[eas-cli] use existing google service account key (#650)

* [eas-cli] use existing google service account key * changelog * pr feedback * update snap
expo · Sep 28, 2021 · 4674cbe · 4674cbe
1 parent 69add6f
commit 4674cbe
Show file tree

Hide file tree

Showing 10 changed files with 212 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ This is the log of notable changes to EAS CLI and related packages.
 ### 🎉 New features
 
 - More upload support for Google Service Account Keys. ([#649](https://github.com/expo/eas-cli/pull/649) by [@quinlanj](https://github.com/quinlanj))
+- Allow the user to assign an existing Google Service Account Key to their project. ([#650](https://github.com/expo/eas-cli/pull/650) by [@quinlanj](https://github.com/quinlanj))
 
 ### 🐛 Bug fixes
 

diff --git a/packages/eas-cli/src/credentials/__tests__/fixtures-android.ts b/packages/eas-cli/src/credentials/__tests__/fixtures-android.ts
@@ -143,6 +143,7 @@ export function getNewAndroidApiMock(): { [key in keyof typeof AndroidGraphqlCli
     createOrUpdateAndroidAppBuildCredentialsByNameAsync: jest.fn(),
     createKeystoreAsync: jest.fn(),
     createGoogleServiceAccountKeyAsync: jest.fn(),
+    getGoogleServiceAccountKeysForAccountAsync: jest.fn(),
     createFcmAsync: jest.fn(),
     deleteKeystoreAsync: jest.fn(),
     deleteFcmAsync: jest.fn(),

diff --git a/packages/eas-cli/src/credentials/android/actions/UseExistingGoogleServiceAccountKey.ts b/packages/eas-cli/src/credentials/android/actions/UseExistingGoogleServiceAccountKey.ts
@@ -0,0 +1,69 @@
+import chalk from 'chalk';
+
+import { GoogleServiceAccountKeyFragment } from '../../../graphql/generated';
+import Log from '../../../log';
+import { promptAsync } from '../../../prompts';
+import { Account } from '../../../user/Account';
+import { fromNow } from '../../../utils/date';
+import { Context } from '../../context';
+
+export class UseExistingGoogleServiceAccountKey {
+  constructor(private account: Account) {}
+
+  public async runAsync(ctx: Context): Promise<GoogleServiceAccountKeyFragment | null> {
+    if (ctx.nonInteractive) {
+      throw new Error(
+        `Existing Google Service Account Key cannot be chosen in non-interactive mode.`
+      );
+    }
+    const gsaKeyFragments = await ctx.android.getGoogleServiceAccountKeysForAccountAsync(
+      this.account
+    );
+    if (gsaKeyFragments.length === 0) {
+      Log.error("There aren't any Google Service Account Keys associated with your account.");
+      return null;
+    }
+    return await this.selectGoogleServiceAccountKeyAsync(gsaKeyFragments);
+  }
+
+  private async selectGoogleServiceAccountKeyAsync(
+    keys: GoogleServiceAccountKeyFragment[]
+  ): Promise<GoogleServiceAccountKeyFragment | null> {
+    const sortedKeys = this.sortGoogleServiceAccountKeysByUpdatedAtDesc(keys);
+    const { chosenKey } = await promptAsync({
+      type: 'select',
+      name: 'chosenKey',
+      message: 'Select a Google Service Account Key:',
+      choices: sortedKeys.map(key => ({
+        title: this.formatGoogleServiceAccountKey(key),
+        value: key,
+      })),
+    });
+    return chosenKey;
+  }
+
+  private sortGoogleServiceAccountKeysByUpdatedAtDesc(
+    keys: GoogleServiceAccountKeyFragment[]
+  ): GoogleServiceAccountKeyFragment[] {
+    return keys.sort(
+      (keyA, keyB) =>
+        new Date(keyB.updatedAt).getMilliseconds() - new Date(keyA.updatedAt).getMilliseconds()
+    );
+  }
+
+  private formatGoogleServiceAccountKey({
+    projectIdentifier,
+    privateKeyIdentifier,
+    clientEmail,
+    clientIdentifier,
+    updatedAt,
+  }: GoogleServiceAccountKeyFragment): string {
+    let line: string = '';
+    line += `Client Email: ${clientEmail}, Project Id: ${projectIdentifier}`;
