-
Notifications
You must be signed in to change notification settings - Fork 2
/
func_settopicrole.go
56 lines (50 loc) · 1.78 KB
/
func_settopicrole.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the 'License');
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an 'AS IS' BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package gps
import (
"context"
"fmt"
"log"
"cloud.google.com/go/iam"
pubsub "cloud.google.com/go/pubsub/apiv1"
pubsubpb "google.golang.org/genproto/googleapis/pubsub/v1"
)
// SetTopicRole set a role on a topic
func SetTopicRole(ctx context.Context, pubSubPulisherClient *pubsub.PublisherClient, topicName string, member string, role iam.RoleName) (err error) {
// log.Printf("topicName %s", topicName)
// log.Printf("member %s", member)
// log.Printf("role %s", role)
var getTopicRequest pubsubpb.GetTopicRequest
getTopicRequest.Topic = topicName
topic, err := pubSubPulisherClient.GetTopic(ctx, &getTopicRequest)
if err != nil {
return fmt.Errorf("pubSubPulisherClient.GetTopic %s %v", topicName, err)
}
iamHandle := pubSubPulisherClient.TopicIAM(topic)
policy, err := iamHandle.Policy(ctx)
if err != nil {
return fmt.Errorf("iamHandle.Policy %v", err)
}
if policy.HasRole(member, role) {
log.Printf("%s already has role %s on topic %s", member, role, topicName)
return nil
}
policy.Add(member, role)
err = iamHandle.SetPolicy(ctx, policy)
if err != nil {
return fmt.Errorf("iamHandle.SetPolicy %v", err)
}
log.Printf("Granted role %s to %s on topic %s", role, member, topicName)
return nil
}