UNPKG

@atomist/sdm-core/src/lib/handlers/common/GitHubCredentialsResolver.ts

Version:

6.17 kBPlain TextView Raw

1/*
* Copyright © 2019 Atomist, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
16
17import {
  AutomationContextAware,
  configurationValue,
  HandlerContext,
  Parameters,
  ProjectOperationCredentials,
  RemoteRepoRef,
  Secret,
  Secrets,
26} from "@atomist/automation-client";
27import { ProviderType as RepoProviderType } from "@atomist/automation-client/lib/operations/common/RepoId";
28import { CredentialsResolver } from "@atomist/sdm";
29import * as _ from "lodash";
30import {
  GitHubAppInstallationByOwner,
  ProviderType,
  ScmProviderByType,
34} from "../../typings/types";
35
36/**
* Type to implement different strategies to obtain a GitHub token
*/
39type ObtainToken = (context: HandlerContext, id?: RemoteRepoRef) => Promise<string | undefined>;
40
41@Parameters()
42export class GitHubCredentialsResolver implements CredentialsResolver {
43
  @Secret(Secrets.OrgToken)
  public readonly orgToken: string;
46
  public async eventHandlerCredentials(context: HandlerContext,
                                       id?: RemoteRepoRef): Promise<ProjectOperationCredentials> {
      return this.credentials(
          [
              obtainTokenFromConfiguration(this),
              ObtainTokenFromIncomingMessage,
              ObtainTokenFromGitHubApp,
              ObtainTokenFromProvider,
          ],
          context,
          id);
  }
59
  public async commandHandlerCredentials(context: HandlerContext,
                                         id?: RemoteRepoRef): Promise<ProjectOperationCredentials> {
      return this.credentials(
          [
              ObtainTokenFromIncomingMessage,
              obtainTokenFromConfiguration(this),
              ObtainTokenFromGitHubApp,
              ObtainTokenFromProvider,
          ],
          context,
          id);
  }
72
  private async credentials(obtainTokens: ObtainToken[],
                            context: HandlerContext,
                            id?: RemoteRepoRef): Promise<ProjectOperationCredentials> {
76
      for (const obtainToken of obtainTokens) {
          const token = await obtainToken(context, id);
          if (hasToken(token)) {
              return { token };
          }
      }
83
      throw new Error("No GitHub token available! Please add a token to the SDM configuration at 'sdm.github.token' "
          + "or authenticate the GitHub SCM provider from the web app or CLI.");
  }
87}
88
89/**
* Obtain a org or user token from the incoming event or command invocation
*/
92const ObtainTokenFromIncomingMessage: ObtainToken = async ctx => {
  // Try to obtain the token from the incoming event or command
  const actx: AutomationContextAware = ctx as any;
  if (!!actx.trigger && !!actx.trigger.secrets) {
      let secret = actx.trigger.secrets.find(s => s.uri === Secrets.OrgToken);
      if (secret && hasToken(secret.value)) {
          return secret.value;
      }
      secret = actx.trigger.secrets.find(s => s.uri.startsWith(Secrets.UserToken));
      if (secret && hasToken(secret.value)) {
          return secret.value;
      }
  }
  return undefined;
106};
107
108/**
* Obtain a token from an SCMProvider
*/
111const ObtainTokenFromProvider: ObtainToken = async (ctx, id) => {
  // Check the graph to see if we have a token on the provider
  if (!!id && (id.providerType === RepoProviderType.github_com)) {
      const token = await fetchTokenByProviderType(ProviderType.github_com, ctx);
      if (hasToken(token)) {
          return token;
      }
  }
  return undefined;
120};
121
122/**
* Obtain a token from an GitHubAppInstallation
*/
125const ObtainTokenFromGitHubApp: ObtainToken = async (ctx, id) => {
  // Check the graph to see if we have a token on the GitHubAppInstallation
  if (!!id && (id.providerType === RepoProviderType.github_com)) {
      const token = await fetchTokenByGitHubAppName(id.owner, ctx);
      if (hasToken(token)) {
          return token;
      }
  }
  return undefined;
134};
135
136/**
* Obtain a token from the SDM configuration
*/
139function obtainTokenFromConfiguration(resolver: GitHubCredentialsResolver): ObtainToken {
  return async () => {
      if (hasToken(configurationValue("token", "null"))) {
          return configurationValue<string>("token");
      } else if (hasToken(configurationValue("sdm.github.token", "null"))) {
          return configurationValue<string>("sdm.github.token");
      }
      return undefined;
  };
148}
149
150function hasToken(token: string): boolean {
  if (!token) {
      return false;
      // "null" as string is being sent when the orgToken can't be determined by the api
  } else if (token === "null" || token === "undefined") {
      return false;
  }
  return true;
158}
159
160async function fetchTokenByProviderType(providerType: ProviderType,
                                      ctx: HandlerContext): Promise<string> {
  const provider = await ctx.graphClient.query<ScmProviderByType.Query, ScmProviderByType.Variables>({
      name: "ScmProviderByType",
      variables: {
          providerType,
      },
  });
168
  return _.get(provider, "SCMProvider[0].credential.secret");
170}
171
172async function fetchTokenByGitHubAppName(owner: string,
                                       ctx: HandlerContext): Promise<string> {
  const app = await ctx.graphClient.query<GitHubAppInstallationByOwner.Query, GitHubAppInstallationByOwner.Variables>({
      name: "GitHubAppInstallationByOwner",
      variables: {
          name: owner,
      },
  });
180
  return _.get(app, "GitHubAppInstallation[0].token.secret");
182}

