AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/tests/test_bq_access.py
ZdenekSrotyr 83adf01bde
fix(v2): #134 BigQuery cross-project errors return structured 502/400 + BqAccess facade (#138) 
* docs(spec): #134 unify BigQuery access behind BqAccess facade

Brainstorm output for issue #134. Captures:
- root cause (incl. correction of the issue's hypothesis about commit 33a9964)
- BqAccess facade API + project resolution rules
- error contract — typed BqAccessError mapped to HTTP 502 for upstream
  BQ failures, 500 for deployment/config bugs
- migration plan for v2_scan, v2_sample, RemoteQueryEngine
- test rewrite eliminating _bq_client_factory injection point
- E2E verification protocol on agnes-development as success criterion

* docs(spec): #134 revise after first review

Incorporates code-reviewer findings:

Must-fix:
- Add v2_schema (2 copies of INSTALL/LOAD/SECRET dance) to migration scope.
- Reframe v2_scan headline: missing try/except around BQ calls is the
  actual cause of bare 500s, not project resolution (which 33a9964 fixed).
- List two more deferred call sites (extractor.py, register_bq_table)
  with explicit rationale.

Important:
- Drop billing != data clause from cross_project_forbidden heuristic;
  rely only on 'serviceusage' substring. billing != data is normal
  for cross-project setup, was over-classifying.
- Split bq_bad_request into _user (400) and _server (502) variants;
  add sql_origin parameter to translate_bq_error so call sites declare
  whether SQL contains user input.
- Add @functools.cache to BqAccess.from_config; document tests bypass
  via dependency_overrides.
- Replace monkey-patched-classmethod test pattern with
  BqAccess(client_factory=...) injection at construction time. Cleaner
  than today's _bq_client_factory and 1:1 migration shape.
- Keep BqProjects.data (reviewer assumed registry has source_project;
  it doesn't). Multi-project explicitly listed as non-goal with note.

Nice-to-have:
- Add 'Implementation strategy' section: 2 staged commits (bug fix
  alone is revertable; refactor follows).
- Extend E2E protocol to cover all three endpoints, not just /sample.
- Note removal of stale docstring at src/remote_query.py:204.

* docs(spec): #134 revision 3 — incorporates second-round review

Must-fix from second review:
- v2_schema split into two migration cases: _fetch_bq_schema translates
  errors via translate_bq_error; _fetch_bq_table_options preserves its
  swallow-all 'except Exception → return {}' so /schema doesn't 502 on
  partition-info failures.
- RemoteQueryEngine.__init__ now resolves BqAccess lazily (in
  _get_bq_client, not in __init__). Without this, ~7 DuckDB-only tests
  in test_remote_query.py would suddenly fail with not_configured.
- translate_bq_error pass-through for BqAccessError is now load-bearing
  (clause 1, before any Google-API branch). bq.client() raises BqAccessError
  for bq_lib_missing/auth_failed; without explicit pass-through those
  fall to 'unknown' and re-raise as bare 500.
- Commit 1 now emits the SAME structured response shape as commit 2 to
  avoid contract churn between commits.
- BIGQUERY_PROJECT env-var precedence is BREAKING for env-only deployments
  — flagged in CHANGELOG ### Changed.

Editorial:
- sql_origin renamed to bad_request_status with values 'client_error' /
  'upstream_error' (clearer about what the parameter actually decides).
  bq_bad_request_user/_server kinds collapsed to bq_bad_request (400)
  and bq_upstream_error (502).
- CLI (cli/commands/query.py) noted as external RemoteQueryEngine caller;
  unaffected because new bq_access kwarg has default None.
- Added unit/integration tests for the new contracts:
  test_translate_passes_through_BqAccessError,
  test_v2_scan_returns_500_on_bq_lib_missing,
  test_v2_schema_returns_200_with_empty_partition_on_bq_failure,
  test_resolve_succeeds_after_config_set.
- E2E protocol now covers /schema as the fourth endpoint.
- Documented functools.cache-doesn't-cache-exceptions semantics and
  fixture nullcontext-doesn't-close caveat for nested sessions.

* docs(spec): #134 revision 4 — incorporates third-round review

Third reviewer verdict: 'implementation-ready with two trivial edits';
explicitly noted prior rounds did the heavy lifting.

Edits:
1. get_bq_access() module-level function instead of @classmethod
   @functools.cache from_config. Removes the classmethod-cache stacking
   footgun (different Python versions wrap differently) and gives FastAPI's
   dependency introspection a clean function signature. Drops the
   'Do not subclass BqAccess' caveat that no longer applies.

