chore: support users and project iam (#81)

* refactor: use protocol api

* fix: go mod

* chore: update

* chore: update

* chore: go version

* fix: test

* chore: golang lint

* chore: support approval setting

* chore: support approval flow

* chore: update

* fix: go mod tidy

* fix: lint

* chore: update

* chore: update

* chore: update

* fix: lint

* chore: policy and setting

* chore: update

* chore: update docs

* chore: support vcs provider and vcs connector

* chore: update

* fix: golang lint

* chore: update docs

* chore: support users and project iam

* fix: lint

* chore: update

* chore: update

* chore: check expire time

Author: ecmadao

api/client.go

@@ -9,14 +9,13 @@ import (
 
 // Client is the API message for Bytebase OpenAPI client.
 type Client interface {
-	// Auth
-	// Login will login the user and get the response.
-	Login() (*v1pb.LoginResponse, error)
+	// GetCaller returns the API caller.
+	GetCaller() *v1pb.User
 
 	// Environment
 	// CreateEnvironment creates the environment.
 	CreateEnvironment(ctx context.Context, environmentID string, create *v1pb.Environment) (*v1pb.Environment, error)
-	// GetEnvironment gets the environment by id.
+	// GetEnvironment gets the environment by full name.
 	GetEnvironment(ctx context.Context, environmentName string) (*v1pb.Environment, error)
 	// ListEnvironment finds all environments.
 	ListEnvironment(ctx context.Context, showDeleted bool) (*v1pb.ListEnvironmentsResponse, error)
@@ -30,7 +29,7 @@ type Client interface {
 	// Instance
 	// ListInstance will return instances.
 	ListInstance(ctx context.Context, showDeleted bool) (*v1pb.ListInstancesResponse, error)
-	// GetInstance gets the instance by id.
+	// GetInstance gets the instance by full name.
 	GetInstance(ctx context.Context, instanceName string) (*v1pb.Instance, error)
 	// CreateInstance creates the instance.
 	CreateInstance(ctx context.Context, instanceID string, instance *v1pb.Instance) (*v1pb.Instance, error)
@@ -62,7 +61,7 @@ type Client interface {
 	UpdateDatabase(ctx context.Context, patch *v1pb.Database, updateMasks []string) (*v1pb.Database, error)
 
 	// Project
-	// GetProject gets the project by resource id.
+	// GetProject gets the project by project full name.
 	GetProject(ctx context.Context, projectName string) (*v1pb.Project, error)
 	// ListProject list the projects,
 	ListProject(ctx context.Context, showDeleted bool) (*v1pb.ListProjectsResponse, error)
@@ -74,6 +73,10 @@ type Client interface {
 	DeleteProject(ctx context.Context, projectName string) error
 	// UndeleteProject undeletes the project.
 	UndeleteProject(ctx context.Context, projectName string) (*v1pb.Project, error)
+	// GetProjectIAMPolicy gets the project IAM policy by project full name.
+	GetProjectIAMPolicy(ctx context.Context, projectName string) (*v1pb.IamPolicy, error)
+	// SetProjectIAMPolicy sets the project IAM policy.
+	SetProjectIAMPolicy(ctx context.Context, projectName string, iamPolicy *v1pb.IamPolicy) (*v1pb.IamPolicy, error)
 
 	// Setting
 	// ListSettings lists all settings.
@@ -90,7 +93,7 @@ type Client interface {
 	// VCS Provider
 	// ListVCSProvider will returns all vcs providers.
 	ListVCSProvider(ctx context.Context) (*v1pb.ListVCSProvidersResponse, error)
-	// GetVCSProvider gets the vcs by id.
+	// GetVCSProvider gets the vcs by full name.
 	GetVCSProvider(ctx context.Context, name string) (*v1pb.VCSProvider, error)
 	// CreateVCSProvider creates the vcs provider.
 	CreateVCSProvider(ctx context.Context, vcsID string, vcs *v1pb.VCSProvider) (*v1pb.VCSProvider, error)
@@ -102,12 +105,26 @@ type Client interface {
 	// VCS Connector
 	// ListVCSConnector will returns all vcs connector in a project.
 	ListVCSConnector(ctx context.Context, projectName string) (*v1pb.ListVCSConnectorsResponse, error)
-	// GetVCSConnector gets the vcs connector by id.
+	// GetVCSConnector gets the vcs connector by full name.
 	GetVCSConnector(ctx context.Context, name string) (*v1pb.VCSConnector, error)
 	// CreateVCSConnector creates the vcs connector in a project.
 	CreateVCSConnector(ctx context.Context, projectName, connectorID string, connector *v1pb.VCSConnector) (*v1pb.VCSConnector, error)
 	// UpdateVCSConnector updates the vcs connector.
 	UpdateVCSConnector(ctx context.Context, patch *v1pb.VCSConnector, updateMasks []string) (*v1pb.VCSConnector, error)
 	// DeleteVCSConnector deletes the vcs provider.
 	DeleteVCSConnector(ctx context.Context, name string) error
+
+	// User
+	// ListUser list all users.
+	ListUser(ctx context.Context, showDeleted bool) (*v1pb.ListUsersResponse, error)
+	// CreateUser creates the user.
+	CreateUser(ctx context.Context, user *v1pb.User) (*v1pb.User, error)
+	// GetUser gets the user by name.
+	GetUser(ctx context.Context, userName string) (*v1pb.User, error)
+	// UpdateUser updates the user.
+	UpdateUser(ctx context.Context, patch *v1pb.User, updateMasks []string) (*v1pb.User, error)
+	// DeleteUser deletes the user by name.
+	DeleteUser(ctx context.Context, userName string) error
+	// UndeleteUser undeletes the user by name.
+	UndeleteUser(ctx context.Context, userName string) (*v1pb.User, error)
 }

