mindersec · rdimitrov · Jun 19, 2024 · Jun 19, 2024
@@ -42,37 +42,50 @@ func DenyCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grpc
 	sub := viper.GetString("sub")
 	r := viper.GetString("role")
 	project := viper.GetString("project")
+	email := viper.GetString("email")
 
 	// No longer print usage on returned error, since we've parsed our inputs
 	// See https://github.com/spf13/cobra/issues/340#issuecomment-374617413
 	cmd.SilenceUsage = true
 
+	roleAssignment := &minderv1.RoleAssignment{
+		Role:    r,
+		Subject: sub,
+	}
+	failMsg := "Error denying role"
+	successMsg := "Denied role successfully."
+	// Only send an email if one is provided
+	if email != "" {
+		roleAssignment = &minderv1.RoleAssignment{
+			Role:  r,
+			Email: email,
+		}
+		failMsg = "Error deleting an invite"
+		successMsg = "Invite deleted successfully."
+	}
+
 	_, err := client.RemoveRole(ctx, &minderv1.RemoveRoleRequest{
 		Context: &minderv1.Context{
 			Project: &project,
 		},
-		RoleAssignment: &minderv1.RoleAssignment{
-			Role:    r,
-			Subject: sub,
-		},
+		RoleAssignment: roleAssignment,
 	})
 	if err != nil {
-		return cli.MessageAndError("Error denying role", err)
+		return cli.MessageAndError(failMsg, err)
 	}
 
-	cmd.Println("Denied role successfully.")
+	cmd.Println(successMsg)
 	return nil
 }
 
 func init() {
 	RoleCmd.AddCommand(denyCmd)
 
-	denyCmd.Flags().StringP("sub", "s", "", "subject to grant access to")
 	denyCmd.Flags().StringP("role", "r", "", "the role to grant")
-	if err := denyCmd.MarkFlagRequired("sub"); err != nil {
-		denyCmd.Print("Error marking `sub` flag as required.")
-		os.Exit(1)
-	}
+	denyCmd.Flags().StringP("sub", "s", "", "subject to grant access to")
+	denyCmd.Flags().StringP("email", "e", "", "email to send invitation to")
+	denyCmd.MarkFlagsOneRequired("sub", "email")
+	denyCmd.MarkFlagsMutuallyExclusive("sub", "email")
 	if err := denyCmd.MarkFlagRequired("role"); err != nil {
 		denyCmd.Print("Error marking `role` flag as required.")
 		os.Exit(1)

@@ -42,25 +42,43 @@ func GrantCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grp
 	sub := viper.GetString("sub")
 	r := viper.GetString("role")
 	project := viper.GetString("project")
+	email := viper.GetString("email")
 
 	// No longer print usage on returned error, since we've parsed our inputs
 	// See https://github.com/spf13/cobra/issues/340#issuecomment-374617413
 	cmd.SilenceUsage = true
 
-	_, err := client.AssignRole(ctx, &minderv1.AssignRoleRequest{
+	roleAssignment := &minderv1.RoleAssignment{
+		Role:    r,
+		Subject: sub,
+	}
+	failMsg := "Error granting role"
+	successMsg := "Granted role successfully."
+	// Only send an email if one is provided
+	if email != "" {
+		roleAssignment = &minderv1.RoleAssignment{
+			Role:  r,
+			Email: email,
+		}
+		failMsg = "Error creating/updating an invite"
+		successMsg = "Invite created/updated successfully."
+	}
+
+	ret, err := client.AssignRole(ctx, &minderv1.AssignRoleRequest{
 		Context: &minderv1.Context{
 			Project: &project,
 		},
-		RoleAssignment: &minderv1.RoleAssignment{
-			Role:    r,
-			Subject: sub,
-		},
+		RoleAssignment: roleAssignment,
 	})
 	if err != nil {
-		return cli.MessageAndError("Error granting role", err)
+		return cli.MessageAndError(failMsg, err)
 	}
 
-	cmd.Println("Granted role successfully.")
+	cmd.Println(successMsg)
+
+	if ret.Invitation != nil && ret.Invitation.Code != "" {
+		cmd.Printf("\nThe invitee can accept it by running: \n\nminder auth invite accept %s\n", ret.Invitation.Code)
+	}
 	return nil
 }
 
@@ -69,10 +87,9 @@ func init() {
 
 	grantCmd.Flags().StringP("sub", "s", "", "subject to grant access to")
 	grantCmd.Flags().StringP("role", "r", "", "the role to grant")
-	if err := grantCmd.MarkFlagRequired("sub"); err != nil {
-		grantCmd.Print("Error marking `sub` flag as required.")
-		os.Exit(1)
-	}
+	grantCmd.Flags().StringP("email", "e", "", "email to send invitation to")
+	grantCmd.MarkFlagsOneRequired("sub", "email")
+	grantCmd.MarkFlagsMutuallyExclusive("sub", "email")
 	if err := grantCmd.MarkFlagRequired("role"); err != nil {
 		grantCmd.Print("Error marking `role` flag as required.")
 		os.Exit(1)

@@ -0,0 +1,77 @@
+//
+// Copyright 2024 Stacklok, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package role
+
+import (
+	"context"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"google.golang.org/grpc"
+
+	"github.com/stacklok/minder/internal/util/cli"
+	minderv1 "github.com/stacklok/minder/pkg/api/protobuf/go/minder/v1"
+)
+
+var updateCmd = &cobra.Command{
+	Use:   "update",
+	Short: "update a role to a subject on a project",
+	Long: `The minder project role update command allows one to update a role
+to a user (subject) on a particular project.`,
+	RunE: cli.GRPCClientWrapRunE(UpdateCommand),
+}
+
+// UpdateCommand is the command for granting roles
+func UpdateCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grpc.ClientConn) error {
+	client := minderv1.NewPermissionsServiceClient(conn)
+
+	sub := viper.GetString("sub")
+	r := viper.GetString("role")
+	project := viper.GetString("project")
+
+	// No longer print usage on returned error, since we've parsed our inputs
+	// See https://github.com/spf13/cobra/issues/340#issuecomment-374617413
+	cmd.SilenceUsage = true
+
+	ret, err := client.UpdateRole(ctx, &minderv1.UpdateRoleRequest{
+		Context: &minderv1.Context{
+			Project: &project,
+		},
+		Role:    []string{r},
+		Subject: sub,
+	})
+	if err != nil {
+		return cli.MessageAndError("Error updating role", err)
+	}
+
+	cmd.Println("Update role successfully.")
+	cmd.Printf(
+		"Subject \"%s\" is now assigned to role \"%s\" on project \"%s\"\n",
+		ret.RoleAssignments[0].Subject,
+		ret.RoleAssignments[0].Role,
+		*ret.RoleAssignments[0].Project,
+	)
+
+	return nil
+}
+
+func init() {
+	RoleCmd.AddCommand(updateCmd)
+
+	updateCmd.Flags().StringP("sub", "s", "", "subject to update role access for")
+	updateCmd.Flags().StringP("role", "r", "", "the role to update it to")
+	updateCmd.MarkFlagsRequiredTogether("sub", "role")
+}