Add kms key to Bigquery config to be used in query #1461
Conversation
Summary of ChangesHello @yalimu-g, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the BigQuery connector by enabling users to specify a Customer-Managed Encryption Key (CMEK) for temporary tables created during query materialization. This feature allows for greater control over data security by ensuring that intermediate query results are encrypted using a user-provided key, aligning with enterprise security requirements. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request successfully introduces the functionality to specify a KMS key for BigQuery queries that materialize to temporary tables. This is a valuable security enhancement, allowing users to encrypt their temporary query results with customer-managed encryption keys. The changes involve propagating the KMS key name through various method calls and configurations, and applying it when building QueryJobConfiguration objects. New overloaded methods and a default method in an interface ensure backward compatibility. Comprehensive unit and integration tests have been added to validate the new functionality.
...onnector-common/src/main/java/com/google/cloud/bigquery/connector/common/BigQueryClient.java
Show resolved
Hide resolved
| assertThat( | ||
| ((QueryJobConfiguration) jobInfo.getConfiguration()) | ||
| .getDestinationEncryptionConfiguration() | ||
| .getKmsKeyName()) | ||
| .isEqualTo(kmsKeyName + "/cryptoKeyVersions/1"); |
There was a problem hiding this comment.
The assertion for the KMS key name assumes a specific suffix (/cryptoKeyVersions/1). This might be too rigid. If the provided kmsKeyName is already a full resource name including a version, or if BigQuery's API returns the key name without a version suffix in some cases, this test could fail unnecessarily. It would be more robust to assert that the getKmsKeyName() value contains the provided kmsKeyName or matches it exactly if no version is expected to be appended by the API. Consider using startsWith or a more flexible comparison.
| assertThat( | |
| ((QueryJobConfiguration) jobInfo.getConfiguration()) | |
| .getDestinationEncryptionConfiguration() | |
| .getKmsKeyName()) | |
| .isEqualTo(kmsKeyName + "/cryptoKeyVersions/1"); | |
| assertThat( | |
| ((QueryJobConfiguration) jobInfo.getConfiguration()) | |
| .getDestinationEncryptionConfiguration() | |
| .getKmsKeyName()) | |
| .startsWith(kmsKeyName); |
|
/gcbrun |
|
/gcbrun |
3 participants
No description provided.