-
Notifications
You must be signed in to change notification settings - Fork 253
/
static-clients.js
55 lines (47 loc) · 1.55 KB
/
static-clients.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
const _ = require('lodash');
const {listServices, writeRepoJSON} = require('../../utils');
const {scopeCompare, normalizeScopeSet} = require('taskcluster-lib-scopes');
const SERVICES = listServices();
exports.tasks = [];
exports.tasks.push({
title: 'Assemble static clients',
requires: [
...SERVICES.map(name => `scopes-${name}`),
...SERVICES.map(name => `azure-${name}`),
],
provides: ['static-clients'],
run: async (requirements, utils) => {
const staticClients = [];
SERVICES.forEach(name => {
// auth defines scopes, so it doesn't need any of its own.
if (name === 'auth') {
return;
}
const tables = (requirements[`azure-${name}`] || {}).tables || [];
const scopes = [
...(requirements[`scopes-${name}`] || []),
...tables.map(t => 'auth:azure-table:read-write:${azureAccountId}/' + t),
];
scopes.sort(scopeCompare);
staticClients.push({
clientId: `static/taskcluster/${name}`,
scopes: normalizeScopeSet(scopes),
});
});
staticClients.push({
clientId: 'static/taskcluster/root',
scopes: ['*'],
});
return {'static-clients': staticClients};
},
});
exports.tasks.push({
title: 'Configure static client scopes',
requires: ['static-clients'],
provides: [],
run: async (requirements, utils) => {
const staticClients = requirements['static-clients'];
const staticScopes = staticClients.map(({clientId, scopes}) => ({clientId, scopes}));
writeRepoJSON('services/auth/src/static-scopes.json', staticScopes);
},
});