2. Commit 1 strategy explicitly: wrap _fetch_bq_sample (v2_sample),
   _bq_dry_run_bytes + _run_bq_scan (v2_scan), and _fetch_bq_schema
   (v2_schema strict block). Do NOT touch _fetch_bq_table_options swallow-all
   in commit 1 — preserved as-is, then migrated (still preserved) in commit 2.
   All three endpoints emit the same structured body shape so client parsers
   see one consistent contract throughout the staged rollout. No more
   half-rolled-out window where /sample is bare 500 while /scan is
   structured 502.

* docs(plan): #134 implementation plan — Phase 1 (atomic bug fix) + Phase 2 (BqAccess refactor) + Phase 3 (verification)

Bite-sized TDD tasks. 3 phases, 16 tasks total:

Phase 1 (Commit 1) — atomic bug fix across all four v2 endpoints:
  Tasks 1.1-1.5 wrap _fetch_bq_sample, _bq_dry_run_bytes, _run_bq_scan,
  _fetch_bq_schema with structured 502/400 try/except. _fetch_bq_table_options
  preserved untouched. CHANGELOG Fixed entries.

Phase 2 (Commit 2) — BqAccess facade extraction + migration:
  Tasks 2.1-2.5 build connectors/bigquery/access.py bottom-up
  (BqProjects, BqAccessError, translate_bq_error, default factories,
  BqAccess class, get_bq_access module-level cached). Task 2.6 adds
  conftest.py fixture. Tasks 2.7-2.9 migrate v2_scan, v2_sample, v2_schema
  to BqAccess. Tasks 2.10-2.11 migrate RemoteQueryEngine + tests
  (lazy bq_access, drop _bq_client_factory). Task 2.12 CHANGELOG
  Changed BREAKING + Internal.

Phase 3 — Verification:
  3.1 full pytest. 3.2 squash into two PR-shape commits. 3.3 manual
  E2E on agnes-development per spec protocol → close #134.

Self-review table maps spec sections to implementing tasks; no gaps.

* fix(v2): #134 structured 502/400 on BQ errors across /scan, /scan/estimate, /sample, /schema

Wraps the BigQuery call sites in v2_scan, v2_sample, and v2_schema (strict
block only) with try/except for google.api_core exceptions, translating to
HTTPException with a structured body shape: {error, message, details}.

Fixes Pavel's report (#134) where these endpoints returned bare HTTP 500
with no body when the SA on agnes-development hit cross-project Forbidden
on serviceusage.services.use.

Also fixes /sample's missing billing_project fallback (the bug 33a9964
fixed for /scan never landed here).

Status code split:
  - /scan, /scan/estimate: BadRequest -> 400 (bq_bad_request) since SQL is
    user-derived from req.select/where/order_by.
  - /sample, /schema: BadRequest -> 502 (bq_upstream_error) since SQL is
    server-constructed from validated identifiers.
  - All Forbidden -> 502 with cross_project_forbidden if 'serviceusage' in
    error message (with hint pointing at data_source.bigquery.billing_project),
    else bq_forbidden.

Body shape matches what the upcoming BqAccess refactor (next commit) will
produce, so client-side parsers see one consistent contract throughout
the staged rollout.

_fetch_bq_table_options preserved exactly as-is — its swallow-all-and-return-empty
contract is intentional and survives into the refactor; /schema continues to
return 200 with empty partition info when partition queries fail.

Outer wraps in scan_endpoint, scan_estimate_endpoint, sample, and schema
endpoints exist only to make the test pattern (monkeypatching whole
_fetch_* functions) work, and are tagged TODO(#134 Phase 2) for removal
once BqAccess centralizes translation.

* refactor(bq): #134 BqAccess facade — unify v2_scan, v2_sample, v2_schema, RemoteQueryEngine

Extracts the duplicated BigQuery-access pattern (project resolution +
client construction + DuckDB-extension session + Google-API error
translation) into connectors/bigquery/access.py. Migrates four
call sites to use it:

- app/api/v2_scan.py — _bq_dry_run_bytes, _run_bq_scan
- app/api/v2_sample.py — _fetch_bq_sample
- app/api/v2_schema.py — _fetch_bq_schema (strict translation),
  _fetch_bq_table_options (preserves swallow-all best-effort contract)
- src/remote_query.py — RemoteQueryEngine, lazy bq_access kwarg

The new module exposes:
- BqProjects (frozen dataclass: billing + data project IDs)
- BqAccessError (typed exception with HTTP_STATUS class mapping)
- BqAccess (facade with injectable client_factory/duckdb_session_factory
  for tests; defaults call the real google-cloud-bigquery + DuckDB extension)
- get_bq_access (module-level @functools.cache; FastAPI Depends target)
- translate_bq_error (Google API exception → BqAccessError mapper, with
  BqAccessError pass-through, 'serviceusage'-substring heuristic for
  cross_project_forbidden, and bad_request_status param distinguishing
  user-derived (400) from server-constructed (502) SQL)
- _default_client_factory, _default_duckdb_session_factory

RemoteQueryEngine.__init__ no longer accepts _bq_client_factory; tests
migrate to bq_access=BqAccess(projects, client_factory=...). DuckDB-only
RemoteQueryEngine tests need no changes — bq_access defaults to None and
get_bq_access() is only invoked on first BQ call (lazy resolution).
BqAccessError raised internally is translated to RemoteQueryError(
error_type="bq_error") in _get_bq_client to preserve the engine's
existing public contract — CLI and /api/query/hybrid callers see no change.

