Add grants on all tables in object
Merge Request Checklist
-
Link to an issue -
Include the proposed fix or feature -
Include and update tests for the modified code -
Include a documentation change -
Add an entry in the Unreleased section of the CHANGELOG
This MR goal is to use the queries "GRANT privileges TO ALL TABLES IN SCHEMA/DB" instead of creating a query by table when in the spec file there is permissions applied to all tables in db / schema : db.*.* or db.schema.* in order to decrease a lot the computing cost by decreasing the number of queries generated.
Changes:
Unrelated to the issue:
-
commit Use stable black version: I had to change the black version for a stable one because I had issues with
clickinpre-commit, as in this stackoverflow question
Related to the issue:
In src/permifrost/snowflake_grants.py:
-
I added the
GRANT_ALL_PRIVILEGES_TEMPLATEand used it as FUTURE GRANTS are used for write and read on tables: Add grant on all tables in object queries for write and read privileges -
grouped the if clauses for the database level (there was 2 if doing the same thing): Regroup redundant if clauses
-
fixed wrong permissions given for views in the database level (all write permissions instead of just select): Fix wrong permissions for write view grants at database level
-
Upd related tests, so removed the table level assertion and add the GRANT ALL assertion. As with this changes the table level was not tested anymore I added a new test with a permission at a table level. Update tests for grant privileges on all queries
- closes #112 (closed)
No documentation changes as this functionality is said done in the README.md here
Once your merge request is complete, please assign it the Permifrost maintainers using the
/assign_reviewer @gitlab-data/permifrost_maintainersplaced in a comment for the review cycle. Once the review cycle is finished, the reviewer shall approve the merge request so it can be merged by any Permifrost developer, maintainer, or owner.