174
201
|
# @param [String] group Accepted values are `owners`, `writers`,
|
175
|
-
# `readers`, and `
|
202
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
176
203
|
#
|
177
204
|
# @example
|
178
205
|
# require "google/cloud/bigquery"
|
@@ -181,13 +208,40 @@ module Google
|
|
181
208
|
# dataset = bigquery.dataset "my_dataset"
|
182
209
|
#
|
183
210
|
# dataset.access do |access|
|
184
|
-
# access.add_reader_special :
|
211
|
+
# access.add_reader_special :all_users
|
185
212
|
# end
|
186
213
|
#
|
187
214
|
def add_reader_special group
|
188
215
|
add_access_role_scope_value :reader, :special, group
|
189
216
|
end
|
190
217
|
|
218
|
+
##
|
219
|
+
# Add access to a routine from a different dataset. Queries executed
|
220
|
+
# against that routine will have read access to views/tables/routines
|
221
|
+
# in this dataset. Only UDF is supported for now. The role field is
|
222
|
+
# not required when this field is set. If that routine is updated by
|
223
|
+
# any user, access to the routine needs to be granted again via an
|
224
|
+
# update operation.
|
225
|
+
#
|
226
|
+
# @param [Google::Cloud::Bigquery::Routine] routine A routine object.
|
227
|
+
#
|
228
|
+
# @example
|
229
|
+
# require "google/cloud/bigquery"
|
230
|
+
#
|
231
|
+
# bigquery = Google::Cloud::Bigquery.new
|
232
|
+
# dataset = bigquery.dataset "my_dataset"
|
233
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
234
|
+
#
|
235
|
+
# routine = other_dataset.routine "my_routine"
|
236
|
+
#
|
237
|
+
# dataset.access do |access|
|
238
|
+
# access.add_reader_routine routine
|
239
|
+
# end
|
240
|
+
#
|
241
|
+
def add_reader_routine routine
|
242
|
+
add_access_routine routine
|
243
|
+
end
|
244
|
+
|
191
245
|
##
|
192
246
|
# Add reader access to a view.
|
193
247
|
#
|
@@ -203,9 +257,9 @@ module Google
|
|
203
257
|
#
|
204
258
|
# bigquery = Google::Cloud::Bigquery.new
|
205
259
|
# dataset = bigquery.dataset "my_dataset"
|
206
|
-
# other_dataset = bigquery.dataset "my_other_dataset"
|
260
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
207
261
|
#
|
208
|
-
# view = other_dataset.table "my_view"
|
262
|
+
# view = other_dataset.table "my_view", skip_lookup: true
|
209
263
|
#
|
210
264
|
# dataset.access do |access|
|
211
265
|
# access.add_reader_view view
|
@@ -215,6 +269,44 @@ module Google
|
|
215
269
|
add_access_view view
|
216
270
|
end
|
217
271
|
|
272
|
+
##
|
273
|
+
# Add reader access to a dataset.
|
274
|
+
#
|
275
|
+
# @param [Google::Cloud::Bigquery::DatasetAccessEntry, Hash<String,String> ] dataset A DatasetAccessEntry
|
276
|
+
# or a Hash object. Required
|
277
|
+
#
|
278
|
+
# @example
|
279
|
+
# require "google/cloud/bigquery"
|
280
|
+
#
|
281
|
+
# bigquery = Google::Cloud::Bigquery.new
|
282
|
+
# dataset = bigquery.dataset "my_dataset"
|
283
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
284
|
+
#
|
285
|
+
# params = {
|
286
|
+
# dataset_id: other_dataset.dataset_id,
|
287
|
+
# project_id: other_dataset.project_id,
|
288
|
+
# target_types: ["VIEWS"]
|
289
|
+
# }
|
290
|
+
#
|
291
|
+
# dataset.access do |access|
|
292
|
+
# access.add_reader_dataset params
|
293
|
+
# end
|
294
|
+
#
|
295
|
+
# @example
|
296
|
+
# require "google/cloud/bigquery"
|
297
|
+
#
|
298
|
+
# bigquery = Google::Cloud::Bigquery.new
|
299
|
+
# dataset = bigquery.dataset "my_dataset"
|
300
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
301
|
+
#
|
302
|
+
# dataset.access do |access|
|
303
|
+
# access.add_reader_dataset other_dataset.access_entry(target_types: ["VIEWS"])
|
304
|
+
# end
|
305
|
+
#
|
306
|
+
def add_reader_dataset dataset
|
307
|
+
add_access_dataset dataset
|
308
