Fixes roleset bindings for BigQuery datasets

[austingebauer]

Overview

This PR fixes roleset bindings scoped to BigQuery datasets. There was a typo in the switch case when detecting the key type of the resource. You can see that the correct key is projects/datasets on resource_overrides.go#L12.

Fixes #96
Fixes hashicorp/vault#10923

Testing

I manually tested that the service account principal created for the Vault roleset has the "BigQuery Data Viewer" scoped to the specified BigQuery dataset.

The following bindings were used:

vault write gcp/roleset/bigquery-binding \
    project="austin-gebauer" \
    secret_type="service_account_key"  \
    bindings=-<<EOF
    resource "//bigquery.googleapis.com/projects/austin-gebauer/datasets/test_vault_bindings_dataset" {
     	roles = [
            "roles/bigquery.dataViewer",
        ]
    }
EOF

[fairclothjm]

Does this also need to be changed to "datasets"?

vault-plugin-secrets-gcp/plugin/iamutil/dataset_resource_test.go

Line 214 in 565a547

TypeKey: "projects/dataset",

[calvn]

@fairclothjm I think that's fine/intended since it's for mapping datasets->dataset which is specific to gcputil.RelativeResourceName?

[calvn]

One comment around the test. Nice find!

[austingebauer]

Not sure why pushing commits keeps dismissing reviews..

[austingebauer]

@fairclothjm - You're right that it should be projects/datasets there. Confirmed with debugger that RelativeResourceName.TypeKey matches the RestResource.TypeKey when creating a roleset. This is true for both IamResource and DatasetResource. Updated in 485c761.