Endpoint tests (test_v2_scan, test_v2_scan_estimate, test_v2_sample,
test_v2_schema) migrate from monkey-patching whole _fetch_* functions
to using the new bq_access fixture in tests/conftest.py — which
exercises the REAL translation path through BqAccess + translate_bq_error,
closing the test gap flagged in Task 1.1's review.

Side-effect behavior change: v2_sample's FROM clause now uses the data
project (instance.yaml data_source.bigquery.project), not the conflated
billing_project from Phase 1. Documented in CHANGELOG ### Internal.

BREAKING for deployments combining BIGQUERY_PROJECT env var with
data_source.bigquery.project in instance.yaml — env var now overrides
data project too. See CHANGELOG ### Changed.

Two known-duplicate BQ-access sites (connectors/bigquery/extractor.py,
scripts/duckdb_manager.register_bq_table) explicitly out of scope;
tracked as follow-up.

Removed stale docstring at the previous src/remote_query.py:204
that referenced scripts.duckdb_manager._create_bq_client as the default
BQ client factory (RemoteQueryEngine never actually used that function).

Test counts: tests/test_bq_access.py +27 (new), tests/test_v2_*.py +
tests/test_remote_query.py migrated to bq_access fixture (counts unchanged
or +1-2 per file). Full suite: 2086 passed, 8 pre-existing failures
(DB migration tests with unrelated internal_roles DependencyException —
not introduced by this PR).

* fix(bq_access): translate DefaultCredentialsError to BqAccessError(auth_failed)

CI on PR #138 caught: bigquery.Client(...) resolves Application Default
Credentials at construction time; without ADC (CI without SA key, dev
laptop without 'gcloud auth application-default login') it raises
google.auth.exceptions.DefaultCredentialsError synchronously.

Pre-fix _default_client_factory only caught ImportError, so DefaultCredentialsError
propagated as raw exception — and from production endpoints would surface
as bare 500 (the exact failure mode #134 sets out to fix).

Now translates to BqAccessError(kind='auth_failed', details.hint='Run
gcloud auth application-default login...'). Endpoint catch chain returns
HTTP 502 with structured body. Adds unit test
test_raises_auth_failed_on_default_credentials_error.

Third-round spec review flagged this case in passing; the fix didn't land.
CI's auth-less environment surfaced it.

* fix(bq_access): get_bq_access() returns sentinel instead of raising when not configured

Devin BUG_0001 on PR #138 review: 'get_bq_access() as FastAPI Depends
breaks all v2 endpoints for non-BigQuery instances'.

Pre-fix: get_bq_access() raised BqAccessError(not_configured) when
neither BIGQUERY_PROJECT env nor data_source.bigquery.project was set.
Because FastAPI resolves Depends() BEFORE the endpoint body runs, this
exception fires during dep-injection — the endpoint's try/except
BqAccessError clause never gets a chance to catch it. Result: every
v2 request on Keboola-only or CSV-only instances returned bare HTTP
500, even for local-source tables that never touch BigQuery.

Fix: get_bq_access() now returns a sentinel BqAccess with empty
BqProjects and factories that raise BqAccessError(not_configured)
on actual use. Construction succeeds, FastAPI's dep-injection cleanly
yields the sentinel, the endpoint runs. The local-source code path
in build_sample / build_schema / etc. never calls bq.client() or
bq.duckdb_session() (it reads parquet directly), so non-BQ tables
return 200 as before. Only when an endpoint actually tries to query
BQ (source_type == 'bigquery') does the sentinel raise — and the
endpoint's existing except BqAccessError catches it normally,
returning structured 502 with hint.

Test get_bq_access::test_raises_not_configured_when_neither_set
renamed and rewritten to test_returns_sentinel_when_neither_set:
asserts BqAccess is returned, then asserts client() and
duckdb_session() each raise BqAccessError(not_configured) on call.

Test test_does_not_cache_exceptions removed (no longer applicable)
and replaced with test_sentinel_is_cached_per_process documenting
the operator-restart-on-config-change contract.

