mindersec · rdimitrov · Jun 25, 2024 · Jun 20, 2024 · Jun 24, 2024 · Jun 24, 2024
@@ -50,7 +50,7 @@ func inviteAcceptCommand(ctx context.Context, cmd *cobra.Command, args []string,
 	if err != nil {
 		return cli.MessageAndError("Error resolving invitation", err)
 	}
-	cmd.Printf("Invitation %s for %s to become %s of project %s was accepted!\n", code, res.Email, res.Role, res.Project)
+	cmd.Printf("Invitation %s for %s to become %s of project %s was accepted!\n", code, res.Email, res.Role, res.ProjectDisplay)
 	return nil
 }
 

@@ -50,7 +50,7 @@ func inviteDeclineCommand(ctx context.Context, cmd *cobra.Command, args []string
 	if err != nil {
 		return cli.MessageAndError("Error resolving invitation", err)
 	}
-	cmd.Printf("Invitation %s for %s to become %s of project %s was declined!\n", code, res.Email, res.Role, res.Project)
+	cmd.Printf("Invitation %s for %s to become %s of project %s was declined!\n", code, res.Email, res.Role, res.ProjectDisplay)
 	return nil
 }
 

@@ -60,8 +60,8 @@ func GrantCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grp
 			Role:  r,
 			Email: email,
 		}
-		failMsg = "Error creating/updating an invite"
-		successMsg = "Invite created/updated successfully."
+		failMsg = "Error creating an invite"
+		successMsg = "Invite created successfully."
 	}
 
 	ret, err := client.AssignRole(ctx, &minderv1.AssignRoleRequest{

@@ -18,7 +18,9 @@ package role
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
+	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -78,17 +80,30 @@ func GrantListCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn
 		}
 		cmd.Println(out)
 	case app.Table:
-		t := initializeTableForGrantList()
+		t := initializeTableForGrantListRoleAssignments()
 		for _, r := range resp.RoleAssignments {
-			t.AddRow(r.Subject, r.Role)
+			t.AddRow(r.Subject, r.Role, *r.Project)
 		}
 		t.Render()
+		if len(resp.Invitations) > 0 {
+			t := initializeTableForGrantListInvitations()
+			for _, r := range resp.Invitations {
+				t.AddRow(r.Email, r.Role, r.SponsorDisplay, r.ExpiresAt.AsTime().Format(time.RFC3339), strconv.FormatBool(r.Expired), r.Code)
+			}
+			t.Render()
+		} else {
+			cmd.Println("No pending invitations found.")
+		}
 	}
 	return nil
 }
 
-func initializeTableForGrantList() table.Table {
-	return table.New(table.Simple, layouts.Default, []string{"Subject", "Role"})
+func initializeTableForGrantListRoleAssignments() table.Table {
+	return table.New(table.Simple, layouts.Default, []string{"Subject", "Role", "Project"})
+}
+
+func initializeTableForGrantListInvitations() table.Table {
+	return table.New(table.Simple, layouts.Default, []string{"Invitee", "Role", "Sponsor", "Expires At", "Expired", "Code"})
 }
 
 func init() {

@@ -17,6 +17,7 @@ package role
 
 import (
 	"context"
+	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -38,40 +39,64 @@ to a user (subject) on a particular project.`,
 func UpdateCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grpc.ClientConn) error {
 	client := minderv1.NewPermissionsServiceClient(conn)
 
-	sub := viper.GetString("sub")
 	r := viper.GetString("role")
 	project := viper.GetString("project")
+	sub := viper.GetString("sub")
+	email := viper.GetString("email")
 
 	// No longer print usage on returned error, since we've parsed our inputs
 	// See https://github.com/spf13/cobra/issues/340#issuecomment-374617413
 	cmd.SilenceUsage = true
 
-	ret, err := client.UpdateRole(ctx, &minderv1.UpdateRoleRequest{
+	req := &minderv1.UpdateRoleRequest{
 		Context: &minderv1.Context{
 			Project: &project,
 		},
 		Roles:   []string{r},
 		Subject: sub,
-	})
+	}
+	failMsg := "Error updating role"
+	successMsg := "Updated role successfully."
+	if email != "" {
+		req.Email = email
+		failMsg = "Error updating an invite"
+		successMsg = "Invite updated successfully."
+	}
+
+	ret, err := client.UpdateRole(ctx, req)
 	if err != nil {
-		return cli.MessageAndError("Error updating role", err)
+		return cli.MessageAndError(failMsg, err)
 	}
 
