npm - @extrahorizon/exh-cli - Versions diffs - 1.8.2 → 1.9.0-dev-86-1fadbca - Mend

@extrahorizon/exh-cli 1.8.2 → 1.9.0-dev-86-1fadbca

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/CHANGELOG.md +6 -0
package/build/commands/tasks/sync.js +22 -4
package/build/commands/tasks/taskConfig.d.ts +4 -0
package/build/commands/tasks/taskConfig.js +4 -0
package/build/commands/tasks/util.d.ts +9 -0
package/build/commands/tasks/util.js +106 -1
package/build/exh.js +7 -38
package/build/helpers/util.d.ts +1 -0
package/build/helpers/util.js +33 -1
package/build/repositories/auth.d.ts +1 -0
package/build/repositories/auth.js +6 -1
package/build/repositories/functions.js +5 -1
package/build/repositories/user.d.ts +9 -0
package/build/repositories/user.js +38 -0
package/package.json +2 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # Extra Horizon CLI changelog
+### v1.9.0
+* Introduced the `executionCredentials` field in the task configuration:
+  * Specify the permissions your task needs
+  * The CLI automatically creates a user, role, and credentials for your task
+  * These credentials are injected as environment variables into the task automatically
 ### v1.8.2
 * Updated the ExH SDK to `8.6.0` to fix a security warning from `axios`

package/build/commands/tasks/sync.js CHANGED Viewed

@@ -96,13 +96,31 @@ async function syncSingleTask(sdk, config) {
     if (config.memoryLimit) {
         request.memoryLimit = config.memoryLimit;
     }
-    if (config.environment) {
-        request.environmentVariables =
-            Object.entries(config.environment).reduce((prev, curr) => ({ ...prev, [curr[0]]: { value: curr[1] } }), {});
-    }
     if (config.retryPolicy) {
         request.retryPolicy = config.retryPolicy;
     }
+    if (config.executionCredentials) {
+        const credentials = await (0, util_2.syncFunctionUser)(sdk, {
+            taskName: config.name,
+            targetEmail: config.executionCredentials.email,
+            targetPermissions: config.executionCredentials.permissions,
+        });
+        config.environment = {
+            ...config.environment,
+            API_HOST: process.env.API_HOST,
+            API_OAUTH_CONSUMER_KEY: process.env.API_OAUTH_CONSUMER_KEY,
+            API_OAUTH_CONSUMER_SECRET: process.env.API_OAUTH_CONSUMER_SECRET,
+            API_OAUTH_TOKEN: credentials.token,
+            API_OAUTH_TOKEN_SECRET: credentials.tokenSecret,
+        };
+    }
+    if (config.environment) {
+        const environmentVariables = {};
+        for (const [key, value] of Object.entries(config.environment)) {
+            environmentVariables[key] = { value };
+        }
+        request.environmentVariables = environmentVariables;
+    }
     if (myFunction === undefined) {
         await functionRepository.create(sdk, request);
         console.log(chalk.green('Successfully created task', config.name));

package/build/commands/tasks/taskConfig.d.ts CHANGED Viewed

@@ -17,6 +17,10 @@ export interface TaskConfig {
         enabled: boolean;
         errorsToRetry: string[];
     };
+    executionCredentials?: {
+        email?: string;
+        permissions: string[];
+    };
 }
 export declare function assertExecutionPermission(mode: string): asserts mode is permissionModes | undefined;
 export declare function validateConfig(config: TaskConfig): Promise<boolean>;

package/build/commands/tasks/taskConfig.js CHANGED Viewed

@@ -26,6 +26,10 @@ const taskConfigSchema = Joi.object({
     }),
     environment: Joi.object().pattern(/.*/, Joi.string()),
     executionPermission: Joi.string().valid(...Object.values(permissionModes)),
+    executionCredentials: Joi.object({
+        email: Joi.string(),
+        permissions: Joi.array().items(Joi.string()).required(),
+    }),
 });
 function assertExecutionPermission(mode) {
     if (mode !== undefined && !Object.values(permissionModes).includes(mode)) {

package/build/commands/tasks/util.d.ts CHANGED Viewed

@@ -1 +1,10 @@
+import { OAuth1Client } from '@extrahorizon/javascript-sdk';
 export declare function zipFileFromDirectory(path: string): Promise<string>;
+export declare function syncFunctionUser(sdk: OAuth1Client, data: {
+    taskName: string;
+    targetEmail?: string;
+    targetPermissions: string[];
+}): Promise<{
+    token: any;
+    tokenSecret: any;
+}>;

package/build/commands/tasks/util.js CHANGED Viewed

@@ -1,10 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.zipFileFromDirectory = void 0;
+exports.syncFunctionUser = exports.zipFileFromDirectory = void 0;
 const fs_1 = require("fs");
 const os_1 = require("os");
 const archiver = require("archiver");
+const chalk = require("chalk");
 const uuid_1 = require("uuid");
+const authRepository = require("../../repositories/auth");
+const functionRepository = require("../../repositories/functions");
+const userRepository = require("../../repositories/user");
 async function zipFileFromDirectory(path) {
     return new Promise((res, rej) => {
         const tmpPath = `${(0, os_1.tmpdir)()}/${(0, uuid_1.v4)()}`;
@@ -25,3 +29,104 @@ async function zipFileFromDirectory(path) {
     });
 }
 exports.zipFileFromDirectory = zipFileFromDirectory;
+async function syncFunctionUser(sdk, data) {
+    const { taskName, targetEmail, targetPermissions } = data;
+    const email = targetEmail || `exh.tasks+${taskName}@extrahorizon.com`;
+    validateEmail(email);
+    const password = `0Oo-${(0, uuid_1.v4)()}`;
+    const roleName = `exh.tasks.${taskName}`;
+    const role = await syncRoleWithPermissions(sdk, taskName, roleName, targetPermissions);
+    let user = await userRepository.findUserByEmail(sdk, email);
+    console.group(chalk.white(`🔄  Syncing user: ${email}`));
+    if (!user) {
+        console.log(chalk.white('⚙️  Creating the user...'));
+        user = await userRepository.createUser(sdk, {
+            firstName: `${taskName}`,
+            lastName: 'exh.tasks',
+            email,
+            password,
+            phoneNumber: '0000000000',
+            language: 'EN',
+        });
+        await assignRoleToUser(sdk, user.id, role.id);
+        const oAuth1Tokens = await createOAuth1Tokens(sdk, email, password);
+        console.groupEnd();
+        console.log(chalk.green('✅  Successfully synced user'));
+        console.log('');
+        return oAuth1Tokens;
+    }
+    const currentFunction = await functionRepository.findByName(sdk, taskName);
+    const hasExistingCredentials = (currentFunction?.environmentVariables?.API_HOST?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_TOKEN_SECRET?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_TOKEN?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_CONSUMER_KEY?.value &&
+        currentFunction?.environmentVariables?.API_OAUTH_CONSUMER_SECRET?.value);
+    if (!hasExistingCredentials) {
+        throw new Error('❌ No credentials were found for the existing user');
+    }
+    console.log(chalk.white('⚙️  Reusing existing user credentials...'));
+    const userRole = user.roles.find(({ name }) => name === roleName);
+    if (!userRole) {
+        await assignRoleToUser(sdk, user.id, role.id);
+    }
+    console.groupEnd();
+    console.log(chalk.green('✅  Successfully synced user'));
+    console.log('');
+    return {
+        token: currentFunction.environmentVariables.API_OAUTH_TOKEN.value,
+        tokenSecret: currentFunction.environmentVariables.API_OAUTH_TOKEN_SECRET.value,
+    };
+}
+exports.syncFunctionUser = syncFunctionUser;
+async function syncRoleWithPermissions(sdk, taskName, roleName, targetPermissions) {
+    console.group(chalk.white(`🔄  Syncing role: ${roleName}`));
+    if (targetPermissions.length === 0) {
+        console.log(chalk.yellow('⚠️  The executionCredentials.permissions field has no permissions defined'));
+    }
+    let role = await userRepository.findGlobalRoleByName(sdk, roleName);
+    if (!role) {
+        console.log(chalk.white('⚙️  Creating the role...'));
+        const roleDescription = `A role created by the CLI for the execution of the task ${taskName}`;
+        role = await userRepository.createGlobalRole(sdk, roleName, roleDescription);
+        if (targetPermissions.length !== 0) {
+            await userRepository.addPermissionsToGlobalRole(sdk, roleName, targetPermissions);
+        }
+        console.log(chalk.white(`🔐  Permissions added: [${targetPermissions.join(', ')}]`));
+        console.groupEnd();
+        console.log(chalk.green('✅  Successfully synced role'));
+        console.log('');
+        return role;
+    }
+    console.log(chalk.white('⚙️  Updating the role...'));
+    const currentPermissions = role.permissions?.flatMap(permission => permission.name) || [];
+    const permissionsToAdd = targetPermissions.filter(targetPermission => !currentPermissions.includes(targetPermission));
+    const permissionsToRemove = currentPermissions.filter(currentPermission => !targetPermissions.includes(currentPermission));
+    if (permissionsToAdd.length > 0) {
+        await userRepository.addPermissionsToGlobalRole(sdk, roleName, permissionsToAdd);
+        console.log(chalk.white(`🔐  Permissions added: [${permissionsToAdd.join(',')}]`));
+    }
+    if (permissionsToRemove.length > 0) {
+        await userRepository.removePermissionsFromGlobalRole(sdk, roleName, permissionsToRemove);
+        console.log(chalk.white(`🔐  Permissions removed: [${permissionsToRemove.join(',')}]`));
+    }
+    console.groupEnd();
+    console.log(chalk.green('✅  Successfully synced role'));
+    console.log('');
+    return role;
+}
+async function assignRoleToUser(sdk, userId, roleId) {
+    console.log(chalk.white('⚙️  Assigning the role to the user...'));
+    await userRepository.addGlobalRoleToUser(sdk, userId, roleId);
+}
+async function createOAuth1Tokens(sdk, email, password) {
+    console.log(chalk.white('⚙️  Creating credentials...'));
+    const response = await authRepository.createOAuth1Tokens(sdk, email, password);
+    const { token, tokenSecret } = response;
+    return { token, tokenSecret };
+}
+function validateEmail(email) {
+    const emailRegex = /.+@.+\..+/;
+    if (email.length < 3 || email.length > 256 || !emailRegex.test(email)) {
+        throw new Error('Invalid email address');
+    }
+}