* docs(spec+plan): #134 genericize customer-specific tokens (CLAUDE.md OSS rule)

Devin BUG_0001/0002 round 3 on PR #138: spec and plan docs contained
customer-specific deployment hostnames, deployment names, and a GCP
project ID that violated CLAUDE.md's vendor-agnostic OSS rule
('Nothing customer-specific belongs in code, configuration defaults,
comments, docs, commit messages, PR titles, or PR bodies').

Replacements:
  agnes-development.groupondev.com -> <your-agnes-host>
  agnes-development                -> <your-dev-instance>
  prj-grp-dataview-prod-1ff9       -> <your-data-project>
  s1_session_landings              -> <bq_table_id>

E2E verification semantics unchanged — operators still run the same
four curls + config flip + retry, just substituting their own host /
deployment name / project / table.

* fix(bq_access): hook get_bq_access.cache_clear into instance_config.reset_cache

Devin ANALYSIS_0004 on PR #138: get_bq_access is @functools.cache'd at
process level, so it captures BigQuery project IDs at first call and
ignores subsequent instance.yaml changes. Pre-Phase-2 the v2 endpoints
re-read get_value() on every request, so admin /api/admin/server-config
saves (which call instance_config.reset_cache()) hot-reloaded the BQ
project. Without this fix, my refactor silently regresses that contract
— operators editing instance.yaml via the admin UI would see no effect
on v2 endpoints until container restart.

instance_config.reset_cache() now also calls
connectors.bigquery.access.get_bq_access.cache_clear() (lazy import,
swallowed if connectors module isn't loaded — keeps instance_config
usable in isolated unit tests).

Adds test_instance_config_reset_cache_invalidates_get_bq_access as
regression guard. Updates CHANGELOG Internal entry to mention the
hot-reload contract + the not-configured sentinel behavior (round-3
fix from Devin BUG_0001 was previously only in commit message).

* fix(bq_access): surface not_configured before identifier validation + plan path genericize

Devin BUG_0001 + BUG_0002 round 5 on PR #138.

BUG_0001 (plan doc): personal filesystem path violated CLAUDE.md
vendor-agnostic rule. Replaced with '<worktree-root>' placeholder.

BUG_0002 (sentinel error path): when get_bq_access() returns the sentinel
BqAccess (BQ not configured), the empty bq.projects.data was reaching
validate_quoted_identifier first and raising ValueError -> endpoint
mapped to HTTP 400 'unsafe_identifier' instead of structured 500
'not_configured' with hint.

Each fetch helper now checks 'if not bq.projects.data: bq.client()' as
the first step, which triggers the sentinel's BqAccessError(not_configured).
Endpoint catches the typed error and returns HTTP 500 with hint pointing
at data_source.bigquery.project. Best-effort _fetch_bq_table_options
returns {} silently in this case (preserves the swallow-all contract).

* fix(bq_access): classify DuckDB-native exceptions from bigquery_query() via string match

Devin ANALYSIS on PR #138 review (latest round). The DuckDB bigquery
extension is a C++ plugin making its own HTTP calls — when BQ returns
403, it throws duckdb.IOException with the BQ error embedded as text,
not gax.Forbidden. translate_bq_error's isinstance checks would miss
these, falling to case 7 → bare 500 in production for v2_scan, v2_sample,
and v2_schema (the bigquery_query() paths).

Fix: last-resort string-match heuristic before the re-raise. 'Forbidden'
/ '403' / 'Bad Request' / '400' in the lowercased message classifies via
the same kind hierarchy. The 'serviceusage' substring still distinguishes
cross_project_forbidden from bq_forbidden. Specific enough that random
exceptions without HTTP-error keywords still re-raise.

Adds 4 unit tests covering the new heuristic + the 'don't swallow random
exceptions' invariant.

* chore(release): cut 0.22.0

PR #138 contains issue #134 user-visible behavior changes:
- BREAKING: BIGQUERY_PROJECT env var now overrides instance.yaml
  data_source.bigquery.project for v2 endpoints (previously
  RemoteQueryEngine billing only).
- Fixed: structured 502/400 on /api/v2/sample, /scan, /scan/estimate,
  /schema when BigQuery raises Forbidden/BadRequest (was bare 500).
- Internal: BqAccess facade refactor unifying four duplicate BQ-access
  call sites; instance_config.reset_cache() now invalidates BqAccess
  cache too so admin server-config saves hot-reload BQ project IDs.