|
+
end
|
309
|
+
|
218
310
|
##
|
219
311
|
# Add writer access to a user.
|
220
312
|
#
|
@@ -253,6 +345,26 @@ module Google
|
|
253
345
|
add_access_role_scope_value :writer, :group, email
|
254
346
|
end
|
255
347
|
|
348
|
+
##
|
349
|
+
# Add writer access to some other type of member that appears in the IAM
|
350
|
+
# Policy but isn't a user, group, domain, or special group.
|
351
|
+
#
|
352
|
+
# @param [String] identity The identity reference.
|
353
|
+
#
|
354
|
+
# @example
|
355
|
+
# require "google/cloud/bigquery"
|
356
|
+
#
|
357
|
+
# bigquery = Google::Cloud::Bigquery.new
|
358
|
+
# dataset = bigquery.dataset "my_dataset"
|
359
|
+
#
|
360
|
+
# dataset.access do |access|
|
361
|
+
# access.add_writer_iam_member "entity@example.com"
|
362
|
+
# end
|
363
|
+
#
|
364
|
+
def add_writer_iam_member identity
|
365
|
+
add_access_role_scope_value :writer, :iam_member, identity
|
366
|
+
end
|
367
|
+
|
256
368
|
##
|
257
369
|
# Add writer access to a domain.
|
258
370
|
#
|
@@ -277,7 +389,7 @@ module Google
|
|
277
389
|
# Add writer access to a special group.
|
278
390
|
#
|
279
391
|
# @param [String] group Accepted values are `owners`, `writers`,
|
280
|
-
# `readers`, and `
|
392
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
281
393
|
#
|
282
394
|
# @example
|
283
395
|
# require "google/cloud/bigquery"
|
@@ -286,7 +398,7 @@ module Google
|
|
286
398
|
# dataset = bigquery.dataset "my_dataset"
|
287
399
|
#
|
288
400
|
# dataset.access do |access|
|
289
|
-
# access.add_writer_special :
|
401
|
+
# access.add_writer_special :all_users
|
290
402
|
# end
|
291
403
|
#
|
292
404
|
def add_writer_special group
|
@@ -331,6 +443,26 @@ module Google
|
|
331
443
|
add_access_role_scope_value :owner, :group, email
|
332
444
|
end
|
333
445
|
|
446
|
+
##
|
447
|
+
# Add owner access to some other type of member that appears in the IAM
|
448
|
+
# Policy but isn't a user, group, domain, or special group.
|
449
|
+
#
|
450
|
+
# @param [String] identity The identity reference.
|
451
|
+
#
|
452
|
+
# @example
|
453
|
+
# require "google/cloud/bigquery"
|
454
|
+
#
|
455
|
+
# bigquery = Google::Cloud::Bigquery.new
|
456
|
+
# dataset = bigquery.dataset "my_dataset"
|
457
|
+
#
|
458
|
+
# dataset.access do |access|
|
459
|
+
# access.add_owner_iam_member "entity@example.com"
|
460
|
+
# end
|
461
|
+
#
|
462
|
+
def add_owner_iam_member identity
|
463
|
+
add_access_role_scope_value :owner, :iam_member, identity
|
464
|
+
end
|
465
|
+
|
334
466
|
##
|
335
467
|
# Add owner access to a domain.
|
336
468
|
#
|
@@ -355,7 +487,7 @@ module Google
|
|
355
487
|
# Add owner access to a special group.
|
356
488
|
#
|
357
489
|
# @param [String] group Accepted values are `owners`, `writers`,
|
358
|
-
# `readers`, and `
|
490
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
359
491
|
#
|
360
492
|
# @example
|
361
493
|
# require "google/cloud/bigquery"
|
@@ -364,7 +496,7 @@ module Google
|
|
364
496
|
# dataset = bigquery.dataset "my_dataset"
|
365
497
|
#
|
366
498
|
# dataset.access do |access|
|
367
|
-
# access.add_owner_special :
|
499
|
+
# access.add_owner_special :all_users
|
368
500
|
# end
|
369
501
|
#
|
370
502
|
def add_owner_special group
|
@@ -409,6 +541,26 @@ module Google
|
|
409
541
|
remove_access_role_scope_value :reader, :group, email
|
410
542
|
end
|
411
543
|
|
544
|
+
##
|
545
|
+
# Remove reader access from some other type of member that appears in the IAM
|
546
|
+
# Policy but isn't a user, group, domain, or special group.
|
547
|
+
#
|
548
|
+
# @param [String] identity The identity reference.
|
549
|
+
#
|
550
|
+
# @example
|
551
|
+
# require "google/cloud/bigquery"
|
