What should happen when you add-contract to a private model?

[graciegoheen]

Describe the bug

Right now when I execute dbt-meshify operation add-contract -s 2__raw_vault (which included models that are previously marked as access:private), dbt-meshify does not update those models' access to public.

Should it?

Should there be a separate operation for updating access?

Thoughts?

[dave-connors-3]

it's a good question! i asked @jtcohen6 a similar one about the need to use model governance features in tandem:

since it's permissible in core to use each of these features separately from each other, I think I lean that the add-contract operation should do only that.

to your point, yes, it may make sense to have another command to explicitly set access levels! Access is currently the most "magical" feature of the package. I'm of the opinion that access makes the most sense in the context of group definitions or cross project refs, so i'm ok with the setup we have today where the graph dictates the access when declaring a group or splitting a project.

[graciegoheen]

I'm of the opinion that access makes the most sense in the context of group definitions or cross project refs, so i'm ok with the setup we have today where the graph dictates the access when declaring a group or splitting a project.

I disagree with you here!

I just did the following workflow:

1. Ok, I know I want to create a new group for all of my models in my 1__stage, 2__raw_vault, and 3__business_vault folders. I execute: dbt-meshify group vault --owner-name "Trainer Logan" -s "1__stage 2__raw_vault 3__business_vault"
2. Because I've only built out a few models that build on those "vault" models, some are marked as public and some are marked as private. But actually, I want all of my models in 2__raw_vault and 3__business_vault folders to be public so that anyone can access and use them. So I executed dbt-meshify operation add-contract -s "2__raw_vault 3__business_vault"
3. But that just added contracts, it didn't update my access. So I had to go in and manually change the access config for all of the models in those folders.

I'm okay with not automatically updating access when you add a contract, but I do think we then need an operation to update access manually.

[nicholasyager]

I'm also of the opinion that access levels and contracted models are two orthogonal ideas. Access levels define the keys allowed to unlock a door, and the contract is the directory on the door promising what's inside. These two are useful together, but not a requirement whatsoever.

Having that been said, I'd agree 💯 that we should have a CLI operation for bespoke access level updates!