UNPKG

@dataroadinc/setup-auth

Version:

CLI tool and programmatic API for automated OAuth setup across cloud platforms

github.com/dataroadinc/dr-ts-setup-auth

dataroadinc/dr-ts-setup-auth

152 lines (151 loc) 6.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
import { GCP_OAUTH_ORGANIZATION_ID } from "../../utils/env-handler.js"; import { SetupAuthError } from "../../utils/error.js"; import { OrganizationsClient } from "@google-cloud/resource-manager"; import { GcpOrganizationIamManager } from "./iam/organization-iam.js"; export class GcpOrganizationManager { constructor(identity, organizationId) { this.initialized = false; this.iamManager = undefined; this.organizationId = organizationId; this.identity = identity; } async initialize() { if (this.initialized) { return; } try { console.log("OrganizationManager: Initializing GAX auth client..."); const auth = await this.identity.getGaxAuthClient(); console.log("OrganizationManager: Creating OrganizationsClient..."); this.client = new OrganizationsClient({ auth }); console.log("OrganizationManager: OrganizationsClient created."); console.log("OrganizationManager: Initializing IAM Manager and passing client..."); this.iamManager = new GcpOrganizationIamManager(this.identity, this.organizationId, this.client); await this.iamManager.initialize(); console.log("OrganizationManager: IAM Manager initialized."); this.initialized = true; } catch (error) { console.error("Error during GcpOrganizationManager initialization:", error); if (error instanceof Error) { throw new SetupAuthError(`Failed to initialize client: ${error.message}`, { cause: error }); } throw new SetupAuthError("Failed to initialize client: Unknown error"); } } async getOrganization() { try { const [organization] = await this.client.getOrganization({ name: `organizations/${this.organizationId}`, }); return organization; } catch (error) { if (error instanceof Error) { throw new SetupAuthError(`Failed to get organization: ${error.message}`, { cause: error }); } throw new SetupAuthError("Failed to get organization: Unknown error"); } } async getIamPolicy() { try { const [policy] = await this.client.getIamPolicy({ resource: `organizations/${this.organizationId}`, }); return policy; } catch (error) { if (error instanceof Error) { throw new SetupAuthError(`Failed to get IAM policy: ${error.message}`, { cause: error, }); } throw new SetupAuthError("Failed to get IAM policy: Unknown error"); } } async getIamRoles() { try { const [policy] = await this.client.getIamPolicy({ resource: `organizations/${this.organizationId}`, }); return (policy.bindings || []).map((binding) => ({ role: binding.role || "", members: binding.members || [], })); } catch (error) { if (error instanceof Error) { throw new SetupAuthError(`Failed to get IAM roles: ${error.message}`, { cause: error, }); } throw new SetupAuthError("Failed to get IAM roles: Unknown error"); } } async ensurePermissions() { await this.initialize(); if (!this.iamManager) { throw new SetupAuthError("IAM Manager was not initialized correctly."); } await this.iamManager.ensurePermissions(); } } export async function gcpSetOauthOrganizationId(options) { if (!options.gcpOauthOrganizationId) { throw new SetupAuthError("Organization ID cannot be empty"); } if (options.gcpOauthOrganizationId.length < 6 || options.gcpOauthOrganizationId.length > 30) { throw new SetupAuthError(`Organization ID must be between 6 and 30 characters long. Got ${options.gcpOauthOrganizationId.length} characters: "${options.gcpOauthOrganizationId}"`); } process.env.GCP_OAUTH_ORGANIZATION_ID = options.gcpOauthOrganizationId; } export async function gcpGetOauthOrganizationId(options) { if (options.gcpOauthOrganizationId) { const gcpOauthOrganizationId = options.gcpOauthOrganizationId; console.log(`Using explicitly provided GCP organization ID: ${gcpOauthOrganizationId}`); return { success: true, gcpOauthOrganizationId: gcpOauthOrganizationId }; } if (process.env[GCP_OAUTH_ORGANIZATION_ID]) { options.gcpOauthOrganizationId = process.env[GCP_OAUTH_ORGANIZATION_ID]; console.log(`Using GCP organization ID from environment: ${options.gcpOauthOrganizationId}`); return { success: true, gcpOauthOrganizationId: options.gcpOauthOrganizationId, }; } if (process.env.EKG_ORG_SHORT) { options.gcpOauthOrganizationId = process.env.EKG_ORG_SHORT; console.log(`Found organization name in environment variable EKG_ORG_SHORT: ${options.gcpOauthOrganizationId}`); return { success: true, gcpOauthOrganizationId: options.gcpOauthOrganizationId, }; } return { success: false, error: "Could not determine organization name.\n" + `Please set ${GCP_OAUTH_ORGANIZATION_ID} or EKG_ORG_SHORT `, }; } export async function gcpCheckOauthOrganizationId(options) { const { success, gcpOauthOrganizationId, error } = await gcpGetOauthOrganizationId(options); if (!success) return { success: false, error }; try { await gcpSetOauthOrganizationId({ gcpOauthOrganizationId: gcpOauthOrganizationId, }); options.gcpOauthOrganizationId = gcpOauthOrganizationId; return { success: true }; } catch (error) { if (error instanceof SetupAuthError) { return { success: false, error: error.message }; } return { success: false, error: `Failed to validate organization ID: ${error}`, }; } }