@devramps/cli 0.1.12 → 0.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +44 -28
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -1510,7 +1510,8 @@ function createBaseTemplate(description) {
1510
1510
  function sanitizeResourceId(name) {
1511
1511
  return name.replace(/[^a-zA-Z0-9]/g, "").substring(0, 64);
1512
1512
  }
1513
- function addOidcProviderResource(template, conditional = true) {
1513
+ function addOidcProviderResource(template, conditional = true, oidcProviderUrl) {
1514
+ const providerUrl = oidcProviderUrl || OIDC_PROVIDER_URL;
1514
1515
  if (conditional) {
1515
1516
  template.Parameters.OIDCProviderExists = {
1516
1517
  Type: "String",
@@ -1526,27 +1527,28 @@ function addOidcProviderResource(template, conditional = true) {
1526
1527
  Type: "AWS::IAM::OIDCProvider",
1527
1528
  ...conditional ? { Condition: "CreateOIDCProvider" } : {},
1528
1529
  Properties: {
1529
- Url: `https://${OIDC_PROVIDER_URL}`,
1530
- ClientIdList: [OIDC_PROVIDER_URL],
1530
+ Url: `https://${providerUrl}`,
1531
+ ClientIdList: [providerUrl],
1531
1532
  ThumbprintList: [getOidcThumbprint()],
1532
1533
  Tags: STANDARD_TAGS
1533
1534
  }
1534
1535
  };
1535
1536
  }
1536
- function buildOidcTrustPolicy(accountId, subject) {
1537
+ function buildOidcTrustPolicy(accountId, subject, oidcProviderUrl) {
1538
+ const providerUrl = oidcProviderUrl || OIDC_PROVIDER_URL;
1537
1539
  return {
1538
1540
  Version: "2012-10-17",
1539
1541
  Statement: [
1540
1542
  {
1541
1543
  Effect: "Allow",
1542
1544
  Principal: {
1543
- Federated: `arn:aws:iam::${accountId}:oidc-provider/${OIDC_PROVIDER_URL}`
1545
+ Federated: `arn:aws:iam::${accountId}:oidc-provider/${providerUrl}`
1544
1546
  },
1545
1547
  Action: "sts:AssumeRoleWithWebIdentity",
1546
1548
  Condition: {
1547
1549
  StringEquals: {
1548
- [`${OIDC_PROVIDER_URL}:sub`]: subject,
1549
- [`${OIDC_PROVIDER_URL}:aud`]: OIDC_PROVIDER_URL
1550
+ [`${providerUrl}:sub`]: subject,
1551
+ [`${providerUrl}:aud`]: providerUrl
1550
1552
  }
1551
1553
  }
1552
1554
  }
@@ -1908,7 +1910,7 @@ function createTerraformStateBucketPolicy(bucketName, cicdAccountId, allowedAcco
1908
1910
 
1909
1911
  // src/templates/org-stack.ts
1910
1912
  function generateOrgStackTemplate(options) {
1911
- const { orgSlug, cicdAccountId, targetAccountIds } = options;
1913
+ const { orgSlug, cicdAccountId, targetAccountIds, oidcProviderUrl } = options;
1912
1914
  const template = createBaseTemplate(`DevRamps Org Stack for ${orgSlug}`);
1913
1915
  const kmsKeyPolicy = buildKmsKeyPolicy(cicdAccountId, targetAccountIds);
1914
1916
  template.Resources.DevRampsKMSKey = createKmsKeyResource(
@@ -1938,7 +1940,7 @@ function generateOrgStackTemplate(options) {
1938
1940
  PolicyDocument: bucketPolicy
1939
1941
  }
1940
1942
  };
1941
- const trustPolicy = buildOidcTrustPolicy(cicdAccountId, `org:${orgSlug}`);
1943
+ const trustPolicy = buildOidcTrustPolicy(cicdAccountId, `org:${orgSlug}/cicd`, oidcProviderUrl);
1942
1944
  const orgRolePolicies = buildOrgRolePolicies(orgSlug);
1943
1945
  template.Resources.DevRampsCICDDeploymentRole = createIamRoleResource(
1944
1946
  getOrgRoleName(),
@@ -2146,11 +2148,11 @@ function generatePipelineStackTemplate(options) {
2146
2148
  }
2147
2149
 
2148
2150
  // src/templates/account-stack.ts
2149
- function generateAccountStackTemplate() {
2151
