Merge pull request #62 from mondaycom/feature/shaika/use-compute-auth…

…-client Use compute auth client
mondaycom · Jun 26, 2024 · 15e269e · 15e269e
2 parents a788433 + 364f895
commit 15e269e
Show file tree

Hide file tree

Showing 6 changed files with 923 additions and 1,170 deletions.
diff --git a/.github/workflows/npm-publish-beta.yml b/.github/workflows/npm-publish-beta.yml
@@ -13,11 +13,15 @@ jobs:
           node-version: 18.12.1
           registry-url: https://registry.npmjs.org/
       - run: yarn prepublish-and-build
+      - name: Validate version
+        run: |
+          version=$(jq -r .version package.json)
+          echo $version | grep -q "\-beta"
       - run: npm publish --tag beta
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
       - uses: "marvinpinto/action-automatic-releases@latest"
         with:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"
           prerelease: false
-          automatic_release_tag: latest
+          automatic_release_tag: latest
diff --git a/lib/gcp/gcp.ts b/lib/gcp/gcp.ts
@@ -1,4 +1,4 @@
-import { GoogleAuth } from 'google-auth-library';
+import { Compute, GoogleAuth } from 'google-auth-library';
 import jwt from 'jsonwebtoken';
 import fetch from 'node-fetch';
 
@@ -10,12 +10,13 @@ import { getMondayCodeContext, validateEnvironment } from 'utils/env';
 import { Logger } from 'utils/logger';
 
 const logger = new Logger('SecureStorage', { mondayInternal: true });
+const googleAuthClient = new GoogleAuth({authClient: new Compute()});
+googleAuthClient.defaultScopes = [GCP_SCOPES.CLOUD_PLATFORM];
 
 const generateJwtSigningUrl = (serviceAccountEmail: string) => `https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${serviceAccountEmail}:signJwt`;
 
 const generateGcpIdentityToken = async (): Promise<Token> => {
   const { secureStorageAddress } = getMondayCodeContext();
-  const googleAuthClient = new GoogleAuth();
   const idTokenClient = await googleAuthClient.getIdTokenClient(secureStorageAddress);
   const identityToken = await idTokenClient.idTokenProvider.fetchIdToken(secureStorageAddress);
   return identityToken;
@@ -49,13 +50,10 @@ const validateGcpResponse = (response: SignJwtResponse): void => {
 };
 
 export const getGcpConnectionData = async (): Promise<GcpConnectionData> => {
-  validateEnvironment();
-
-  const auth = new GoogleAuth();
-  auth.defaultScopes = [GCP_SCOPES.CLOUD_PLATFORM];
-  const projectId = await auth.getProjectId();
-  const serviceAccountEmail = (await auth.getCredentials()).client_email as string;
-  const accessToken = await auth.getAccessToken() as string;
+  validateEnvironment();  
+  const projectId = await googleAuthClient.getProjectId();
+  const serviceAccountEmail = (await googleAuthClient.getCredentials()).client_email as string;
+  const accessToken = await googleAuthClient.getAccessToken() as string;
   const issueTimeInSeconds = Math.floor(Date.now() / 1000);
   // vault will only accept tokens that are good for less than 900 seconds.
   const expirationInSeconds = issueTimeInSeconds + 899;

diff --git a/lib/minimal-package.ts b/lib/minimal-package.ts
@@ -1 +1 @@
-export default { name: '@mondaycom/apps-sdk', version: '3.0.7' };
+export default { name: '@mondaycom/apps-sdk', version: '3.0.11' };
diff --git a/lib/queue/queue.ts b/lib/queue/queue.ts
@@ -1,44 +1,49 @@
 import { PubSub } from '@google-cloud/pubsub';
+import { Compute, GoogleAuth } from 'google-auth-library';
+import { JSONClient } from 'google-auth-library/build/src/auth/googleauth';
 
