Merge pull request #217 from JupiterOne/INT-9845-fix-2

INT-9845: improve error matching

src/gsuite/clients/GSuiteClient.ts

@@ -20,6 +20,7 @@ export const authorizationErrorResponses = [
   'Not Authorized to access this resource/api',
   'The caller does not have permission',
   'Provider authorization failed at',
+  'Please ensure that your API client in GSuite has the correct scopes',
 ];
 
 export type PageableGaxiosResponse<T> = GaxiosResponse<

src/steps/chrome-extensions/index.ts

@@ -12,7 +12,7 @@ import {
 import { GSuiteInstalledAppsClient } from '../../gsuite/clients/GSuiteInstalledAppsClient';
 import { chromemanagement_v1 } from 'googleapis';
 import { RawInstalledAppEntity } from './types';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 const APP_EXTENSION_TYPE = 'EXTENSION';
 
@@ -39,7 +39,7 @@ export async function fetchChromeExtensions({
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/chrome-os-devices/index.ts

@@ -16,7 +16,7 @@ import {
 } from './converters';
 import { GSuiteChromeOSDeviceClient } from '../../gsuite/clients/GSuiteChromeOSDeviceClient';
 import getAccountEntity from '../../utils/getAccountEntity';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchChromeOSDevices(
   context: IntegrationStepContext,
@@ -53,7 +53,7 @@ export async function fetchChromeOSDevices(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/domains/index.ts

@@ -7,7 +7,7 @@ import { IntegrationConfig, IntegrationStepContext } from '../../types';
 import { entities, IngestionSources, Steps } from '../../constants';
 import { createDomainEntity } from './converters';
 import { GSuiteDomainClient } from '../../gsuite/clients/GSuiteDomainClient';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchDomains(
   context: IntegrationStepContext,
@@ -24,7 +24,7 @@ export async function fetchDomains(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/endpoint-devices/index.ts

@@ -19,7 +19,7 @@ import {
   VIEW,
 } from '../../gsuite/clients/GSuiteDeviceClient';
 import getAccountEntity from '../../utils/getAccountEntity';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchUserDevices(
   context: IntegrationStepContext,
@@ -60,7 +60,7 @@ export async function fetchUserDevices(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/groups/index.ts

@@ -33,6 +33,7 @@ import {
   MemberType,
 } from './converters';
 import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 const GROUPS_LOG_INTERVAL = 50;
 
@@ -71,7 +72,7 @@ async function createGroupEntities(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,
@@ -126,7 +127,9 @@ async function iterateGroupMembers(
     } catch (err) {
       if (
         err instanceof IntegrationProviderAuthorizationError &&
-        authorizationErrorResponses.includes(err.statusText)
+        authorizationErrorResponses.filter((errorText) =>
+          err.statusText.match(errorText),
+        ).length > 0
       ) {
         context.logger.publishWarnEvent({
           name: IntegrationWarnEventName.MissingPermission,
@@ -321,7 +324,9 @@ export async function fetchGroupSettings(
       } catch (err) {
         if (
           err instanceof IntegrationProviderAuthorizationError &&
-          authorizationErrorResponses.includes(err.statusText)
+          authorizationErrorResponses.filter((errorText) =>
+            err.statusText.match(errorText),
+          ).length > 0
         ) {
           context.logger.publishWarnEvent({
             name: IntegrationWarnEventName.MissingPermission,

src/steps/mobile_devices/index.ts

@@ -16,7 +16,7 @@ import {
 } from './converters';
 import { GSuiteMobileDeviceClient } from '../../gsuite/clients/GSuiteMobileDeviceClient';
 import getAccountEntity from '../../utils/getAccountEntity';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchMobileDevices(
   context: IntegrationStepContext,
@@ -53,7 +53,7 @@ export async function fetchMobileDevices(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/role_assignments/index.ts

@@ -10,7 +10,7 @@ import { IngestionSources, relationships, Steps } from '../../constants';
 import { GSuiteRoleAssignmentClient } from '../../gsuite/clients/GSuiteRoleAssignmentClient';
 import { getUserEntityKey } from '../users/converters';
 import { getRoleEntityKey } from '../roles/converters';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchRoleAssignments(
   context: IntegrationStepContext,
@@ -66,7 +66,7 @@ export async function fetchRoleAssignments(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/roles/index.ts

@@ -16,7 +16,7 @@ import {
 import { createRoleEntity } from './converters';
 import { GSuiteRoleClient } from '../../gsuite/clients/GSuiteRoleClient';
 import { getAccountKey } from '../account/converters';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchRoles(
   context: IntegrationStepContext,
@@ -47,7 +47,7 @@ export async function fetchRoles(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/tokens/index.ts

@@ -19,7 +19,7 @@ import {
   createUserAssignedTokenRelationship,
 } from './converters';
 import { createVendorTypeFromName } from '@jupiterone/vendor-stack';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchTokens(
   context: IntegrationStepContext,
@@ -83,7 +83,7 @@ export async function fetchTokens(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/steps/users/index.ts

@@ -18,7 +18,7 @@ import {
   createSiteHostsUserRelationship,
 } from './converters';
 import getAccountEntity from '../../utils/getAccountEntity';
-import { authorizationErrorResponses } from '../../gsuite/clients/GSuiteClient';
+import { isAuthorizationError } from '../../utils/isAuthorizationError';
 
 export async function fetchUsers(
   context: IntegrationStepContext,
@@ -74,7 +74,7 @@ export async function fetchUsers(
   } catch (err) {
     if (
       err instanceof IntegrationProviderAuthorizationError &&
-      authorizationErrorResponses.includes(err.statusText)
+      isAuthorizationError(err.statusText)
     ) {
       context.logger.publishWarnEvent({
         name: IntegrationWarnEventName.MissingPermission,

src/utils/isAuthorizationError.ts

@@ -0,0 +1,9 @@
+import { authorizationErrorResponses } from '../gsuite/clients/GSuiteClient';
+
+export function isAuthorizationError(statusText: string): boolean {
+  return (
+    authorizationErrorResponses.filter((errorText) =>
+      statusText.match(errorText),
+    ).length > 0
+  );
+}