bqiam

command module
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 5, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

README

bqiam

Apache-2.0

What is this?

This tool provides easier permission management for BigQuery.

Currently supports;

  • list the user's permissions for each BigQuery Datasets
  • permit users to each BigQuery Datasets access role (READER/WRITER/OWNER) and roles/bigquery.jobUser (to run query)
  • permit users to Project-wide access role (roles/viewer or rolse/editor)

Requirement

You must have a roles/owner on your GCP project.

Install

$ go get -u github.com/hirosassa/bqiam

Usage

Prepare configuration file as following format (currently support only the file name is .bqiam.toml on your $HOME):

// .bqiam.toml
BigqueryProjects = ["project-id-A", "project-id-B", ...]
CacheFile = "path/to/cache-file.toml"

Next, fetch bigquery dataset metadata and store it to cache file (take about 30-60 sec.).

$ bqiam cache
dataset meta data are cached to path/to/cache-file.toml

List datasets the user is able to access.

$ bqiam dataset abc@sample.com
sample-prj sample-ds1 OWNER
sample-prj sample-ds2 READER
...

Grant the user(s) a role to access the dataset(s). This command also adds roles/bigquery.jobUser automatically.

$ bqiam permit dataset READER -p bq-project-id -u user1@email.com -u user2@email.com -d dataset1 -d dataset2
Permit user1@email.com to dataset1 access as READER
Permit user2@email.com to dataset1 access as READER
...

Grant the user(s) a project-wide role.

$ bqiam permit project READER -p bq-project-id -u user1@email.com -u user2@email.com
Permit user1@email.com to bq-project-id access as READER
Permit user2@email.com to bq-project-id access as READER
...

Documentation

Overview

Copyright © 2020 Hirohito Sasakawa

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL