Merge pull request #63 from srinandan/issue56

grant permissions to bq

README.md

@@ -109,7 +109,7 @@ integrationcli connectors create -n name-of-the-connector -f ./test/pub_sub_conn
 **NOTES:** 
 
 * This command assumes the token is cached, otherwise pass the token via `-t`
-* For PubSub, `integrationcli` adds the IAM permissions for the service account to publish to the topic
+* For PubSub & BigQuery, `integrationcli` adds the IAM permissions for the service account to the resource
 
 ### Third Party Applications
 

apiclient/iam.go

@@ -133,3 +133,51 @@ func SetPubSubIAMPermission(project string, topic string, memberName string) (er
 	const role = "roles/pubsub.publisher"
 	return setIAMPermission(endpoint, topic, memberName, role, memberType)
 }
+
+func SetBigQueryIAMPermission(project string, datasetid string, memberName string) (err error) {
+	var endpoint = fmt.Sprintf("https://bigquery.googleapis.com/bigquery/v2/projects/%s/datasets/%s", project, datasetid)
+	const role = "WRITER"
+	var content []byte
+
+	//first fetch the information
+	respBody, err := HttpClient(false, endpoint)
+	if err != nil {
+		return err
+	}
+
+	type accessType struct {
+		Role         string  `json:"role,omitempty"`
+		IamMember    *string `json:"iamMember,omitempty"`
+		UserByEmail  *string `json:"userByEmail,omitempty"`
+		SpecialGroup *string `json:"specialGroup,omitempty"`
+		GroupByEmail *string `json:"groupByEmail,omitempty"`
+	}
+
+	type datasetType struct {
+		Access []accessType `json:"access,omitempty"`
+	}
+
+	dataset := datasetType{}
+	if err = json.Unmarshal(respBody, &dataset); err != nil {
+		return err
+	}
+
+	access := accessType{}
+	access.Role = role
+	access.UserByEmail = new(string)
+	*access.UserByEmail = memberName
+
+	//merge the updates
+	dataset.Access = append(dataset.Access, access)
+
+	if content, err = json.Marshal(dataset); err != nil {
+		return err
+	}
+
+	//patch the update
+	if _, err = HttpClient(false, endpoint, string(content), "PATCH"); err != nil {
+		return err
+	}
+
+	return nil
+}

client/connections/connectors.go

@@ -138,9 +138,11 @@ func Create(name string, content []byte, grantPermission bool) (respBody []byte,
 
 	// check if permissions need to be set
 	if grantPermission && *c.ServiceAccount != "" {
+		var projectId string
+
 		switch c.ConnectorDetails.Name {
 		case "pubsub":
-			var projectId, topicName string
+			var topicName string
 
 			for _, configVar := range *c.ConfigVariables {
 				if configVar.Key == "project_id" {
@@ -159,7 +161,27 @@ func Create(name string, content []byte, grantPermission bool) (respBody []byte,
 				clilog.Warning.Printf("Unable to update permissions for the service account: %v\n", err)
 			}
 		case "bigquery":
-			clilog.Warning.Println("Updating service account permissions for BQ is not supported")
+			var datasetId string
+
+			for _, configVar := range *c.ConfigVariables {
+				if configVar.Key == "project_id" {
+					projectId = *configVar.StringValue
+				}
+				if configVar.Key == "dataset_id" {
+					datasetId = *configVar.StringValue
+				}
+			}
+			if projectId == "" || datasetId == "" {
+				return nil, fmt.Errorf("projectId or datasetId was not set")
+			}
+
+			if err = apiclient.SetBigQueryIAMPermission(projectId, datasetId, *c.ServiceAccount); err != nil {
+				clilog.Warning.Printf("Unable to update permissions for the service account: %v\n", err)
+			}
+		case "gcs":
+			clilog.Warning.Println("Updating SA permissions for GCS is not currently supported")
+		case "cloudsql-postgresql":
+			clilog.Warning.Println("Updating SA permissions for cloudsql-postgresql is not currently supported")
 		}
 	}