chore(bigquery): testing, stylistic update

Author: hivanalejandro

bigquery/cloud-client/revokeDatasetAccess.js

@@ -14,78 +14,54 @@
 
 'use strict';
 
-/**
- * Revokes access to a dataset for a specified entity.
- *
- * @param {string} datasetId ID of the dataset to revoke access to.
- * @param {string} entityId  ID of the user or group from whom you are revoking access.
- *                            Alternatively, the JSON REST API representation of the entity,
- *                            such as a view's table reference.
- * @returns {Promise<Array>} A promise that resolves to the updated access entries.
- */
-async function revokeDatasetAccess(datasetId, entityId) {
+async function main(datasetId, entityId) {
   // [START bigquery_revoke_dataset_access]
-  const {BigQuery} = require('@google-cloud/bigquery');
-
-  // Define enum for HTTP codes.
-  const HTTP_STATUS = {
-    PRECONDITION_FAILED: 412,
-  };
 
-  // TODO (developer): Update and un-comment below lines.
+  /**
+   * TODO(developer): Update and un-comment below lines
+   */
 
-  // ID of the dataset to revoke access to.
-  // datasetId = "my_project.my_dataset"
+  // const datasetId = "my_project_id.my_dataset"
 
   // ID of the user or group from whom you are revoking access.
-  // Alternatively, the JSON REST API representation of the entity,
-  // such as a view's table reference.
-  // entityId = "[email protected]"
+  // const entityId = "[email protected]"
+
+  const {BigQuery} = require('@google-cloud/bigquery');
 
   // Instantiate a client.
   const bigquery = new BigQuery();
 
-  // Get a reference to the dataset.
-  const [dataset] = await bigquery.dataset(datasetId).get();
+  async function revokeDatasetAccess() {
+    const [dataset] = await bigquery.dataset(datasetId).get();
 
-  // To revoke access to a dataset, remove elements from the access array.
-  //
-  // See the BigQuery client library documentation for more details on access entries:
-  // https://cloud.google.com/nodejs/docs/reference/secret-manager/4.1.4
+    // To revoke access to a dataset, remove elements from the access list.
+    //
+    // See the BigQuery client library documentation for more details on access entries:
+    // https://cloud.google.com/nodejs/docs/reference/bigquery/latest
 
-  // Filter access entries to exclude entries matching the specified entity_id
-  // and assign a new array back to the access array.
-  dataset.metadata.access = dataset.metadata.access.filter(entry => {
-    // Return false (remove entry) if any of these fields match entityId.
-    return !(
-      entry.entity_id === entityId ||
-      entry.userByEmail === entityId ||
-      entry.groupByEmail === entityId
-    );
-  });
+    // Filter access entries to exclude entries matching the specified entity_id
+    // and assign a new list back to the access list.
+    dataset.metadata.access = dataset.metadata.access.filter(entry => {
+      return !(
+        entry.entity_id === entityId ||
+        entry.userByEmail === entityId ||
+        entry.groupByEmail === entityId
+      );
+    });
 
-  // Update will only succeed if the dataset
-  // has not been modified externally since retrieval.
+    // Update will only succeed if the dataset
+    // has not been modified externally since retrieval.
+    //
+    // See the BigQuery client library documentation for more details on metadata updates:
+    // https://cloud.google.com/bigquery/docs/updating-datasets
 
-  try {
-    // Update just the access entries property of the dataset.
-    const [updatedDataset] = await dataset.setMetadata(dataset.metadata);
+    // Update just the 'access entries' property of the dataset.
+    await dataset.setMetadata(dataset.metadata);
 
-    return updatedDataset.access;
-  } catch (error) {
-    // Check if it's a precondition failed error (a read-modify-write error).
-    if (error.code === HTTP_STATUS.PRECONDITION_FAILED) {
-      console.log(
-        `Dataset '${dataset.id}' was modified remotely before this update. ` +
-          'Fetch the latest version and retry.'
-      );
-    } else {
-      throw error;
-    }
+    console.log(`Revoked access to '${entityId}' from '${datasetId}'.`);
   }
   // [END bigquery_revoke_dataset_access]
+  await revokeDatasetAccess();
 }
 
-module.exports = {
-  revokeDatasetAccess,
-};
+exports.revokeDatasetAccess = main;

bigquery/cloud-client/revokeTableOrViewAccess.js

@@ -14,106 +14,96 @@
 
 'use strict';
 
-/**
- * Revokes access to a BigQuery table or view.
- * @param {string} projectId The ID of the Google Cloud project.
- * @param {string} datasetId The ID of the dataset containing the table/view.
- * @param {string} resourceName The ID of the table or view.
- * @param {string} [roleToRemove=null] Optional. Specific role to revoke.
- * @param {string} [principalToRemove=null] Optional. Specific principal to revoke access from.
- * @returns {Promise<Array>} The updated IAM policy.
- */
-async function revokeAccessToTableOrView(
+async function main(
   projectId,
   datasetId,
-  resourceName,
+  tableId,
   roleToRemove = null,
   principalToRemove = null
 ) {
   // [START bigquery_revoke_access_to_table_or_view]
-  const {BigQuery} = require('@google-cloud/bigquery');
-
-  // TODO (developer): Update and un-comment below lines.
-
-  // Google Cloud Platform project.
-  // projectId = "my_project_id"
-
-  // Dataset where the table or view is.
-  // datasetId = "my_dataset_id"
-
-  // Table or view name to get the access policy.
-  // resourceName = "my_table_id"
 