Bumps to 0.22.0 because PR #137 merged first and took 0.21.0.
2026-04-30 10:11:20 +02:00

451 lines
21 KiB
Python
Raw Blame History

"""Tests for connectors/bigquery/access.py — the BqAccess facade."""
import pytest
class TestBqProjects:
def test_bq_projects_is_frozen_dataclass(self):
from connectors.bigquery.access import BqProjects
p = BqProjects(billing="b", data="d")
assert p.billing == "b"
assert p.data == "d"
with pytest.raises(Exception): # FrozenInstanceError or AttributeError
p.billing = "other"
class TestBqAccessError:
def test_carries_kind_message_details(self):
from connectors.bigquery.access import BqAccessError
e = BqAccessError("my_kind", "boom", {"foo": "bar"})
assert e.kind == "my_kind"
assert e.message == "boom"
assert e.details == {"foo": "bar"}
assert str(e) == "boom"
def test_default_details_is_empty_dict(self):
from connectors.bigquery.access import BqAccessError
e = BqAccessError("k", "m")
assert e.details == {}
def test_http_status_map_covers_all_kinds(self):
from connectors.bigquery.access import BqAccessError
expected = {
"not_configured": 500,
"bq_lib_missing": 500,
"auth_failed": 502,
"cross_project_forbidden": 502,
"bq_forbidden": 502,
"bq_bad_request": 400,
"bq_upstream_error": 502,
}
assert BqAccessError.HTTP_STATUS == expected
class TestTranslateBqError:
def setup_method(self):
from connectors.bigquery.access import BqProjects
self.projects = BqProjects(billing="bill", data="data")
def test_passes_through_BqAccessError(self):
"""CRITICAL: bq.client() / bq.duckdb_session() raise BqAccessError directly
for bq_lib_missing / auth_failed. translate_bq_error must pass them through,
not reclassify as 'unknown' and re-raise."""
from connectors.bigquery.access import BqAccessError, translate_bq_error
original = BqAccessError("bq_lib_missing", "no google lib")
result = translate_bq_error(original, self.projects, bad_request_status="client_error")
assert result is original
def test_forbidden_serviceusage_to_cross_project(self):
from google.api_core.exceptions import Forbidden
from connectors.bigquery.access import translate_bq_error
e = Forbidden("Permission denied: serviceusage.services.use on project foo")
result = translate_bq_error(e, self.projects, bad_request_status="client_error")
assert result.kind == "cross_project_forbidden"
assert "billing_project" in result.details
assert "hint" in result.details
def test_forbidden_no_serviceusage_to_bq_forbidden(self):
from google.api_core.exceptions import Forbidden
from connectors.bigquery.access import translate_bq_error
e = Forbidden("Permission denied on table-level ACL")
result = translate_bq_error(e, self.projects, bad_request_status="client_error")
assert result.kind == "bq_forbidden"
def test_forbidden_diff_projects_no_serviceusage_still_bq_forbidden(self):
"""billing != data is the NORMAL cross-project setup, not a signal of failure.
Heuristic must rely on 'serviceusage' substring only."""
from google.api_core.exceptions import Forbidden
from connectors.bigquery.access import translate_bq_error, BqProjects
e = Forbidden("Permission denied on table-level ACL")
result = translate_bq_error(e, BqProjects(billing="b", data="d"),
bad_request_status="client_error")
assert result.kind == "bq_forbidden" # NOT cross_project_forbidden
def test_bad_request_client_error_to_bq_bad_request_400(self):
from google.api_core.exceptions import BadRequest
from connectors.bigquery.access import translate_bq_error, BqAccessError
e = BadRequest("Syntax error at line 1")
result = translate_bq_error(e, self.projects, bad_request_status="client_error")
assert result.kind == "bq_bad_request"
assert BqAccessError.HTTP_STATUS[result.kind] == 400
def test_bad_request_upstream_error_to_bq_upstream_error_502(self):
from google.api_core.exceptions import BadRequest
from connectors.bigquery.access import translate_bq_error, BqAccessError
e = BadRequest("malformed identifier")
result = translate_bq_error(e, self.projects, bad_request_status="upstream_error")
assert result.kind == "bq_upstream_error"
assert BqAccessError.HTTP_STATUS[result.kind] == 502
def test_other_google_api_error_to_bq_upstream_error(self):
from google.api_core.exceptions import InternalServerError
from connectors.bigquery.access import translate_bq_error
e = InternalServerError("BQ borked")
result = translate_bq_error(e, self.projects, bad_request_status="client_error")
assert result.kind == "bq_upstream_error"
def test_unknown_exception_reraises(self):
from connectors.bigquery.access import translate_bq_error