552
|
+
#
|
553
|
+
# bigquery = Google::Cloud::Bigquery.new
|
554
|
+
# dataset = bigquery.dataset "my_dataset"
|
555
|
+
#
|
556
|
+
# dataset.access do |access|
|
557
|
+
# access.remove_reader_iam_member "entity@example.com"
|
558
|
+
# end
|
559
|
+
#
|
560
|
+
def remove_reader_iam_member identity
|
561
|
+
remove_access_role_scope_value :reader, :iam_member, identity
|
562
|
+
end
|
563
|
+
|
412
564
|
##
|
413
565
|
# Remove reader access from a domain.
|
414
566
|
#
|
@@ -433,7 +585,7 @@ module Google
|
|
433
585
|
# Remove reader access from a special group.
|
434
586
|
#
|
435
587
|
# @param [String] group Accepted values are `owners`, `writers`,
|
436
|
-
# `readers`, and `
|
588
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
437
589
|
#
|
438
590
|
# @example
|
439
591
|
# require "google/cloud/bigquery"
|
@@ -442,13 +594,35 @@ module Google
|
|
442
594
|
# dataset = bigquery.dataset "my_dataset"
|
443
595
|
#
|
444
596
|
# dataset.access do |access|
|
445
|
-
# access.remove_reader_special :
|
597
|
+
# access.remove_reader_special :all_users
|
446
598
|
# end
|
447
599
|
#
|
448
600
|
def remove_reader_special group
|
449
601
|
remove_access_role_scope_value :reader, :special, group
|
450
602
|
end
|
451
603
|
|
604
|
+
##
|
605
|
+
# Remove reader access from a routine from a different dataset.
|
606
|
+
#
|
607
|
+
# @param [Google::Cloud::Bigquery::Routine] routine A routine object.
|
608
|
+
#
|
609
|
+
# @example
|
610
|
+
# require "google/cloud/bigquery"
|
611
|
+
#
|
612
|
+
# bigquery = Google::Cloud::Bigquery.new
|
613
|
+
# dataset = bigquery.dataset "my_dataset"
|
614
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
615
|
+
#
|
616
|
+
# routine = other_dataset.routine "my_routine", skip_lookup: true
|
617
|
+
#
|
618
|
+
# dataset.access do |access|
|
619
|
+
# access.remove_reader_routine routine
|
620
|
+
# end
|
621
|
+
#
|
622
|
+
def remove_reader_routine routine
|
623
|
+
remove_access_routine routine
|
624
|
+
end
|
625
|
+
|
452
626
|
##
|
453
627
|
# Remove reader access from a view.
|
454
628
|
#
|
@@ -464,9 +638,9 @@ module Google
|
|
464
638
|
#
|
465
639
|
# bigquery = Google::Cloud::Bigquery.new
|
466
640
|
# dataset = bigquery.dataset "my_dataset"
|
467
|
-
# other_dataset = bigquery.dataset "my_other_dataset"
|
641
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
468
642
|
#
|
469
|
-
# view = other_dataset.table "my_view"
|
643
|
+
# view = other_dataset.table "my_view", skip_lookup: true
|
470
644
|
#
|
471
645
|
# dataset.access do |access|
|
472
646
|
# access.remove_reader_view view
|
@@ -476,6 +650,44 @@ module Google
|
|
476
650
|
remove_access_view view
|
477
651
|
end
|
478
652
|
|
653
|
+
##
|
654
|
+
# Removes reader access of a dataset.
|
655
|
+
#
|
656
|
+
# @param [Google::Cloud::Bigquery::DatasetAccessEntry, Hash<String,String> ] dataset A DatasetAccessEntry
|
657
|
+
# or a Hash object. Required
|
658
|
+
#
|
659
|
+
# @example
|
660
|
+
# require "google/cloud/bigquery"
|
661
|
+
#
|
662
|
+
# bigquery = Google::Cloud::Bigquery.new
|
663
|
+
# dataset = bigquery.dataset "my_dataset"
|
664
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
665
|
+
#
|
666
|
+
# params = {
|
667
|
+
# dataset_id: other_dataset.dataset_id,
|
668
|
+
# project_id: other_dataset.project_id,
|
669
|
+
# target_types: ["VIEWS"]
|
670
|
+
# }
|
671
|
+
#
|
672
|
+
# dataset.access do |access|
|
673
|
+
# access.remove_reader_dataset params
|
674
|
+
# end
|
675
|
+
#
|
676
|
+
# @example
|
677
|
+
# require "google/cloud/bigquery"
|
678
|
+
#
|
679
|
+
# bigquery = Google::Cloud::Bigquery.new
|
680
|
+
# dataset = bigquery.dataset "my_dataset"
|
