chore: new release with minimal changes

Kinin-Code-Offical · Kinin-Code-Offical · commit bec49fec1045 · 2025-12-21T20:19:42.000+03:00
diff --git a/docs/commands.md b/docs/commands.md
@@ -280,6 +280,8 @@ Commands:
   adc                            Setup Application Default Credentials
   project <projectId>            Set active project
   set-service-account [options]  Configure service account credentials
+  list-keys                      List available service account keys
+  select-key [options]           Interactively select a service account key
   help [command]                 display help for command
 ```
 
@@ -325,3 +327,4 @@ Options:
   --json          Output status in JSON format
   -h, --help      display help for command
 ```
+
diff --git a/src/commands/auth.ts b/src/commands/auth.ts
@@ -6,6 +6,7 @@ import { SYSTEM_PATHS, USER_PATHS, ENV_VARS } from '../system/paths.js';
 import { runPs } from '../system/powershell.js';
 import fs from 'fs-extra';
 import path from 'path';
+import inquirer from 'inquirer';
 
 export const authCommand = new Command('auth')
     .description('Manage authentication and credentials');
@@ -68,8 +69,9 @@ authCommand.command('set-service-account')
     .description('Configure service account credentials')
     .requiredOption('-f, --file <path>', 'Path to service account JSON key')
     .option('-s, --scope <scope>', 'Scope (Machine or User)', 'User')
+    .option('--no-rename', 'Do not rename the file to service account name')
     .action(async (options) => {
-        const { file, scope } = options;
+        const { file, scope, rename } = options;
         if (!['Machine', 'User'].includes(scope)) {
             logger.error('Scope must be either Machine or User');
             process.exit(1);
@@ -81,10 +83,21 @@ authCommand.command('set-service-account')
                 process.exit(1);
             }
 
+            const keyData = await fs.readJson(file);
+            if (keyData.type !== 'service_account') {
+                logger.error('Invalid service account key file.');
+                process.exit(1);
+            }
+
             const paths = scope === 'Machine' ? SYSTEM_PATHS : USER_PATHS;
             await fs.ensureDir(paths.SECRETS);
 
-            const fileName = path.basename(file);
+            let fileName = path.basename(file);
+            if (rename && keyData.client_email) {
+                const saName = keyData.client_email.split('@')[0];
+                fileName = `${saName}.json`;
+            }
+
             const dest = path.join(paths.SECRETS, fileName);
 
