Feat : clasp login with service account #950
Milestone
Comments
|
Looks sort of possible, but with some caveats. Apps script API works with service accounts if the script is owned by a user and shared with the service account. However, a service account can not own the script itself nor enable use of the Apps Script API, so some commands like create & run won't work using service account credentials. Still need to check if version & deploy work. But if the goal is to lock down CI, it may be viable as only a handful of commands need to work. And since scripts would have to be explicitly shared with the service account, it would help limit access. |
sqrrrl
added a commit
that referenced
this issue
Mar 11, 2025
* BREAKING CHANGE: Typescript is no longer supported. Perform all compilation and bundling steps prior to using clasp to push files. * BREAKING CHANGE: Remove local/global auth in favor of named credentials. Adds the "-u" or "--user" flag to all commands to select which authorized credentials to use. * chore: Add missing awaits * chore: Support both local/global legacy formats * chore: Inline FS_OPTIONS for readability * chore: Suppress eslint warning for unused vars with _ prefix * refactor: Update dependencies to latest versions (#961) BREAKING CHANGE: CLI syntax changed for some commands, specifically the `apis` command group. * chore: Migrate from gts/prettier/eslint to biomejs * fix: Improve consistency of command checks & error messages chore: Improve readability of command code * feat: Add --use-adc option to read credentials from env, allow use of service accounts (#950) * chore: inline prompts for better readability/locality of code * fix: Update list of advanced services to match IDE * chore: Use named functions for readability * chore: Additional refactoring to improve locality/readability * chore: Move some leftover CLI code from index.js to program.js * chore: Remove unnecessary help code, commander handles automatically * chore: First pass at restructuring config to not use global vars * Dramatically speed up clasp status - jettison recursive-readdir and use fdir instead - also needed to install @types/picomatch * File paths need to be relative to base path * Ignore Python virtual environments * Further speedup clasp status by ignoring virtual envs & node_modules * Reduce confusion by bringing .claspignore into partity - with dotfiles.ts defaultClaspignore * chore(master): release 2.5.0 (#1022) * chore(master): release 2.5.0 * Update CHANGELOG.md --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Steve Bazyl <[email protected]> * chore: Update package lock * BREAKING CHANGE: Typescript is no longer supported. Perform all compilation and bundling steps prior to using clasp to push files. * BREAKING CHANGE: Remove local/global auth in favor of named credentials. Adds the "-u" or "--user" flag to all commands to select which authorized credentials to use. * refactor: Update dependencies to latest versions (#961) BREAKING CHANGE: CLI syntax changed for some commands, specifically the `apis` command group. * chore: Migrate from gts/prettier/eslint to biomejs * fix: Improve consistency of command checks & error messages chore: Improve readability of command code * chore: Additional refactoring to improve locality/readability * chore: First pass at restructuring config to not use global vars * chore: Resolve dependency/lint issues from rebase * chore: First pass at simplifying file push/pull * chore: Continue to restructure commands/cli vs. core logic + improve consistency of CLI behavior.wq:wq BREAKING CHANGE: Flattens the command structure so it is consistent. Previously some commands were subcommands, others had flags that radically changed behavior, etc. While most commands are compatible, some lesser used commands have been renamed. * chore: fix minor rebase error and add additional unit tests * chore: Remove stray comment from tsconfig * chore: Add .mocharc * chore: Switch CLI messages to format.js. Improves locality of code + precursor to l10n * chore: remove old log/url files * chore: Add services tests, remove some dead code * chore: Additional unit tests. Gemini generated, not yet robust but gives some basic coverage * chore: Remove fs-extra dependency, ensure commands inherit shared settings * chore: Remove online check now that error handling is more consistent * chore: Minor style fix * chore: Migrate to local testing w/mocks. WIP, additional tests pending * chore: Update docs for v3 * chore: don't run link/compile on unit tests * chore: Fix interactive check to allow switching in tests due to property not defined in github runner * Small things (#690) * 2.1.0 * Low impact changes (#619) * dependencies clean-up * types for child_process' spawnSync * types for child_process' spawnSync + options fix * linting * Relative rootdir (#620) * relative rootDir support * relative rootDir support (untrackedFiles behavior changed) * relative rootDir doc changes * Cleanup before next pr (#621) * prettier + sort imports * splitLines types * unused package 'connect' * ucfirst, isOnline