+    line += chalk.gray(
+      `\n    Client Id: ${clientIdentifier}, Private Key Id: ${privateKeyIdentifier}`
+    );
+    line += chalk.gray(`\n    Updated: ${fromNow(new Date(updatedAt))} ago,`);
+    return line;
+  }
+}
diff --git a/...-cli/src/credentials/android/actions/__tests__/UseExistingGoogleServiceAccountKey-test.ts b/...-cli/src/credentials/android/actions/__tests__/UseExistingGoogleServiceAccountKey-test.ts
@@ -0,0 +1,59 @@
+import { asMock } from '../../../../__tests__/utils';
+import { promptAsync } from '../../../../prompts';
+import {
+  getNewAndroidApiMock,
+  testGoogleServiceAccountKeyFragment,
+} from '../../../__tests__/fixtures-android';
+import { createCtxMock } from '../../../__tests__/fixtures-context';
+import { getAppLookupParamsFromContextAsync } from '../BuildCredentialsUtils';
+import { UseExistingGoogleServiceAccountKey } from '../UseExistingGoogleServiceAccountKey';
+
+jest.mock('../../../../prompts');
+asMock(promptAsync).mockImplementation(() => ({ chosenKey: testGoogleServiceAccountKeyFragment }));
+
+describe(UseExistingGoogleServiceAccountKey, () => {
+  it('uses an existing Google Service Account Key in Interactive Mode', async () => {
+    const ctx = createCtxMock({
+      nonInteractive: false,
+      android: {
+        ...getNewAndroidApiMock(),
+        getGoogleServiceAccountKeysForAccountAsync: jest.fn(() => [
+          testGoogleServiceAccountKeyFragment,
+        ]),
+      },
+    });
+    const appLookupParams = await getAppLookupParamsFromContextAsync(ctx);
+    const useExistingGoogleServiceAccountKeyAction = new UseExistingGoogleServiceAccountKey(
+      appLookupParams.account
+    );
+    const selectedKey = await useExistingGoogleServiceAccountKeyAction.runAsync(ctx);
+    expect(ctx.android.getGoogleServiceAccountKeysForAccountAsync).toHaveBeenCalledTimes(1);
+    expect(selectedKey).toMatchObject(testGoogleServiceAccountKeyFragment);
+  });
+  it("returns null if the account doesn't have any Google Service Account Keys", async () => {
+    const ctx = createCtxMock({
+      nonInteractive: false,
+      android: {
+        ...getNewAndroidApiMock(),
+        getGoogleServiceAccountKeysForAccountAsync: jest.fn(() => []),
+      },
+    });
+    const appLookupParams = await getAppLookupParamsFromContextAsync(ctx);
+    const useExistingGoogleServiceAccountKeyAction = new UseExistingGoogleServiceAccountKey(
+      appLookupParams.account
+    );
+    const selectedKey = await useExistingGoogleServiceAccountKeyAction.runAsync(ctx);
+    expect(ctx.android.getGoogleServiceAccountKeysForAccountAsync).toHaveBeenCalledTimes(1);
+    expect(selectedKey).toBe(null);
+  });
+  it('errors in Non-Interactive Mode', async () => {
+    const ctx = createCtxMock({ nonInteractive: true });
+    const appLookupParams = await getAppLookupParamsFromContextAsync(ctx);
+    const useExistingGoogleServiceAccountKeyAction = new UseExistingGoogleServiceAccountKey(
+      appLookupParams.account
+    );
+
+    // fail if users are running in non-interactive mode
+    await expect(useExistingGoogleServiceAccountKeyAction.runAsync(ctx)).rejects.toThrowError();
+  });
+});
diff --git a/packages/eas-cli/src/credentials/android/api/GraphqlClient.ts b/packages/eas-cli/src/credentials/android/api/GraphqlClient.ts
@@ -16,6 +16,7 @@ import { AndroidFcmMutation } from './graphql/mutations/AndroidFcmMutation';
 import { AndroidKeystoreMutation } from './graphql/mutations/AndroidKeystoreMutation';
 import { GoogleServiceAccountKeyMutation } from './graphql/mutations/GoogleServiceAccountKeyMutation';
 import { AndroidAppCredentialsQuery } from './graphql/queries/AndroidAppCredentialsQuery';
+import { GoogleServiceAccountKeyQuery } from './graphql/queries/GoogleServiceAccountKeyQuery';
 
