fix #11: allow ax role

srinandan · Nov 28, 2021 · 873a4e5 · 873a4e5
1 parent d1185b7
commit 873a4e5
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/apiclient/iam.go b/apiclient/iam.go
@@ -78,6 +78,10 @@ func CreateIAMServiceAccount(name string, iamRole string) (err error) {
 		role = "roles/apigee.synchronizerManager"
 	case "analytics":
 		role = "roles/apigee.analyticsAgent"
+	case "analyticsAgent":
+		role = "roles/apigee.analyticsAgent"
+	case "analyticsViewer":
+		role = "roles/apigee.analyticsViewer"
 	case "metric":
 		role = "roles/monitoring.metricWriter"
 	case "logger":
@@ -223,6 +227,10 @@ func SetIAMPermission(memberName string, iamRole string, memberType string) (err
 		role = "roles/apigee.synchronizerManager"
 	case "analytics":
 		role = "roles/apigee.analyticsAgent"
+	case "analyticsViewer":
+		role = "roles/apigee.analyticsViewer"
+	case "analyticsAgent":
+		role = "roles/apigee.analyticsAgent"
 	case "deploy":
 		role = "roles/apigee.deployer"
 	default: //assume this is a custom role definition

diff --git a/cmd/env/setax.go b/cmd/env/setax.go
@@ -28,15 +28,18 @@ var SetAxCmd = &cobra.Command{
 	Short: "Set Analytics Agent role for a member on an environment",
 	Long:  "Set Analytics Agent role for a member an Environment",
 	Args: func(cmd *cobra.Command, args []string) (err error) {
+		if role != "analyticsAgent" && role != "analyticsViewer" {
+			return fmt.Errorf("invalid memberRole. Member role must be analyticsViewer or analyticsAgent")
+		}
 		apiclient.SetApigeeEnv(environment)
 		return apiclient.SetApigeeOrg(org)
 	},
 	RunE: func(cmd *cobra.Command, args []string) (err error) {
-		err = environments.SetIAM(memberName, "analytics", memberType)
+		err = environments.SetIAM(memberName, role, memberType)
 		if err != nil {
 			return err
 		}
-		fmt.Printf("Member %s granted access to Apigee Analytics Viewer role\n", memberName)
+		fmt.Printf("Member %s granted access to %s role\n", memberName, role)
 		return nil
 	},
 }
@@ -47,6 +50,7 @@ func init() {
 		"", "Member Name, example Service Account Name")
 	SetAxCmd.Flags().StringVarP(&memberType, "memberType", "m",
 		"serviceAccount", "memberType must be serviceAccount, user or group")
-
+	SetAxCmd.Flags().StringVarP(&role, "memberRole", "r",
+		"analyticsAgent", "memberRole must be analyticsViewer or analyticsAgent")
 	_ = SetAxCmd.MarkFlagRequired("name")
 }