Support allowMaterializedViewsWithoutRowLevelSecurity when creating materialized views#148
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds support for the allowMaterializedViewsWithoutRowLevelSecurity property when creating materialized views in Kusto. This property allows materialized views to be created without row-level security policies, which is necessary in certain scenarios where row-level security would otherwise be required.
Changes:
- Added
AllowMaterializedViewsWithoutRowLevelSecurityboolean property to theMaterializedViewclass - Modified script generation logic to include the property when creating new materialized views
- Added propagation logic in
DatabaseChangesto copy the property from desired state to cluster state to avoid phantom diffs
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| KustoSchemaTools/Model/MaterializedView.cs | Added new boolean property and logic to include it in materialized view creation scripts when isNew=true |
| KustoSchemaTools/Changes/DatabaseChanges.cs | Added propagation logic to copy the AllowMaterializedViewsWithoutRowLevelSecurity flag from new state to old state to prevent phantom diffs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| && oldState.MaterializedViews.ContainsKey(mv.Key)) | ||
| { | ||
| oldState.MaterializedViews[mv.Key].AllowMaterializedViewsWithoutRowLevelSecurity = true; | ||
| } |
There was a problem hiding this comment.
The propagation logic only handles the direct AllowMaterializedViewsWithoutRowLevelSecurity property on MaterializedView, but not the same property in mv.Value.Policies.AllowMaterializedViewsWithoutRowLevelSecurity. Similar to the table propagation logic (lines 53-61), this should also propagate the Policies property to avoid phantom diffs when row-level security is configured. Consider adding:
if (mv.Value.Policies?.AllowMaterializedViewsWithoutRowLevelSecurity == true
&& oldState.MaterializedViews.ContainsKey(mv.Key)
&& oldState.MaterializedViews[mv.Key].Policies != null)
{
oldState.MaterializedViews[mv.Key].Policies.AllowMaterializedViewsWithoutRowLevelSecurity = true;
}
| } | |
| } | |
| if (mv.Value.Policies?.AllowMaterializedViewsWithoutRowLevelSecurity == true | |
| && oldState.MaterializedViews.ContainsKey(mv.Key) | |
| && oldState.MaterializedViews[mv.Key].Policies != null) | |
| { | |
| oldState.MaterializedViews[mv.Key].Policies.AllowMaterializedViewsWithoutRowLevelSecurity = true; | |
| } |
| if (AllowMaterializedViewsWithoutRowLevelSecurity && isNew) | ||
| { | ||
| properties = string.IsNullOrEmpty(properties) | ||
| ? "allowMaterializedViewsWithoutRowLevelSecurity=true" | ||
| : $"{properties}, allowMaterializedViewsWithoutRowLevelSecurity=true"; | ||
| } |
There was a problem hiding this comment.
The new AllowMaterializedViewsWithoutRowLevelSecurity property lacks test coverage. Consider adding tests that verify:
- The property is correctly excluded from automatic property reflection (line 41)
- The property is correctly added to the script when creating a new materialized view with
AllowMaterializedViewsWithoutRowLevelSecurity=trueandisNew=true - The property is NOT added when
isNew=false(updating an existing materialized view) - The property is correctly appended to existing properties with proper comma separation
- The property works correctly when there are no other properties
Similar to the test pattern in YamlDatabaseHandlerTests.cs line 169, you could test the generated scripts from CreateScripts.
ashleyvansp
deleted the
ashleyvansp/allowMaterializedViewsWithoutRowLevelSecurity2
branch
This PR adds support for the
allowMaterializedViewsWithoutRowLevelSecurityflag when creating materialized views. This allows materialized views to be created on tables with row level security policies enabled.cc https://github.com/github/data/issues/9480