client/auth.go

@@ -12,11 +12,11 @@ import (
 )
 
 // Login will login the user and get the response.
-func (c *client) Login() (*v1pb.LoginResponse, error) {
-	if c.auth.Email == "" || c.auth.Password == "" {
+func (c *client) login(request *v1pb.LoginRequest) (*v1pb.LoginResponse, error) {
+	if request.Email == "" || request.Password == "" {
 		return nil, errors.Errorf("define username and password")
 	}
-	rb, err := protojson.Marshal(c.auth)
+	rb, err := protojson.Marshal(request)
 	if err != nil {
 		return nil, err
 	}

client/client.go

@@ -20,7 +20,7 @@ type client struct {
 	version string
 	client  *http.Client
 	token   string
-	auth    *v1pb.LoginRequest
+	caller  *v1pb.User
 }
 
 // NewClient returns the new Bytebase API client.
@@ -31,17 +31,16 @@ func NewClient(url, version, email, password string) (api.Client, error) {
 		version: version,
 	}
 
-	c.auth = &v1pb.LoginRequest{
+	response, err := c.login(&v1pb.LoginRequest{
 		Email:    email,
 		Password: password,
-	}
-
-	ar, err := c.Login()
+	})
 	if err != nil {
 		return nil, err
 	}
 
-	c.token = ar.Token
+	c.token = response.Token
+	c.caller = response.User
 
 	return &c, nil
 }
@@ -68,3 +67,8 @@ func (c *client) doRequest(req *http.Request) ([]byte, error) {
 
 	return body, err
 }
+
+// GetCaller returns the API caller.
+func (c *client) GetCaller() *v1pb.User {
+	return c.caller
+}

client/database.go

@@ -9,7 +9,7 @@ import (
 	v1pb "github.com/bytebase/bytebase/proto/generated-go/v1"
 )
 
-// GetDatabase gets the database by the database name.
+// GetDatabase gets the database by the database full name.
 func (c *client) GetDatabase(ctx context.Context, databaseName string) (*v1pb.Database, error) {
 	body, err := c.getResource(ctx, databaseName)
 	if err != nil {

client/environment.go

@@ -35,7 +35,7 @@ func (c *client) CreateEnvironment(ctx context.Context, environmentID string, cr
 	return &env, nil
 }
 
-// GetEnvironment gets the environment by id.
+// GetEnvironment gets the environment by full name.
 func (c *client) GetEnvironment(ctx context.Context, environmentName string) (*v1pb.Environment, error) {
 	body, err := c.getResource(ctx, environmentName)
 	if err != nil {

client/instance.go

@@ -30,7 +30,7 @@ func (c *client) ListInstance(ctx context.Context, showDeleted bool) (*v1pb.List
 	return &res, nil
 }
 
-// GetInstance gets the instance by id.
+// GetInstance gets the instance by full name.
 func (c *client) GetInstance(ctx context.Context, instanceName string) (*v1pb.Instance, error) {
 	body, err := c.getResource(ctx, instanceName)
 	if err != nil {

client/project.go

@@ -10,7 +10,7 @@ import (
 	"google.golang.org/protobuf/encoding/protojson"
 )
 