1	`/*`
2	`* Copyright © 2019 Atomist, Inc.`
3	`*`
4	`* Licensed under the Apache License, Version 2.0 (the "License");`
5	`* you may not use this file except in compliance with the License.`
6	`* You may obtain a copy of the License at`
7	`*`
8	`* http://www.apache.org/licenses/LICENSE-2.0`
9	`*`
10	`* Unless required by applicable law or agreed to in writing, software`
11	`* distributed under the License is distributed on an "AS IS" BASIS,`
12	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
13	`* See the License for the specific language governing permissions and`
14	`* limitations under the License.`
15	`*/`
16
17	`import {`
18	`AutomationContextAware,`
19	`configurationValue,`
20	`HandlerContext,`
21	`Parameters,`
22	`ProjectOperationCredentials,`
23	`RemoteRepoRef,`
24	`Secret,`
25	`Secrets,`
26	`} from "@atomist/automation-client";`
27	`import { ProviderType as RepoProviderType } from "@atomist/automation-client/lib/operations/common/RepoId";`
28	`import { CredentialsResolver } from "@atomist/sdm";`
29	`import * as _ from "lodash";`
30	`import {`
31	`GitHubAppInstallationByOwner,`
32	`ProviderType,`
33	`ScmProviderByType,`
34	`} from "../../typings/types";`
35
36	`/**`
37	`* Type to implement different strategies to obtain a GitHub token`
38	`*/`
39	`type ObtainToken = (context: HandlerContext, id?: RemoteRepoRef) => Promise<string \| undefined>;`
40
41	`@Parameters()`
42	`export class GitHubCredentialsResolver implements CredentialsResolver {`
43
44	`@Secret(Secrets.OrgToken)`
45	`public readonly orgToken: string;`
46
47	`public async eventHandlerCredentials(context: HandlerContext,`
48	`id?: RemoteRepoRef): Promise<ProjectOperationCredentials> {`
49	`return this.credentials(`
50	`[`
51	`obtainTokenFromConfiguration(this),`
52	`ObtainTokenFromIncomingMessage,`
53	`ObtainTokenFromGitHubApp,`
54	`ObtainTokenFromProvider,`
55	`],`
56	`context,`
57	`id);`
58	`}`
59
60	`public async commandHandlerCredentials(context: HandlerContext,`
61	`id?: RemoteRepoRef): Promise<ProjectOperationCredentials> {`
62	`return this.credentials(`
63	`[`
64	`ObtainTokenFromIncomingMessage,`
65	`obtainTokenFromConfiguration(this),`
66	`ObtainTokenFromGitHubApp,`
67	`ObtainTokenFromProvider,`
68	`],`
69	`context,`
70	`id);`
71	`}`
72
73	`private async credentials(obtainTokens: ObtainToken[],`
74	`context: HandlerContext,`
75	`id?: RemoteRepoRef): Promise<ProjectOperationCredentials> {`
76
77	`for (const obtainToken of obtainTokens) {`
78	`const token = await obtainToken(context, id);`
79	`if (hasToken(token)) {`
80	`return { token };`
81	`}`
82	`}`
83
84	`throw new Error("No GitHub token available! Please add a token to the SDM configuration at 'sdm.github.token' "`
85	`+ "or authenticate the GitHub SCM provider from the web app or CLI.");`
86	`}`
87	`}`
88
89	`/**`
90	`* Obtain a org or user token from the incoming event or command invocation`
91	`*/`
92	`const ObtainTokenFromIncomingMessage: ObtainToken = async ctx => {`
93	`// Try to obtain the token from the incoming event or command`
