MCPcopy Index your code
hub / github.com/bytebase/bytebase / UpdateProjectPolicyFromRoleGrantIssue

Function UpdateProjectPolicyFromRoleGrantIssue

backend/utils/utils.go:81–152  ·  view source on GitHub ↗

UpdateProjectPolicyFromRoleGrantIssue updates the project policy from a role grant issue.

(ctx context.Context, stores *store.Store, workspaceID string, issue *store.IssueMessage, roleGrant *storepb.RoleGrant)

Source from the content-addressed store, hash-verified

79
80// UpdateProjectPolicyFromRoleGrantIssue updates the project policy from a role grant issue.
81func UpdateProjectPolicyFromRoleGrantIssue(ctx context.Context, stores *store.Store, workspaceID string, issue *store.IssueMessage, roleGrant *storepb.RoleGrant) error {
82 policyMessage, err := stores.GetProjectIamPolicy(ctx, workspaceID, issue.ProjectID)
83 if err != nil {
84 return errors.Wrapf(err, "failed to get project policy for project %s", issue.ProjectID)
85 }
86
87 var newConditionExpr string
88 if roleGrant.Condition != nil {
89 newConditionExpr = roleGrant.Condition.Expression
90 }
91 updated := false
92
93 email, err := extractEmailFromUserIdentifier(roleGrant.User)
94 if err != nil {
95 return err
96 }
97 newUser, err := stores.GetUserByEmail(ctx, email)
98 if err != nil {
99 return errors.Wrapf(err, "failed to find user %s", email)
100 }
101 if newUser == nil {
102 return connect.NewError(connect.CodeInternal, errors.Errorf("user %s not found", email))
103 }
104 memberName := formatMemberNameByType(newUser)
105 for _, binding := range policyMessage.Policy.Bindings {
106 if binding.Role != roleGrant.Role {
107 continue
108 }
109 var oldConditionExpr string
110 if binding.Condition != nil {
111 oldConditionExpr = binding.Condition.Expression
112 }
113 if oldConditionExpr != newConditionExpr {
114 continue
115 }
116 // Append
117 binding.Members = append(binding.Members, memberName)
118 updated = true
119 break
120 }
121 if !updated {
122 condition := roleGrant.Condition
123 if condition == nil {
124 condition = &expr.Expr{}
125 }
126 condition.Description = fmt.Sprintf("#%d", issue.UID)
127 policyMessage.Policy.Bindings = append(policyMessage.Policy.Bindings, &storepb.Binding{
128 Role: roleGrant.Role,
129 Members: []string{memberName},
130 Condition: condition,
131 })
132 }
133
134 policyPayload, err := protojson.Marshal(policyMessage.Policy)
135 if err != nil {
136 return err
137 }
138 if _, err := stores.CreatePolicy(ctx, &store.PolicyMessage{

Callers 1

Calls 7

FormatProjectFunction · 0.92
formatMemberNameByTypeFunction · 0.85
GetProjectIamPolicyMethod · 0.80
GetUserByEmailMethod · 0.80
ErrorfMethod · 0.80
CreatePolicyMethod · 0.65

Tested by

no test coverage detected