Skip to content

Commit

Permalink
Add apply grants overwritten & schema usage grant
Browse files Browse the repository at this point in the history
  • Loading branch information
rlh1994 committed Feb 15, 2024
1 parent 6bdca8d commit 97afe2b
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 1 deletion.
5 changes: 4 additions & 1 deletion CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,11 @@ snowplow-utils 0.16.2 (2024-02-XX)
## Summary
XXX

## Fixes
## Features
- Add new `parse_agg_dict` macro for use to generate aggregation sql in other packages
- Overwrite default dbt `apply_grants` macro to enable using a variable to define grant targets
- Add new `grant_usage_on_schemas_where_select` macro to add as a post-hook in package to grant usage for schemas


## Upgrading
To upgrade, bump the package version in your `packages.yml` file.
Expand Down
46 changes: 46 additions & 0 deletions macros/incremental_hooks/apply_grants.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{#
Copyright (c) 2021-present Snowplow Analytics Ltd. All rights reserved.
This program is licensed to you under the Snowplow Personal and Academic License Version 1.0,
and you may not use this file except in compliance with the Snowplow Personal and Academic License Version 1.0.
You may obtain a copy of the Snowplow Personal and Academic License Version 1.0 at https://docs.snowplow.io/personal-and-academic-license-1.0/
#}
{# Note this does not work for bigquery due to the role/IAM type approach they have to grants, so BQ users should not supply values to this var #}
{% macro default__apply_grants(relation, grant_config, should_revoke=True) %}
{#
We only want to enforce this if they are managing grants this way - if they are doing it in database we should
pass {} so that it's a no-op
#}
{% if grant_config.get('select', []) or var('snowplow__grant_select_list', []) %}
{# Add our config to the grants from our variable #}
{% do grant_config.update({'select': grant_config.get('select', []) + var('snowplow__grant_select_list', [])}) %}
{% endif %}
{# Call the original macro so we don't have to keep this in sync ourselves #}
{{ dbt.default__apply_grants(relation, grant_config, should_revoke=True) }}
{% endmacro %}

{% macro grant_usage_on_schemas_where_select(enabled=false) -%}

{{ return(adapter.dispatch('grant_usage_on_schemas_where_select', 'snowplow_utils')(enabled)) }}

{% endmacro %}

{% macro default__grant_usage_on_schemas_where_select(enabled=true) %}
{% if enabled %}
{% if execute %}
{% set grant_list %}
{% for schema in schemas %}
{% for role in var('snowplow__grant_select_list', []) %}
grant usage on schema {{ schema }} to {% if target.type == 'databricks' %}`{% else %}"{% endif %}{{ role }}{% if target.type == 'databricks' %}`{% else %}"{% endif %};
{% endfor %}
{% endfor %}
{% endset %}
{{ return(grant_list) }}
{% endif %}
{% endif %}
{{ return("") }}
{% endmacro %}
{% macro bigquery__grant_usage_on_schemas_where_select(enabled=false) %}
{# Bigquery doesn't need usage granted on schemas #}
{{ return("") }}
{% endmacro %}

0 comments on commit 97afe2b

Please sign in to comment.