Add grant roles/bigquery.jobUser and roles/(viewer|writer|owner) functionalities
#11
Conversation
|
@snowhork I want to discuss about naming of subcommands! |
* implement cache auto refresh * fix typo * fix * change to cacherefreshhour Co-authored-by: hirohito-sasakawa <hirohito-sasakawa@m3.com>
* fix bug on cache refresh flag * remove Co-authored-by: hirohito-sasakawa <hirohito-sasakawa@m3.com>
…a/bqiam into add-permission-job-user
hirosassa
changed the title
roles/bigquery.jobUser and roles/(viewer|writer|owner) functionalitiesroles/bigquery.jobUser and roles/(viewer|writer|owner) functionalities
| READER = "READER" | ||
| WRITER = "WRITER" | ||
| OWNER = "OWNER" | ||
| ) |
| } | ||
| } | ||
| return false | ||
| } |
There was a problem hiding this comment.
original permit command moved here
| } | ||
| } | ||
| return false | ||
| } |
There was a problem hiding this comment.
sub-sub-command thant grants project role
| "github.com/spf13/cobra" | ||
| "google.golang.org/api/bigquery/v2" | ||
| "google.golang.org/api/iterator" | ||
|
|
||
| "github.com/hirosassa/bqiam/metadata" |
| `, | ||
| Run: func(cmd *cobra.Command, args []string) { | ||
| _ = cmd.Help() | ||
| }, | ||
| } |
There was a problem hiding this comment.
permit sub-command initialization
| cmd.AddCommand( | ||
| newPermitProjectCmd(), | ||
| newPermitDatasetCmd(), | ||
| ) |
There was a problem hiding this comment.
adds project and dataset sub-sub-commands
| reader := bufio.NewReader(os.Stdin) | ||
| res, err := reader.ReadString('\n') | ||
| return cmd | ||
| } |
There was a problem hiding this comment.
Initialization of permit project command
| cmd.Flags().StringSliceP("users", "u", []string{}, "Specify user email(s)") | ||
| cmd.Flags().StringSliceP("datasets", "d", []string{}, "Specify dataset(s)") | ||
|
|
||
| return cmd | ||
| } |
There was a problem hiding this comment.
initialization of permit dataset command
| return fmt.Errorf("failed to permit: %s", err) | ||
| } | ||
|
|
||
| return nil | ||
| } |
There was a problem hiding this comment.
implementation of the permit dataset command
| fmt.Printf("Permit %s to %s access as %s\n", user, dataset, role) | ||
| } | ||
| if err != nil { | ||
| return fmt.Errorf("failed to permit: %s", err) | ||
| } | ||
|
|
||
| return nil | ||
| } | ||
|
|
There was a problem hiding this comment.
implementation of the permit project command
|
@snowhork I implemented a set of sub-sub-commands ( Please review. |
cmd/permit.go
Outdated
| For example: | ||
|
|
||
| bqiam permit dataset READER -p bq-project-id -u user1@email.com -u user2@email.com -d dataset1 -d dataset2 | ||
| bqiam permit project VIEWER -p bq-project-id -u user1@email.com |
There was a problem hiding this comment.
I think bqiam permit project READER
bqrole/project.go
Outdated
| return fmt.Errorf("%s already has a role: %s, project: %s", user, role, project) | ||
| } | ||
|
|
||
| cmd := fmt.Sprintf("gcloud projects add-iam-policy-binding %s --member user:%s --role %s", project, user, role) |
There was a problem hiding this comment.
Can't we apply to Service accounts?
There was a problem hiding this comment.
I fixed and tested for SAs manually.
|
@snowhork I fixed your suggestions. plz review |
|
@hirosassa LGTM. I've checked the behaviour by SA too. Thanks!! |
What is this PR?
fix #12
I implemented following two functionalities:
permitsub-command topermit datasetroles/bigquery.jobUserrole for each users onpermit datasetsub-commnadpermit projectsub-command that permits project-wide permissions likeroles/viewer