+ function generateAccountStackTemplate(options) {
2150
2152
  const template = createBaseTemplate(
2151
2153
  "DevRamps Account Bootstrap Stack - Creates OIDC provider for the account"
2152
2154
  );
2153
- addOidcProviderResource(template, false);
2155
+ addOidcProviderResource(template, false, options?.oidcProviderUrl);
2154
2156
  template.Outputs = {
2155
2157
  OIDCProviderArn: {
2156
2158
  Description: "ARN of the OIDC provider",
@@ -2342,13 +2344,14 @@ function generateStageStackTemplate(options) {
2342
2344
  steps,
2343
2345
  additionalPolicies,
2344
2346
  dockerArtifacts,
2345
- bundleArtifacts
2347
+ bundleArtifacts,
2348
+ oidcProviderUrl
2346
2349
  } = options;
2347
2350
  const template = createBaseTemplate(
2348
2351
  `DevRamps Stage Stack for ${pipelineSlug}/${stageName}`
2349
2352
  );
2350
2353
  const roleName = generateStageRoleName(pipelineSlug, stageName);
2351
- const trustPolicy = buildStageTrustPolicy(accountId, orgSlug, pipelineSlug, stageName);
2354
+ const trustPolicy = buildStageTrustPolicy(accountId, orgSlug, pipelineSlug, oidcProviderUrl);
2352
2355
  const policies = buildStagePolicies(steps, additionalPolicies);
2353
2356
  template.Resources.StageDeploymentRole = createIamRoleResource(
2354
2357
  roleName,
@@ -2392,7 +2395,8 @@ function generateStageStackTemplate(options) {
2392
2395
  );
2393
2396
  s3Outputs[artifact.name] = { resourceId };
2394
2397
  }
2395
- const oidcProviderArn = `arn:aws:iam::${accountId}:oidc-provider/${OIDC_PROVIDER_URL}`;
2398
+ const providerUrl = oidcProviderUrl || OIDC_PROVIDER_URL;
2399
+ const oidcProviderArn = `arn:aws:iam::${accountId}:oidc-provider/${providerUrl}`;
2396
2400
  template.Outputs = {
2397
2401
  StageRoleArn: {
2398
2402
  Description: "ARN of the stage deployment role",
@@ -2432,9 +2436,9 @@ function generateStageStackTemplate(options) {
2432
2436
  }
2433
2437
  return template;
2434
2438
  }
2435
- function buildStageTrustPolicy(accountId, orgSlug, pipelineSlug, stageName) {
2436
- const subject = `org:${orgSlug}/pipeline:${pipelineSlug}/stage:${stageName}`;
2437
- return buildOidcTrustPolicy(accountId, subject);
2439
+ function buildStageTrustPolicy(accountId, orgSlug, pipelineSlug, oidcProviderUrl) {
2440
+ const subject = `org:${orgSlug}/pipeline:${pipelineSlug}`;
2441
+ return buildOidcTrustPolicy(accountId, subject, oidcProviderUrl);
2438
2442
  }
2439
2443
  function buildStagePolicies(steps, additionalPolicies) {
2440
2444
  const policies = [];
@@ -2540,6 +2544,15 @@ async function confirmDeployment(plan) {
2540
2544
  }
2541
2545
 
2542
2546
  // src/commands/bootstrap.ts
2547
+ function getOidcProviderUrlFromEndpoint(endpointOverride) {
2548
+ if (!endpointOverride) return void 0;
2549
+ try {
2550
+ const url = new URL(endpointOverride);
2551
+ return url.hostname;
2552
+ } catch {
2553
+ return void 0;
2554
+ }
2555
+ }
2543
2556
  async function bootstrapCommand(options) {
2544
2557
  try {
2545
2558
  if (options.verbose) {
@@ -2589,7 +2602,8 @@ async function bootstrapCommand(options) {
2589
2602
  info("Deployment cancelled by user.");
2590
2603
  return;
2591
2604
  }
2592
- await executeDeployment(plan, pipelines, pipelineArtifacts, authData, identity.accountId, options);
2605
+ const oidcProviderUrl = getOidcProviderUrlFromEndpoint(options.endpointOverride);
2606
