Без опису
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

resourceManager.js 3.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. "use strict";
  2. Object.defineProperty(exports, "__esModule", { value: true });
  3. exports.serviceAccountHasRoles = exports.addServiceAccountToRoles = exports.setIamPolicy = exports.getIamPolicy = exports.firebaseRoles = void 0;
  4. const lodash_1 = require("lodash");
  5. const api_1 = require("../api");
  6. const apiv2_1 = require("../apiv2");
  7. const iam_1 = require("./iam");
  8. const API_VERSION = "v1";
  9. const apiClient = new apiv2_1.Client({ urlPrefix: api_1.resourceManagerOrigin, apiVersion: API_VERSION });
  10. exports.firebaseRoles = {
  11. apiKeysViewer: "roles/serviceusage.apiKeysViewer",
  12. authAdmin: "roles/firebaseauth.admin",
  13. hostingAdmin: "roles/firebasehosting.admin",
  14. runViewer: "roles/run.viewer",
  15. };
  16. async function getIamPolicy(projectIdOrNumber) {
  17. const response = await apiClient.post(`/projects/${projectIdOrNumber}:getIamPolicy`);
  18. return response.body;
  19. }
  20. exports.getIamPolicy = getIamPolicy;
  21. async function setIamPolicy(projectIdOrNumber, newPolicy, updateMask = "") {
  22. const response = await apiClient.post(`/projects/${projectIdOrNumber}:setIamPolicy`, {
  23. policy: newPolicy,
  24. updateMask: updateMask,
  25. });
  26. return response.body;
  27. }
  28. exports.setIamPolicy = setIamPolicy;
  29. async function addServiceAccountToRoles(projectId, serviceAccountName, roles, skipAccountLookup = false) {
  30. const [{ name: fullServiceAccountName }, projectPolicy] = await Promise.all([
  31. skipAccountLookup
  32. ? Promise.resolve({ name: serviceAccountName })
  33. : (0, iam_1.getServiceAccount)(projectId, serviceAccountName),
  34. getIamPolicy(projectId),
  35. ]);
  36. const newMemberName = `serviceAccount:${fullServiceAccountName.split("/").pop()}`;
  37. roles.forEach((roleName) => {
  38. let bindingIndex = (0, lodash_1.findIndex)(projectPolicy.bindings, (binding) => binding.role === roleName);
  39. if (bindingIndex === -1) {
  40. bindingIndex =
  41. projectPolicy.bindings.push({
  42. role: roleName,
  43. members: [],
  44. }) - 1;
  45. }
  46. const binding = projectPolicy.bindings[bindingIndex];
  47. if (!binding.members.includes(newMemberName)) {
  48. binding.members.push(newMemberName);
  49. }
  50. });
  51. return setIamPolicy(projectId, projectPolicy, "bindings");
  52. }
  53. exports.addServiceAccountToRoles = addServiceAccountToRoles;
  54. async function serviceAccountHasRoles(projectId, serviceAccountName, roles, skipAccountLookup = false) {
  55. const [{ name: fullServiceAccountName }, projectPolicy] = await Promise.all([
  56. skipAccountLookup
  57. ? Promise.resolve({ name: serviceAccountName })
  58. : (0, iam_1.getServiceAccount)(projectId, serviceAccountName),
  59. getIamPolicy(projectId),
  60. ]);
  61. const memberName = `serviceAccount:${fullServiceAccountName.split("/").pop()}`;
  62. for (const roleName of roles) {
  63. const binding = projectPolicy.bindings.find((b) => b.role === roleName);
  64. if (!binding) {
  65. return false;
  66. }
  67. if (!binding.members.includes(memberName)) {
  68. return false;
  69. }
  70. }
  71. return true;
  72. }
  73. exports.serviceAccountHasRoles = serviceAccountHasRoles;