[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require auth for functions:secrets family of commands. #6190

Merged
merged 4 commits into from
Jul 27, 2023
Merged

Require auth for functions:secrets family of commands. #6190

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
22fafb1
Require auth for functions:secrets family of commands.
taeold Jul 26, 2023
302ae91
Add changelog.
taeold Jul 26, 2023
cb838e7
Prettier.
taeold Jul 26, 2023
a88bca3
Merge branch 'master' into dl-cmd-fix
taeold Jul 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Next Next commit
Require auth for functions:secrets family of commands. 
Need requireAuth call to properly setup credentials when developer is relying on  GOOGLE_APPLICATION_CREDENTIALS.
  • Loading branch information
@taeold
taeold committed Jul 26, 2023
commit 22fafb134509c0dc26aa0842e9cf026a7cff5c70
2 changes: 2 additions & 0 deletions src/commands/functions-secrets-access.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,14 @@ import { logger } from "../logger";
import { Options } from "../options";
import { needProjectId } from "../projectUtils";
import { accessSecretVersion } from "../gcp/secretManager";
import { requireAuth } from "../requireAuth";
import * as secrets from "../functions/secrets";

export const command = new Command("functions:secrets:access <KEY>[@version]")
.description(
"Access secret value given secret and its version. Defaults to accessing the latest version."
)
.before(requireAuth)
.before(secrets.ensureApi)
.action(async (key: string, options: Options) => {
const projectId = needProjectId(options);
Expand Down
2 changes: 2 additions & 0 deletions src/commands/functions-secrets-destroy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@ import {
} from "../gcp/secretManager";
import { promptOnce } from "../prompt";
import { logBullet, logWarning } from "../utils";
import { requireAuth } from "../requireAuth";
import * as secrets from "../functions/secrets";
import * as backend from "../deploy/functions/backend";
import * as args from "../deploy/functions/args";

export const command = new Command("functions:secrets:destroy <KEY>[@version]")
.description("Destroy a secret. Defaults to destroying the latest version.")
.withForce("Destroys a secret without confirmation.")
.before(requireAuth)
.before(secrets.ensureApi)
.action(async (key: string, options: Options) => {
const projectId = needProjectId(options);
Expand Down
2 changes: 2 additions & 0 deletions src/commands/functions-secrets-get.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const Table = require("cli-table");

import { requireAuth } from "../requireAuth";
import { Command } from "../command";
import { logger } from "../logger";
import { Options } from "../options";
Expand All @@ -10,6 +11,7 @@ import * as secrets from "../functions/secrets";

export const command = new Command("functions:secrets:get <KEY>")
.description("Get metadata for secret and its versions")
.before(requireAuth)
.before(secrets.ensureApi)
.before(requirePermissions, ["secretmanager.secrets.get"])
.action(async (key: string, options: Options) => {
Expand Down
5 changes: 4 additions & 1 deletion src/commands/functions-secrets-prune.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,21 @@
import * as args from "../deploy/functions/args";
import * as backend from "../deploy/functions/backend";
import * as secrets from "../functions/secrets";

import { Command } from "../command";
import { Options } from "../options";
import { needProjectId, needProjectNumber } from "../projectUtils";
import * as secrets from "../functions/secrets";
import { requirePermissions } from "../requirePermissions";
import { isFirebaseManaged } from "../deploymentTool";
import { logBullet, logSuccess } from "../utils";
import { promptOnce } from "../prompt";
import { destroySecretVersion } from "../gcp/secretManager";
import { requireAuth } from "../requireAuth";

export const command = new Command("functions:secrets:prune")
.withForce("Destroys unused secrets without prompt")
.description("Destroys unused secrets")
.before(requireAuth)
.before(secrets.ensureApi)
.before(requirePermissions, [
"cloudfunctions.functions.list",
Expand Down
2 changes: 2 additions & 0 deletions src/commands/functions-secrets-set.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,15 @@ import {
toSecretVersionResourceName,
} from "../gcp/secretManager";
import { check } from "../ensureApiEnabled";
import { requireAuth } from "../requireAuth";
import * as secrets from "../functions/secrets";
import * as backend from "../deploy/functions/backend";
import * as args from "../deploy/functions/args";

export const command = new Command("functions:secrets:set <KEY>")
.description("Create or update a secret for use in Cloud Functions for Firebase.")
.withForce("Automatically updates functions to use the new secret.")
.before(requireAuth)
.before(secrets.ensureApi)
.before(requirePermissions, [
"secretmanager.secrets.create",
Expand Down
2 changes: 1 addition & 1 deletion src/functions/secrets.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ function toUpperSnakeCase(key: string): string {
*/
export function ensureApi(options: any): Promise<void> {
const projectId = needProjectId(options);
return ensureApiEnabled.ensure(projectId, "secretmanager.googleapis.com", "runtimeconfig", true);
return ensureApiEnabled.ensure(projectId, "secretmanager.googleapis.com", "secretmanager", true);
}

/**
Expand Down