dienianindya
/
gsi_ess_mobile
2
1
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
GSI - Employe Self Service Mobile
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
39 MiB
Tree: 8bd65e0bb9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8bd65e0bb9'
${ noResults }
gsi_ess_mobile/node_modules/firebase-tools/lib/deploy/extensions/v2FunctionHelper.js

53 lines
2.5 KiB
Raw Normal View History

first commit
2 months ago
  1. "use strict";
  2. Object.defineProperty(exports, "__esModule", { value: true });
  3. exports.ensureNecessaryV2ApisAndRoles = exports.checkSpecForV2Functions = void 0;
  4. const getProjectNumber_1 = require("../../getProjectNumber");
  5. const resourceManager = require("../../gcp/resourceManager");
  6. const logger_1 = require("../../logger");
  7. const error_1 = require("../../error");
  8. const ensureApiEnabled_1 = require("../../ensureApiEnabled");
  9. const planner = require("./planner");
  10. const projectUtils_1 = require("../../projectUtils");
  11. const SERVICE_AGENT_ROLE = "roles/eventarc.eventReceiver";
  12. async function checkSpecForV2Functions(i) {
  13. const extensionSpec = await planner.getExtensionSpec(i);
  14. return extensionSpec.resources.some((r) => r.type === "firebaseextensions.v1beta.v2function");
  15. }
  16. exports.checkSpecForV2Functions = checkSpecForV2Functions;
  17. async function ensureNecessaryV2ApisAndRoles(options) {
  18. const projectId = (0, projectUtils_1.needProjectId)(options);
  19. await (0, ensureApiEnabled_1.ensure)(projectId, "compute.googleapis.com", "extensions", options.markdown);
  20. await ensureComputeP4SARole(projectId);
  21. }
  22. exports.ensureNecessaryV2ApisAndRoles = ensureNecessaryV2ApisAndRoles;
  23. async function ensureComputeP4SARole(projectId) {
  24. const projectNumber = await (0, getProjectNumber_1.getProjectNumber)({ projectId });
  25. const saEmail = `${projectNumber}-compute@developer.gserviceaccount.com`;
  26. let policy;
  27. try {
  28. policy = await resourceManager.getIamPolicy(projectId);
  29. }
  30. catch (e) {
  31. if (e instanceof error_1.FirebaseError && e.status === 403) {
  32. throw new error_1.FirebaseError("Unable to get project IAM policy, permission denied (403). Please " +
  33. "make sure you have sufficient project privileges or if this is a brand new project " +
  34. "try again in a few minutes.");
  35. }
  36. throw e;
  37. }
  38. if (policy.bindings.find((b) => b.role === SERVICE_AGENT_ROLE && b.members.includes("serviceAccount:" + saEmail))) {
  39. logger_1.logger.debug("Compute Service API Agent IAM policy OK");
  40. return true;
  41. }
  42. else {
  43. logger_1.logger.debug("Firebase Extensions Service Agent is missing a required IAM role " +
  44. "`Firebase Extensions API Service Agent`.");
  45. policy.bindings.push({
  46. role: SERVICE_AGENT_ROLE,
  47. members: ["serviceAccount:" + saEmail],
  48. });
  49. await resourceManager.setIamPolicy(projectId, policy, "bindings");
  50. logger_1.logger.debug("Compute Service API Agent IAM policy updated successfully");
  51. return true;
  52. }
  53. }