Merge pull request #113 from srinandan/issue112

fetch default SA only when grant perm is set
srinandan · Jan 17, 2023 · 652c00c · 652c00c
2 parents 09a1e84 + 09b3a14
commit 652c00c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 10 deletions.
diff --git a/apiclient/iam.go b/apiclient/iam.go
@@ -179,7 +179,7 @@ func setProjectIAMPermission(project string, memberName string, role string) (er
 	//this method treats errors as info since this is not a blocking problem
 
 	//Get the current IAM policies for the project
-	respBody, err := HttpClient(false, getendpoint, "")
+	respBody, err := HttpClient(false, getendpoint)
 	if err != nil {
 		clilog.Info.Printf("error getting IAM policies for the project %s: %v", project, err)
 		return err
@@ -399,7 +399,7 @@ func GetComputeEngineDefaultServiceAccount(projectId string) (serviceAccount str
 	var getendpoint = fmt.Sprintf("https://cloudresourcemanager.googleapis.com/v3/projects/%s", projectId)
 
 	//Get the project number
-	respBody, err := HttpClient(false, getendpoint, "")
+	respBody, err := HttpClient(false, getendpoint)
 	if err != nil {
 		clilog.Info.Printf("error getting details for the project %s: %v", projectId, err)
 		return serviceAccount, err

diff --git a/client/connections/connectors.go b/client/connections/connectors.go
@@ -139,10 +139,6 @@ func Create(name string, content []byte, serviceAccountName string, serviceAccou
 		return nil, err
 	}
 
-	if c.ServiceAccount == nil {
-		c.ServiceAccount = new(string)
-	}
-
 	//service account overrides have been provided, use them
 	if serviceAccountName != "" {
 		//set the project id if one was not presented
@@ -154,14 +150,17 @@ func Create(name string, content []byte, serviceAccountName string, serviceAccou
 		if err = apiclient.CreateServiceAccount(serviceAccountName); err != nil {
 			return nil, err
 		}
-	} else { //use the default compute engine SA
+	} else if grantPermission { //use the default compute engine SA to grant permissions
 		serviceAccountName, err = apiclient.GetComputeEngineDefaultServiceAccount(apiclient.GetProjectID())
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	*c.ServiceAccount = serviceAccountName
+	if c.ServiceAccount == nil && serviceAccountName != "" {
+		c.ServiceAccount = new(string)
+		*c.ServiceAccount = serviceAccountName
+	}
 
 	if c.ConnectorDetails == nil {
 		return nil, fmt.Errorf("connectorDetails must be set. See https://github.com/srinandan/integrationcli#connectors-for-third-party-applications for more details")
@@ -282,9 +281,9 @@ func Create(name string, content []byte, serviceAccountName string, serviceAccou
 		c.AuthConfig.UserPassword.Password.SecretVersion = secretVersion
 		c.AuthConfig.UserPassword.PasswordDetails = nil //clean the input
 
-		if grantPermission {
+		if grantPermission && c.ServiceAccount != nil {
 			//grant connector service account access to secretVersion
-			if err = apiclient.SetSecretManagerIAMPermission(apiclient.GetProjectID(), secretName, serviceAccountName); err != nil {
+			if err = apiclient.SetSecretManagerIAMPermission(apiclient.GetProjectID(), secretName, *c.ServiceAccount); err != nil {
 				return nil, err
 			}
 		}