package/build/exh.js CHANGED Viewed

@@ -1,9 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.sdkAuth = exports.sdkInitOnly = void 0;
-const fs = require("fs");
 const javascript_sdk_1 = require("@extrahorizon/javascript-sdk");
-const constants_1 = require("./constants");
+const util_1 = require("./helpers/util");
 let sdk = null;
 function sdkInitOnly(apiHost, consumerKey, consumerSecret) {
     sdk = (0, javascript_sdk_1.createOAuth1Client)({
@@ -15,46 +14,16 @@ function sdkInitOnly(apiHost, consumerKey, consumerSecret) {
 }
 exports.sdkInitOnly = sdkInitOnly;
 async function sdkAuth() {
-    let credentials = {};
-    let haveCredFile = false;
-    const needed = ['API_HOST', 'API_OAUTH_CONSUMER_KEY', 'API_OAUTH_CONSUMER_SECRET', 'API_OAUTH_TOKEN', 'API_OAUTH_TOKEN_SECRET'];
-    const error = missing => {
-        let message = 'Failed to retrieve all credentials. ';
-        if (!haveCredFile) {
-            message += 'Couldn\'t open ~/.exh/credentials. ';
-        }
-        if (missing.length) {
-            message += `Missing properties: ${missing.join(',')}`;
-        }
-        throw new Error(message);
-    };
-    try {
-        const credentialsFile = fs.readFileSync(constants_1.EXH_CONFIG_FILE, 'utf-8');
-        haveCredFile = true;
-        credentials = credentialsFile
-            .split(/\r?\n/).map(l => l.split(/=/)).filter(i => i.length === 2)
-            .reduce((r, v) => { r[v[0].trim()] = v[1].trim(); return r; }, {});
-        for (const k of Object.keys(credentials)) {
-            if (!process.env[k]) {
-                process.env[k] = credentials[k];
-            }
-        }
-    }
-    catch (err) { }
-    needed.forEach(v => { credentials[v] = process.env[v] ?? credentials[v]; });
-    const missingProperties = needed.filter(p => credentials[p] === undefined);
-    if (missingProperties.length) {
-        error(missingProperties);
-    }
+    (0, util_1.loadAndAssertCredentials)();
     sdk = (0, javascript_sdk_1.createOAuth1Client)({
-        consumerKey: credentials.API_OAUTH_CONSUMER_KEY,
-        consumerSecret: credentials.API_OAUTH_CONSUMER_SECRET,
-        host: credentials.API_HOST,
+        host: process.env.API_HOST,
+        consumerKey: process.env.API_OAUTH_CONSUMER_KEY,
+        consumerSecret: process.env.API_OAUTH_CONSUMER_SECRET,
     });
     try {
         await sdk.auth.authenticate({
-            token: credentials.API_OAUTH_TOKEN,
-            tokenSecret: credentials.API_OAUTH_TOKEN_SECRET,
+            token: process.env.API_OAUTH_TOKEN,
+            tokenSecret: process.env.API_OAUTH_TOKEN_SECRET,
         });
     }
     catch (err) {