-import {BadRequestError, InternalServerError} from 'errors/apps-sdk-error';
+import { BadRequestError, InternalServerError } from 'errors/apps-sdk-error';
 import { IQueue } from 'types/queue';
 import { Logger } from 'utils/logger';
 
 const logger = new Logger('Queue', { mondayInternal: true });
 
 export class QueueProd implements IQueue {
-    private pubSubClient: PubSub;
-    constructor() {
-        this.pubSubClient = new PubSub();
+  private pubSubClient: PubSub;
+
+  constructor() {
+    const computeClient = new Compute();
+    const auth = new GoogleAuth({ authClient: computeClient }) as unknown as GoogleAuth<JSONClient>;
+    this.pubSubClient = new PubSub({ auth });
+  }
+
+  async publishMessage(message: (Uint8Array | string), options?: { topicName: string }): Promise<string> {
+    const topicName = options?.topicName || process.env.MNDY_TOPIC_NAME;
+    if (!topicName) {
+      throw new BadRequestError('topicName is missing or empty.');
     }
-
-    async publishMessage(message: (Uint8Array|string), options?: { topicName: string }): Promise<string> {
-        const topicName = options?.topicName || process.env.MNDY_TOPIC_NAME;
-        if (!topicName) {
-            throw new BadRequestError('topicName is missing or empty.');
-        }
-
-        try {
-            const data = (typeof message === 'string') ? Buffer.from(message) : message;
-            const messageId = await this.pubSubClient
-                .topic(topicName)
-                .publishMessage({data, attributes: {'Content-Type': 'application/json'}});
-            return messageId;
-        } catch (err) {
-            logger.error(JSON.stringify(err));
-            throw new InternalServerError('An error occurred while sending message toe queue.')
-        }
+
+    try {
+      const data = (typeof message === 'string') ? Buffer.from(message) : message;
+      const messageId = await this.pubSubClient
+        .topic(topicName)
+        .publishMessage({ data, attributes: { 'Content-Type': 'application/json' } });
+      return messageId;
+    } catch (err) {
+      logger.error(JSON.stringify(err));
+      throw new InternalServerError('An error occurred while sending message toe queue.');
     }
-
-    validateMessageSecret(secret: string) : boolean {
-        const envMessageSecret = process.env.MNDY_TOPIC_MESSAGES_SECRET;
-        if (!envMessageSecret) {
-            throw new BadRequestError('En environment variable name "MNDY_TOPIC_MESSAGES_SECRET" is required.');
-        }
-        if (!secret) {
-            throw new BadRequestError('secret is required.');
-        }
-        const topicMessageSecret = process.env.MNDY_TOPIC_MESSAGES_SECRET;
-        return secret === topicMessageSecret;
+  }
+
+  validateMessageSecret(secret: string): boolean {
+    const envMessageSecret = process.env.MNDY_TOPIC_MESSAGES_SECRET;
+    if (!envMessageSecret) {
+      throw new BadRequestError('En environment variable name "MNDY_TOPIC_MESSAGES_SECRET" is required.');
+    }
+    if (!secret) {
+      throw new BadRequestError('secret is required.');
     }
+    const topicMessageSecret = process.env.MNDY_TOPIC_MESSAGES_SECRET;
+    return secret === topicMessageSecret;
+  }
 }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@mondaycom/apps-sdk",
-  "version": "3.0.10",
+  "version": "3.0.11",
   "description": "monday apps SDK for NodeJS",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
@@ -48,7 +48,7 @@
     "@commitlint/cli": "^18.4.3",
     "@commitlint/config-conventional": "^18.4.3",
     "@types/app-root-path": "^1.2.4",
-    "@types/jest": "^29.5.0",
+    "@types/jest": "^27.3.1",
     "@types/jsonwebtoken": "^9.0.1",
     "@types/node-fetch": "^2.6.4",
     "@typescript-eslint/eslint-plugin": "^5.48.2",
@@ -62,15 +62,15 @@
     "jest": "^27.3.1",
     "madge": "^7.0.0",
     "prettier": "^2.8.4",
-    "ts-jest": "^27.0.5",
+    "ts-jest": "^27.1.4",
     "tsc-alias": "^1.8.4",
     "tsconfig-paths": "^4.1.2",
     "typescript": "^4.9.4"
   },
   "dependencies": {
-    "@google-cloud/pubsub": "^4.0.7",
+    "@google-cloud/pubsub": "^4.4.0",
     "app-root-path": "^3.1.0",
-    "google-auth-library": "^8.7.0",
+    "google-auth-library": "^9.10.0",
     "http-status-codes": "^2.2.0",
     "jsonwebtoken": "^9.0.0",
     "node-fetch": "^2.6.11",