-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BigQuery Destination: Proposal to impersonate account on bigquery #15820
BigQuery Destination: Proposal to impersonate account on bigquery #15820
Conversation
@marcelopio do you want to move this to ready to review? |
Hello 👋, first thank you for this amazing contribution. We really appreciate the effort you've made to improve the project. If you have any questions feel free to send me a message in Slack! |
Sorry the delay here @marcelopio I'm start the process of reviewing it! |
/test connector=connectors/destination-bigquery |
/test connector=connectors/destination-bigquery
Build PassedTest summary info:
|
@grishick can the database team review this contribution? CI is passing but no test was added. |
Thank you for the contribution. I'll have to take some time to set up credentials and accounts to add an E2E integration test for this feature before I can merge this change. |
this needs a new test case. To create that test case we need application credentials and a test account that allows impersonation. We'll need to add these credentials to the secrets storage, so that the test can run via CI |
Hello 👋:skin-tone-2: and thank you for your contribution! Airbyte has instituted a code freeze between 19 and 30 December, to make sure there are no disruptions during the holidays. If you have any questions or need further clarification, please don't hesitate to ping via Slack. |
@marcelopio could you share with me, how you tested this change? |
You can test it in two ways: To test without the application default credentials, just setup a service account that has permission to impersonate another service account. To test with the default credentials, you need to test on a Google Cloud Environment. You can test on GCE adding a default service account to the VM, or on GKE, or on Cloud Shell |
I've opened another PR where I added tests: #20788 |
@marcelopio I have been testing these changes and I from what I can see, the changes do not apply to GCS Staging. So, if a connector is configured to impersonate another account, it will not be able to use GCS Staging, unless it is also provided with non-impersonated GCS credentials. Could you please confirm this? |
Oh, damn, that is right... Even if the HMAC Key is generated for the impersonated account? But the whole use of the HMAC may defeat the purpose of this for GCS. Since the idea is having just the default key for the machine and not provide a key. |
Would Airbyte accept a change adding native use of GCS, not passing through S3 compatibility layer? |
I cannot say we are too attached to the S3 compatibility layer, however, the change to use GCS natively may be pretty large. Would switching to native GCS remove the need for HMAC key? |
Yes, since we could use the application default credentials to connect to GCS also. I will see how much work is needed to do that then. It will be a fun project :) |
SGTM. FYI, I added test cases for impersonation in this PR: #20788 I will likely move all my test refactoring code out of that PR and close it. Once this PR is ready to impersonate both BigQuery and GCS accounts, then I'll add those new test cases back here. |
@marcelopio @grishick checking in, is there a status update on this PR? It looks like #20851 has been merged, but it's not clear to me whether anything else needs to be done first. |
Hey! Sorry, but life got in the way, haha. Things are getting better but I don't hope to get back at this at least until next month. |
@marcelopio I'm going to close this PR as it's been a little while since we last heard from you. Your solution looks good though, so please reopen this PR when you are ready! |
What
Proposal to solve #15726
How
Describe the solution
Recommended reading order
x.java
y.python
🚨 User Impact 🚨
Are there any breaking changes? What is the end result perceived by the user? If yes, please merge this PR with the 🚨🚨 emoji so changelog authors can further highlight this if needed.
Pre-merge Checklist
Expand the relevant checklist and delete the others.
New Connector
Community member or Airbyter
airbyte_secret
./gradlew :airbyte-integrations:connectors:<name>:integrationTest
.README.md
bootstrap.md
. See description and examplesdocs/integrations/<source or destination>/<name>.md
including changelog. See changelog exampledocs/integrations/README.md
airbyte-integrations/builds.md
Airbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>
command is passing/publish
command described hereUpdating a connector
Community member or Airbyter
airbyte_secret
./gradlew :airbyte-integrations:connectors:<name>:integrationTest
.README.md
bootstrap.md
. See description and examplesdocs/integrations/<source or destination>/<name>.md
including changelog. See changelog exampleAirbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>
command is passing/publish
command described hereConnector Generator
-scaffold
in their name) have been updated with the latest scaffold by running./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplates
then checking in your changesTests
Unit
Put your unit tests output here.
Integration
Put your integration tests output here.
Acceptance
Put your acceptance tests output here.