-// GetProject gets the project by resource id.
+// GetProject gets the project by project full name.
 func (c *client) GetProject(ctx context.Context, projectName string) (*v1pb.Project, error) {
 	body, err := c.getResource(ctx, projectName)
 	if err != nil {
@@ -25,6 +25,49 @@ func (c *client) GetProject(ctx context.Context, projectName string) (*v1pb.Proj
 	return &res, nil
 }
 
+// GetProjectIAMPolicy gets the project IAM policy by project full name.
+func (c *client) GetProjectIAMPolicy(ctx context.Context, projectName string) (*v1pb.IamPolicy, error) {
+	body, err := c.getResource(ctx, fmt.Sprintf("%s:getIamPolicy", projectName))
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.IamPolicy
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// SetProjectIAMPolicy sets the project IAM policy.
+func (c *client) SetProjectIAMPolicy(ctx context.Context, projectName string, iamPolicy *v1pb.IamPolicy) (*v1pb.IamPolicy, error) {
+	payload, err := protojson.Marshal(&v1pb.SetIamPolicyRequest{
+		Policy: iamPolicy,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/%s/%s:setIamPolicy", c.url, c.version, projectName), strings.NewReader(string(payload)))
+
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res v1pb.IamPolicy
+	if err := ProtojsonUnmarshaler.Unmarshal(body, &res); err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
 // ListProject list the projects.
 func (c *client) ListProject(ctx context.Context, showDeleted bool) (*v1pb.ListProjectsResponse, error) {
 	req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/%s/projects?showDeleted=%v", c.url, c.version, showDeleted), nil)

client/vcs.go

@@ -30,7 +30,7 @@ func (c *client) ListVCSProvider(ctx context.Context) (*v1pb.ListVCSProvidersRes
 	return &res, nil
 }
 
-// GetVCSProvider gets the vcs by id.
+// GetVCSProvider gets the vcs by full name.
 func (c *client) GetVCSProvider(ctx context.Context, name string) (*v1pb.VCSProvider, error) {
 	body, err := c.getResource(ctx, name)
 	if err != nil {
@@ -111,7 +111,7 @@ func (c *client) ListVCSConnector(ctx context.Context, projectName string) (*v1p
 	return &res, nil
 }
 
-// GetVCSConnector gets the vcs connector by id.
+// GetVCSConnector gets the vcs connector by full name.
 func (c *client) GetVCSConnector(ctx context.Context, name string) (*v1pb.VCSConnector, error) {
 	body, err := c.getResource(ctx, name)
 	if err != nil {

docs/data-sources/policy.md

@@ -49,7 +49,7 @@ Optional:
 - `database` (String) The database full name in instances/{instance resource id}/databases/{database name} format
 - `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ss.000Z format
 - `masking_level` (String)
-- `member` (String) The member in user:{email} format.
+- `member` (String) The member in user:{email} or group:{email} format.
 - `schema` (String)
 - `table` (String)
 

docs/data-sources/project.md

@@ -21,10 +21,17 @@ The project data source.
 
 ### Read-Only
 
+- `allow_modify_statement` (Boolean) Allow modifying statement after issue is created.
+- `auto_enable_backup` (Boolean) Whether to automatically enable backup.
+- `auto_resolve_issue` (Boolean) Enable auto resolve issue.
 - `databases` (List of Object) The databases in the project. (see [below for nested schema](#nestedatt--databases))
+- `enforce_issue_title` (Boolean) Enforce issue title created by user instead of generated by Bytebase.
 - `id` (String) The ID of this resource.
 - `key` (String) The project key.
+- `members` (Set of Object) The members in the project. (see [below for nested schema](#nestedatt--members))
 - `name` (String) The project full name in projects/{resource id} format.
+- `postgres_database_tenant_mode` (Boolean) Whether to enable the database tenant mode for PostgreSQL. If enabled, the issue will be created with the pre-appended "set role <db_owner>" statement.
+- `skip_backup_errors` (Boolean) Whether to skip backup errors and continue the data migration.
 - `title` (String) The project title.
 - `workflow` (String) The project workflow.
 
@@ -41,3 +48,24 @@ Read-Only:
 - `sync_state` (String)
 
 
+<a id="nestedatt--members"></a>
+### Nested Schema for `members`
+
+Read-Only:
+
+- `condition` (Set of Object) (see [below for nested schema](#nestedobjatt--members--condition))
+- `member` (String)
+- `role` (String)
+
+<a id="nestedobjatt--members--condition"></a>
+### Nested Schema for `members.condition`
+
+Read-Only:
+
+- `database` (String)
+- `expire_timestamp` (String)
+- `row_limit` (Number)
+- `schema` (String)
+- `tables` (Set of String)
+
+