with pytest.raises(RuntimeError, match="oops"):
translate_bq_error(RuntimeError("oops"), self.projects,
bad_request_status="client_error")
def test_duckdb_native_forbidden_classified_via_string_match(self):
"""The DuckDB bigquery extension is a C++ plugin making its own HTTP
calls; BQ 403 arrives as duckdb.IOException with 'Forbidden' / '403'
in the message, NOT as gax.Forbidden. Last-resort heuristic must
classify these so /scan, /sample, /schema don't fall back to bare 500
in production. Devin ANALYSIS on PR #138 review."""
from connectors.bigquery.access import translate_bq_error
# Simulate what duckdb.IOException looks like — a plain Exception with
# the BQ error text embedded by the C++ extension's HTTP layer.
e = Exception("HTTP 403 Forbidden: serviceusage.services.use denied on project x")
result = translate_bq_error(e, self.projects, bad_request_status="upstream_error")
assert result.kind == "cross_project_forbidden"
assert "billing_project" in result.details
def test_duckdb_native_forbidden_non_serviceusage(self):
from connectors.bigquery.access import translate_bq_error
e = Exception("HTTP 403: User does not have permission to access table foo")
result = translate_bq_error(e, self.projects, bad_request_status="upstream_error")
assert result.kind == "bq_forbidden"
def test_duckdb_native_bad_request_classified_via_string_match(self):
from connectors.bigquery.access import translate_bq_error
e = Exception("400 Bad Request: Syntax error at line 1")
result = translate_bq_error(e, self.projects, bad_request_status="client_error")
assert result.kind == "bq_bad_request"
def test_unknown_exception_without_bq_pattern_still_reraises(self):
"""Heuristic must be specific — random exceptions without HTTP-error
keywords still re-raise (don't swallow programmer bugs)."""
from connectors.bigquery.access import translate_bq_error
with pytest.raises(ValueError, match="not a BQ error"):
translate_bq_error(ValueError("not a BQ error"), self.projects,
bad_request_status="client_error")
class TestDefaultClientFactory:
def test_constructs_client_with_billing_project_as_quota(self, monkeypatch):
"""quota_project_id must be projects.billing, NOT projects.data."""
from connectors.bigquery.access import _default_client_factory, BqProjects
captured = {}
class FakeClientOptions:
def __init__(self, **kwargs):
captured["client_options_kwargs"] = kwargs
class FakeClient:
def __init__(self, project, client_options):
captured["project"] = project
captured["client_options"] = client_options
import google.cloud.bigquery as bq_mod
import google.api_core.client_options as co_mod
monkeypatch.setattr(bq_mod, "Client", FakeClient)
monkeypatch.setattr(co_mod, "ClientOptions", FakeClientOptions)
_default_client_factory(BqProjects(billing="bill", data="data"))
assert captured["project"] == "bill"
assert captured["client_options_kwargs"]["quota_project_id"] == "bill"
def test_raises_bq_lib_missing_on_importerror(self, monkeypatch):
"""If google-cloud-bigquery is not installed, raise BqAccessError, not ImportError."""
from connectors.bigquery.access import _default_client_factory, BqProjects, BqAccessError
import builtins
real_import = builtins.__import__
def fake_import(name, *args, **kwargs):
if name == "google.cloud" or name.startswith("google.cloud.bigquery"):
raise ImportError("no google-cloud-bigquery")
return real_import(name, *args, **kwargs)
monkeypatch.setattr(builtins, "__import__", fake_import)
with pytest.raises(BqAccessError) as exc_info:
_default_client_factory(BqProjects(billing="b", data="d"))
assert exc_info.value.kind == "bq_lib_missing"
def test_raises_auth_failed_on_default_credentials_error(self, monkeypatch):
"""bigquery.Client(...) resolves ADC at construction; missing credentials in
CI / dev raise google.auth.exceptions.DefaultCredentialsError synchronously.
Must translate to BqAccessError(auth_failed), not propagate raw."""
from connectors.bigquery.access import _default_client_factory, BqProjects, BqAccessError
from google.auth.exceptions import DefaultCredentialsError
class FakeClient:
def __init__(self, project, client_options):
raise DefaultCredentialsError("no ADC")
import google.cloud.bigquery as bq_mod
monkeypatch.setattr(bq_mod, "Client", FakeClient)
with pytest.raises(BqAccessError) as exc_info:
_default_client_factory(BqProjects(billing="b", data="d"))
assert exc_info.value.kind == "auth_failed"
assert "no ADC" in exc_info.value.message
assert "hint" in exc_info.value.details
class TestDefaultDuckdbSessionFactory:
def test_yields_duckdb_conn_with_secret_then_closes(self, monkeypatch):
from connectors.bigquery.access import _default_duckdb_session_factory, BqProjects
executed_sql = []
class FakeConn:
def __init__(self):
self.closed = False
def execute(self, sql, params=None):
executed_sql.append((sql, params))
return self
def close(self):
self.closed = True
fake_conn = FakeConn()
monkeypatch.setattr("duckdb.connect", lambda _: fake_conn)
monkeypatch.setattr("connectors.bigquery.auth.get_metadata_token", lambda: "tok123")
with _default_duckdb_session_factory(BqProjects(billing="b", data="d")) as conn:
assert conn is fake_conn
assert fake_conn.closed is True
# Verify INSTALL/LOAD/SECRET sequence ran
assert any("INSTALL bigquery" in sql for sql, _ in executed_sql)
assert any("LOAD bigquery" in sql for sql, _ in executed_sql)
assert any("CREATE OR REPLACE SECRET" in sql and "tok123" in sql for sql, _ in executed_sql)
def test_closes_on_exception_inside_with_block(self, monkeypatch):
from connectors.bigquery.access import _default_duckdb_session_factory, BqProjects
class FakeConn:
closed = False
def execute(self, *a, **kw): return self
def close(self): self.closed = True
fake_conn = FakeConn()
monkeypatch.setattr("duckdb.connect", lambda _: fake_conn)
monkeypatch.setattr("connectors.bigquery.auth.get_metadata_token", lambda: "t")
with pytest.raises(RuntimeError, match="boom"):
with _default_duckdb_session_factory(BqProjects(billing="b", data="d")) as conn:
raise RuntimeError("boom")
assert fake_conn.closed is True
def test_translates_metadata_auth_error_to_auth_failed(self, monkeypatch):
from connectors.bigquery.access import _default_duckdb_session_factory, BqProjects, BqAccessError
from connectors.bigquery.auth import BQMetadataAuthError
def fail():
raise BQMetadataAuthError("metadata server unreachable")
monkeypatch.setattr("connectors.bigquery.auth.get_metadata_token", fail)
with pytest.raises(BqAccessError) as exc_info:
with _default_duckdb_session_factory(BqProjects(billing="b", data="d")):
pass
assert exc_info.value.kind == "auth_failed"
class TestBqAccess:
def test_uses_default_factories_when_none_passed(self, monkeypatch):
from connectors.bigquery.access import BqAccess, BqProjects
captured = []
monkeypatch.setattr(
"connectors.bigquery.access._default_client_factory",
lambda projects: captured.append(("client", projects)) or "FAKE_CLIENT",
)
bq = BqAccess(BqProjects(billing="b", data="d"))
assert bq.client() == "FAKE_CLIENT"
assert captured == [("client", BqProjects(billing="b", data="d"))]
def test_injected_client_factory_overrides_default(self):
from connectors.bigquery.access import BqAccess, BqProjects
bq = BqAccess(
BqProjects(billing="b", data="d"),
client_factory=lambda projects: "MOCK_CLIENT",
)
assert bq.client() == "MOCK_CLIENT"
def test_injected_duckdb_session_factory_overrides_default(self):
from connectors.bigquery.access import BqAccess, BqProjects
from contextlib import contextmanager
@contextmanager
def fake_session(projects):
yield "FAKE_CONN"
bq = BqAccess(
BqProjects(billing="b", data="d"),
duckdb_session_factory=fake_session,
)
with bq.duckdb_session() as conn:
assert conn == "FAKE_CONN"
def test_projects_property(self):
from connectors.bigquery.access import BqAccess, BqProjects
p = BqProjects(billing="b", data="d")
bq = BqAccess(p)
assert bq.projects is p
class TestGetBqAccess:
def setup_method(self):
# Clear the cache between tests
from connectors.bigquery.access import get_bq_access
get_bq_access.cache_clear()
def test_env_var_wins(self, monkeypatch):
from connectors.bigquery.access import get_bq_access
monkeypatch.setenv("BIGQUERY_PROJECT", "env-proj")
bq = get_bq_access()
assert bq.projects.billing == "env-proj"
assert bq.projects.data == "env-proj"
def test_billing_project_from_yaml_when_no_env(self, monkeypatch):
from connectors.bigquery.access import get_bq_access
monkeypatch.delenv("BIGQUERY_PROJECT", raising=False)
def fake_get_value(*keys, default=""):
return {
("data_source", "bigquery", "billing_project"): "yaml-bill",
("data_source", "bigquery", "project"): "yaml-data",
}.get(keys, default)
monkeypatch.setattr("app.instance_config.get_value", fake_get_value)
bq = get_bq_access()
assert bq.projects.billing == "yaml-bill"
assert bq.projects.data == "yaml-data"
def test_billing_falls_back_to_project_when_no_billing(self, monkeypatch):
from connectors.bigquery.access import get_bq_access
monkeypatch.delenv("BIGQUERY_PROJECT", raising=False)
def fake_get_value(*keys, default=""):
return {
("data_source", "bigquery", "project"): "yaml-data",
