Google Cloud SQL MySQL Connector

[andres-torres-marroquin]

Closes PROD-2152

Description Of Changes

Added GoogleCloudSQLMySQLConnector and tests for it.

Code Changes

• Created GoogleCloudSQLMySQLConnector
• Added tests for GoogleCloudSQLMySQLConnector

Steps to Confirm

• Add a system
• Add an Integration, select Google Cloud SQL for MySQL
• Add testing credentials
• Press Test Integration
• Add testing Dataset
• Submit an access request in the Privacy Center

Pre-Merge Checklist

• All CI Pipelines Succeeded
• Documentation:
  • documentation complete, PR opened in fidesdocs
  • documentation issue created in fidesdocs
  • if there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
• Issue Requirements are Met
• Relevant Follow-Up Issues Created
• Update CHANGELOG.md
• For API changes, the Postman collection has been updated
• If there are any database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
fides-plus-nightly	⬜️ Ignored (Inspect)	Visit Preview		Jun 19, 2024 0:52am

[galvana]

This should be using Google's keyfile_creds similar to how we do it in connection_secrets_bigquery. Take a look at option two in this doc for how to authenticate using a keyfile https://ethyca.atlassian.net/wiki/spaces/EN/pages/3029204995/2024-04-19+Google+Cloud+SQL+Integration#Option-2-(IAM-database-authentication)

[galvana]

This is a good first pass Andres! I was able to connect to a Google Cloud SQL for MySQL instance using keyfile creds and that was the main part of this ticket 👍 I think it's still good to test the retrieve_data and mask_data functions we're inheriting from SQLConnector so I documented some test files you can reference to do this.

I commented inline but I'll share here to make sure to run nox -s static_checks to identify any static issues like formatting, type, or import issues.

You will also run into some database migration issues once you merge in the main branch because your new migration and the latest migration both have the same down_revision

down_revision = "efddde14da21"

Search the repo for down_revision = "efddde14da21" and point your migration to the revision number of the other file with the same down_revision.

I know this is a lot so let me know if you want to go over this in person.

[galvana]

Thanks for sorting these values

[galvana]

We're missing some connection types, make sure you include all the values in the ConnectionType enum

class ConnectionType(enum.Enum):
    """
    Supported types to which we can connect Fides.
    """

    postgres = "postgres"
    mongodb = "mongodb"
    mysql = "mysql"
    google_cloud_sql_mysql = "google_cloud_sql_mysql"
    https = "https"
    saas = "saas"
    redshift = "redshift"
    snowflake = "snowflake"
    mssql = "mssql"
    mariadb = "mariadb"
    bigquery = "bigquery"
    manual = "manual"  # Deprecated - use manual_webhook instead
    sovrn = "sovrn"
    attentive = "attentive"
    dynamodb = "dynamodb"
    manual_webhook = "manual_webhook"  # Runs upfront before the traversal
    timescale = "timescale"
    fides = "fides"
    generic_erasure_email = "generic_erasure_email"  # Run after the traversal
    generic_consent_email = "generic_consent_email"  # Run after the traversal

[galvana]

Same as above, make sure it's the same list as the upgrade but without the new google_cloud_sql_mysql entry

[galvana]

The connection test worked just fine which is the important part of this ticket! But we want to make sure that the access and erasure logic we're inheriting from the MySQLConnector still works for our new Google Cloud SQL instance.

To do. this, expand the fixtures to include something similar to mysql_integration_db from the mysql_fixtures.py file? This is what will create our test data in Google Cloud SQL.

@pytest.fixture(scope="function")
def google_cloud_sql_mysql_integration_db(google_cloud_sql_mysql_integration_session):
    truncate_all_tables(mysql_integration_session)
    statements = [
        """
        INSERT INTO product VALUES
        (1, 'Example Product 1', 10.00),
        ...

Then add a test_integration_google_cloud_sql_mysql_example.py similar to tests/ops/integration_tests/test_integration_mysql_example.py to test that the data was created.

Then an equivalent of test_mysql_access_request_task in tests/ops/integration_tests/test_sql_task.py

And finally the most important part, a Google Cloud SQL version of test_create_and_process_access_request_mysql and test_create_and_process_erasure_request_specific_category_mysql in tests/ops/service/privacy_request/test_request_runner_service.py

If you search for @pytest.mark.integration_mysql in the repo, you should see all of these tests for the original version of the MySQL connector, make sure you have similar tests for your new connector. Add a new pytest marker in pyproject.toml for integration_google_cloud_sql_mysql so you can tag all of your new tests.

[cypress]

Passing run #8393 ↗︎

0	4	0	0	0
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

Details:

Merge 43bea8e into 480312e...
Project: fides	Commit: d10f3a54c7 ℹ️
Status: Passed	Duration: 00:35 💡
Started: Jun 19, 2024 1:03 AM	Ended: Jun 19, 2024 1:04 AM

Review all test suite changes for PR #4949 ↗︎

[galvana]

Suggested change

	def test_create_and_process_erasure_request_specific_category_mysql(
	def test_create_and_process_erasure_request_specific_category_google_cloud_sql_mysql(

[galvana]

Almost there! Just a few minor things. Also make sure you run nox -s static_checks locally to format the files and pick up any other static issues.

[galvana]

Can you add dbname to _required_components now that it's required?

[galvana]

Can we get rid of this TODO?

[galvana]

Same for this one

[galvana]

We can get rid of this one since we moved it to it's own file right?

[codecov]

Codecov Report

Attention: Patch coverage is 79.45205% with 15 lines in your changes missing coverage. Please review.

Project coverage is 86.56%. Comparing base (480312e) to head (43bea8e).

Files	Patch %	Lines
src/fides/api/service/connectors/sql_connector.py	54.54%	9 Missing and 1 partial ⚠️
...ation/connection_secrets_google_cloud_sql_mysql.py	90.00%	3 Missing ⚠️
src/fides/api/task/task_resources.py	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4949      +/-   ##
==========================================
- Coverage   86.59%   86.56%   -0.03%     
==========================================
  Files         351      352       +1     
  Lines       21818    21874      +56     
  Branches     2881     2884       +3     
==========================================
+ Hits        18893    18935      +42     
- Misses       2420     2433      +13     
- Partials      505      506       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cypress]

Passing run #8403 ↗︎

0	4	0	0	0
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

Details:

Google Cloud SQL MySQL Connector (#4949)
Project: fides	Commit: 39d23e1ac6
Status: Passed	Duration: 00:35 💡
Started: Jun 19, 2024 3:30 PM	Ended: Jun 19, 2024 3:30 PM

Review all test suite changes for PR #4949 ↗︎