dienianindya
/
gsi_ess_mobile
2
1
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
GSI - Employe Self Service Mobile
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
39 MiB
 
 
 
 
 
Tree: 8bd65e0bb9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8bd65e0bb9'
${ noResults }
gsi_ess_mobile/node_modules/firebase-tools/lib/extensions/diagnose.js

56 lines
2.6 KiB
Raw Blame History

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.diagnose = void 0;
const extensionsHelper_1 = require("./extensionsHelper");
const getProjectNumber_1 = require("../getProjectNumber");
const utils = require("../utils");
const resourceManager = require("../gcp/resourceManager");
const extensionsApi_1 = require("./extensionsApi");
const prompt_1 = require("../prompt");
const logger_1 = require("../logger");
const error_1 = require("../error");
const SERVICE_AGENT_ROLE = "roles/firebasemods.serviceAgent";
async function diagnose(projectId) {
const projectNumber = await (0, getProjectNumber_1.getProjectNumber)({ projectId });
const firexSaProjectId = utils.envOverride("FIREBASE_EXTENSIONS_SA_PROJECT_ID", "gcp-sa-firebasemods");
const saEmail = `service-${projectNumber}@${firexSaProjectId}.iam.gserviceaccount.com`;
utils.logLabeledBullet(extensionsHelper_1.logPrefix, "Checking project IAM policy...");
await (0, extensionsApi_1.listInstances)(projectId);
let policy;
try {
policy = await resourceManager.getIamPolicy(projectId);
logger_1.logger.debug(policy);
}
catch (e) {
if (e instanceof error_1.FirebaseError && e.status === 403) {
throw new error_1.FirebaseError("Unable to get project IAM policy, permission denied (403). Please " +
"make sure you have sufficient project privileges or if this is a brand new project " +
"try again in a few minutes.");
}
throw e;
}
if (policy.bindings.find((b) => b.role === SERVICE_AGENT_ROLE && b.members.includes("serviceAccount:" + saEmail))) {
utils.logLabeledSuccess(extensionsHelper_1.logPrefix, "Project IAM policy OK");
return true;
}
else {
utils.logWarning("Firebase Extensions Service Agent is missing a required IAM role " +
"`Firebase Extensions API Service Agent`.");
const fix = await (0, prompt_1.promptOnce)({
type: "confirm",
message: "Would you like to fix the issue by updating IAM policy to include Firebase " +
"Extensions Service Agent with role `Firebase Extensions API Service Agent`",
});
if (fix) {
policy.bindings.push({
role: SERVICE_AGENT_ROLE,
members: ["serviceAccount:" + saEmail],
});
await resourceManager.setIamPolicy(projectId, policy, "bindings");
utils.logSuccess("Project IAM policy updated successfully");
return true;
}
return false;
}
}
exports.diagnose = diagnose;