You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73 lines
3.1 KiB
73 lines
3.1 KiB
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.serviceAccountHasRoles = exports.addServiceAccountToRoles = exports.setIamPolicy = exports.getIamPolicy = exports.firebaseRoles = void 0;
|
|
const lodash_1 = require("lodash");
|
|
const api_1 = require("../api");
|
|
const apiv2_1 = require("../apiv2");
|
|
const iam_1 = require("./iam");
|
|
const API_VERSION = "v1";
|
|
const apiClient = new apiv2_1.Client({ urlPrefix: api_1.resourceManagerOrigin, apiVersion: API_VERSION });
|
|
exports.firebaseRoles = {
|
|
apiKeysViewer: "roles/serviceusage.apiKeysViewer",
|
|
authAdmin: "roles/firebaseauth.admin",
|
|
hostingAdmin: "roles/firebasehosting.admin",
|
|
runViewer: "roles/run.viewer",
|
|
};
|
|
async function getIamPolicy(projectIdOrNumber) {
|
|
const response = await apiClient.post(`/projects/${projectIdOrNumber}:getIamPolicy`);
|
|
return response.body;
|
|
}
|
|
exports.getIamPolicy = getIamPolicy;
|
|
async function setIamPolicy(projectIdOrNumber, newPolicy, updateMask = "") {
|
|
const response = await apiClient.post(`/projects/${projectIdOrNumber}:setIamPolicy`, {
|
|
policy: newPolicy,
|
|
updateMask: updateMask,
|
|
});
|
|
return response.body;
|
|
}
|
|
exports.setIamPolicy = setIamPolicy;
|
|
async function addServiceAccountToRoles(projectId, serviceAccountName, roles, skipAccountLookup = false) {
|
|
const [{ name: fullServiceAccountName }, projectPolicy] = await Promise.all([
|
|
skipAccountLookup
|
|
? Promise.resolve({ name: serviceAccountName })
|
|
: (0, iam_1.getServiceAccount)(projectId, serviceAccountName),
|
|
getIamPolicy(projectId),
|
|
]);
|
|
const newMemberName = `serviceAccount:${fullServiceAccountName.split("/").pop()}`;
|
|
roles.forEach((roleName) => {
|
|
let bindingIndex = (0, lodash_1.findIndex)(projectPolicy.bindings, (binding) => binding.role === roleName);
|
|
if (bindingIndex === -1) {
|
|
bindingIndex =
|
|
projectPolicy.bindings.push({
|
|
role: roleName,
|
|
members: [],
|
|
}) - 1;
|
|
}
|
|
const binding = projectPolicy.bindings[bindingIndex];
|
|
if (!binding.members.includes(newMemberName)) {
|
|
binding.members.push(newMemberName);
|
|
}
|
|
});
|
|
return setIamPolicy(projectId, projectPolicy, "bindings");
|
|
}
|
|
exports.addServiceAccountToRoles = addServiceAccountToRoles;
|
|
async function serviceAccountHasRoles(projectId, serviceAccountName, roles, skipAccountLookup = false) {
|
|
const [{ name: fullServiceAccountName }, projectPolicy] = await Promise.all([
|
|
skipAccountLookup
|
|
? Promise.resolve({ name: serviceAccountName })
|
|
: (0, iam_1.getServiceAccount)(projectId, serviceAccountName),
|
|
getIamPolicy(projectId),
|
|
]);
|
|
const memberName = `serviceAccount:${fullServiceAccountName.split("/").pop()}`;
|
|
for (const roleName of roles) {
|
|
const binding = projectPolicy.bindings.find((b) => b.role === roleName);
|
|
if (!binding) {
|
|
return false;
|
|
}
|
|
if (!binding.members.includes(memberName)) {
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
exports.serviceAccountHasRoles = serviceAccountHasRoles;
|