google_cloud_bigquery/http/
bigquery_row_access_policy_client.rs

1use std::sync::Arc;
2
3use crate::http::bigquery_client::BigqueryClient;
4use crate::http::error::Error;
5use crate::http::row_access_policy;
6use crate::http::row_access_policy::list::{
7    ListRowAccessPoliciesRequest, ListRowAccessPoliciesResponse, RowAccessPolicyOverview,
8};
9use crate::http::table::get_iam_policy::GetIamPolicyRequest;
10use crate::http::table::test_iam_permissions::{TestIamPermissionsRequest, TestIamPermissionsResponse};
11use crate::http::types::Policy;
12
13#[derive(Debug, Clone)]
14pub struct BigqueryRowAccessPolicyClient {
15    inner: Arc<BigqueryClient>,
16}
17
18impl BigqueryRowAccessPolicyClient {
19    pub fn new(inner: Arc<BigqueryClient>) -> Self {
20        Self { inner }
21    }
22
23    /// https://cloud.google.com/bigquery/docs/reference/rest/v2/rowAccessPolicies/getIamPolicy
24    #[cfg_attr(feature = "trace", tracing::instrument(skip_all))]
25    pub async fn get_iam_policy(
26        &self,
27        project_id: &str,
28        dataset_id: &str,
29        table_id: &str,
30        policy_id: &str,
31        req: &GetIamPolicyRequest,
32    ) -> Result<Policy, Error> {
33        let builder = row_access_policy::get_iam_policy::build(
34            self.inner.endpoint(),
35            self.inner.http(),
36            project_id,
37            dataset_id,
38            table_id,
39            policy_id,
40            req,
41        );
42        self.inner.send(builder).await
43    }
44
45    /// https://cloud.google.com/bigquery/docs/reference/rest/v2/rowAccessPolicies/testIamPermissions
46    #[cfg_attr(feature = "trace", tracing::instrument(skip_all))]
47    pub async fn test_iam_permissions(
48        &self,
49        project_id: &str,
50        dataset_id: &str,
51        table_id: &str,
52        policy_id: &str,
53        req: &TestIamPermissionsRequest,
54    ) -> Result<TestIamPermissionsResponse, Error> {
55        let builder = row_access_policy::test_iam_permissions::build(
56            self.inner.endpoint(),
57            self.inner.http(),
58            project_id,
59            dataset_id,
60            table_id,
61            policy_id,
62            req,
63        );
64        self.inner.send(builder).await
65    }
66
67    /// https://cloud.google.com/bigquery/docs/reference/rest/v2/rowAccessPolicies/list
68    #[cfg_attr(feature = "trace", tracing::instrument(skip_all))]
69    pub async fn list(
70        &self,
71        project_id: &str,
72        dataset_id: &str,
73        table_id: &str,
74        req: &ListRowAccessPoliciesRequest,
75    ) -> Result<Vec<RowAccessPolicyOverview>, Error> {
76        let mut page_token: Option<String> = None;
77        let mut policies = vec![];
78        loop {
79            let builder = row_access_policy::list::build(
80                self.inner.endpoint(),
81                self.inner.http(),
82                project_id,
83                dataset_id,
84                table_id,
85                req,
86                page_token,
87            );
88            let response: ListRowAccessPoliciesResponse = self.inner.send(builder).await?;
89            if let Some(data) = response.row_access_policies {
90                policies.extend(data);
91            }
92            if response.next_page_token.is_none() {
93                break;
94            }
95            page_token = response.next_page_token;
96        }
97        Ok(policies)
98    }
99}
100
101#[cfg(test)]
102mod test {
103    use std::sync::Arc;
104
105    use serial_test::serial;
106
107    use crate::http::bigquery_client::test::{create_client, dataset_name};
108    use crate::http::bigquery_row_access_policy_client::BigqueryRowAccessPolicyClient;
109    use crate::http::row_access_policy::list::ListRowAccessPoliciesRequest;
110    use crate::http::table::get_iam_policy::GetIamPolicyRequest;
111    use crate::http::table::TableReference;
112
113    #[tokio::test]
114    #[serial]
115    pub async fn test_policy() {
116        /*
117        CREATE ROW ACCESS POLICY test_policy ON `dataset.external_data` GRANT TO ('allAuthenticatedUsers') FILTER USING (string_field_1='value1');
118        CREATE ROW ACCESS POLICY test_policy2 ON `dataset.external_data` GRANT TO ('allAuthenticatedUsers') FILTER USING (string_field_1='value2');
119         */
120        let dataset = dataset_name("rls");
121        let (client, project) = create_client().await;
122        let client = BigqueryRowAccessPolicyClient::new(Arc::new(client));
123
124        let table1 = TableReference {
125            dataset_id: dataset.to_string(),
126            project_id: project.to_string(),
127            table_id: "external_data".to_string(),
128        };
129
130        // iam
131        let policies = client
132            .list(
133                &table1.project_id,
134                &table1.dataset_id,
135                &table1.table_id,
136                &ListRowAccessPoliciesRequest { page_size: Some(1) },
137            )
138            .await
139            .unwrap();
140        assert_eq!(policies.len(), 2);
141        assert_eq!(policies[0].filter_predicate, "string_field_1 = 'value1'");
142        assert_eq!(policies[1].filter_predicate, "string_field_1 = 'value2'");
143        for p in policies {
144            let r = p.row_access_policy_reference;
145            let p = client
146                .get_iam_policy(
147                    &r.project_id,
148                    &r.dataset_id,
149                    &r.table_id,
150                    &r.policy_id,
151                    &GetIamPolicyRequest { options: None },
152                )
153                .await
154                .unwrap();
155            assert_eq!(p.bindings[0].role, "roles/bigquery.filteredDataViewer");
156        }
157    }
158}