in internal/apiclient/iam.go [177:241]
func setProjectIAMPermission(project string, memberName string, role string) (err error) {
getendpoint := fmt.Sprintf("https://cloudresourcemanager.googleapis.com/v1/projects/%s:getIamPolicy", project)
setendpoint := fmt.Sprintf("https://cloudresourcemanager.googleapis.com/v1/projects/%s:setIamPolicy", project)
// this method treats errors as info since this is not a blocking problem
ClientPrintHttpResponse.Set(false)
// Get the current IAM policies for the project
respBody, err := HttpClient(getendpoint, "")
if err != nil {
clilog.Debug.Printf("error getting IAM policies for the project %s: %v", project, err)
return err
}
// binding for IAM Roles
type roleBinding struct {
Role string `json:"role,omitempty"`
Members []string `json:"members,omitempty"`
Condition *condition `json:"condition,omitempty"`
}
// IamPolicy holds the response
type iamPolicy struct {
Version int `json:"version,omitempty"`
Etag string `json:"etag,omitempty"`
Bindings []roleBinding `json:"bindings,omitempty"`
}
// iamPolicyRequest holds the request to set IAM
type iamPolicyRequest struct {
Policy iamPolicy `json:"policy,omitempty"`
}
policy := iamPolicy{}
err = json.Unmarshal(respBody, &policy)
if err != nil {
clilog.Debug.Println(err)
return err
}
binding := roleBinding{}
binding.Role = role
binding.Members = append(binding.Members, "serviceAccount:"+memberName)
policy.Bindings = append(policy.Bindings, binding)
policyRequest := iamPolicyRequest{}
policyRequest.Policy = policy
policyRequestBody, err := json.Marshal(policyRequest)
if err != nil {
clilog.Debug.Println(err)
return err
}
_, err = HttpClient(setendpoint, string(policyRequestBody))
if err != nil {
clilog.Debug.Printf("error setting IAM policies for the project %s: %v", project, err)
return err
}
ClientPrintHttpResponse.Set(GetCmdPrintHttpResponseSetting())
return nil
}