681
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
682
|
+
#
|
683
|
+
# dataset.access do |access|
|
684
|
+
# access.remove_reader_dataset other_dataset.access_entry(target_types: ["VIEWS"])
|
685
|
+
# end
|
686
|
+
#
|
687
|
+
def remove_reader_dataset dataset
|
688
|
+
remove_access_dataset dataset
|
689
|
+
end
|
690
|
+
|
479
691
|
##
|
480
692
|
# Remove writer access from a user.
|
481
693
|
#
|
@@ -514,6 +726,26 @@ module Google
|
|
514
726
|
remove_access_role_scope_value :writer, :group, email
|
515
727
|
end
|
516
728
|
|
729
|
+
##
|
730
|
+
# Remove writer access from some other type of member that appears in the IAM
|
731
|
+
# Policy but isn't a user, group, domain, or special group.
|
732
|
+
#
|
733
|
+
# @param [String] identity The identity reference.
|
734
|
+
#
|
735
|
+
# @example
|
736
|
+
# require "google/cloud/bigquery"
|
737
|
+
#
|
738
|
+
# bigquery = Google::Cloud::Bigquery.new
|
739
|
+
# dataset = bigquery.dataset "my_dataset"
|
740
|
+
#
|
741
|
+
# dataset.access do |access|
|
742
|
+
# access.remove_writer_iam_member "entity@example.com"
|
743
|
+
# end
|
744
|
+
#
|
745
|
+
def remove_writer_iam_member identity
|
746
|
+
remove_access_role_scope_value :writer, :iam_member, identity
|
747
|
+
end
|
748
|
+
|
517
749
|
##
|
518
750
|
# Remove writer access from a domain.
|
519
751
|
#
|
@@ -538,7 +770,7 @@ module Google
|
|
538
770
|
# Remove writer access from a special group.
|
539
771
|
#
|
540
772
|
# @param [String] group Accepted values are `owners`, `writers`,
|
541
|
-
# `readers`, and `
|
773
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
542
774
|
#
|
543
775
|
# @example
|
544
776
|
# require "google/cloud/bigquery"
|
@@ -547,7 +779,7 @@ module Google
|
|
547
779
|
# dataset = bigquery.dataset "my_dataset"
|
548
780
|
#
|
549
781
|
# dataset.access do |access|
|
550
|
-
# access.remove_writer_special :
|
782
|
+
# access.remove_writer_special :all_users
|
551
783
|
# end
|
552
784
|
#
|
553
785
|
def remove_writer_special group
|
@@ -592,6 +824,26 @@ module Google
|
|
592
824
|
remove_access_role_scope_value :owner, :group, email
|
593
825
|
end
|
594
826
|
|
827
|
+
##
|
828
|
+
# Remove owner access from some other type of member that appears in the IAM
|
829
|
+
# Policy but isn't a user, group, domain, or special group.
|
830
|
+
#
|
831
|
+
# @param [String] identity The identity reference.
|
832
|
+
#
|
833
|
+
# @example
|
834
|
+
# require "google/cloud/bigquery"
|
835
|
+
#
|
836
|
+
# bigquery = Google::Cloud::Bigquery.new
|
837
|
+
# dataset = bigquery.dataset "my_dataset"
|
838
|
+
#
|
839
|
+
# dataset.access do |access|
|
840
|
+
# access.remove_owner_iam_member "entity@example.com"
|
841
|
+
# end
|
842
|
+
#
|
843
|
+
def remove_owner_iam_member identity
|
844
|
+
remove_access_role_scope_value :owner, :iam_member, identity
|
845
|
+
end
|
846
|
+
|
595
847
|
##
|
596
848
|
# Remove owner access from a domain.
|
597
849
|
#
|
@@ -616,7 +868,7 @@ module Google
|
|
616
868
|
# Remove owner access from a special group.
|
617
869
|
#
|
618
870
|
# @param [String] group Accepted values are `owners`, `writers`,
|
619
|
-
# `readers`, and `
|
871
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
620
872
|
#
|
621
873
|
# @example
|
622
874
|
# require "google/cloud/bigquery"
|
@@ -625,7 +877,7 @@ module Google
|
|
625
877
|
# dataset = bigquery.dataset "my_dataset"
|
626
878
|
#
|
627
879
|
# dataset.access do |access|
|
628
|
-
# access.remove_owner_special :
|
880
|
+
# access.remove_owner_special :all_users
|
629
881
|
# end
|
630
882
|
#
|
631
883
|
def remove_owner_special group
|
@@ -668,6 +920,25 @@ module Google
|
|
668
920
|
