@extrahorizon/exh-cli 1.8.2 → 1.9.0-dev-85-4c62b0a

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Extra Horizon CLI changelog
 
+### v1.9.0
+* Introduced the `executionCredentials` field in the task configuration:
+  * Specify the permissions your task needs
+  * The CLI automatically creates a user, role, and credentials for your task
+  * These credentials are injected as environment variables into the task automatically
+
 ### v1.8.2
 * Updated the ExH SDK to `8.6.0` to fix a security warning from `axios`
 

package/build/commands/tasks/sync.js

@@ -5,6 +5,7 @@ const fs = require("fs/promises");
 const chalk = require("chalk");
 const constants_1 = require("../../constants");
 const util_1 = require("../../helpers/util");
+const authRepository = require("../../repositories/auth");
 const functionRepository = require("../../repositories/functions");
 const taskConfig_1 = require("./taskConfig");
 const util_2 = require("./util");
@@ -96,13 +97,31 @@ async function syncSingleTask(sdk, config) {
     if (config.memoryLimit) {
         request.memoryLimit = config.memoryLimit;
     }
-    if (config.environment) {
-        request.environmentVariables =
-            Object.entries(config.environment).reduce((prev, curr) => ({ ...prev, [curr[0]]: { value: curr[1] } }), {});
-    }
     if (config.retryPolicy) {
         request.retryPolicy = config.retryPolicy;
     }
+    if (config.executionCredentials) {
+        const credentials = await (0, util_2.syncFunctionUser)(sdk, {
+            taskName: config.name,
+            targetEmail: config.executionCredentials.email,
+            targetPermissions: config.executionCredentials.permissions,
+        });
+        config.environment = {
+            ...config.environment,
+            API_HOST: authRepository.getHost(sdk),
+            API_OAUTH_CONSUMER_KEY: process.env.API_OAUTH_CONSUMER_KEY,
+            API_OAUTH_CONSUMER_SECRET: process.env.API_OAUTH_CONSUMER_SECRET,
+            API_OAUTH_TOKEN: credentials.token,
+            API_OAUTH_TOKEN_SECRET: credentials.tokenSecret,
+        };
+    }
+    if (config.environment) {
+        const environmentVariables = {};
+        for (const [key, value] of Object.entries(config.environment)) {
+            environmentVariables[key] = { value };
+        }
+        request.environmentVariables = environmentVariables;
+    }
     if (myFunction === undefined) {
         await functionRepository.create(sdk, request);
         console.log(chalk.green('Successfully created task', config.name));

package/build/commands/tasks/taskConfig.d.ts

@@ -17,6 +17,10 @@ export interface TaskConfig {
         enabled: boolean;
         errorsToRetry: string[];
     };
+    executionCredentials?: {
+        email?: string;
+        permissions: string[];
+    };
 }
 export declare function assertExecutionPermission(mode: string): asserts mode is permissionModes | undefined;
 export declare function validateConfig(config: TaskConfig): Promise<boolean>;

package/build/commands/tasks/taskConfig.js

@@ -26,6 +26,10 @@ const taskConfigSchema = Joi.object({
     }),
     environment: Joi.object().pattern(/.*/, Joi.string()),
     executionPermission: Joi.string().valid(...Object.values(permissionModes)),
+    executionCredentials: Joi.object({
+        email: Joi.string(),
+        permissions: Joi.array().items(Joi.string()).required(),
+    }),
 });
 function assertExecutionPermission(mode) {
     if (mode !== undefined && !Object.values(permissionModes).includes(mode)) {

package/build/commands/tasks/util.d.ts

@@ -1 +1,10 @@
+import { OAuth1Client } from '@extrahorizon/javascript-sdk';
 export declare function zipFileFromDirectory(path: string): Promise<string>;
+export declare function syncFunctionUser(sdk: OAuth1Client, data: {
+    taskName: string;
+    targetEmail?: string;
+    targetPermissions: string[];
+}): Promise<{
+    token: any;
+    tokenSecret: any;
+}>;

package/build/commands/tasks/util.js

@@ -1,10 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.zipFileFromDirectory = void 0;
+exports.syncFunctionUser = exports.zipFileFromDirectory = void 0;
 const fs_1 = require("fs");
 const os_1 = require("os");
+const javascript_sdk_1 = require("@extrahorizon/javascript-sdk");
 const archiver = require("archiver");
+const chalk = require("chalk");
 const uuid_1 = require("uuid");
+const authRepository = require("../../repositories/auth");
+const functionRepository = require("../../repositories/functions");
+const userRepository = require("../../repositories/user");
 async function zipFileFromDirectory(path) {
     return new Promise((res, rej) => {
         const tmpPath = `${(0, os_1.tmpdir)()}/${(0, uuid_1.v4)()}`;
@@ -25,3 +30,97 @@ async function zipFileFromDirectory(path) {
     });
 }
 exports.zipFileFromDirectory = zipFileFromDirectory;
+async function syncFunctionUser(sdk, data) {
+    const { taskName, targetEmail, targetPermissions } = data;
+    const email = targetEmail || `exh.tasks+${taskName}@extrahorizon.com`;
+    validateEmail(email);
+    const password = `0Oo-${(0, uuid_1.v4)()}`;
+    const roleName = `exh.tasks.${taskName}`;
+    const role = await syncRoleWithPermissions(sdk, taskName, roleName, targetPermissions);
+    let user = await userRepository.findUserByEmail(sdk, email);
+    if (!user) {
+        console.log(chalk.white('⚙️  Creating a user for the task'));
+        const { emailAvailable } = await sdk.users.isEmailAvailable(email);
+        if (!emailAvailable) {
+            throw new Error('❌ The user could not be created as the email address is already in use');
+        }
+        user = await sdk.users.createAccount({
+            firstName: `${taskName}`,
+            lastName: 'exh.tasks',
+            email,
+            password,
+            phoneNumber: '0000000000',
+            language: 'EN',
+        });
+        console.log(chalk.green('✅ Successfully created a user for task'));
+        await assignRoleToUser(sdk, user.id, role.id);
+        return await createOAuth1Tokens(sdk, email, password);
+    }
+    console.log(chalk.white('⚙️  Checking for the existing users credentials'));
+    const currentFunction = await functionRepository.findByName(sdk, taskName);
+    const hasExistingCredentials = (currentFunction?.environmentVariables?.API_HOST?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_TOKEN_SECRET?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_TOKEN?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_CONSUMER_KEY?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_CONSUMER_SECRET?.value);
+    if (!hasExistingCredentials) {
+        throw new Error('❌ No credentials were found for the existing user');
+    }
+    const userRole = user.roles.find(({ name }) => name === roleName);
+    if (!userRole) {
+        await assignRoleToUser(sdk, user.id, role.id);
+    }
+    console.log(chalk.green('✅ Using existing credentials for the user'));
+    return {
+        token: currentFunction.environmentVariables.API_OAUTH_TOKEN.value,
+        tokenSecret: currentFunction.environmentVariables.API_OAUTH_TOKEN_SECRET.value,
+    };
+}
+exports.syncFunctionUser = syncFunctionUser;
+async function syncRoleWithPermissions(sdk, taskName, roleName, targetPermissions) {
+    console.log(chalk.white('⚙️  Checking if the role exists'));
+    let role = await sdk.users.globalRoles.findByName(roleName);
+    if (!role) {
+        console.log(chalk.white('⚙️  Role does not exist, creating a new role'));
+        role = await sdk.users.globalRoles.create({
+            name: roleName,
+            description: `A role created by the CLI for the execution of the task ${taskName}`,
+        });
+        console.log(chalk.white('⚙️  Assigning permissions to the role'));
+        await sdk.users.globalRoles.addPermissions((0, javascript_sdk_1.rqlBuilder)().eq('name', roleName).build(), { permissions: targetPermissions });
+        console.log(chalk.green('✅ Successfully assigned permissions to the role'));
+        return role;
+    }
+    const currentPermissions = role.permissions?.flatMap(permission => permission.name) || [];
+    const permissionsToAdd = targetPermissions.filter(targetPermission => !currentPermissions.includes(targetPermission));
+    const permissionsToRemove = currentPermissions.filter(currentPermission => !targetPermissions.includes(currentPermission));
+    if (permissionsToAdd.length > 0) {
+        console.log(chalk.white('⚙️  Adding missing permissions to the role'));
+        await sdk.users.globalRoles.addPermissions((0, javascript_sdk_1.rqlBuilder)().eq('name', roleName).build(), { permissions: permissionsToAdd });
+        console.log(chalk.green('✅ Successfully added missing permissions to the role'));
+    }
+    if (permissionsToRemove.length > 0) {
+        console.log(chalk.white('⚙️  Removing excess permissions from the role'));
+        await sdk.users.globalRoles.removePermissions((0, javascript_sdk_1.rqlBuilder)().eq('name', roleName).build(), { permissions: permissionsToRemove });
+        console.log(chalk.green('✅ Successfully removed excess permissions from the role'));
+    }
+    return role;
+}
+async function assignRoleToUser(sdk, userId, roleId) {
+    console.log(chalk.white('⚙️  Assigning the role to the user'));
+    await sdk.users.globalRoles.addToUsers((0, javascript_sdk_1.rqlBuilder)().eq('id', userId).build(), { roles: [roleId] });
+    console.log(chalk.green('✅ Successfully assigned the role to the user'));
+}
+function validateEmail(email) {
+    const emailRegex = /.+@.+\..+/;
+    if (email.length < 3 || email.length > 256 || !emailRegex.test(email)) {
+        throw new Error('Invalid email address');
+    }
+}
+async function createOAuth1Tokens(sdk, email, password) {
+    console.log(chalk.white('⚙️  Creating OAuth1 tokens for the user', email));
+    const response = await authRepository.createOAuth1Tokens(sdk, email, password);
+    const { token, tokenSecret } = response.data;
+    console.log(chalk.green('✅ Successfully created OAuth1 tokens for the user', email));
+    return { token, tokenSecret };
+}

