@@ -2,10 +2,12 @@ import * as sinon from "sinon";
2
2
import { expect } from "chai" ;
3
3
4
4
import * as gcb from "../../../gcp/cloudbuild" ;
5
+ import * as rm from "../../../gcp/resourceManager" ;
5
6
import * as prompt from "../../../prompt" ;
6
7
import * as poller from "../../../operation-poller" ;
7
8
import * as repo from "../../../init/features/apphosting/repo" ;
8
9
import * as utils from "../../../utils" ;
10
+ import * as srcUtils from "../../../../src/getProjectNumber" ;
9
11
import { FirebaseError } from "../../../error" ;
10
12
11
13
const projectId = "projectId" ;
@@ -53,8 +55,11 @@ describe("composer", () => {
53
55
let getConnectionStub : sinon . SinonStub ;
54
56
let getRepositoryStub : sinon . SinonStub ;
55
57
let createConnectionStub : sinon . SinonStub ;
58
+ let serviceAccountHasRolesStub : sinon . SinonStub ;
56
59
let createRepositoryStub : sinon . SinonStub ;
57
60
let fetchLinkableRepositoriesStub : sinon . SinonStub ;
61
+ let getProjectNumberStub : sinon . SinonStub ;
62
+ let openInBrowserPopupStub : sinon . SinonStub ;
58
63
59
64
beforeEach ( ( ) => {
60
65
promptOnceStub = sandbox . stub ( prompt , "promptOnce" ) . throws ( "Unexpected promptOnce call" ) ;
@@ -70,13 +75,20 @@ describe("composer", () => {
70
75
createConnectionStub = sandbox
71
76
. stub ( gcb , "createConnection" )
72
77
. throws ( "Unexpected createConnection call" ) ;
78
+ serviceAccountHasRolesStub = sandbox . stub ( rm , "serviceAccountHasRoles" ) . resolves ( true ) ;
73
79
createRepositoryStub = sandbox
74
80
. stub ( gcb , "createRepository" )
75
81
. throws ( "Unexpected createRepository call" ) ;
76
82
fetchLinkableRepositoriesStub = sandbox
77
83
. stub ( gcb , "fetchLinkableRepositories" )
78
84
. throws ( "Unexpected fetchLinkableRepositories call" ) ;
79
85
sandbox . stub ( utils , "openInBrowser" ) . resolves ( ) ;
86
+ openInBrowserPopupStub = sandbox
87
+ . stub ( utils , "openInBrowserPopup" )
88
+ . throws ( "Unexpected openInBrowserPopup call" ) ;
89
+ getProjectNumberStub = sandbox
90
+ . stub ( srcUtils , "getProjectNumber" )
91
+ . throws ( "Unexpected getProjectNumber call" ) ;
80
92
} ) ;
81
93
82
94
afterEach ( ( ) => {
@@ -139,6 +151,24 @@ describe("composer", () => {
139
151
expect ( createConnectionStub ) . to . be . calledWith ( projectId , location , connectionId ) ;
140
152
} ) ;
141
153
154
+ it ( "checks if secret manager admin role is granted for cloud build P4SA when creating an oauth connection" , async ( ) => {
155
+ getConnectionStub . onFirstCall ( ) . rejects ( new FirebaseError ( "error" , { status : 404 } ) ) ;
156
+ getConnectionStub . onSecondCall ( ) . resolves ( completeConn ) ;
157
+ createConnectionStub . resolves ( op ) ;
158
+ pollOperationStub . resolves ( pendingConn ) ;
159
+ promptOnceStub . resolves ( "any key" ) ;
160
+ getProjectNumberStub . onFirstCall ( ) . resolves ( projectId ) ;
161
+ openInBrowserPopupStub . resolves ( { url : "" , cleanup : sandbox . stub ( ) } ) ;
162
+
163
+ await repo . getOrCreateOauthConnection ( projectId , location ) ;
164
+ expect ( serviceAccountHasRolesStub ) . to . be . calledWith (
165
+ projectId ,
166
+ `service-${ projectId } @gcp-sa-cloudbuild.iam.gserviceaccount.com` ,
167
+ [ "roles/secretmanager.admin" ] ,
168
+ true ,
169
+ ) ;
170
+ } ) ;
171
+
142
172
it ( "creates repository if it doesn't exist" , async ( ) => {
143
173
getConnectionStub . resolves ( completeConn ) ;
144
174
fetchLinkableRepositoriesStub . resolves ( repos ) ;
0 commit comments