-
Notifications
You must be signed in to change notification settings - Fork 956
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fdc grant cmds #7656
Fdc grant cmds #7656
Conversation
b08b2a9
to
28fe9a9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update description with test commands and screenshots of results?
Both sunny case and error scenarios.
"-E, --email <email>", | ||
"The email of the user or service account we would like to grant the role to.", | ||
) | ||
.before(requirePermissions, ["firebasedataconnect.services.list"]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and cloudsql.instance.connect
We can move cloudsql.users.create
here for simplicity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are in the iamUserIsCSQLAdmin
check so the user can get a nice error message. I'm ok with removing the iamUserIsCSQLAdmin
check and just moving things here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine to be checked later
src/dataconnect/schemaMigration.ts
Outdated
throw new FirebaseError( | ||
"-E, --email <email> is required. Run the command with -h for more info.", | ||
); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these validations be at cmd file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 - consider using https://github.com/tj/commander.js?tab=readme-ov-file#required-option instead of option to make these required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved to cmd file.
@joehan, I tried using requiredOption but it wasn't possible. We have our own Command type and we don't define requiredOption on it. I also looked around and it seems like we don't have any usage of this.
src/dataconnect/schemaMigration.ts
Outdated
// Make sure current user can perform this action. | ||
const userIsCSQLAdmin = await iamUserIsCSQLAdmin(options); | ||
if (!userIsCSQLAdmin) { | ||
throw new FirebaseError(`Only users with 'roles/cloudsql.admin' can grant SQL roles.`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wonder if requiring cloudsql.users.create
in the cmd permission will do it.
This error message is nice though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be a good place to print out instructions telling users to ask their DB admin - ie:
Only users with 'roles/cloudsql.admin' can grant SQL roles. If you do not have this role, ask your database administrator to run this command or manually grant <role> to <user>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated the error message. The error message also will take care of the service account extension.
"-E, --email <email>", | ||
"The email of the user or service account we would like to grant the role to.", | ||
) | ||
.before(requirePermissions, ["firebasedataconnect.services.list"]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine to be checked later
Description
Add
firebase dataconnect:sql:grant -R <role> -E <email>
command. The command grants the corresponding role in the FDC sql instance.Scenarios Tested
Not passing -R or --role ->
Error: -R, --role <role> is required. Run the command with -h for more info.
Note passing -E or --email ->
Error: -E, --email <email> is required. Run the command with -h for more info.
passing non existing role ->
Error: Role should be one of owner | writer | reader.
Sample Commands