Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable access control for job runs #518

Merged
merged 8 commits into from
Nov 28, 2023
Merged

Enable access control for job runs #518

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d5c868c
feat: added access control list capability to job submit
srggrs Nov 26, 2023
7d2039b
feat: ignore sublime text files
srggrs Nov 26, 2023
f3dd2a7
feat: added entry to changelog
srggrs Nov 26, 2023
b271efc
expanding to AP
benc-db Nov 28, 2023
97ad4dc
revert test for now, need to rethink how to evaluate
benc-db Nov 28, 2023
33ffc25
real revert
benc-db Nov 28, 2023
e5b1f06
Merge branch 'main' into feat/enable-access-control-for-job-runs-subm…
benc-db Nov 28, 2023
1fbb253
unit tests
benc-db Nov 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,5 @@ test.env
.vscode
*.log
logs/
.venv*
.venv*
*.sublime*
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

- Adding capability to specify compute on a per model basis ([488](https://github.com/databricks/dbt-databricks/pull/488))
- Selectively persist column docs that have changed between runs of incremental ([513](https://github.com/databricks/dbt-databricks/pull/513))
- Enabling access control list for job runs (thanks @srggrs!)([518](https://github.com/databricks/dbt-databricks/pull/518))

## dbt-databricks 1.7.1 (Nov 13, 2023)

Expand Down
11 changes: 9 additions & 2 deletions dbt/adapters/databricks/python_submissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,12 @@ def _create_work_dir(self, path: str) -> None:
f"Error creating work_dir for python notebooks\n {response.content!r}"
)

def _update_with_acls(self, cluster_dict: dict) -> dict:
acl = self.parsed_model["config"].get("access_control_list", None)
if acl:
cluster_dict.update({"access_control_list": acl})
return cluster_dict

def _upload_notebook(self, path: str, compiled_code: str) -> None:
b64_encoded_content = base64.b64encode(compiled_code.encode()).decode()
response = requests.post(
Expand Down Expand Up @@ -206,7 +212,7 @@ def check_credentials(self) -> None:

def submit(self, compiled_code: str) -> None:
cluster_spec = {"new_cluster": self.parsed_model["config"]["job_cluster_config"]}
self._submit_through_notebook(compiled_code, cluster_spec)
self._submit_through_notebook(compiled_code, self._update_with_acls(cluster_spec))


class DBContext:
Expand Down Expand Up @@ -374,7 +380,8 @@ def check_credentials(self) -> None:

def submit(self, compiled_code: str) -> None:
if self.parsed_model["config"].get("create_notebook", False):
self._submit_through_notebook(compiled_code, {"existing_cluster_id": self.cluster_id})
config = {"existing_cluster_id": self.cluster_id}
self._submit_through_notebook(compiled_code, self._update_with_acls(config))
else:
context = DBContext(self.credentials, self.cluster_id, self.auth_header)
command = DBCommand(self.credentials, self.cluster_id, self.auth_header)
Expand Down
41 changes: 40 additions & 1 deletion tests/unit/python/test_python_submissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
import unittest
from unittest.mock import patch, Mock

from dbt.adapters.databricks.python_submissions import DBContext
from dbt.adapters.databricks.connections import DatabricksCredentials

from dbt.adapters.databricks.python_submissions import DBContext, BaseDatabricksHelper


class TestDatabricksPythonSubmissions(unittest.TestCase):
Expand All @@ -18,3 +20,40 @@ def test_start_cluster_returns_on_receiving_running_state(self, mock_post, mock_
context.start_cluster()

mock_get.assert_called_once()


class DatabricksTestHelper(BaseDatabricksHelper):
def __init__(self, parsed_model: dict, credentials: DatabricksCredentials):
self.parsed_model = parsed_model
self.credentials = credentials


class TestAclUpdate:
def test_empty_acl_empty_config(self):
helper = DatabricksTestHelper({"config": {}}, DatabricksCredentials())
assert helper._update_with_acls({}) == {}

def test_empty_acl_non_empty_config(self):
helper = DatabricksTestHelper({"config": {}}, DatabricksCredentials())
assert helper._update_with_acls({"a": "b"}) == {"a": "b"}

def test_non_empty_acl_empty_config(self):
expected_access_control = {
"access_control_list": [
{"user_name": "user2", "permission_level": "CAN_VIEW"},
]
}
helper = DatabricksTestHelper({"config": expected_access_control}, DatabricksCredentials())
assert helper._update_with_acls({}) == expected_access_control

def test_non_empty_acl_non_empty_config(self):
expected_access_control = {
"access_control_list": [
{"user_name": "user2", "permission_level": "CAN_VIEW"},
]
}
helper = DatabricksTestHelper({"config": expected_access_control}, DatabricksCredentials())
assert helper._update_with_acls({"a": "b"}) == {
"a": "b",
"access_control_list": expected_access_control["access_control_list"],
}