             await fs.copy(file, dest, { overwrite: true });
@@ -105,3 +118,69 @@ authCommand.command('set-service-account')
             process.exit(1);
         }
     });
+
+authCommand.command('list-keys')
+    .description('List available service account keys')
+    .action(async () => {
+        try {
+            const userKeys = (await fs.pathExists(USER_PATHS.SECRETS)) ? await fs.readdir(USER_PATHS.SECRETS) : [];
+            const systemKeys = (await fs.pathExists(SYSTEM_PATHS.SECRETS)) ? await fs.readdir(SYSTEM_PATHS.SECRETS) : [];
+
+            logger.info('Available Service Account Keys:');
+
+            if (userKeys.length > 0) {
+                logger.info('\n  User Scope:');
+                userKeys.filter(f => f.endsWith('.json')).forEach(f => logger.info(`    - ${f}`));
+            }
+
+            if (systemKeys.length > 0) {
+                logger.info('\n  Machine Scope:');
+                systemKeys.filter(f => f.endsWith('.json')).forEach(f => logger.info(`    - ${f}`));
+            }
+
+            if (userKeys.length === 0 && systemKeys.length === 0) {
+                logger.info('  No keys found.');
+            }
+        } catch (error) {
+            logger.error('Failed to list keys', error);
+        }
+    });
+
+authCommand.command('select-key')
+    .description('Interactively select a service account key')
+    .option('-s, --scope <scope>', 'Scope (Machine or User)', 'User')
+    .action(async (options) => {
+        const { scope } = options;
+        const paths = scope === 'Machine' ? SYSTEM_PATHS : USER_PATHS;
+
+        try {
+            if (!await fs.pathExists(paths.SECRETS)) {
+                logger.error(`No keys found in ${scope} scope.`);
+                return;
+            }
+
+            const keys = (await fs.readdir(paths.SECRETS)).filter(f => f.endsWith('.json'));
+            if (keys.length === 0) {
+                logger.error(`No keys found in ${scope} scope.`);
+                return;
+            }
+
+            const { selectedKey } = await inquirer.prompt([
+                {
+                    type: 'list',
+                    name: 'selectedKey',
+                    message: `Select a service account key (${scope} scope):`,
+                    choices: keys
+                }
+            ]);
+
+            const fullPath = path.join(paths.SECRETS, selectedKey);
+            await setEnv(ENV_VARS.GOOGLE_CREDS, fullPath, scope);
+            logger.info(`Successfully selected ${selectedKey} and updated ${ENV_VARS.GOOGLE_CREDS}`);
+
+        } catch (error) {
+            logger.error('Failed to select key', error);
+            process.exit(1);
+        }
+    });
+
diff --git a/src/commands/service.ts b/src/commands/service.ts
@@ -9,9 +9,14 @@ serviceCommand.command('install')
     .description('Install the Windows Service')
     .requiredOption('-i, --instance <connectionName>', 'Instance connection name')
     .option('-p, --port <port>', 'Port number', '5432')
+    .option('-c, --credentials <path>', 'Path to service account JSON key')
     .action(async (options) => {
         try {
-            await installService(options.instance, parseInt(options.port), []);
+            const extraArgs = [];
+            if (options.credentials) {
+                extraArgs.push(`--credentials-file "${options.credentials}"`);
+            }
+            await installService(options.instance, parseInt(options.port), extraArgs);
             logger.info('Service installed successfully.');
         } catch (error) {
             logger.error('Failed to install service', error);
@@ -23,9 +28,14 @@ serviceCommand.command('configure')
     .description('Update Service Configuration')
     .requiredOption('-i, --instance <connectionName>', 'Instance connection name')
     .option('-p, --port <port>', 'Port number', '5432')
+    .option('-c, --credentials <path>', 'Path to service account JSON key')
     .action(async (options) => {
         try {
-            await updateServiceBinPath(options.instance, parseInt(options.port), []);
+            const extraArgs = [];
+            if (options.credentials) {
+                extraArgs.push(`--credentials-file "${options.credentials}"`);
+            }
+            await updateServiceBinPath(options.instance, parseInt(options.port), extraArgs);
             logger.info('Service configured successfully.');
         } catch (error) {
             logger.error('Failed to configure service', error);
diff --git a/src/system/service.ts b/src/system/service.ts
@@ -1,5 +1,5 @@
-import { runPs, isAdmin } from './powershell.js';
-import { SERVICE_NAME, SYSTEM_PATHS } from './paths.js';
+import { runPs, isAdmin, getEnvVar } from './powershell.js';
+import { SERVICE_NAME, SYSTEM_PATHS, ENV_VARS } from './paths.js';
 import { logger } from '../core/logger.js';
 
 export async function isServiceInstalled(): Promise<boolean> {
@@ -36,6 +36,22 @@ export async function installService(instance: string, port: number = 5432, extr
 
     logger.info(`Installing service ${SERVICE_NAME}...`);
 
+    // Auto-detect credentials if not provided in extraArgs
+    if (!extraArgs.some(arg => arg.includes('--credentials-file'))) {
+        const machineCreds = await getEnvVar(ENV_VARS.GOOGLE_CREDS, 'Machine');
+        if (machineCreds) {
+            logger.info(`Auto-detected machine-level credentials: ${machineCreds}`);
+            extraArgs.push(`--credentials-file "${machineCreds}"`);
+        } else {
+            const userCreds = await getEnvVar(ENV_VARS.GOOGLE_CREDS, 'User');
+            if (userCreds) {
+                logger.warn('Detected user-level credentials. Services running as LocalSystem may not be able to access them.');
+                logger.warn('Recommendation: Use "cloudsqlctl auth set-service-account --file <path> --scope Machine"');
+                extraArgs.push(`--credentials-file "${userCreds}"`);
+            }
+        }
+    }
+
     const binPath = buildServiceBinPath(SYSTEM_PATHS.PROXY_EXE, instance, port, extraArgs);
 
     // Use New-Service with single-quoted BinaryPathName
@@ -47,6 +63,14 @@ export async function updateServiceBinPath(instance: string, port: number = 5432
         throw new Error('Admin privileges required to update service configuration.');
     }
 
+    // Auto-detect credentials if not provided in extraArgs
+    if (!extraArgs.some(arg => arg.includes('--credentials-file'))) {
+        const machineCreds = await getEnvVar(ENV_VARS.GOOGLE_CREDS, 'Machine');
+        if (machineCreds) {
+            extraArgs.push(`--credentials-file "${machineCreds}"`);
+        }
+    }
+
     const binPath = buildServiceBinPath(SYSTEM_PATHS.PROXY_EXE, instance, port, extraArgs);
 
     // Use CIM/WMI to update service path