types * ellipsize types * redundant package 'fs-copy-file-sync' * removing extra line * // TODO * packages dependencies update * comment fix * fixes * nicer ellipsize typing * better? * Refactor `inquirer` package (#622) * regroup `inquirer` into a single file * fix typo * linting * switch to `find-up` * switch to `find-up` & `strip-bom` * dependencies update * findUp implementation fix * enum accessor fix * fs-extra & typescript dependency fix * linting * dependencies clean-up (again) * non any cast * import cleanup & TODO resolve * prettier * ch-ch-changes * chore: Release 2.3.1 Release-as: 2.3.1 * Release-as: 2.3.1 * Test release-please app Release-As: 2.3.1 * Remaster (#29) * Change CLASP acronym description emphasis from italics to bold in README (#826) * Updating documentation solving #819 (#820) Co-authored-by: Yash Totale <[email protected]> Co-authored-by: Mattias Ekstrand <[email protected]> * fix: Don't write files on clone if unable to fetch proejct (#824) * Small things (#690) * 2.1.0 * Low impact changes (#619) * dependencies clean-up * types for child_process' spawnSync * types for child_process' spawnSync + options fix * linting * Relative rootdir (#620) * relative rootDir support * relative rootDir support (untrackedFiles behavior changed) * relative rootDir doc changes * Cleanup before next pr (#621) * prettier + sort imports * splitLines types * unused package 'connect' * ucfirst, isOnline types * ellipsize types * redundant package 'fs-copy-file-sync' * removing extra line * // TODO * packages dependencies update * comment fix * fixes * nicer ellipsize typing * better? * Refactor `inquirer` package (#622) * regroup `inquirer` into a single file * fix typo * linting * switch to `find-up` * switch to `find-up` & `strip-bom` * dependencies update * findUp implementation fix * enum accessor fix * fs-extra & typescript dependency fix * linting * dependencies clean-up (again) * non any cast * import cleanup & TODO resolve * prettier * ch-ch-changes * chore: Release 2.3.1 Release-as: 2.3.1 * Release-as: 2.3.1 * Test release-please app Release-As: 2.3.1 * Remaster (#29) * Change CLASP acronym description emphasis from italics to bold in README (#826) * Updating documentation solving #819 (#820) Co-authored-by: Yash Totale <[email protected]> Co-authored-by: Mattias Ekstrand <[email protected]> * fix: Don't write files on clone if unable to fetch proejct (#824) * Small things (#690) * 2.1.0 * Low impact changes (#619) * dependencies clean-up * types for child_process' spawnSync * types for child_process' spawnSync + options fix * linting * Relative rootdir (#620) * relative rootDir support * relative rootDir support (untrackedFiles behavior changed) * relative rootDir doc changes * Cleanup before next pr (#621) * prettier + sort imports * splitLines types * unused package 'connect' * ucfirst, isOnline types * ellipsize types * redundant package 'fs-copy-file-sync' * removing extra line * // TODO * packages dependencies update * comment fix * fixes * nicer ellipsize typing * better? * Refactor `inquirer` package (#622) * regroup `inquirer` into a single file * fix typo * linting * switch to `find-up` * switch to `find-up` & `strip-bom` * dependencies update * findUp implementation fix * enum accessor fix * fs-extra & typescript dependency fix * linting * dependencies clean-up (again) * non any cast * import cleanup & TODO resolve * prettier * ch-ch-changes * chore: Release 2.3.1 Release-as: 2.3.1 * Release-as: 2.3.1 * Test release-please app Release-As: 2.3.1 * Remaster (#29) * Change CLASP acronym description emphasis from italics to bold in README (#826) * Updating documentation solving #819 (#820) Co-authored-by: Yash Totale <[email protected]> Co-authored-by: Mattias Ekstrand <[email protected]> * fix: Don't write files on clone if unable to fetch proejct (#824) --------- Co-authored-by: Steven Bazyl <[email protected]> Co-authored-by: Curtis Doty <[email protected]> Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: PopGoesTheWza <[email protected]> Co-authored-by: Yash Totale <[email protected]> Co-authored-by: Mattias Ekstrand <[email protected]>
|
Available in 3.0-alpha, please give it a try and see if it meets needs. Note that service accounts can't own scripts, but can read/write if shared. But at least now should be possible to use service accounts in a CI to update scripts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
Login with clasp with service account key
Actual Behavior
Logging in locally…
Authorizing with the following scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/script.external_request
https://www.googleapis.com/auth/script.webapp.deploy
NOTE: The full list of scopes your project may need can be found at script.google.com under:
File > Project Properties > Scopes
Error retrieving access token: TypeError: Cannot destructure property 'client_id' of 'options.creds.installed' as it is undefined.
Steps to Reproduce the Problem
Specifications
node -v): v14.21.1clasp -v): 2.3.1 or 2.4.2The text was updated successfully, but these errors were encountered: