func GetServicePermissionsStatus()

in internal/iam/permissions.go [97:154]

• 49 lines of code
• 20 McCabe index (conditional complexity)

func GetServicePermissionsStatus(ctx context.Context, iamService IAMService, serviceName string, r *ResourceDetails) (map[string]bool, error) {
	// Get the permissions for the service from the permissionsMap
	permissionsList, ok := permissionsMap[serviceName]
	if !ok {
		return nil, fmt.Errorf("service not found: %s", serviceName)
	}

	allPermissions := fetchPermissionsMap(permissionsList)
	// Check permissions for each resource type in the permissionsList
	var allGrantedPermissions []string
	for _, permList := range permissionsList {
		// Call the appropriate IAM check function based on resource type
		var grantedPermissions []string
		var err error
		switch permList.Type {
		case "Project":
			if r.ProjectID == "" {
				return nil, fmt.Errorf("missing ProjectID in entityDetails")
			}
			grantedPermissions, err = iamService.CheckIAMPermissionsOnProject(ctx, r.ProjectID, permList.Permissions)
		case "Bucket":
			if r.BucketName == "" {
				return nil, fmt.Errorf("missing BucketName in entityDetails")
			}
			grantedPermissions, err = iamService.CheckIAMPermissionsOnBucket(ctx, r.BucketName, permList.Permissions)
		case "Disk":
			if r.ProjectID == "" || r.Zone == "" || r.DiskName == "" {
				return nil, fmt.Errorf("missing ProjectID, Zone, or DiskName in entityDetails")
			}
			grantedPermissions, err = iamService.CheckIAMPermissionsOnDisk(ctx, r.ProjectID, r.Zone, r.DiskName, permList.Permissions)
		case "Instance":
			if r.ProjectID == "" || r.Zone == "" || r.InstanceName == "" {
				return nil, fmt.Errorf("missing ProjectID, Zone, or InstanceName in entityDetails")
			}
			grantedPermissions, err = iamService.CheckIAMPermissionsOnInstance(ctx, r.ProjectID, r.Zone, r.InstanceName, permList.Permissions)
		case "Secret":
			if r.ProjectID == "" || r.SecretName == "" {
				return nil, fmt.Errorf("missing ProjectID or SecretName in entityDetails")
			}
			grantedPermissions, err = iamService.CheckIAMPermissionsOnSecret(ctx, r.ProjectID, r.SecretName, permList.Permissions)
		default:
			return nil, fmt.Errorf("unsupported resource type: %s", permList.Type)
		}
		if err != nil {
			return nil, fmt.Errorf("failed to check permissions for service %s on entity %s: %v", serviceName, permList.Type, err)
		}

		allGrantedPermissions = append(allGrantedPermissions, grantedPermissions...)
	}

	// Sets the permissions map to true for all granted permissions.
	// Assumes that the permissions are unique across all resource types.
	for _, perm := range allGrantedPermissions {
		allPermissions[perm] = true
	}

	return allPermissions, nil
}