dienianindya
/
gsi_ess_mobile
2
1
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
GSI - Employe Self Service Mobile
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
39 MiB
Tree: 8bd65e0bb9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8bd65e0bb9'
${ noResults }
gsi_ess_mobile/node_modules/firebase-tools/lib/extensions/diagnose.js

56 lines
2.6 KiB
Raw Normal View History

first commit
2 months ago
  1. "use strict";
  2. Object.defineProperty(exports, "__esModule", { value: true });
  3. exports.diagnose = void 0;
  4. const extensionsHelper_1 = require("./extensionsHelper");
  5. const getProjectNumber_1 = require("../getProjectNumber");
  6. const utils = require("../utils");
  7. const resourceManager = require("../gcp/resourceManager");
  8. const extensionsApi_1 = require("./extensionsApi");
  9. const prompt_1 = require("../prompt");
  10. const logger_1 = require("../logger");
  11. const error_1 = require("../error");
  12. const SERVICE_AGENT_ROLE = "roles/firebasemods.serviceAgent";
  13. async function diagnose(projectId) {
  14. const projectNumber = await (0, getProjectNumber_1.getProjectNumber)({ projectId });
  15. const firexSaProjectId = utils.envOverride("FIREBASE_EXTENSIONS_SA_PROJECT_ID", "gcp-sa-firebasemods");
  16. const saEmail = `service-${projectNumber}@${firexSaProjectId}.iam.gserviceaccount.com`;
  17. utils.logLabeledBullet(extensionsHelper_1.logPrefix, "Checking project IAM policy...");
  18. await (0, extensionsApi_1.listInstances)(projectId);
  19. let policy;
  20. try {
  21. policy = await resourceManager.getIamPolicy(projectId);
  22. logger_1.logger.debug(policy);
  23. }
  24. catch (e) {
  25. if (e instanceof error_1.FirebaseError && e.status === 403) {
  26. throw new error_1.FirebaseError("Unable to get project IAM policy, permission denied (403). Please " +
  27. "make sure you have sufficient project privileges or if this is a brand new project " +
  28. "try again in a few minutes.");
  29. }
  30. throw e;
  31. }
  32. if (policy.bindings.find((b) => b.role === SERVICE_AGENT_ROLE && b.members.includes("serviceAccount:" + saEmail))) {
  33. utils.logLabeledSuccess(extensionsHelper_1.logPrefix, "Project IAM policy OK");
  34. return true;
  35. }
  36. else {
  37. utils.logWarning("Firebase Extensions Service Agent is missing a required IAM role " +
  38. "`Firebase Extensions API Service Agent`.");
  39. const fix = await (0, prompt_1.promptOnce)({
  40. type: "confirm",
  41. message: "Would you like to fix the issue by updating IAM policy to include Firebase " +
  42. "Extensions Service Agent with role `Firebase Extensions API Service Agent`",
  43. });
  44. if (fix) {
  45. policy.bindings.push({
  46. role: SERVICE_AGENT_ROLE,
  47. members: ["serviceAccount:" + saEmail],
  48. });
  49. await resourceManager.setIamPolicy(projectId, policy, "bindings");
  50. utils.logSuccess("Project IAM policy updated successfully");
  51. return true;
  52. }
  53. return false;
  54. }
  55. }
  56. exports.diagnose = diagnose;