 export interface AppLookupParams {
   account: Account;
@@ -251,6 +252,12 @@ export async function createGoogleServiceAccountKeyAsync(
   );
 }
 
+export async function getGoogleServiceAccountKeysForAccountAsync(
+  account: Account
+): Promise<GoogleServiceAccountKeyFragment[]> {
+  return await GoogleServiceAccountKeyQuery.getAllForAccountAsync(account.name);
+}
+
 async function getAppAsync(appLookupParams: AppLookupParams): Promise<AppFragment> {
   const projectFullName = formatProjectFullName(appLookupParams);
   return await AppQuery.byFullNameAsync(projectFullName);

diff --git a/packages/eas-cli/src/credentials/android/api/graphql/queries/GoogleServiceAccountKeyQuery.ts b/packages/eas-cli/src/credentials/android/api/graphql/queries/GoogleServiceAccountKeyQuery.ts
@@ -0,0 +1,38 @@
+import { print } from 'graphql';
+import gql from 'graphql-tag';
+
+import { graphqlClient, withErrorHandlingAsync } from '../../../../../graphql/client';
+import {
+  GoogleServiceAccountKeyByAccountQuery,
+  GoogleServiceAccountKeyFragment,
+} from '../../../../../graphql/generated';
+import { GoogleServiceAccountKeyFragmentNode } from '../../../../../graphql/types/credentials/GoogleServiceAccountKey';
+
+export const GoogleServiceAccountKeyQuery = {
+  async getAllForAccountAsync(accountName: string): Promise<GoogleServiceAccountKeyFragment[]> {
+    const data = await withErrorHandlingAsync(
+      graphqlClient
+        .query<GoogleServiceAccountKeyByAccountQuery>(
+          gql`
+            query GoogleServiceAccountKeyByAccountQuery($accountName: String!) {
+              account {
+                byName(accountName: $accountName) {
+                  id
+                  googleServiceAccountKeys {
+                    id
+                    ...GoogleServiceAccountKeyFragment
+                  }
+                }
+              }
+            }
+            ${print(GoogleServiceAccountKeyFragmentNode)}
+          `,
+          {
+            accountName,
+          }
+        )
+        .toPromise()
+    );
+    return data.account.byName.googleServiceAccountKeys;
+  },
+};
diff --git a/...s-cli/src/credentials/android/utils/__tests__/__snapshots__/printCredentials-test.ts.snap b/...s-cli/src/credentials/android/utils/__tests__/__snapshots__/printCredentials-test.ts.snap
@@ -2,8 +2,8 @@
 
 exports[`print credentials prints the AndroidAppCredentials fragment 1`] = `
 "Android Credentials  Project: testApp  Application Identifier: test.com.app  Push Notifications (FCM):    Key: abcd...efgh    Updated 0 second agoGoogle Service Account Key For Submissions  Project ID      sdf.sdf.sdf
-Private Key ID  test-private-key-identifier
 Client Email    quin@expo.io
 Client ID       test-client-identifier
+Private Key ID  test-private-key-identifier
 Updated         0 second ago  Configuration: legacy (Default)  Keystore:    Type: JKS    Key Alias: QHdrb3p5cmEvY3JlZGVudGlhbHMtdGVzdA==    MD5 Fingerprint: TE:ST:-M:D5    SHA1 Fingerprint: TE:ST:-S:HA:1    SHA256 Fingerprint: TE:ST:-S:HA:25:6    Updated 0 second ago"
 `;
diff --git a/packages/eas-cli/src/credentials/android/utils/printCredentials.ts b/packages/eas-cli/src/credentials/android/utils/printCredentials.ts
@@ -68,9 +68,9 @@ function displayGoogleServiceAccountKeyForSubmissions(
 
   const fields = [
     { label: 'Project ID', value: projectIdentifier },
-    { label: 'Private Key ID', value: privateKeyIdentifier },
     { label: 'Client Email', value: clientEmail },
     { label: 'Client ID', value: clientIdentifier },
+    { label: 'Private Key ID', value: privateKeyIdentifier },
     { label: 'Updated', value: `${fromNow(new Date(updatedAt))} ago` },
   ];
   Log.log(formatFields(fields, { labelFormat: chalk.cyan.bold }));

diff --git a/packages/eas-cli/src/credentials/manager/ManageAndroid.ts b/packages/eas-cli/src/credentials/manager/ManageAndroid.ts
@@ -26,6 +26,7 @@ import { RemoveFcm } from '../android/actions/RemoveFcm';
 import { RemoveKeystore } from '../android/actions/RemoveKeystore';
 import { SetupBuildCredentialsFromCredentialsJson } from '../android/actions/SetupBuildCredentialsFromCredentialsJson';
 import { UpdateCredentialsJson } from '../android/actions/UpdateCredentialsJson';
+import { UseExistingGoogleServiceAccountKey } from '../android/actions/UseExistingGoogleServiceAccountKey';
 import {
   displayAndroidAppCredentials,
   displayEmptyAndroidCredentials,
@@ -52,6 +53,7 @@ enum ActionType {
   CreateFcm,
   RemoveFcm,
   CreateGsaKey,
+  UseExistingGsaKey,
   UpdateCredentialsJson,
   SetupBuildCredentialsFromCredentialsJson,
 }
@@ -156,6 +158,11 @@ const gsaKeyActions: ActionInfo[] = [
     title: 'Upload a Google Service Account Key',
     scope: Scope.Project,
   },
+  {
+    value: ActionType.UseExistingGsaKey,
+    title: 'Use an existing Google Service Account Key',
+    scope: Scope.Project,
+  },
   {
     value: ActionType.GoBackToHighLevelActions,
     title: 'Go back',
@@ -329,6 +336,13 @@ export class ManageAndroid {
     } else if (action === ActionType.CreateGsaKey) {
       const gsaKey = await new CreateGoogleServiceAccountKey(appLookupParams.account).runAsync(ctx);
       await new AssignGoogleServiceAccountKey(appLookupParams).runAsync(ctx, gsaKey);
+    } else if (action === ActionType.UseExistingGsaKey) {
+      const gsaKey = await new UseExistingGoogleServiceAccountKey(appLookupParams.account).runAsync(
+        ctx
+      );
+      if (gsaKey) {
+        await new AssignGoogleServiceAccountKey(appLookupParams).runAsync(ctx, gsaKey);
+      }
     } else if (action === ActionType.UpdateCredentialsJson) {
       const buildCredentials = await new SelectExistingAndroidBuildCredentials(
         appLookupParams

diff --git a/packages/eas-cli/src/graphql/generated.ts b/packages/eas-cli/src/graphql/generated.ts