npm - @extrahorizon/exh-cli - Versions diffs - 1.9.0-feat-90-3dff47e → 1.9.0 - Mend

@extrahorizon/exh-cli 1.9.0-feat-90-3dff47e → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md +1 -0
package/build/commands/tasks/taskConfig.js +7 -0
package/build/commands/tasks/util.js +14 -2
package/build/helpers/util.js +1 -2
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,7 @@
   * Specify the permissions your task needs
   * The CLI automatically creates a user, role, and credentials for your task
   * These credentials are injected as environment variables into the task automatically
+  * If you want to migrate your existing tasks to use this feature, see the [migration guide](https://docs.extrahorizon.com/extrahorizon/migration-guides/execution-credentials-for-tasks).
 ### v1.8.2
 * Updated the ExH SDK to `8.6.0` to fix a security warning from `axios`

package/build/commands/tasks/taskConfig.js CHANGED Viewed

@@ -90,6 +90,13 @@ async function validateConfig(config) {
     else {
         throw new Error('Code path not specified');
     }
+    if (config.executionCredentials && config.environment) {
+        const restrictedProperties = ['API_HOST', 'API_OAUTH_CONSUMER_KEY', 'API_OAUTH_CONSUMER_SECRET', 'API_OAUTH_TOKEN', 'API_OAUTH_TOKEN_SECRET'];
+        const foundProperties = Object.keys(config.environment).filter(key => restrictedProperties.includes(key));
+        if (foundProperties.length > 0) {
+            throw new Error(`❌  Environment variables [${foundProperties.join(', ')}] may not be provided when using executionCredentials`);
+        }
+    }
     assertExecutionPermission(config.executionPermission);
     return true;
 }

package/build/commands/tasks/util.js CHANGED Viewed

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.syncFunctionUser = exports.zipFileFromDirectory = void 0;
 const fs_1 = require("fs");
 const os_1 = require("os");
+const javascript_sdk_1 = require("@extrahorizon/javascript-sdk");
 const archiver = require("archiver");
 const chalk = require("chalk");
 const uuid_1 = require("uuid");
@@ -62,10 +63,21 @@ async function syncFunctionUser(sdk, data) {
         currentFunction?.environmentVariables?.API_OAUTH_CONSUMER_KEY?.value &&
         currentFunction?.environmentVariables?.API_OAUTH_CONSUMER_SECRET?.value);
     if (!hasExistingCredentials) {
-        throw new Error('❌ No credentials were found for the existing user');
+        throw new Error('❌ The user for the task-config.json executionCredentials exists, but no credentials were found in the Function environmentVariables');
+    }
+    const taskUserSdk = (0, javascript_sdk_1.createOAuth1Client)({
+        host: currentFunction.environmentVariables.API_HOST.value,
+        tokenSecret: currentFunction.environmentVariables.API_OAUTH_TOKEN_SECRET.value,
+        token: currentFunction.environmentVariables.API_OAUTH_TOKEN.value,
+        consumerKey: currentFunction.environmentVariables.API_OAUTH_CONSUMER_KEY.value,
+        consumerSecret: currentFunction.environmentVariables.API_OAUTH_CONSUMER_SECRET.value,
+    });
+    const taskUser = await taskUserSdk.users.me();
+    if (taskUser.id !== user.id) {
+        throw new Error(`❌  The credentials found in the Function (${taskUser.email}) do not match the user found for the task-config.json executionCredentials (${user.email})`);
     }
     console.log(chalk.white('⚙️  Reusing existing user credentials...'));
-    const userRole = user.roles.find(({ name }) => name === roleName);
+    const userRole = user.roles?.find(({ name }) => name === roleName);
     if (!userRole) {
         await assignRoleToUser(sdk, user.id, role.id);
     }

package/build/helpers/util.js CHANGED Viewed

@@ -38,10 +38,9 @@ async function asyncExec(cmd) {
 exports.asyncExec = asyncExec;
 function loadAndAssertCredentials() {
     const credentials = {};
-    let credentialsFile;
     let errorMessage = '';
     try {
-        credentialsFile = fs.readFileSync(constants_1.EXH_CONFIG_FILE, 'utf-8');
+        const credentialsFile = fs.readFileSync(constants_1.EXH_CONFIG_FILE, 'utf-8');
         const credentialFileLines = credentialsFile.split(/\r?\n/);
         for (const credentialFileLine of credentialFileLines) {
             const [key, value] = credentialFileLine.split('=');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@extrahorizon/exh-cli",
-  "version": "1.9.0-feat-90-3dff47e",
+  "version": "1.9.0",
   "main": "build/index.js",
   "exports": "./build/index.js",
   "license": "MIT",