firebolt-db · ptiurin · Jul 30, 2024 · Jul 29, 2024 · Jul 29, 2024 · Jul 29, 2024
@@ -0,0 +1,3 @@
+kind: Changed
+body: External table authentication to inlcude optional role external id.
+time: 2024-07-29T14:53:10.992711+01:00
@@ -20,7 +20,7 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install ".[dev]"
+        python -m pip install ".[dev]"
 
     - name: Run pre-commit checks
       uses: pre-commit/[email protected]
@@ -30,7 +30,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install "dbt-firebolt/.[dev]"
+          python -m pip install "dbt-firebolt/.[dev]"
 
       - name: Setup database and engine
         id: setup
@@ -53,6 +53,7 @@ jobs:
           SECURE_BUCKET_PATH: ${{ vars.SECURE_BUCKET_PATH }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_ACCESS_SECRET_KEY: ${{ secrets.AWS_ACCESS_SECRET_KEY }}
+          AWS_ACCESS_ROLE_ARN: ${{ secrets.AWS_ACCESS_ROLE_ARN }}
           DBT_PROFILES_DIR: "../dbt-firebolt/.github/workflows/jaffle_shop"
         working-directory: jaffle-shop
         run:

@@ -6,6 +6,11 @@ dbt compile
 dbt run-operation stage_external_sources
 cp ../dbt-firebolt/.github/workflows/jaffle_shop/sources_external_tables_id_secret.yml models/staging/sources_external_tables.yml
 dbt run-operation stage_external_sources --vars "ext_full_refresh: true"
+if [[ -n "$AWS_ACCESS_ROLE_ARN" ]]; then
+    # Can't test this on FB 1.0
+    cp ../dbt-firebolt/.github/workflows/jaffle_shop/sources_external_tables_iam.yml models/staging/sources_external_tables.yml
+    dbt run-operation stage_external_sources --vars "ext_full_refresh: true"
+fi
 dbt seed
 dbt seed --full-refresh
 dbt run

@@ -0,0 +1,19 @@
+version: 2
+
+sources:
+  - name: s3
+    tables:
+      - name: raw_customers
+        external:
+          url: "{{ env_var('SECURE_BUCKET_PATH') }}"
+          object_pattern: '*raw_customers.csv'
+          credentials:
+            internal_role_arn: "{{ env_var('AWS_ACCESS_ROLE_ARN') }}"
+          type: '(CSV SKIP_HEADER_ROWS=true)'
+        columns:
+          - name: id
+            data_type: int
+          - name: first_name
+            data_type: TEXT
+          - name: last_name
+            data_type: TEXT
@@ -57,6 +57,7 @@ jobs:
           SECURE_BUCKET_PATH: ${{ vars.SECURE_BUCKET_PATH }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_ACCESS_SECRET_KEY: ${{ secrets.AWS_ACCESS_SECRET_KEY }}
+          AWS_ACCESS_ROLE_ARN: ${{ secrets.AWS_ACCESS_ROLE_ARN }}
         working-directory: jaffle-shop
         shell: bash
         run: |

@@ -20,7 +20,10 @@
     {% if external.url %} URL = '{{external.url}}' {%- endif %}
     {%- if credentials and credentials.internal_role_arn %}
         CREDENTIALS = (AWS_ROLE_ARN = '{{credentials.internal_role_arn}}'
-                       AWS_ROLE_EXTERNAL_ID = '{{credentials.external_role_id}}')
+        {%- if credentials.external_role_id %}
+                       AWS_ROLE_EXTERNAL_ID = '{{credentials.external_role_id}}'
+        {%- endif -%}
+        )
     {% elif credentials and credentials.aws_key_id %}
         CREDENTIALS = (AWS_KEY_ID = '{{credentials.aws_key_id}}'
                        AWS_SECRET_KEY = '{{credentials.aws_secret_key}}')