UNPKG

google-cloud-mcp

Version:

Model Context Protocol server for Google Cloud services

201 lines 8.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
/** * Authentication utilities for Google Cloud services */ import { GoogleAuth } from 'google-auth-library'; import fs from 'fs'; import path from 'path'; import { configManager } from './config.js'; // Global auth client that can be reused // Exported to allow checking auth status from other modules export let authClient = null; /** * Initialises Google Cloud authentication using either: * 1. GOOGLE_APPLICATION_CREDENTIALS environment variable pointing to a service account file * 2. GOOGLE_CLIENT_EMAIL and GOOGLE_PRIVATE_KEY environment variables * * This function supports lazy loading - it won't fail if credentials aren't available yet, * allowing the server to start without authentication and defer it until needed. * * Authentication is required for operation but can be lazy-loaded when first needed rather than * at startup, which helps prevent timeouts with Smithery. * * @param requireAuth If true, will throw an error if authentication fails. If false, will return null. * @returns Promise resolving to the authenticated GoogleAuth client or null if authentication isn't available */ export async function initGoogleAuth(requireAuth = false) { // Check if we're in lazy loading mode const lazyAuth = process.env.LAZY_AUTH !== 'false'; // Default to true if not set // If we're in lazy loading mode and not explicitly requiring auth, defer authentication if (lazyAuth && !requireAuth) { console.log('Lazy authentication enabled - deferring authentication until needed'); } try { // If we already have an auth client, return it if (authClient) { return authClient; } // Check if we need to create a temporary credentials file from environment variables if (process.env.GOOGLE_CLIENT_EMAIL && process.env.GOOGLE_PRIVATE_KEY) { try { // Create a temporary credentials file without blocking server startup const tempDir = path.join(process.cwd(), '.temp'); if (!fs.existsSync(tempDir)) { fs.mkdirSync(tempDir, { recursive: true }); } const credentials = { type: 'service_account', project_id: process.env.GOOGLE_CLOUD_PROJECT || '', private_key: process.env.GOOGLE_PRIVATE_KEY.replace(/\\n/g, '\n'), client_email: process.env.GOOGLE_CLIENT_EMAIL, client_id: '', auth_uri: 'https://accounts.google.com/o/oauth2/auth', token_uri: 'https://oauth2.googleapis.com/token', auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs', client_x509_cert_url: `https://www.googleapis.com/robot/v1/metadata/x509/${encodeURIComponent(process.env.GOOGLE_CLIENT_EMAIL)}` }; const tempCredentialsPath = path.join(tempDir, 'temp-credentials.json'); fs.writeFileSync(tempCredentialsPath, JSON.stringify(credentials)); process.env.GOOGLE_APPLICATION_CREDENTIALS = tempCredentialsPath; } catch (error) { console.error(`Warning: Failed to create temporary credentials file: ${error instanceof Error ? error.message : String(error)}`); if (requireAuth) { throw new Error(`Failed to create temporary credentials file: ${error instanceof Error ? error.message : String(error)}`); } return null; } } // Check if GOOGLE_APPLICATION_CREDENTIALS is set if (!process.env.GOOGLE_APPLICATION_CREDENTIALS) { if (requireAuth) { throw new Error('Google Cloud authentication not configured. Please set GOOGLE_APPLICATION_CREDENTIALS ' + 'or both GOOGLE_CLIENT_EMAIL and GOOGLE_PRIVATE_KEY environment variables.'); } return null; } // Create the auth client without verifying it immediately authClient = new GoogleAuth({ scopes: [ 'https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/spanner.data', 'https://www.googleapis.com/auth/logging.read', 'https://www.googleapis.com/auth/monitoring.read' ] }); // Only verify the token if explicitly required // This prevents blocking operations during server startup if (requireAuth) { try { const client = await authClient.getClient(); await client.getAccessToken(); } catch (verifyError) { authClient = null; throw verifyError; } } return authClient; } catch (error) { // Log error but don't crash the server unless authentication is required console.error(`Auth error: ${error instanceof Error ? error.message : String(error)}`); if (requireAuth) { throw error; } return null; } } /** * Gets the project ID from configuration, environment variables, or from the authenticated client * * @param requireAuth If true, will throw an error if project ID can't be determined. If false, will return a default value. * @returns Promise resolving to the Google Cloud project ID or a default value if not available */ export async function getProjectId(requireAuth = true) { try { // First check environment variable (fastest method) if (process.env.GOOGLE_CLOUD_PROJECT) { try { // Try to store in config but don't block on it configManager.initialize().then(() => { configManager.setDefaultProjectId(process.env.GOOGLE_CLOUD_PROJECT); }).catch(() => { // Ignore config errors }); } catch (configError) { // Ignore config errors } return process.env.GOOGLE_CLOUD_PROJECT; } // Next check if we have a configured default project ID try { await configManager.initialize(); const configuredProjectId = configManager.getDefaultProjectId(); if (configuredProjectId) { return configuredProjectId; } } catch (configError) { console.error(`Config error: ${configError instanceof Error ? configError.message : String(configError)}`); // Continue to next method } // Fall back to getting it from auth client try { const auth = await initGoogleAuth(requireAuth); if (!auth) { if (requireAuth) { throw new Error('Google Cloud authentication not available. Please configure authentication to access project ID.'); } return 'unknown-project'; } const projectId = await auth.getProjectId(); if (!projectId) { if (requireAuth) { throw new Error('Could not determine Google Cloud project ID. Please set a default project ID using the set-project-id tool.'); } return 'unknown-project'; } // Store this in config for future use (don't block on it) configManager.initialize().then(() => { configManager.setDefaultProjectId(projectId); }).catch(() => { // Ignore config errors }); return projectId; } catch (authError) { if (requireAuth) { throw authError; } return 'unknown-project'; } } catch (error) { console.error(`Project ID error: ${error instanceof Error ? error.message : String(error)}`); if (requireAuth) { throw error; } return 'unknown-project'; } } /** * Sets the default project ID to use for all Google Cloud operations * * @param projectId The project ID to set as default */ export async function setProjectId(projectId) { await configManager.initialize(); await configManager.setDefaultProjectId(projectId); // Default project ID set } /** * Gets the list of recently used project IDs * * @returns Array of recent project IDs */ export async function getRecentProjectIds() { await configManager.initialize(); return configManager.getRecentProjectIds(); } //# sourceMappingURL=auth.js.map