Skip to content
This repository has been archived by the owner on Mar 9, 2023. It is now read-only.

fetch default SA only when grant perm is set #113

Merged
merged 2 commits into from
Jan 17, 2023
Merged

fetch default SA only when grant perm is set #113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6f445ce
correct params for get #112
srinandan Jan 17, 2023
09b3a14
get default SA if grantPerm is set #112
srinandan Jan 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions apiclient/iam.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ func setProjectIAMPermission(project string, memberName string, role string) (er
//this method treats errors as info since this is not a blocking problem

//Get the current IAM policies for the project
respBody, err := HttpClient(false, getendpoint, "")
respBody, err := HttpClient(false, getendpoint)
if err != nil {
clilog.Info.Printf("error getting IAM policies for the project %s: %v", project, err)
return err
Expand Down Expand Up @@ -399,7 +399,7 @@ func GetComputeEngineDefaultServiceAccount(projectId string) (serviceAccount str
var getendpoint = fmt.Sprintf("https://cloudresourcemanager.googleapis.com/v3/projects/%s", projectId)

//Get the project number
respBody, err := HttpClient(false, getendpoint, "")
respBody, err := HttpClient(false, getendpoint)
if err != nil {
clilog.Info.Printf("error getting details for the project %s: %v", projectId, err)
return serviceAccount, err
Expand Down
15 changes: 7 additions & 8 deletions client/connections/connectors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,10 +139,6 @@ func Create(name string, content []byte, serviceAccountName string, serviceAccou
return nil, err
}

if c.ServiceAccount == nil {
c.ServiceAccount = new(string)
}

//service account overrides have been provided, use them
if serviceAccountName != "" {
//set the project id if one was not presented
Expand All @@ -154,14 +150,17 @@ func Create(name string, content []byte, serviceAccountName string, serviceAccou
if err = apiclient.CreateServiceAccount(serviceAccountName); err != nil {
return nil, err
}
} else { //use the default compute engine SA
} else if grantPermission { //use the default compute engine SA to grant permissions
serviceAccountName, err = apiclient.GetComputeEngineDefaultServiceAccount(apiclient.GetProjectID())
if err != nil {
return nil, err
}
}

*c.ServiceAccount = serviceAccountName
if c.ServiceAccount == nil && serviceAccountName != "" {
c.ServiceAccount = new(string)
*c.ServiceAccount = serviceAccountName
}

if c.ConnectorDetails == nil {
return nil, fmt.Errorf("connectorDetails must be set. See https://github.com/srinandan/integrationcli#connectors-for-third-party-applications for more details")
Expand Down Expand Up @@ -282,9 +281,9 @@ func Create(name string, content []byte, serviceAccountName string, serviceAccou
c.AuthConfig.UserPassword.Password.SecretVersion = secretVersion
c.AuthConfig.UserPassword.PasswordDetails = nil //clean the input

if grantPermission {
if grantPermission && c.ServiceAccount != nil {
//grant connector service account access to secretVersion
if err = apiclient.SetSecretManagerIAMPermission(apiclient.GetProjectID(), secretName, serviceAccountName); err != nil {
if err = apiclient.SetSecretManagerIAMPermission(apiclient.GetProjectID(), secretName, *c.ServiceAccount); err != nil {
return nil, err
}
}
Expand Down