package/build/exh.js

@@ -1,9 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.sdkAuth = exports.sdkInitOnly = void 0;
-const fs = require("fs");
 const javascript_sdk_1 = require("@extrahorizon/javascript-sdk");
-const constants_1 = require("./constants");
+const util_1 = require("./helpers/util");
 let sdk = null;
 function sdkInitOnly(apiHost, consumerKey, consumerSecret) {
     sdk = (0, javascript_sdk_1.createOAuth1Client)({
@@ -15,46 +14,16 @@ function sdkInitOnly(apiHost, consumerKey, consumerSecret) {
 }
 exports.sdkInitOnly = sdkInitOnly;
 async function sdkAuth() {
-    let credentials = {};
-    let haveCredFile = false;
-    const needed = ['API_HOST', 'API_OAUTH_CONSUMER_KEY', 'API_OAUTH_CONSUMER_SECRET', 'API_OAUTH_TOKEN', 'API_OAUTH_TOKEN_SECRET'];
-    const error = missing => {
-        let message = 'Failed to retrieve all credentials. ';
-        if (!haveCredFile) {
-            message += 'Couldn\'t open ~/.exh/credentials. ';
-        }
-        if (missing.length) {
-            message += `Missing properties: ${missing.join(',')}`;
-        }
-        throw new Error(message);
-    };
-    try {
-        const credentialsFile = fs.readFileSync(constants_1.EXH_CONFIG_FILE, 'utf-8');
-        haveCredFile = true;
-        credentials = credentialsFile
-            .split(/\r?\n/).map(l => l.split(/=/)).filter(i => i.length === 2)
-            .reduce((r, v) => { r[v[0].trim()] = v[1].trim(); return r; }, {});
-        for (const k of Object.keys(credentials)) {
-            if (!process.env[k]) {
-                process.env[k] = credentials[k];
-            }
-        }
-    }
-    catch (err) { }
-    needed.forEach(v => { credentials[v] = process.env[v] ?? credentials[v]; });
-    const missingProperties = needed.filter(p => credentials[p] === undefined);
-    if (missingProperties.length) {
-        error(missingProperties);
-    }
+    (0, util_1.loadAndAssertCredentials)();
     sdk = (0, javascript_sdk_1.createOAuth1Client)({
-        consumerKey: credentials.API_OAUTH_CONSUMER_KEY,
-        consumerSecret: credentials.API_OAUTH_CONSUMER_SECRET,
-        host: credentials.API_HOST,
+        host: process.env.API_HOST,
+        consumerKey: process.env.API_OAUTH_CONSUMER_KEY,
+        consumerSecret: process.env.API_OAUTH_CONSUMER_SECRET,
     });
     try {
         await sdk.auth.authenticate({
-            token: credentials.API_OAUTH_TOKEN,
-            tokenSecret: credentials.API_OAUTH_TOKEN_SECRET,
+            token: process.env.API_OAUTH_TOKEN,
+            tokenSecret: process.env.API_OAUTH_TOKEN_SECRET,
         });
     }
     catch (err) {

package/build/helpers/util.d.ts

@@ -1,3 +1,4 @@
 import * as yargs from 'yargs';
 export declare function epilogue(y: yargs.Argv): yargs.Argv;
 export declare function asyncExec(cmd: string): Promise<string>;
+export declare function loadAndAssertCredentials(): void;