package/build/helpers/util.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 import * as yargs from 'yargs';
 export declare function epilogue(y: yargs.Argv): yargs.Argv;
 export declare function asyncExec(cmd: string): Promise<string>;
+export declare function loadAndAssertCredentials(): void;

package/build/helpers/util.js CHANGED Viewed

@@ -1,8 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.asyncExec = exports.epilogue = void 0;
+exports.loadAndAssertCredentials = exports.asyncExec = exports.epilogue = void 0;
 const child_process_1 = require("child_process");
+const fs = require("fs");
 const chalk = require("chalk");
+const constants_1 = require("../constants");
 const error_1 = require("./error");
 function epilogue(y) {
     return y.epilogue('Visit https://docs.extrahorizon.com/extrahorizon-cli/ for more information.').fail((msg, err, argv) => {
@@ -34,3 +36,33 @@ async function asyncExec(cmd) {
     });
 }
 exports.asyncExec = asyncExec;
+function loadAndAssertCredentials() {
+    const credentials = {};
+    let credentialsFile;
+    let errorMessage = '';
+    try {
+        credentialsFile = fs.readFileSync(constants_1.EXH_CONFIG_FILE, 'utf-8');
+    }
+    catch (e) {
+        errorMessage += 'Couldn\'t open ~/.exh/credentials. ';
+    }
+    const credentialFileLines = credentialsFile.split(/\r?\n/);
+    for (const credentialFileLine of credentialFileLines) {
+        const [key, value] = credentialFileLine.split('=');
+        if (key && value) {
+            credentials[key.trim()] = value.trim();
+        }
+    }
+    const requiredEnvVariables = ['API_HOST', 'API_OAUTH_CONSUMER_KEY', 'API_OAUTH_CONSUMER_SECRET', 'API_OAUTH_TOKEN', 'API_OAUTH_TOKEN_SECRET'];
+    for (const key of requiredEnvVariables) {
+        if (credentials[key] && !process.env[key]) {
+            process.env[key] = credentials[key];
+        }
+    }
+    const missingEnvironmentVariables = requiredEnvVariables.filter(key => !process.env[key]);
+    if (missingEnvironmentVariables.length > 0) {
+        errorMessage += `Missing environment variables: ${missingEnvironmentVariables.join(',')}`;
+        throw new Error(`Failed to retrieve all credentials. ${errorMessage}`);
+    }
+}
+exports.loadAndAssertCredentials = loadAndAssertCredentials;

package/build/repositories/auth.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 import { OAuth1Client } from '@extrahorizon/javascript-sdk';
 export declare function getHost(sdk: OAuth1Client): string;
+export declare function createOAuth1Tokens(sdk: OAuth1Client, email: string, password: string): Promise<any>;
 export declare function fetchMe(sdk: OAuth1Client): Promise<import("@extrahorizon/javascript-sdk").UserData>;

package/build/repositories/auth.js CHANGED Viewed

@@ -1,10 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.fetchMe = exports.getHost = void 0;
+exports.fetchMe = exports.createOAuth1Tokens = exports.getHost = void 0;
 function getHost(sdk) {
     return sdk?.raw?.defaults?.baseURL;
 }
 exports.getHost = getHost;
+async function createOAuth1Tokens(sdk, email, password) {
+    const response = await sdk.raw.post('/auth/v2/oauth1/tokens', { email, password });
+    return response.data;
+}
+exports.createOAuth1Tokens = createOAuth1Tokens;
 async function fetchMe(sdk) {
     return await sdk?.users.me();
 }

package/build/repositories/functions.js CHANGED Viewed

@@ -7,7 +7,11 @@ async function find(sdk) {
 }
 exports.find = find;
 async function findByName(sdk, name) {
-    const response = await sdk.raw.get(`/tasks/v1/functions/${name}`);
+    const response = await sdk.raw.get(`/tasks/v1/functions/${name}`, { customResponseKeys: ['*'] })
+        .catch(e => e);
+    if (response.status === 404) {
+        return undefined;
+    }
     return response.data;
 }
 exports.findByName = findByName;

