dienianindya
/
canvasing
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
Tree: 42302cac25
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '42302cac25'
${ noResults }
canvasing/node_modules/firebase-tools/lib/deploy/extensions/v2FunctionHelper.js

v2FunctionHelper.js 2.5KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. "use strict";

  2. Object.defineProperty(exports, "__esModule", { value: true });

  3. exports.ensureNecessaryV2ApisAndRoles = exports.checkSpecForV2Functions = void 0;

  4. const getProjectNumber_1 = require("../../getProjectNumber");

  5. const resourceManager = require("../../gcp/resourceManager");

  6. const logger_1 = require("../../logger");

  7. const error_1 = require("../../error");

  8. const ensureApiEnabled_1 = require("../../ensureApiEnabled");

  9. const planner = require("./planner");

  10. const projectUtils_1 = require("../../projectUtils");

  11. const SERVICE_AGENT_ROLE = "roles/eventarc.eventReceiver";

  12. async function checkSpecForV2Functions(i) {

  13.     const extensionSpec = await planner.getExtensionSpec(i);

  14.     return extensionSpec.resources.some((r) => r.type === "firebaseextensions.v1beta.v2function");

  15. }

  16. exports.checkSpecForV2Functions = checkSpecForV2Functions;

  17. async function ensureNecessaryV2ApisAndRoles(options) {

  18.     const projectId = (0, projectUtils_1.needProjectId)(options);

  19.     await (0, ensureApiEnabled_1.ensure)(projectId, "compute.googleapis.com", "extensions", options.markdown);

  20.     await ensureComputeP4SARole(projectId);

  21. }

  22. exports.ensureNecessaryV2ApisAndRoles = ensureNecessaryV2ApisAndRoles;

  23. async function ensureComputeP4SARole(projectId) {

  24.     const projectNumber = await (0, getProjectNumber_1.getProjectNumber)({ projectId });

  25.     const saEmail = `${projectNumber}-compute@developer.gserviceaccount.com`;

  26.     let policy;

  27.     try {

  28.         policy = await resourceManager.getIamPolicy(projectId);

  29.     }

  30.     catch (e) {

  31.         if (e instanceof error_1.FirebaseError && e.status === 403) {

  32.             throw new error_1.FirebaseError("Unable to get project IAM policy, permission denied (403). Please " +

  33.                 "make sure you have sufficient project privileges or if this is a brand new project " +

  34.                 "try again in a few minutes.");

  35.         }

  36.         throw e;

  37.     }

  38.     if (policy.bindings.find((b) => b.role === SERVICE_AGENT_ROLE && b.members.includes("serviceAccount:" + saEmail))) {

  39.         logger_1.logger.debug("Compute Service API Agent IAM policy OK");

  40.         return true;

  41.     }

  42.     else {

  43.         logger_1.logger.debug("Firebase Extensions Service Agent is missing a required IAM role " +

  44.             "`Firebase Extensions API Service Agent`.");

  45.         policy.bindings.push({

  46.             role: SERVICE_AGENT_ROLE,

  47.             members: ["serviceAccount:" + saEmail],

  48.         });

  49.         await resourceManager.setIamPolicy(projectId, policy, "bindings");

  50.         logger_1.logger.debug("Compute Service API Agent IAM policy updated successfully");

  51.         return true;

  52.     }

  53. }