-  // (Optional) Role to remove from the table or view.
-  // roleToRemove = "roles/bigquery.dataViewer"
+  /**
+   * TODO(developer): Update and un-comment below lines
+   */
+  // const projectId = "YOUR_PROJECT_ID"
+  // const datasetId = "YOUR_DATASET_ID"
+  // const tableId = "YOUR_TABLE_ID"
+  // const roleToRemove = "YOUR_ROLE"
+  // const principalToRemove = "YOUR_PRINCIPAL_ID"
 
-  // (Optional) Principal to remove from the table or view.
-  // principalToRemove = "user:[email protected]"
-
-  // Find more information about roles and principals (refered as members) here:
-  // https://cloud.google.com/security-command-center/docs/reference/rest/Shared.Types/Binding
+  const {BigQuery} = require('@google-cloud/bigquery');
 
   // Instantiate a client.
   const client = new BigQuery();
 
-  // Get a reference to the dataset by datasetId.
-  const dataset = client.dataset(datasetId);
-  // Get a reference to the table by tableName.
-  const table = dataset.table(resourceName);
-
-  // Get the IAM access policy for the table or view.
-  const [policy] = await table.getIamPolicy();
-
-  // Initialize bindings array.
-  if (!policy.bindings) {
-    policy.bindings = [];
-  }
-
-  // To revoke access to a table or view,
-  // remove bindings from the Table or View policy.
-  //
-  // Find more details about Policy objects here:
-  // https://cloud.google.com/security-command-center/docs/reference/rest/Shared.Types/Policy
+  async function revokeAccessToTableOrView() {
+    const dataset = client.dataset(datasetId);
+    const table = dataset.table(tableId);
 
-  if (roleToRemove) {
-    // Filter out all bindings with the `roleToRemove`
-    // and assign a new array back to the policy bindings.
-    policy.bindings = policy.bindings.filter(b => b.role !== roleToRemove);
-  }
+    // Get the IAM access policy for the table or view.
+    const [policy] = await table.getIamPolicy();
 
-  if (principalToRemove) {
-    // The `bindings` array is immutable. Create a copy for modifications.
-    const bindings = [...policy.bindings];
+    // Initialize bindings array.
+    if (!policy.bindings) {
+      policy.bindings = [];
+    }
 
-    // Filter out the principal from each binding.
-    for (const binding of bindings) {
-      if (binding.members) {
-        binding.members = binding.members.filter(m => m !== principalToRemove);
+    // To revoke access to a table or view,
+    // remove bindings from the Table or View policy.
+    //
+    // Find more details about Policy objects here:
+    // https://cloud.google.com/security-command-center/docs/reference/rest/Shared.Types/Policy
+
+    if (principalToRemove) {
+      // Create a copy of bindings for modifications.
+      const bindings = [...policy.bindings];
+
+      // Filter out the principal from each binding.
+      for (const binding of bindings) {
+        if (binding.members) {
+          binding.members = binding.members.filter(
+            m => m !== principalToRemove
+          );
+        }
       }
+
+      // Filter out bindings with empty members.
+      policy.bindings = bindings.filter(
+        binding => binding.members && binding.members.length > 0
+      );
     }
 
-    // Filter out bindings with empty members.
-    policy.bindings = bindings.filter(
-      binding => binding.members && binding.members.length > 0
-    );
-  }
+    if (roleToRemove) {
+      // Filter out all bindings with the roleToRemove
+      // and assign a new list back to the policy bindings.
+      policy.bindings = policy.bindings.filter(b => b.role !== roleToRemove);
+    }
 
-  try {
     // Set the IAM access policy with updated bindings.
     await table.setIamPolicy(policy);
 
-    // Get the policy again to confirm it's set correctly.
-    const [verifiedPolicy] = await table.getIamPolicy();
-
-    // Return the updated policy bindings.
-    return verifiedPolicy && verifiedPolicy.bindings
-      ? verifiedPolicy.bindings
-      : [];
-  } catch (error) {
-    console.error('Error settings IAM policy:', error);
-    throw error;
+    // Create a descriptive message based on what was actually removed
+    if (roleToRemove && principalToRemove) {
+      console.log(
+        `Role '${roleToRemove}' revoked for principal '${principalToRemove}' on resource '${datasetId}.${tableId}'.`
+      );
+    } else if (roleToRemove) {
+      console.log(
+        `Role '${roleToRemove}' revoked for all principals on resource '${datasetId}.${tableId}'.`
+      );
+    } else if (principalToRemove) {
+      console.log(
+        `Access revoked for principal '${principalToRemove}' on resource '${datasetId}.${tableId}'.`
+      );
+    } else {
+      console.log(
+        `No changes made to access policy for '${datasetId}.${tableId}'.`
+      );
+    }
   }
   // [END bigquery_revoke_access_to_table_or_view]
+  await revokeAccessToTableOrView();
 }
 
-module.exports = {revokeAccessToTableOrView};
+exports.revokeAccessToTableOrView = main;