Merge pull request #301 from kexa-io/update-adrien-database-conf

fix: Workspace auth with SP
kexa-io · Nov 27, 2024 · 7cbe3ab · 7cbe3ab
2 parents 5857e3d + fb2248a
commit 7cbe3ab
Show file tree

Hide file tree

Showing 5 changed files with 105 additions and 23 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,4 +16,5 @@ output/*
 savedFolder/*
 config/resources*.html
 config/resources*.json
-.DS_Store
+.DS_Store
+./kubeconfig.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3737,3 +3737,27 @@ Kexa/services/api/decryptApi.service.ts was changed
 documentation/Documentation-Kexa.md was changed
 
 
+## 
+
+### Files added: 0
+
+### Files changed: 0
+
+
+## 
+
+### Files added: 0
+
+### Files changed: 5
+
+.gitignore was changed
+
+CHANGELOG.md was changed
+
+Kexa/services/addOn/googleWorkspaceGathering.service.ts was changed
+
+package.json was changed
+
+pnpm-lock.yaml was changed
+
+
diff --git a/Kexa/services/addOn/googleWorkspaceGathering.service.ts b/Kexa/services/addOn/googleWorkspaceGathering.service.ts
@@ -35,6 +35,7 @@ const path = require('path');
 const {authenticate} = require('@google-cloud/local-auth');
 const {google} = require('googleapis');
 let currentConfig: googleWorkspaceConfig;
+import { JWT } from 'google-auth-library';
 
 /////////////////////////////////////////
 //////   LISTING CLOUD RESOURCES    /////
@@ -45,27 +46,26 @@ let currentConfig: googleWorkspaceConfig;
 // DELETE NOT READ ONLY AND TRY //
 //////////////////////////////////
 const SCOPES = [
-    'https://www.googleapis.com/auth/admin.directory.user.readonly',
-    'https://www.googleapis.com/auth/admin.directory.domain.readonly',
-    'https://www.googleapis.com/auth/admin.directory.group.readonly',
-    'https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly',
-    'https://www.googleapis.com/auth/admin.directory.orgunit.readonly',
-    'https://www.googleapis.com/auth/calendar.readonly',
-    'https://www.googleapis.com/auth/calendar.settings.readonly',
-    'https://www.googleapis.com/auth/calendar.acls.readonly',
-    'https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly',
-    'https://www.googleapis.com/auth/drive.readonly'
+    'https://www.googleapis.com/auth/admin.directory.user',
+    'https://www.googleapis.com/auth/admin.directory.domain',
+    'https://www.googleapis.com/auth/admin.directory.group',
+    'https://www.googleapis.com/auth/admin.directory.rolemanagement',
+    'https://www.googleapis.com/auth/admin.directory.orgunit',
+    'https://www.googleapis.com/auth/calendar',
+    // 'https://www.googleapis.com/auth/calendar.settings.readonly',
+    // 'https://www.googleapis.com/auth/calendar.acls.readonly',
+    'https://www.googleapis.com/auth/admin.directory.resource.calendar',
+    'https://www.googleapis.com/auth/drive'
 ];
 
-//getConfigOrEnvVar();
 const TOKEN_PATH = path.join(process.cwd(), '/config/token_workspace.json');
 const CREDENTIALS_PATH = path.join(process.cwd(), '/config/credentials_workspace.json');
 
+
 export async function collectData(googleWorkspaceConfig:googleWorkspaceConfig[]): Promise<googleWorkspaceResources[] | null> {
     let context = getContext();
     let resources = new Array<googleWorkspaceResources>();
 
