UNPKG

@dataroadinc/setup-auth

Version:

CLI tool and programmatic API for automated OAuth setup across cloud platforms

github.com/dataroadinc/dr-ts-setup-auth

dataroadinc/dr-ts-setup-auth

55 lines (54 loc) 2.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import { GcpIdentityFactory } from "../../../providers/gcp/creds/identity.js"; import { enforceUserDomainOrFail, getAdcEmailOrNull, printGcloudAndAdcAccounts, } from "../../../utils/env-handler.js"; import { SetupAuthError } from "../../../utils/error.js"; import { checkOptions } from "./options.js"; import { GcpOrganizationViewer } from "./view-organization.js"; import { gcpViewProject } from "./view-project.js"; import { gcpViewServiceAccount } from "./view-service-account.js"; export async function gcpView(options) { await _gcpView(options); console.log("✅ GCP view command completed successfully"); } async function _gcpView(options) { await checkOptions(options); await printGcloudAndAdcAccounts(); const expectedDomain = process.env.EKG_ORG_PRIMARY_DOMAIN; const adcEmail = await getAdcEmailOrNull(); if (!adcEmail) { throw new SetupAuthError("Could not determine Application Default Credentials (ADC) email. Please run 'gcloud auth application-default login' and try again."); } const adcDomain = adcEmail.split("@")[1] || ""; if (!expectedDomain) { throw new SetupAuthError("Missing required environment variable: EKG_ORG_PRIMARY_DOMAIN. This tool enforces a fail-fast approach and requires this variable to be set in your .env.local (e.g., EKG_ORG_PRIMARY_DOMAIN=your-domain.com)."); } if (adcDomain.toLowerCase() !== expectedDomain.toLowerCase()) { throw new SetupAuthError(`Application Default Credentials (ADC) are for '${adcEmail}', which does not match the required organization domain (${expectedDomain}).\n` + `Please run 'gcloud auth application-default login' and select your <user>@${expectedDomain} account.`); } try { let identity = GcpIdentityFactory.createIdentity({ forceAuthType: options.auth, }); const userEmail = await identity.getCurrentUserEmail(); enforceUserDomainOrFail(userEmail); if (options.item === "project") { await gcpViewProject(options, identity); } else if (options.item === "organization") { const organizationView = new GcpOrganizationViewer(identity, options.gcpOauthOrganizationId, options.enable || false); await organizationView.view(); } else if (options.item === "service-account") { await gcpViewServiceAccount(options, identity); } else { throw new SetupAuthError("Invalid item"); } } catch (error) { if (!(error instanceof SetupAuthError)) { throw new SetupAuthError("An error occurred while viewing GCP resources", { cause: error }); } throw error; } }