}.get(keys, default)
monkeypatch.setattr("app.instance_config.get_value", fake_get_value)
bq = get_bq_access()
assert bq.projects.billing == "yaml-data"
assert bq.projects.data == "yaml-data"
def test_returns_sentinel_when_neither_set(self, monkeypatch):
"""get_bq_access() MUST NOT raise during dep-injection on non-BQ instances —
that would 500 every v2 endpoint request even for local-source tables.
Returns a sentinel BqAccess whose client() / duckdb_session() raise
BqAccessError(not_configured) only when actually called. The endpoint's
try/except BqAccessError catches that path normally. Devin BUG_0001 on
PR #138 review."""
from connectors.bigquery.access import get_bq_access, BqAccessError, BqAccess
monkeypatch.delenv("BIGQUERY_PROJECT", raising=False)
monkeypatch.setattr("app.instance_config.get_value", lambda *k, default="": default)
bq = get_bq_access()
assert isinstance(bq, BqAccess)
with pytest.raises(BqAccessError) as exc_info:
bq.client()
assert exc_info.value.kind == "not_configured"
assert "billing_project" in exc_info.value.details["hint"].lower() or \
"project" in exc_info.value.details["hint"].lower()
# duckdb_session() is a context manager; the BqAccessError must surface on __enter__
with pytest.raises(BqAccessError) as exc_info:
with bq.duckdb_session():
pass
assert exc_info.value.kind == "not_configured"
def test_is_cached(self, monkeypatch):
from connectors.bigquery.access import get_bq_access
monkeypatch.setenv("BIGQUERY_PROJECT", "p")
a = get_bq_access()
b = get_bq_access()
assert a is b
def test_fetch_helpers_raise_not_configured_on_sentinel_before_identifier_validation(self, monkeypatch):
"""Sentinel BqAccess has BqProjects(data=""). v2 fetch helpers must trigger
bq.client() (which raises BqAccessError(not_configured)) BEFORE calling
validate_quoted_identifier on the empty string. Otherwise the operator
sees a confusing HTTP 400 'unsafe_identifier' instead of the intended
HTTP 500 'not_configured' with hint. Devin BUG_0002 on PR #138 review."""
from connectors.bigquery.access import get_bq_access, BqAccessError
from app.api.v2_sample import _fetch_bq_sample
from app.api.v2_schema import _fetch_bq_schema, _fetch_bq_table_options
monkeypatch.delenv("BIGQUERY_PROJECT", raising=False)
monkeypatch.setattr("app.instance_config.get_value", lambda *k, default="": default)
bq = get_bq_access()
assert bq.projects.data == "", "must be the sentinel"
# Strict paths surface BqAccessError(not_configured), NOT ValueError(unsafe).
with pytest.raises(BqAccessError) as exc_info:
_fetch_bq_sample(bq, "ds", "tbl", 5)
assert exc_info.value.kind == "not_configured"
with pytest.raises(BqAccessError) as exc_info:
_fetch_bq_schema(bq, "ds", "tbl")
assert exc_info.value.kind == "not_configured"
# Best-effort path returns {} silently.
assert _fetch_bq_table_options(bq, "ds", "tbl") == {}
def test_instance_config_reset_cache_invalidates_get_bq_access(self, monkeypatch):
"""admin /api/admin/server-config save → instance_config.reset_cache() →
must also clear get_bq_access cache so v2 endpoints pick up new
BigQuery project IDs without container restart. Devin ANALYSIS_0004
on PR #138 review: pre-Phase-2 each request re-read get_value(), so
admin hot-reload worked. functools.cache on get_bq_access would have
broken that contract — this test guards against regressing it."""
from connectors.bigquery.access import get_bq_access
from app.instance_config import reset_cache
monkeypatch.setenv("BIGQUERY_PROJECT", "first")
bq1 = get_bq_access()
assert bq1.projects.billing == "first"
# Operator updates config and triggers reset_cache via admin API
monkeypatch.setenv("BIGQUERY_PROJECT", "second")
reset_cache()
bq2 = get_bq_access()
assert bq2.projects.billing == "second", \
"get_bq_access must re-resolve after instance_config.reset_cache()"
assert bq2 is not bq1
def test_sentinel_is_cached_per_process(self, monkeypatch):
"""The sentinel BqAccess is cached like any other return value. Operators
fixing instance.yaml at runtime must restart the container to pick up the
change — documented as expected behavior in the spec ('Hot-reload of
instance.yaml is out of scope')."""
from connectors.bigquery.access import get_bq_access, BqAccess
monkeypatch.delenv("BIGQUERY_PROJECT", raising=False)
monkeypatch.setattr("app.instance_config.get_value", lambda *k, default="": default)
a = get_bq_access()
b = get_bq_access()
assert a is b
assert isinstance(a, BqAccess)
assert a.projects.billing == ""
Reference in a new issue View git blame Copy permalink