-
     for (let config of googleWorkspaceConfig??[]) {
         currentConfig = config;
         let googleWorkspaceResources = {
@@ -80,8 +80,10 @@ export async function collectData(googleWorkspaceConfig:googleWorkspaceConfig[])
         } as googleWorkspaceResources;
         try {
             let prefix = config.prefix??(googleWorkspaceConfig.indexOf(config).toString());
-            // check if workspacecred is a json or a path to json
+
             const workspaceEnvCredentials = await getConfigOrEnvVar(config, "WORKSPACECRED", prefix);
+            const workspaceToken = await getConfigOrEnvVar(config, "WORKSPACETOKEN", prefix);
+
             if (workspaceEnvCredentials && workspaceEnvCredentials.includes(".json")) {
                 const workCred = getFile(JSON.parse(JSON.stringify(workspaceEnvCredentials)));
                 writeStringToJsonFile(workCred as string, path.join(process.cwd(), '/config/credentials_workspace.json'));
@@ -91,8 +93,17 @@ export async function collectData(googleWorkspaceConfig:googleWorkspaceConfig[])
             }
             if (process.env[googleWorkspaceConfig.indexOf(config)+"-WORKSPACETOKEN"])
                 writeStringToJsonFile(await getConfigOrEnvVar(config, "WORKSPACETOKEN", prefix), "./config/token_workspace.json");
-            const auth = await authorize();
-                const promises = [
+            let auth = await authorizeSP(); // for service account
+            if (workspaceEnvCredentials) {
+                if (workspaceEnvCredentials.includes(".json")) {
+                    const workCred = getFile(JSON.parse(JSON.stringify(workspaceEnvCredentials)));
+                    await writeStringToJsonFile(workCred as string, CREDENTIALS_PATH);
+                } else {
+                    await writeStringToJsonFile(workspaceEnvCredentials, CREDENTIALS_PATH);
+                }
+            }
+
+            const promises = [
                     await listUsers(auth),
                     await listDomains(auth),
                     await listGroups(auth),
@@ -129,6 +140,7 @@ export async function collectData(googleWorkspaceConfig:googleWorkspaceConfig[])
     return resources ?? null;
 }
 
+
 async function loadSavedCredentialsIfExist() {
     try {
         const content = await fs.readFile(TOKEN_PATH);
@@ -152,7 +164,30 @@ async function saveCredentials(client: any) {
     await fs.writeFile(TOKEN_PATH, payload);
 }
 
-async function authorize() {
+const authorizeWithToken = async (scopes: string[], user: string)=>{
+
+    const SRVC_ACCOUNT_CREDS = getFile(CREDENTIALS_PATH);
+
+    const auth = new google.auth.GoogleAuth({
+      credentials: SRVC_ACCOUNT_CREDS
+    //   scopes: scopes
+    });
+    const client = await auth.getClient();
+    return client;
+};
+
+async function authorizeSP() {
+    const client = new google.auth.JWT({
+        keyFile: CREDENTIALS_PATH,
+        scopes: SCOPES,
+        subject: '[email protected]', 
+    });
+
+    return client;
+}
+
+async function authorizeUser() {
+
     let client = await loadSavedCredentialsIfExist();
     if (client) {
         return client;
@@ -164,11 +199,15 @@ async function authorize() {
     if (client.credentials) {
         await saveCredentials(client);
     }
+
+
     return client;
 }
 
 async function listUsers(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("user")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     const service = google.admin({version: 'directory_v1', auth});
@@ -212,6 +251,8 @@ async function listUsers(auth: any): Promise<Array<any> | null> {
 }
 async function listDomains(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("domain")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     const admin = google.admin({version: 'directory_v1', auth});
@@ -246,6 +287,8 @@ async function listDomains(auth: any): Promise<Array<any> | null> {
 
 async function listGroups(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("group")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     const admin = google.admin({version: 'directory_v1', auth});
@@ -266,6 +309,8 @@ async function listGroups(auth: any): Promise<Array<any> | null> {
 
 async function listRoles(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("role")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     const service = google.admin({version: 'directory_v1', auth});
@@ -283,6 +328,8 @@ async function listRoles(auth: any): Promise<Array<any> | null> {
 
 async function listOrganizationalUnits(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("orgaunit")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     try {
@@ -302,6 +349,8 @@ async function listOrganizationalUnits(auth: any): Promise<Array<any> | null> {
 }
 async function listCalendars(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("calendar")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     try {
@@ -327,6 +376,8 @@ async function listCalendars(auth: any): Promise<Array<any> | null> {
 
 async function listFiles(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("file")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     try {
@@ -349,6 +400,8 @@ async function listFiles(auth: any): Promise<Array<any> | null> {
 
 async function listDrive(auth: any): Promise<Array<any> | null> {
     if(!currentConfig?.ObjectNameNeed?.includes("drive")) return null;
+    await auth.authorize();
+
     let jsonData = [];
 
     try {

diff --git a/package.json b/package.json
@@ -525,6 +525,7 @@
         "cfonts": "^3.3.0",
         "dotenv": "^16.4.5",
         "extract-zip": "^2.0.1",
+        "google-auth-library": "^9.15.0",
         "googleapis": "^105.0.0",
         "helm-ts": "^0.1.5",
         "js-yaml": "^4.1.0",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml