async function revokeAccessToTableOrView()

in bigquery/cloud-client/revokeTableOrViewAccess.js [40:113]

• 45 lines of code
• 19 McCabe index (conditional complexity)

  async function revokeAccessToTableOrView() {
    const dataset = client.dataset(datasetId);
    const table = dataset.table(tableId);

    // Get the IAM access policy for the table or view.
    const [policy] = await table.getIamPolicy();

    // Initialize bindings array.
    if (!policy.bindings) {
      policy.bindings = [];
    }

    // To revoke access to a table or view,
    // remove bindings from the Table or View policy.
    //
    // Find more details about Policy objects here:
    // https://cloud.google.com/security-command-center/docs/reference/rest/Shared.Types/Policy

    if (principalToRemove) {
      // Create a copy of bindings for modifications.
      const bindings = [...policy.bindings];

      // Filter out the principal from each binding.
      for (const binding of bindings) {
        if (binding.members) {
          binding.members = binding.members.filter(
            m => m !== principalToRemove
          );
        }
      }

      // Filter out bindings with empty members.
      policy.bindings = bindings.filter(
        binding => binding.members && binding.members.length > 0
      );
    }

    if (roleToRemove) {
      // Filter out all bindings with the roleToRemove
      // and assign a new list back to the policy bindings.
      policy.bindings = policy.bindings.filter(b => b.role !== roleToRemove);
    }

    // Set the IAM access policy with updated bindings.
    await table.setIamPolicy(policy);

    // Both role and principal are removed
    if (roleToRemove !== null && principalToRemove !== null) {
      console.log(
        `Role '${roleToRemove}' revoked for principal '${principalToRemove}' on resource '${datasetId}.${tableId}'.`
      );
    }

    // Only role is removed
    if (roleToRemove !== null && principalToRemove === null) {
      console.log(
        `Role '${roleToRemove}' revoked for all principals on resource '${datasetId}.${tableId}'.`
      );
    }

    // Only principal is removed
    if (roleToRemove === null && principalToRemove !== null) {
      console.log(
        `Access revoked for principal '${principalToRemove}' on resource '${datasetId}.${tableId}'.`
      );
    }

    // No changes were made
    if (roleToRemove === null && principalToRemove === null) {
      console.log(
        `No changes made to access policy for '${datasetId}.${tableId}'.`
      );
    }
  }