lookup_access_role_scope_value :reader, :group, email
|
669
921
|
end
|
670
922
|
|
923
|
+
##
|
924
|
+
# Checks reader access for some other type of member that appears in the IAM
|
925
|
+
# Policy but isn't a user, group, domain, or special group.
|
926
|
+
#
|
927
|
+
# @param [String] identity The identity reference.
|
928
|
+
#
|
929
|
+
# @example
|
930
|
+
# require "google/cloud/bigquery"
|
931
|
+
#
|
932
|
+
# bigquery = Google::Cloud::Bigquery.new
|
933
|
+
# dataset = bigquery.dataset "my_dataset"
|
934
|
+
#
|
935
|
+
# access = dataset.access
|
936
|
+
# access.reader_iam_member? "entity@example.com" #=> false
|
937
|
+
#
|
938
|
+
def reader_iam_member? identity
|
939
|
+
lookup_access_role_scope_value :reader, :iam_member, identity
|
940
|
+
end
|
941
|
+
|
671
942
|
##
|
672
943
|
# Checks reader access for a domain.
|
673
944
|
#
|
@@ -691,7 +962,7 @@ module Google
|
|
691
962
|
# Checks reader access for a special group.
|
692
963
|
#
|
693
964
|
# @param [String] group Accepted values are `owners`, `writers`,
|
694
|
-
# `readers`, and `
|
965
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
695
966
|
#
|
696
967
|
# @example
|
697
968
|
# require "google/cloud/bigquery"
|
@@ -700,12 +971,38 @@ module Google
|
|
700
971
|
# dataset = bigquery.dataset "my_dataset"
|
701
972
|
#
|
702
973
|
# access = dataset.access
|
703
|
-
# access.reader_special? :
|
974
|
+
# access.reader_special? :all_users #=> false
|
704
975
|
#
|
705
976
|
def reader_special? group
|
706
977
|
lookup_access_role_scope_value :reader, :special, group
|
707
978
|
end
|
708
979
|
|
980
|
+
##
|
981
|
+
# Checks access for a routine from a different dataset. Queries executed
|
982
|
+
# against that routine will have read access to views/tables/routines
|
983
|
+
# in this dataset. Only UDF is supported for now. The role field is
|
984
|
+
# not required when this field is set. If that routine is updated by
|
985
|
+
# any user, access to the routine needs to be granted again via an
|
986
|
+
# update operation.
|
987
|
+
#
|
988
|
+
# @param [Google::Cloud::Bigquery::Routine] routine A routine object.
|
989
|
+
#
|
990
|
+
# @example
|
991
|
+
# require "google/cloud/bigquery"
|
992
|
+
#
|
993
|
+
# bigquery = Google::Cloud::Bigquery.new
|
994
|
+
# dataset = bigquery.dataset "my_dataset"
|
995
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
996
|
+
#
|
997
|
+
# routine = other_dataset.routine "my_routine", skip_lookup: true
|
998
|
+
#
|
999
|
+
# access = dataset.access
|
1000
|
+
# access.reader_routine? routine #=> false
|
1001
|
+
#
|
1002
|
+
def reader_routine? routine
|
1003
|
+
lookup_access_routine routine
|
1004
|
+
end
|
1005
|
+
|
709
1006
|
##
|
710
1007
|
# Checks reader access for a view.
|
711
1008
|
#
|
@@ -721,9 +1018,9 @@ module Google
|
|
721
1018
|
#
|
722
1019
|
# bigquery = Google::Cloud::Bigquery.new
|
723
1020
|
# dataset = bigquery.dataset "my_dataset"
|
724
|
-
# other_dataset = bigquery.dataset "my_other_dataset"
|
1021
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
725
1022
|
#
|
726
|
-
# view = other_dataset.table "my_view"
|
1023
|
+
# view = other_dataset.table "my_view", skip_lookup: true
|
727
1024
|
#
|
728
1025
|
# access = dataset.access
|
729
1026
|
# access.reader_view? view #=> false
|
@@ -732,6 +1029,40 @@ module Google
|
|
732
1029
|
lookup_access_view view
|
733
1030
|
end
|
734
1031
|
|
1032
|
+
##
|
1033
|
+
# Checks reader access for a dataset.
|
1034
|
+
#
|
1035
|
+
# @param [Google::Cloud::Bigquery::DatasetAccessEntry, Hash<String,String> ] dataset A DatasetAccessEntry
|
1036
|
+
# or a Hash object. Required
|
1037
|
+
#
|
1038
|
+
# @example
|