-	cmd.Println("Update role successfully.")
-	cmd.Printf(
-		"Subject \"%s\" is now assigned to role \"%s\" on project \"%s\"\n",
-		ret.RoleAssignments[0].Subject,
-		ret.RoleAssignments[0].Role,
-		*ret.RoleAssignments[0].Project,
-	)
+	cmd.Println(successMsg)
 
+	if email != "" {
+		t := initializeTableForGrantListInvitations()
+		for _, r := range ret.Invitations {
+			expired := "No"
+			if r.Expired {
+				expired = "Yes"
+			}
+			t.AddRow(r.Email, r.Role, r.Sponsor, r.ExpiresAt.AsTime().Format(time.RFC3339), expired, r.Code)
+		}
+		t.Render()
+		return nil
+	}
+	// Otherwise, print the role assignments if it was about updating a role
+	t := initializeTableForGrantListRoleAssignments()
+	for _, r := range ret.RoleAssignments {
+		t.AddRow(r.Subject, r.Role, *r.Project)
+	}
+	t.Render()
 	return nil
 }
 
 func init() {
 	RoleCmd.AddCommand(updateCmd)
 
-	updateCmd.Flags().StringP("sub", "s", "", "subject to update role access for")
 	updateCmd.Flags().StringP("role", "r", "", "the role to update it to")
-	updateCmd.MarkFlagsRequiredTogether("sub", "role")
+	updateCmd.Flags().StringP("sub", "s", "", "subject to update role access for")
+	updateCmd.Flags().StringP("email", "e", "", "email to send invitation to")
+	updateCmd.MarkFlagsOneRequired("sub", "email")
+	updateCmd.MarkFlagsMutuallyExclusive("sub", "email")
 }
@@ -4,7 +4,7 @@
 -- the invitee.
 
 -- name: ListInvitationsForProject :many
-SELECT user_invites.email, role, users.identity_subject, user_invites.created_at, user_invites.updated_at
+SELECT user_invites.email, role, users.identity_subject, user_invites.created_at, user_invites.updated_at, user_invites.code
 FROM user_invites
   JOIN users ON user_invites.sponsor = users.id
 WHERE project = $1;
@@ -14,23 +14,33 @@ WHERE project = $1;
 -- to allow them to accept invitations even if email delivery was not working.
 -- Note that this requires that the destination email address matches the email
 -- address of the logged in user in the external identity service / auth token.
+-- This clarification is related solely for user's ListInvitations calls and does
+-- not affect to resolving invitations intended for other mail addresses.
 
 -- name: GetInvitationsByEmail :many
-SELECT * FROM user_invites WHERE email = $1;
+SELECT user_invites.*, users.identity_subject
+FROM user_invites
+  JOIN users ON user_invites.sponsor = users.id
+WHERE email = $1;
 
--- GetInvitationByEmailAndProjectAndRole retrieves an invitation by email, project,
--- and role.
+-- GetInvitationsByEmailAndProject retrieves all invitations by email and project.
 
--- name: GetInvitationByEmailAndProjectAndRole :one
-SELECT * FROM user_invites WHERE email = $1 AND project = $2 AND role = $3;
+-- name: GetInvitationsByEmailAndProject :many
+SELECT user_invites.*, users.identity_subject
+FROM user_invites
+  JOIN users ON user_invites.sponsor = users.id
+WHERE email = $1 AND project = $2;
 
 -- GetInvitationByCode retrieves an invitation by its code. This is intended to
 -- be called by a user who has received an invitation email and is following the
 -- link to accept the invitation or when querying for additional info about the
 -- invitation.
 
 -- name: GetInvitationByCode :one
-SELECT * FROM user_invites WHERE code = $1;
+SELECT user_invites.*, users.identity_subject
+FROM user_invites
+  JOIN users ON user_invites.sponsor = users.id
+WHERE code = $1;
 
 -- CreateInvitation creates a new invitation. The code is a secret that is sent
 -- to the invitee, and the email is the address to which the invitation will be