Support accessing database with fine-grained access control (#147)

* Bump cloud.google.com/go/spanner to v1.44.0 * Migrate deprecated messages to the new packages * Add support for using database role of fine-grained access control * Omit WITH word from USE statement * Remove accidentially committed file * Fix Regexp * Update README * Fix README * Use Go 1.16 * Use Go 1.17
cloudspannerecosystem · Mar 7, 2023 · 0ece0ff · 0ece0ff
1 parent 6703476
commit 0ece0ff
Show file tree

Hide file tree

Showing 15 changed files with 994 additions and 67 deletions.
diff --git a/.github/workflows/run-tests.yaml b/.github/workflows/run-tests.yaml
@@ -33,7 +33,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.14'
+          go-version: '1.17'
       - run: go version
       - run: make setup-emulator
         env:

diff --git a/README.md b/README.md
@@ -40,7 +40,9 @@ spanner:
   -v, --verbose     Display verbose output.
       --credential= Use the specific credential file
       --prompt=     Set the prompt to the specified format
+      --history=    Set the history file to the specified path
       --priority=   Set default request priority (HIGH|MEDIUM|LOW)
+      --role=       Use the specific database role
 
 Help Options:
   -h, --help        Show this help message
@@ -153,7 +155,7 @@ and `{}` for a mutually exclusive keyword.
 | Usage | Syntax | Note |
 | --- | --- | --- |
 | List databases | `SHOW DATABASES;` | |
-| Switch database | `USE <database>;` | |
+| Switch database | `USE <database> [ROLE <role>];` | The role you set is used for accessing with [fine-grained access control](https://cloud.google.com/spanner/docs/fgac-about). |
 | Create database | `CREATE DATABSE <database>;` | |
 | Drop database | `DROP DATABASE <database>;` | |
 | List tables | `SHOW TABLES;` | |

diff --git a/cli.go b/cli.go
@@ -29,10 +29,10 @@ import (
 	"time"
 
 	"cloud.google.com/go/spanner"
+	pb "cloud.google.com/go/spanner/apiv1/spannerpb"
 	"github.com/chzyer/readline"
 	"github.com/olekukonko/tablewriter"
 	"google.golang.org/api/option"
-	pb "google.golang.org/genproto/googleapis/spanner/v1"
 	"google.golang.org/grpc/codes"
 )
 
@@ -74,8 +74,8 @@ type command struct {
 	Vertical bool
 }
 
-func NewCli(projectId, instanceId, databaseId, prompt, historyFile string, credential []byte, inStream io.ReadCloser, outStream io.Writer, errStream io.Writer, verbose bool, priority pb.RequestOptions_Priority) (*Cli, error) {
-	session, err := createSession(projectId, instanceId, databaseId, credential, priority)
+func NewCli(projectId, instanceId, databaseId, prompt, historyFile string, credential []byte, inStream io.ReadCloser, outStream io.Writer, errStream io.Writer, verbose bool, priority pb.RequestOptions_Priority, role string) (*Cli, error) {
+	session, err := createSession(projectId, instanceId, databaseId, credential, priority, role)
 	if err != nil {
 		return nil, err
 	}
@@ -146,7 +146,7 @@ func (c *Cli) RunInteractive() int {
 		}
 
 		if s, ok := stmt.(*UseStatement); ok {
-			newSession, err := createSession(c.Session.projectId, c.Session.instanceId, s.Database, c.Credential, c.Priority)
+			newSession, err := createSession(c.Session.projectId, c.Session.instanceId, s.Database, c.Credential, c.Priority, s.Role)
 			if err != nil {
 				c.PrintInteractiveError(err)
 				continue
@@ -308,12 +308,12 @@ func (c *Cli) getInterpolatedPrompt() string {
 	return prompt
 }
 
-func createSession(projectId string, instanceId string, databaseId string, credential []byte, priority pb.RequestOptions_Priority) (*Session, error) {
+func createSession(projectId string, instanceId string, databaseId string, credential []byte, priority pb.RequestOptions_Priority, role string) (*Session, error) {
 	if credential != nil {
 		credentialOption := option.WithCredentialsJSON(credential)
-		return NewSession(projectId, instanceId, databaseId, priority, credentialOption)
+		return NewSession(projectId, instanceId, databaseId, priority, role, credentialOption)
 	} else {
-		return NewSession(projectId, instanceId, databaseId, priority)
+		return NewSession(projectId, instanceId, databaseId, priority, role)
 	}
 }
 

diff --git a/cli_test.go b/cli_test.go
@@ -25,9 +25,9 @@ import (
 	"testing"
 	"time"
 
+	sppb "cloud.google.com/go/spanner/apiv1/spannerpb"
 	"github.com/chzyer/readline"
 	"github.com/google/go-cmp/cmp"
-	sppb "google.golang.org/genproto/googleapis/spanner/v1"
 )
 
 type nopCloser struct {

diff --git a/decoder.go b/decoder.go
@@ -23,7 +23,7 @@ import (
 	"time"
 
 	"cloud.google.com/go/spanner"
-	sppb "google.golang.org/genproto/googleapis/spanner/v1"
+	sppb "cloud.google.com/go/spanner/apiv1/spannerpb"
 )
 
 func DecodeRow(row *spanner.Row) ([]string, error) {

diff --git a/go.mod b/go.mod
@@ -1,24 +1,44 @@
 module github.com/cloudspannerecosystem/spanner-cli
 
-go 1.13
+go 1.17
 
 require (
-	cloud.google.com/go v0.93.3
-	cloud.google.com/go/spanner v1.25.0
+	cloud.google.com/go v0.110.0
+	cloud.google.com/go/spanner v1.44.0
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/google/go-cmp v0.5.6
-	github.com/googleapis/gax-go/v2 v2.1.0 // indirect
+	github.com/google/go-cmp v0.5.9
 	github.com/jessevdk/go-flags v1.4.0
-	github.com/mattn/go-runewidth v0.0.8 // indirect
 	github.com/olekukonko/tablewriter v0.0.4
 	github.com/xlab/treeprint v1.0.1-0.20200715141336-10e0bc383e01
-	golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect
-	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
-	golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf // indirect
-	golang.org/x/text v0.3.7 // indirect
-	google.golang.org/api v0.54.0
-	google.golang.org/genproto v0.0.0-20210830153122-0bac4d21c8ea
-	google.golang.org/grpc v1.40.0
-	google.golang.org/protobuf v1.27.1
+	google.golang.org/api v0.111.0
+	google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488
+	google.golang.org/grpc v1.53.0
+	google.golang.org/protobuf v1.28.1
+)
+
+require (
+	cloud.google.com/go/compute v1.18.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v0.12.0 // indirect
+	cloud.google.com/go/longrunning v0.4.1 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/chzyer/logex v1.1.10 // indirect
+	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
+	github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe // indirect
+	github.com/cncf/xds/go v0.0.0-20230112175826-46e39c7b9b43 // indirect
+	github.com/envoyproxy/go-control-plane v0.11.0 // indirect
+	github.com/envoyproxy/protoc-gen-validate v0.9.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
+	github.com/mattn/go-runewidth v0.0.8 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/oauth2 v0.6.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
 )