1039
|
+
# require "google/cloud/bigquery"
|
1040
|
+
#
|
1041
|
+
# bigquery = Google::Cloud::Bigquery.new
|
1042
|
+
# dataset = bigquery.dataset "my_dataset"
|
1043
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
1044
|
+
#
|
1045
|
+
# params = {
|
1046
|
+
# dataset_id: other_dataset.dataset_id,
|
1047
|
+
# project_id: other_dataset.project_id,
|
1048
|
+
# target_types: ["VIEWS"]
|
1049
|
+
# }
|
1050
|
+
#
|
1051
|
+
# dataset.access.reader_dataset? params
|
1052
|
+
#
|
1053
|
+
# @example
|
1054
|
+
# require "google/cloud/bigquery"
|
1055
|
+
#
|
1056
|
+
# bigquery = Google::Cloud::Bigquery.new
|
1057
|
+
# dataset = bigquery.dataset "my_dataset"
|
1058
|
+
# other_dataset = bigquery.dataset "my_other_dataset", skip_lookup: true
|
1059
|
+
#
|
1060
|
+
# dataset.access.reader_dataset? other_dataset.access_entry(target_types: ["VIEWS"])
|
1061
|
+
#
|
1062
|
+
def reader_dataset? dataset
|
1063
|
+
lookup_access_dataset dataset
|
1064
|
+
end
|
1065
|
+
|
735
1066
|
##
|
736
1067
|
# Checks writer access for a user.
|
737
1068
|
#
|
@@ -768,6 +1099,25 @@ module Google
|
|
768
1099
|
lookup_access_role_scope_value :writer, :group, email
|
769
1100
|
end
|
770
1101
|
|
1102
|
+
##
|
1103
|
+
# Checks writer access for some other type of member that appears in the IAM
|
1104
|
+
# Policy but isn't a user, group, domain, or special group.
|
1105
|
+
#
|
1106
|
+
# @param [String] identity The identity reference.
|
1107
|
+
#
|
1108
|
+
# @example
|
1109
|
+
# require "google/cloud/bigquery"
|
1110
|
+
#
|
1111
|
+
# bigquery = Google::Cloud::Bigquery.new
|
1112
|
+
# dataset = bigquery.dataset "my_dataset"
|
1113
|
+
#
|
1114
|
+
# access = dataset.access
|
1115
|
+
# access.writer_iam_member? "entity@example.com" #=> false
|
1116
|
+
#
|
1117
|
+
def writer_iam_member? identity
|
1118
|
+
lookup_access_role_scope_value :writer, :iam_member, identity
|
1119
|
+
end
|
1120
|
+
|
771
1121
|
##
|
772
1122
|
# Checks writer access for a domain.
|
773
1123
|
#
|
@@ -791,7 +1141,7 @@ module Google
|
|
791
1141
|
# Checks writer access for a special group.
|
792
1142
|
#
|
793
1143
|
# @param [String] group Accepted values are `owners`, `writers`,
|
794
|
-
# `readers`, and `
|
1144
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
795
1145
|
#
|
796
1146
|
# @example
|
797
1147
|
# require "google/cloud/bigquery"
|
@@ -800,7 +1150,7 @@ module Google
|
|
800
1150
|
# dataset = bigquery.dataset "my_dataset"
|
801
1151
|
#
|
802
1152
|
# access = dataset.access
|
803
|
-
# access.writer_special? :
|
1153
|
+
# access.writer_special? :all_users #=> false
|
804
1154
|
#
|
805
1155
|
def writer_special? group
|
806
1156
|
lookup_access_role_scope_value :writer, :special, group
|
@@ -842,6 +1192,25 @@ module Google
|
|
842
1192
|
lookup_access_role_scope_value :owner, :group, email
|
843
1193
|
end
|
844
1194
|
|
1195
|
+
##
|
1196
|
+
# Checks owner access for some other type of member that appears in the IAM
|
1197
|
+
# Policy but isn't a user, group, domain, or special group.
|
1198
|
+
#
|
1199
|
+
# @param [String] identity The identity reference.
|
1200
|
+
#
|
1201
|
+
# @example
|
1202
|
+
# require "google/cloud/bigquery"
|
1203
|
+
#
|
1204
|
+
# bigquery = Google::Cloud::Bigquery.new
|
1205
|
+
# dataset = bigquery.dataset "my_dataset"
|
1206
|
+
#
|
1207
|
+
# access = dataset.access
|
1208
|
+
# access.owner_iam_member? "entity@example.com" #=> false
|
1209
|
+
#
|
1210
|
+
def owner_iam_member? identity
|
1211
|
+
lookup_access_role_scope_value :owner, :iam_member, identity
|
1212
|
+
end
|
1213
|
+
|
845
1214
|
##
|
846
1215
|
# Checks owner access for a domain.
|
847
1216
|
#
|