package/build/repositories/user.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { OAuth1Client, RegisterUserData } from '@extrahorizon/javascript-sdk';
+export declare function findUserByEmail(sdk: OAuth1Client, email: string): Promise<import("@extrahorizon/javascript-sdk").UserData>;
+export declare function isEmailAvailable(sdk: OAuth1Client, email: string): Promise<boolean>;
+export declare function createUser(sdk: OAuth1Client, data: RegisterUserData): Promise<import("@extrahorizon/javascript-sdk").UserData>;
+export declare function findGlobalRoleByName(sdk: OAuth1Client, name: string): Promise<import("@extrahorizon/javascript-sdk").Role>;
+export declare function createGlobalRole(sdk: OAuth1Client, name: string, description: string): Promise<import("@extrahorizon/javascript-sdk").Role>;
+export declare function addPermissionsToGlobalRole(sdk: OAuth1Client, name: string, permissions: string[]): Promise<import("@extrahorizon/javascript-sdk").AffectedRecords>;
+export declare function removePermissionsFromGlobalRole(sdk: OAuth1Client, name: string, permissions: string[]): Promise<import("@extrahorizon/javascript-sdk").AffectedRecords>;
+export declare function addGlobalRoleToUser(sdk: OAuth1Client, userId: string, roleId: string): Promise<import("@extrahorizon/javascript-sdk").AffectedRecords>;

package/build/repositories/user.js ADDED Viewed

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.addGlobalRoleToUser = exports.removePermissionsFromGlobalRole = exports.addPermissionsToGlobalRole = exports.createGlobalRole = exports.findGlobalRoleByName = exports.createUser = exports.isEmailAvailable = exports.findUserByEmail = void 0;
+const javascript_sdk_1 = require("@extrahorizon/javascript-sdk");
+async function findUserByEmail(sdk, email) {
+    const rql = (0, javascript_sdk_1.rqlBuilder)().eq('email', email).build();
+    return await sdk.users.findFirst({ rql });
+}
+exports.findUserByEmail = findUserByEmail;
+async function isEmailAvailable(sdk, email) {
+    const { emailAvailable } = await sdk.users.isEmailAvailable(email);
+    return emailAvailable;
+}
+exports.isEmailAvailable = isEmailAvailable;
+async function createUser(sdk, data) {
+    return await sdk.users.createAccount(data);
+}
+exports.createUser = createUser;
+async function findGlobalRoleByName(sdk, name) {
+    return await sdk.users.globalRoles.findByName(name);
+}
+exports.findGlobalRoleByName = findGlobalRoleByName;
+async function createGlobalRole(sdk, name, description) {
+    return await sdk.users.globalRoles.create({ name, description });
+}
+exports.createGlobalRole = createGlobalRole;
+async function addPermissionsToGlobalRole(sdk, name, permissions) {
+    return await sdk.users.globalRoles.addPermissions((0, javascript_sdk_1.rqlBuilder)().eq('name', name).build(), { permissions });
+}
+exports.addPermissionsToGlobalRole = addPermissionsToGlobalRole;
+async function removePermissionsFromGlobalRole(sdk, name, permissions) {
+    return await sdk.users.globalRoles.removePermissions((0, javascript_sdk_1.rqlBuilder)().eq('name', name).build(), { permissions });
+}
+exports.removePermissionsFromGlobalRole = removePermissionsFromGlobalRole;
+async function addGlobalRoleToUser(sdk, userId, roleId) {
+    return await sdk.users.globalRoles.addToUsers((0, javascript_sdk_1.rqlBuilder)().eq('id', userId).build(), { roles: [roleId] });
+}
+exports.addGlobalRoleToUser = addGlobalRoleToUser;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@extrahorizon/exh-cli",
-  "version": "1.8.2",
+  "version": "1.9.0-dev-86-1fadbca",
   "main": "build/index.js",
   "exports": "./build/index.js",
   "license": "MIT",
@@ -15,6 +15,7 @@
     "clean": "rimraf build",
     "build": "yarn clean && tsc",
     "test": "jest",
+    "test:ci": "jest --silent",
     "lint": "eslint src tests --ext .ts"
   },
   "bin": {