chore: Fixed constructor argument.

Author: pratickchokhani

v1/src/main/java/com/google/cloud/teleport/spanner/ExportPipeline.java

@@ -26,20 +26,21 @@
 import com.google.cloud.teleport.spanner.iam.IAMCheckResult;
 import com.google.cloud.teleport.spanner.iam.IAMPermissionsChecker;
 import com.google.cloud.teleport.spanner.iam.IAMRequirementsCreator;
-import com.google.cloud.teleport.spanner.iam.IAMResourceRequirements;
 import com.google.cloud.teleport.spanner.spannerio.SpannerConfig;
-import java.util.Collections;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
 import org.apache.beam.runners.dataflow.options.DataflowPipelineOptions;
 import org.apache.beam.sdk.Pipeline;
 import org.apache.beam.sdk.PipelineResult;
-import org.apache.beam.sdk.extensions.gcp.options.GcpOptions;
 import org.apache.beam.sdk.options.Default;
 import org.apache.beam.sdk.options.Description;
 import org.apache.beam.sdk.options.PipelineOptions;
 import org.apache.beam.sdk.options.PipelineOptionsFactory;
 import org.apache.beam.sdk.options.ValueProvider;
 import org.apache.beam.sdk.options.ValueProvider.NestedValueProvider;
 import org.apache.beam.sdk.transforms.SerializableFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Dataflow template that exports a Cloud Spanner database to Avro files in GCS.
@@ -78,6 +79,7 @@
       "In addition to the Identity and Access Management (IAM) roles necessary to run Dataflow jobs, you must also have the <a href=\"https://cloud.google.com/spanner/docs/export#iam\">appropriate IAM roles</a> for reading your Cloud Spanner data and writing to your Cloud Storage bucket."
     })
 public class ExportPipeline {
+  private static final Logger LOG = LoggerFactory.getLogger(ExportPipeline.class);
 
   /** Options for Export pipeline. */
   public interface ExportPipelineOptions extends PipelineOptions {
@@ -282,7 +284,7 @@ public static void main(String[] args) {
                 options.getShouldExportRelatedTables(),
                 options.getShouldExportTimestampAsLogicalType(),
                 options.getAvroTempDirectory()));
-    validateRequiredPermissions(options);
+    validateRequiredPermissions(spannerConfig);
     PipelineResult result = p.run();
     if (options.getWaitUntilFinish()
         &&
@@ -294,25 +296,36 @@ public static void main(String[] args) {
     }
   }
 
-  private static void validateRequiredPermissions(ExportPipelineOptions options) {
-    IAMResourceRequirements spannerRequirements =
-        IAMRequirementsCreator.createSpannerResourceRequirement();
-
-    GcpOptions gcpOptions = options.as(GcpOptions.class);
-
-    IAMPermissionsChecker iamPermissionsChecker =
-        new IAMPermissionsChecker(gcpOptions.getProject(), gcpOptions);
-    IAMCheckResult missingPermission =
-        iamPermissionsChecker.check(Collections.singletonList(spannerRequirements));
-    if (missingPermission.isSuccess()) {
+  private static void validateRequiredPermissions(SpannerConfig spannerConfig) {
+    if (!spannerConfig.getInstanceId().isAccessible()) {
+      // If instance id is not accessible, then the current context is not runtime. Hence,
+      // validation is not applicable.
       return;
     }
-    String errorString =
-        "For resource: "
-            + missingPermission.getResourceName()
-            + ", missing permissions: "
-            + missingPermission.getMissingPermissions()
-            + ";";
-    throw new RuntimeException(errorString);
+    String instanceId = spannerConfig.getInstanceId().get();
+    String databaseId = spannerConfig.getDatabaseId().get();
+    IAMCheckResult iamCheckResult;
+    try {
+      IAMPermissionsChecker iamPermissionsChecker =
+          new IAMPermissionsChecker(spannerConfig.getProjectId().get());
+      iamCheckResult =
+          iamPermissionsChecker.checkSpannerDatabaseRequirements(
+              IAMRequirementsCreator.createSpannerWriteResourceRequirement(),
+              instanceId,
+              databaseId);
+      if (iamCheckResult.isPermissionsAvailable()) {
+        return;
+      }
+      String errorString =
+          "For resource: "
+              + iamCheckResult.getResourceName()
+              + ", missing permissions: "
+              + iamCheckResult.getMissingPermissions()
+              + ";";
+      throw new RuntimeException(errorString);
+    } catch (GeneralSecurityException | IOException e) {
+      LOG.error("Error while validating permissions for spanner", e);
+      throw new RuntimeException(e);
+    }
   }
 }

v1/src/main/java/com/google/cloud/teleport/spanner/ImportPipeline.java

@@ -15,6 +15,7 @@
  */
 package com.google.cloud.teleport.spanner;
 