@@ -865,7 +1234,7 @@ module Google
|
|
865
1234
|
# Checks owner access for a special group.
|
866
1235
|
#
|
867
1236
|
# @param [String] group Accepted values are `owners`, `writers`,
|
868
|
-
# `readers`, and `
|
1237
|
+
# `readers`, `all_authenticated_users`, and `all_users`.
|
869
1238
|
#
|
870
1239
|
# @example
|
871
1240
|
# require "google/cloud/bigquery"
|
@@ -874,7 +1243,7 @@ module Google
|
|
874
1243
|
# dataset = bigquery.dataset "my_dataset"
|
875
1244
|
#
|
876
1245
|
# access = dataset.access
|
877
|
-
# access.owner_special? :
|
1246
|
+
# access.owner_special? :all_users #=> false
|
878
1247
|
#
|
879
1248
|
def owner_special? group
|
880
1249
|
lookup_access_role_scope_value :owner, :special, group
|
@@ -885,10 +1254,8 @@ module Google
|
|
885
1254
|
rules = Array gapi.access
|
886
1255
|
new.tap do |s|
|
887
1256
|
s.instance_variable_set :@rules, rules
|
888
|
-
s.instance_variable_set :@original_rules_hashes,
|
889
|
-
|
890
|
-
s.instance_variable_set :@dataset_reference,
|
891
|
-
gapi.dataset_reference
|
1257
|
+
s.instance_variable_set :@original_rules_hashes, rules.map(&:to_h)
|
1258
|
+
s.instance_variable_set :@dataset_reference, gapi.dataset_reference
|
892
1259
|
end
|
893
1260
|
end
|
894
1261
|
|
@@ -902,18 +1269,14 @@ module Google
|
|
902
1269
|
# @private
|
903
1270
|
def validate_role role
|
904
1271
|
good_role = ROLES[role.to_s]
|
905
|
-
if good_role.nil?
|
906
|
-
raise ArgumentError "Unable to determine role for #{role}"
|
907
|
-
end
|
1272
|
+
raise ArgumentError "Unable to determine role for #{role}" if good_role.nil?
|
908
1273
|
good_role
|
909
1274
|
end
|
910
1275
|
|
911
1276
|
# @private
|
912
1277
|
def validate_scope scope
|
913
1278
|
good_scope = SCOPES[scope.to_s]
|
914
|
-
if good_scope.nil?
|
915
|
-
raise ArgumentError "Unable to determine scope for #{scope}"
|
916
|
-
end
|
1279
|
+
raise ArgumentError "Unable to determine scope for #{scope}" if good_scope.nil?
|
917
1280
|
good_scope
|
918
1281
|
end
|
919
1282
|
|
@@ -933,6 +1296,18 @@ module Google
|
|
933
1296
|
end
|
934
1297
|
end
|
935
1298
|
|
1299
|
+
# @private
|
1300
|
+
#
|
1301
|
+
# Checks the type of user input and converts it to acceptable format.
|
1302
|
+
#
|
1303
|
+
def validate_dataset dataset
|
1304
|
+
if dataset.is_a? Google::Apis::BigqueryV2::DatasetAccessEntry
|
1305
|
+
dataset
|
1306
|
+
else
|
1307
|
+
Service.dataset_access_entry_from_hash dataset
|
1308
|
+
end
|
1309
|
+
end
|
1310
|
+
|
936
1311
|
# @private
|
937
1312
|
def add_access_role_scope_value role, scope, value
|
938
1313
|
role = validate_role role
|
@@ -943,7 +1318,17 @@ module Google
|
|
943
1318
|
@rules.reject!(&find_by_scope_and_value(scope, value))
|
944
1319
|
# Add new rule for this role, scope, and value
|
945
1320
|
opts = { role: role, scope => value }
|
946
|
-
@rules << Google::Apis::BigqueryV2::Dataset::Access.new(opts)
|
1321
|
+
@rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
|
1322
|
+
end
|
1323
|
+
|
1324
|
+
# @private
|
1325
|
+
def add_access_routine routine
|
1326
|
+
value = routine.routine_ref
|
1327
|
+
# Remove existing routine rule, if any
|
1328
|
+
@rules.reject!(&find_by_scope_and_resource_ref(:routine, value))
|
1329
|
+
# Add new rule for this role, scope, and value
|
1330
|
+
opts = { routine: value }
|
1331
|
+
@rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
|
947
1332
|
end
|
948
1333
|
|
949
1334
|
# @private
|
@@ -951,10 +1336,21 @@ module Google
|
|
951
1336
|
# scope is view, make sure value is in the right format
|
952
1337
|
value = validate_view value
|
953
1338
|
# Remove existing view rule, if any
|
954
|
-
@rules.reject!(&
|
1339
|
+
