( params: PerformUpdateCredentialParams )
| 48 | } |
| 49 | |
| 50 | export async function performUpdateCredential( |
| 51 | params: PerformUpdateCredentialParams |
| 52 | ): Promise<PerformCredentialResult> { |
| 53 | try { |
| 54 | const access = await getCredentialActorContext(params.credentialId, params.userId) |
| 55 | if (!access.credential) { |
| 56 | return { success: false, error: 'Credential not found', errorCode: 'not_found' } |
| 57 | } |
| 58 | if (!access.hasWorkspaceAccess || !access.isAdmin) { |
| 59 | return { |
| 60 | success: false, |
| 61 | error: 'Credential admin permission required', |
| 62 | errorCode: 'forbidden', |
| 63 | } |
| 64 | } |
| 65 | if (params.allowedTypes && !params.allowedTypes.includes(access.credential.type)) { |
| 66 | return { |
| 67 | success: false, |
| 68 | error: `Only ${params.allowedTypes.join(', ')} credentials can be managed with this tool.`, |
| 69 | errorCode: 'validation', |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | const updates: Record<string, unknown> = {} |
| 74 | if (params.description !== undefined) { |
| 75 | updates.description = params.description ?? null |
| 76 | } |
| 77 | if ( |
| 78 | params.displayName !== undefined && |
| 79 | (access.credential.type === 'oauth' || access.credential.type === 'service_account') |
| 80 | ) { |
| 81 | updates.displayName = params.displayName |
| 82 | } |
| 83 | if (params.serviceAccountJson !== undefined && access.credential.type === 'service_account') { |
| 84 | let parsedJson: Record<string, unknown> |
| 85 | try { |
| 86 | parsedJson = JSON.parse(params.serviceAccountJson) |
| 87 | } catch { |
| 88 | return { success: false, error: 'Invalid JSON format', errorCode: 'validation' } |
| 89 | } |
| 90 | if ( |
| 91 | parsedJson.type !== 'service_account' || |
| 92 | typeof parsedJson.client_email !== 'string' || |
| 93 | typeof parsedJson.private_key !== 'string' || |
| 94 | typeof parsedJson.project_id !== 'string' |
| 95 | ) { |
| 96 | return { |
| 97 | success: false, |
| 98 | error: 'Invalid service account JSON key', |
| 99 | errorCode: 'validation', |
| 100 | } |
| 101 | } |
| 102 | const { encrypted } = await encryptSecret(params.serviceAccountJson) |
| 103 | updates.encryptedServiceAccountKey = encrypted |
| 104 | } |
| 105 | |
| 106 | if (Object.keys(updates).length === 0) { |
| 107 | if (access.credential.type === 'oauth' || access.credential.type === 'service_account') { |
no test coverage detected