+import com.google.cloud.spanner.DatabaseNotFoundException;
 import com.google.cloud.spanner.Options.RpcPriority;
 import com.google.cloud.spanner.SpannerOptions;
 import com.google.cloud.teleport.metadata.Template;
@@ -26,20 +27,21 @@
 import com.google.cloud.teleport.spanner.iam.IAMCheckResult;
 import com.google.cloud.teleport.spanner.iam.IAMPermissionsChecker;
 import com.google.cloud.teleport.spanner.iam.IAMRequirementsCreator;
-import com.google.cloud.teleport.spanner.iam.IAMResourceRequirements;
 import com.google.cloud.teleport.spanner.spannerio.SpannerConfig;
-import java.util.Collections;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
 import org.apache.beam.runners.dataflow.options.DataflowPipelineOptions;
 import org.apache.beam.sdk.Pipeline;
 import org.apache.beam.sdk.PipelineResult;
-import org.apache.beam.sdk.extensions.gcp.options.GcpOptions;
 import org.apache.beam.sdk.options.Default;
 import org.apache.beam.sdk.options.Description;
 import org.apache.beam.sdk.options.PipelineOptions;
 import org.apache.beam.sdk.options.PipelineOptionsFactory;
 import org.apache.beam.sdk.options.ValueProvider;
 import org.apache.beam.sdk.options.ValueProvider.NestedValueProvider;
 import org.apache.beam.sdk.transforms.SerializableFunction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Avro to Cloud Spanner Import pipeline.
@@ -65,6 +67,7 @@
       "The input Cloud Storage path must exist, and it must include a <a href=\"https://cloud.google.com/spanner/docs/import-non-spanner#create-export-json\">spanner-export.json</a> file that contains a JSON description of files to import."
     })
 public class ImportPipeline {
+  private static final Logger LOG = LoggerFactory.getLogger(ImportPipeline.class);
 
   /** Options for {@link ImportPipeline}. */
   public interface Options extends PipelineOptions {
@@ -258,7 +261,8 @@ public static void main(String[] args) {
             options.getDdlCreationTimeoutInMinutes(),
             options.getEarlyIndexCreateThreshold()));
 
-    validateRequiredPermissions(options);
+    validateRequiredPermissions(spannerConfig);
+
     PipelineResult result = p.run();
 
     if (options.getWaitUntilFinish()
@@ -271,24 +275,45 @@ public static void main(String[] args) {
     }
   }
 
-  private static void validateRequiredPermissions(Options options) {
-    IAMResourceRequirements spannerRequirements =
-        IAMRequirementsCreator.createSpannerResourceRequirement();
-    GcpOptions gcpOptions = options.as(GcpOptions.class);
-
-    IAMPermissionsChecker iamPermissionsChecker =
-        new IAMPermissionsChecker(gcpOptions.getProject(), gcpOptions);
-    IAMCheckResult missingPermission =
-        iamPermissionsChecker.check(Collections.singletonList(spannerRequirements));
-    if (missingPermission.isSuccess()) {
+  private static void validateRequiredPermissions(SpannerConfig spannerConfig) {
+    if (!spannerConfig.getInstanceId().isAccessible()) {
+      // If instance id is not accessible, then the current context is not runtime. Hence,
+      // validation is not applicable.
       return;
     }
-    String errorString =
-        "For resource: "
-            + missingPermission.getResourceName()
-            + ", missing permissions: "
-            + missingPermission.getMissingPermissions()
-            + ";";
-    throw new RuntimeException(errorString);
+    String instanceId = spannerConfig.getInstanceId().get();
+    String databaseId = spannerConfig.getDatabaseId().get();
+    IAMCheckResult iamCheckResult;
+    try {
+      IAMPermissionsChecker iamPermissionsChecker =
+          new IAMPermissionsChecker(spannerConfig.getProjectId().get());
+      try {
+
+        iamCheckResult =
+            iamPermissionsChecker.checkSpannerDatabaseRequirements(
+                IAMRequirementsCreator.createSpannerWriteResourceRequirement(),
+                instanceId,
+                databaseId);
+      } catch (DatabaseNotFoundException e) {
+        // If DatabaseNotFoundException exception is thrown, then validation at instance level need
+        // to be performed.
+        iamCheckResult =
+            iamPermissionsChecker.checkSpannerInstanceRequirements(
+                IAMRequirementsCreator.createSpannerWriteResourceRequirement(), instanceId);
+      }
+      if (iamCheckResult.isPermissionsAvailable()) {
+        return;
+      }
+      String errorString =
+          "For resource: "
+              + iamCheckResult.getResourceName()
+              + ", missing permissions: "
+              + iamCheckResult.getMissingPermissions()
+              + ";";
+      throw new RuntimeException(errorString);
+    } catch (GeneralSecurityException | IOException e) {
+      LOG.error("Error while validating permissions for spanner", e);
+      throw new RuntimeException(e);
+    }
   }
 }

v1/src/main/java/com/google/cloud/teleport/spanner/iam/IAMCheckResult.java

@@ -36,7 +36,7 @@ public List<String> getMissingPermissions() {
     return new ArrayList<>(missingPermissions);
   }
 
-  public boolean isSuccess() {
+  public boolean isPermissionsAvailable() {
     return missingPermissions.isEmpty();
   }
 
@@ -49,7 +49,7 @@ public String toString() {
         + ", missingPermissions="
         + missingPermissions
         + ", success="
-        + isSuccess()
+        + isPermissionsAvailable()
         + '}';
   }
 }