@rules.reject!(&find_by_scope_and_resource_ref(:view, value))
|
955
1340
|
# Add new rule for this role, scope, and value
|
956
1341
|
opts = { view: value }
|
957
|
-
@rules << Google::Apis::BigqueryV2::Dataset::Access.new(opts)
|
1342
|
+
@rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
|
1343
|
+
end
|
1344
|
+
|
1345
|
+
# @private
|
1346
|
+
def add_access_dataset dataset
|
1347
|
+
# scope is dataset, make sure value is in the right format
|
1348
|
+
value = validate_dataset dataset
|
1349
|
+
# Remove existing rule for input dataset, if any
|
1350
|
+
@rules.reject!(&find_by_scope_and_resource_ref(:dataset, value))
|
1351
|
+
# Add new rule for this role, scope, and value
|
1352
|
+
opts = { dataset: value }
|
1353
|
+
@rules << Google::Apis::BigqueryV2::Dataset::Access.new(**opts)
|
958
1354
|
end
|
959
1355
|
|
960
1356
|
# @private
|
@@ -969,12 +1365,26 @@ module Google
|
|
969
1365
|
)
|
970
1366
|
end
|
971
1367
|
|
1368
|
+
# @private
|
1369
|
+
def remove_access_routine routine
|
1370
|
+
# Remove existing routine rule, if any
|
1371
|
+
@rules.reject!(&find_by_scope_and_resource_ref(:routine, routine.routine_ref))
|
1372
|
+
end
|
1373
|
+
|
972
1374
|
# @private
|
973
1375
|
def remove_access_view value
|
974
1376
|
# scope is view, make sure value is in the right format
|
975
1377
|
value = validate_view value
|
976
1378
|
# Remove existing view rule, if any
|
977
|
-
@rules.reject!(&
|
1379
|
+
@rules.reject!(&find_by_scope_and_resource_ref(:view, value))
|
1380
|
+
end
|
1381
|
+
|
1382
|
+
# @private
|
1383
|
+
def remove_access_dataset dataset
|
1384
|
+
# scope is dataset, make sure value is in the right format
|
1385
|
+
value = validate_dataset dataset
|
1386
|
+
# Remove existing rule for input dataset, if any
|
1387
|
+
@rules.reject!(&find_by_scope_and_resource_ref(:dataset, value))
|
978
1388
|
end
|
979
1389
|
|
980
1390
|
# @private
|
@@ -984,9 +1394,13 @@ module Google
|
|
984
1394
|
# If scope is special group, make sure value is in the list
|
985
1395
|
value = validate_special_group value if scope == :special_group
|
986
1396
|
# Detect any rules of this role, scope, and value
|
987
|
-
!(!@rules.detect(
|
988
|
-
|
989
|
-
|
1397
|
+
!(!@rules.detect(&find_by_role_and_scope_and_value(role, scope, value)))
|
1398
|
+
end
|
1399
|
+
|
1400
|
+
# @private
|
1401
|
+
def lookup_access_routine routine
|
1402
|
+
# Detect routine rule, if any
|
1403
|
+
!(!@rules.detect(&find_by_scope_and_resource_ref(:routine, routine.routine_ref)))
|
990
1404
|
end
|
991
1405
|
|
992
1406
|
# @private
|
@@ -994,7 +1408,15 @@ module Google
|
|
994
1408
|
# scope is view, make sure value is in the right format
|
995
1409
|
value = validate_view value
|
996
1410
|
# Detect view rule, if any
|
997
|
-
!(!@rules.detect(&
|
1411
|
+
!(!@rules.detect(&find_by_scope_and_resource_ref(:view, value)))
|
1412
|
+
end
|
1413
|
+
|
1414
|
+
# @private
|
1415
|
+
def lookup_access_dataset dataset
|
1416
|
+
# scope is dataset, make sure value is in the right format
|
1417
|
+
value = validate_dataset dataset
|
1418
|
+
# Detect existing rule for input dataset, if any
|
1419
|
+
!(!@rules.detect(&find_by_scope_and_resource_ref(:dataset, value)))
|
998
1420
|
end
|
999
1421
|
|
1000
1422
|
# @private
|
@@ -1013,11 +1435,11 @@ module Google
|
|
1013
1435
|
end
|
1014
1436
|
end
|
1015
1437
|
|
1016
|
-
# @private
|
1017
|
-
def
|
1438
|
+
# @private Compare hash representations to find table_ref, routine_ref.
|
1439
|
+
def find_by_scope_and_resource_ref scope, value
|
1018
1440
|
lambda do |a|
|
1019
1441
|
h = a.to_h
|
1020
|
-
h[
|
1442
|
+
h[scope].to_h == value.to_h
|
1021
1443
|
end
|
1022
1444
|
end
|
1023
1445
|
end
|