-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add grant roles/bigquery.jobUser
and roles/(viewer|writer|owner)
functionalities
#11
Conversation
@snowhork I want to discuss about naming of subcommands! |
* implement cache auto refresh * fix typo * fix * change to cacherefreshhour Co-authored-by: hirohito-sasakawa <hirohito-sasakawa@m3.com>
* fix bug on cache refresh flag * remove Co-authored-by: hirohito-sasakawa <hirohito-sasakawa@m3.com>
…a/bqiam into add-permission-job-user
roles/bigquery.jobUser
and roles/(viewer|writer|owner)
functionalitiesroles/bigquery.jobUser
and roles/(viewer|writer|owner)
functionalities
READER = "READER" | ||
WRITER = "WRITER" | ||
OWNER = "OWNER" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved constants here
} | ||
} | ||
return false | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
original permit
command moved here
} | ||
} | ||
return false | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sub-sub-command thant grants project role
"github.com/spf13/cobra" | ||
"google.golang.org/api/bigquery/v2" | ||
"google.golang.org/api/iterator" | ||
|
||
"github.com/hirosassa/bqiam/metadata" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
import ordering
`, | ||
Run: func(cmd *cobra.Command, args []string) { | ||
_ = cmd.Help() | ||
}, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
permit
sub-command initialization
cmd.AddCommand( | ||
newPermitProjectCmd(), | ||
newPermitDatasetCmd(), | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
adds project
and dataset
sub-sub-commands
reader := bufio.NewReader(os.Stdin) | ||
res, err := reader.ReadString('\n') | ||
return cmd | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initialization of permit project
command
cmd.Flags().StringSliceP("users", "u", []string{}, "Specify user email(s)") | ||
cmd.Flags().StringSliceP("datasets", "d", []string{}, "Specify dataset(s)") | ||
|
||
return cmd | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
initialization of permit dataset
command
return fmt.Errorf("failed to permit: %s", err) | ||
} | ||
|
||
return nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
implementation of the permit dataset
command
fmt.Printf("Permit %s to %s access as %s\n", user, dataset, role) | ||
} | ||
if err != nil { | ||
return fmt.Errorf("failed to permit: %s", err) | ||
} | ||
|
||
return nil | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
implementation of the permit project
command
@snowhork I implemented a set of sub-sub-commands ( Please review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check for service accounts.
cmd/permit.go
Outdated
For example: | ||
|
||
bqiam permit dataset READER -p bq-project-id -u user1@email.com -u user2@email.com -d dataset1 -d dataset2 | ||
bqiam permit project VIEWER -p bq-project-id -u user1@email.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think bqiam permit project READER
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed!
bqrole/project.go
Outdated
return fmt.Errorf("%s already has a role: %s, project: %s", user, role, project) | ||
} | ||
|
||
cmd := fmt.Sprintf("gcloud projects add-iam-policy-binding %s --member user:%s --role %s", project, user, role) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't we apply to Service accounts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fixed and tested for SAs manually.
@snowhork I fixed your suggestions. plz review |
@hirosassa LGTM. I've checked the behaviour by SA too. Thanks!! |
What is this PR?
fix #12
I implemented following two functionalities:
permit
sub-command topermit dataset
roles/bigquery.jobUser
role for each users onpermit dataset
sub-commnadpermit project
sub-command that permits project-wide permissions likeroles/viewer