From 873a4e5101d05485db2c9b2702a06426908ce97c Mon Sep 17 00:00:00 2001 From: srinandan Date: Sat, 27 Nov 2021 16:31:33 -0800 Subject: [PATCH] fix #11: allow ax role --- apiclient/iam.go | 8 ++++++++ cmd/env/setax.go | 10 +++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/apiclient/iam.go b/apiclient/iam.go index 7bc27054..dfb8afee 100644 --- a/apiclient/iam.go +++ b/apiclient/iam.go @@ -78,6 +78,10 @@ func CreateIAMServiceAccount(name string, iamRole string) (err error) { role = "roles/apigee.synchronizerManager" case "analytics": role = "roles/apigee.analyticsAgent" + case "analyticsAgent": + role = "roles/apigee.analyticsAgent" + case "analyticsViewer": + role = "roles/apigee.analyticsViewer" case "metric": role = "roles/monitoring.metricWriter" case "logger": @@ -223,6 +227,10 @@ func SetIAMPermission(memberName string, iamRole string, memberType string) (err role = "roles/apigee.synchronizerManager" case "analytics": role = "roles/apigee.analyticsAgent" + case "analyticsViewer": + role = "roles/apigee.analyticsViewer" + case "analyticsAgent": + role = "roles/apigee.analyticsAgent" case "deploy": role = "roles/apigee.deployer" default: //assume this is a custom role definition diff --git a/cmd/env/setax.go b/cmd/env/setax.go index 5d44a11e..f1cf5c41 100644 --- a/cmd/env/setax.go +++ b/cmd/env/setax.go @@ -28,15 +28,18 @@ var SetAxCmd = &cobra.Command{ Short: "Set Analytics Agent role for a member on an environment", Long: "Set Analytics Agent role for a member an Environment", Args: func(cmd *cobra.Command, args []string) (err error) { + if role != "analyticsAgent" && role != "analyticsViewer" { + return fmt.Errorf("invalid memberRole. Member role must be analyticsViewer or analyticsAgent") + } apiclient.SetApigeeEnv(environment) return apiclient.SetApigeeOrg(org) }, RunE: func(cmd *cobra.Command, args []string) (err error) { - err = environments.SetIAM(memberName, "analytics", memberType) + err = environments.SetIAM(memberName, role, memberType) if err != nil { return err } - fmt.Printf("Member %s granted access to Apigee Analytics Viewer role\n", memberName) + fmt.Printf("Member %s granted access to %s role\n", memberName, role) return nil }, } @@ -47,6 +50,7 @@ func init() { "", "Member Name, example Service Account Name") SetAxCmd.Flags().StringVarP(&memberType, "memberType", "m", "serviceAccount", "memberType must be serviceAccount, user or group") - + SetAxCmd.Flags().StringVarP(&role, "memberRole", "r", + "analyticsAgent", "memberRole must be analyticsViewer or analyticsAgent") _ = SetAxCmd.MarkFlagRequired("name") }