94	`const actx: AutomationContextAware = ctx as any;`
95	`if (!!actx.trigger && !!actx.trigger.secrets) {`
96	`let secret = actx.trigger.secrets.find(s => s.uri === Secrets.OrgToken);`
97	`if (secret && hasToken(secret.value)) {`
98	`return secret.value;`
99	`}`
100	`secret = actx.trigger.secrets.find(s => s.uri.startsWith(Secrets.UserToken));`
101	`if (secret && hasToken(secret.value)) {`
102	`return secret.value;`
103	`}`
104	`}`
105	`return undefined;`
106	`};`
107
108	`/**`
109	`* Obtain a token from an SCMProvider`
110	`*/`
111	`const ObtainTokenFromProvider: ObtainToken = async (ctx, id) => {`
112	`// Check the graph to see if we have a token on the provider`
113	`if (!!id && (id.providerType === RepoProviderType.github_com)) {`
114	`const token = await fetchTokenByProviderType(ProviderType.github_com, ctx);`
115	`if (hasToken(token)) {`
116	`return token;`
117	`}`
118	`}`
119	`return undefined;`
120	`};`
121
122	`/**`
123	`* Obtain a token from an GitHubAppInstallation`
124	`*/`
125	`const ObtainTokenFromGitHubApp: ObtainToken = async (ctx, id) => {`
126	`// Check the graph to see if we have a token on the GitHubAppInstallation`
127	`if (!!id && (id.providerType === RepoProviderType.github_com)) {`
128	`const token = await fetchTokenByGitHubAppName(id.owner, ctx);`
129	`if (hasToken(token)) {`
130	`return token;`
131	`}`
132	`}`
133	`return undefined;`
134	`};`
135
136	`/**`
137	`* Obtain a token from the SDM configuration`
138	`*/`
139	`function obtainTokenFromConfiguration(resolver: GitHubCredentialsResolver): ObtainToken {`
140	`return async () => {`
141	`if (hasToken(configurationValue("token", "null"))) {`
142	`return configurationValue<string>("token");`
143	`} else if (hasToken(configurationValue("sdm.github.token", "null"))) {`
144	`return configurationValue<string>("sdm.github.token");`
145	`}`
146	`return undefined;`
147	`};`
148	`}`
149
150	`function hasToken(token: string): boolean {`
151	`if (!token) {`
152	`return false;`
153	`// "null" as string is being sent when the orgToken can't be determined by the api`
154	`} else if (token === "null" \|\| token === "undefined") {`
155	`return false;`
156	`}`
157	`return true;`
158	`}`
159
160	`async function fetchTokenByProviderType(providerType: ProviderType,`
161	`ctx: HandlerContext): Promise<string> {`
162	`const provider = await ctx.graphClient.query<ScmProviderByType.Query, ScmProviderByType.Variables>({`
163	`name: "ScmProviderByType",`
164	`variables: {`
165	`providerType,`
166	`},`
167	`});`
168
169	`return _.get(provider, "SCMProvider[0].credential.secret");`
170	`}`
171
172	`async function fetchTokenByGitHubAppName(owner: string,`
173	`ctx: HandlerContext): Promise<string> {`
174	`const app = await ctx.graphClient.query<GitHubAppInstallationByOwner.Query, GitHubAppInstallationByOwner.Variables>({`
175	`name: "GitHubAppInstallationByOwner",`
176	`variables: {`
177	`name: owner,`
178	`},`
179	`});`
180
181	`return _.get(app, "GitHubAppInstallation[0].token.secret");`
182	`}`