package/build/helpers/util.js

@@ -1,8 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.asyncExec = exports.epilogue = void 0;
+exports.loadAndAssertCredentials = exports.asyncExec = exports.epilogue = void 0;
 const child_process_1 = require("child_process");
+const fs = require("fs");
 const chalk = require("chalk");
+const constants_1 = require("../constants");
 const error_1 = require("./error");
 function epilogue(y) {
     return y.epilogue('Visit https://docs.extrahorizon.com/extrahorizon-cli/ for more information.').fail((msg, err, argv) => {
@@ -34,3 +36,33 @@ async function asyncExec(cmd) {
     });
 }
 exports.asyncExec = asyncExec;
+function loadAndAssertCredentials() {
+    const credentials = {};
+    let credentialsFile;
+    let errorMessage = '';
+    try {
+        credentialsFile = fs.readFileSync(constants_1.EXH_CONFIG_FILE, 'utf-8');
+    }
+    catch (e) {
+        errorMessage += 'Couldn\'t open ~/.exh/credentials. ';
+    }
+    const credentialFileLines = credentialsFile.split(/\r?\n/);
+    for (const credentialFileLine of credentialFileLines) {
+        const [key, value] = credentialFileLine.split('=');
+        if (key && value) {
+            credentials[key.trim()] = value.trim();
+        }
+    }
+    const requiredEnvVariables = ['API_HOST', 'API_OAUTH_CONSUMER_KEY', 'API_OAUTH_CONSUMER_SECRET', 'API_OAUTH_TOKEN', 'API_OAUTH_TOKEN_SECRET'];
+    for (const key of requiredEnvVariables) {
+        if (credentials[key] && !process.env[key]) {
+            process.env[key] = credentials[key];
+        }
+    }
+    const missingEnvironmentVariables = requiredEnvVariables.filter(key => !process.env[key]);
+    if (missingEnvironmentVariables.length > 0) {
+        errorMessage += `Missing environment variables: ${missingEnvironmentVariables.join(',')}`;
+        throw new Error(`Failed to retrieve all credentials. ${errorMessage}`);
+    }
+}
+exports.loadAndAssertCredentials = loadAndAssertCredentials;

package/build/repositories/auth.d.ts

@@ -1,3 +1,4 @@
 import { OAuth1Client } from '@extrahorizon/javascript-sdk';
 export declare function getHost(sdk: OAuth1Client): string;
+export declare function createOAuth1Tokens(sdk: OAuth1Client, email: string, password: string): Promise<any>;
 export declare function fetchMe(sdk: OAuth1Client): Promise<import("@extrahorizon/javascript-sdk").UserData>;

package/build/repositories/auth.js

@@ -1,10 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.fetchMe = exports.getHost = void 0;
+exports.fetchMe = exports.createOAuth1Tokens = exports.getHost = void 0;
 function getHost(sdk) {
     return sdk?.raw?.defaults?.baseURL;
 }
 exports.getHost = getHost;
+async function createOAuth1Tokens(sdk, email, password) {
+    const response = await sdk.raw.post('/auth/v2/oauth1/tokens', { email, password });
+    return response.data;
+}
+exports.createOAuth1Tokens = createOAuth1Tokens;
 async function fetchMe(sdk) {
     return await sdk?.users.me();
 }

package/build/repositories/functions.js

@@ -7,7 +7,7 @@ async function find(sdk) {
 }
 exports.find = find;
 async function findByName(sdk, name) {
-    const response = await sdk.raw.get(`/tasks/v1/functions/${name}`);
+    const response = await sdk.raw.get(`/tasks/v1/functions/${name}`, { customResponseKeys: ['*'] });
     return response.data;
 }
 exports.findByName = findByName;

package/build/repositories/user.d.ts

@@ -0,0 +1,2 @@
+import { OAuth1Client } from '@extrahorizon/javascript-sdk';
+export declare function findUserByEmail(sdk: OAuth1Client, email: string): Promise<import("@extrahorizon/javascript-sdk").UserData>;

package/build/repositories/user.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findUserByEmail = void 0;
+const javascript_sdk_1 = require("@extrahorizon/javascript-sdk");
+async function findUserByEmail(sdk, email) {
+    const rql = (0, javascript_sdk_1.rqlBuilder)().eq('email', email).build();
+    return await sdk.users.findFirst({ rql });
+}
+exports.findUserByEmail = findUserByEmail;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@extrahorizon/exh-cli",
-  "version": "1.8.2",
+  "version": "1.9.0-dev-85-4c62b0a",
   "main": "build/index.js",
   "exports": "./build/index.js",
   "license": "MIT",
@@ -15,6 +15,7 @@
     "clean": "rimraf build",
     "build": "yarn clean && tsc",
     "test": "jest",
+    "test:ci": "jest --silent",
     "lint": "eslint src tests --ext .ts"
   },
   "bin": {