+ await executeDeployment(plan, pipelines, pipelineArtifacts, authData, identity.accountId, options, oidcProviderUrl);
2593
2607
  } catch (error2) {
2594
2608
  if (error2 instanceof DevRampsError) {
2595
2609
  error(error2.message);
@@ -2802,7 +2816,7 @@ async function confirmDeploymentPlan(plan) {
2802
2816
  ]
2803
2817
  });
2804
2818
  }
2805
- async function executeDeployment(plan, pipelines, pipelineArtifacts, authData, currentAccountId, options) {
2819
+ async function executeDeployment(plan, pipelines, pipelineArtifacts, authData, currentAccountId, options, oidcProviderUrl) {
2806
2820
  const results = { success: 0, failed: 0 };
2807
2821
  const totalStacks = 1 + plan.pipelineStacks.length + plan.accountStacks.length + plan.stageStacks.length;
2808
2822
  const remainingStacks = 1 + plan.pipelineStacks.length + plan.stageStacks.length;
@@ -2818,7 +2832,7 @@ async function executeDeployment(plan, pipelines, pipelineArtifacts, authData, c
2818
2832
  const accountResults = await Promise.all(
2819
2833
  plan.accountStacks.map(async (stack) => {
2820
2834
  try {
2821
- await deployAccountStack(stack, currentAccountId, options);
2835
+ await deployAccountStack(stack, currentAccountId, options, oidcProviderUrl);
2822
2836
  return { stack: `${stack.stackName} (${stack.accountId})`, success: true };
2823
2837
  } catch (error2) {
2824
2838
  return {
@@ -2863,7 +2877,7 @@ async function executeDeployment(plan, pipelines, pipelineArtifacts, authData, c
2863
2877
  mainProgress.start();
2864
2878
  const orgPromise = (async () => {
2865
2879
  try {
2866
- await deployOrgStack(plan, pipelines, authData, currentAccountId, options);
2880
+ await deployOrgStack(plan, pipelines, authData, currentAccountId, options, oidcProviderUrl);
2867
2881
  return { stack: plan.orgStack.stackName, success: true };
2868
2882
  } catch (error2) {
2869
2883
  return {
@@ -2887,7 +2901,7 @@ async function executeDeployment(plan, pipelines, pipelineArtifacts, authData, c
2887
2901
  });
2888
2902
  const stagePromises = plan.stageStacks.map(async (stack) => {
2889
2903
  try {
2890
- await deployStageStack(stack, authData, currentAccountId, options);
2904
+ await deployStageStack(stack, authData, currentAccountId, options, oidcProviderUrl);
2891
2905
  return { stack: stack.stackName, success: true };
2892
2906
  } catch (error2) {
2893
2907
  return {
@@ -2923,7 +2937,7 @@ async function executeDeployment(plan, pipelines, pipelineArtifacts, authData, c
2923
2937
  process.exit(1);
2924
2938
  }
2925
2939
  }
2926
- async function deployOrgStack(plan, pipelines, authData, currentAccountId, options) {
2940
+ async function deployOrgStack(plan, pipelines, authData, currentAccountId, options, oidcProviderUrl) {
2927
2941
  const { orgSlug, cicdAccountId, cicdRegion } = authData;
2928
2942
  const credentials = cicdAccountId !== currentAccountId ? (await assumeRoleForAccount({
2929
2943
  targetAccountId: cicdAccountId,
@@ -2953,7 +2967,8 @@ async function deployOrgStack(plan, pipelines, authData, currentAccountId, optio
2953
2967
  const template = generateOrgStackTemplate({
2954
2968
  orgSlug,
2955
2969
  cicdAccountId,
2956
- targetAccountIds
2970
+ targetAccountIds,
2971
+ oidcProviderUrl
2957
2972
  });
2958
2973
  const deployOptions = {
2959
2974
  stackName: plan.orgStack.stackName,
@@ -2988,13 +3003,13 @@ async function deployPipelineStack(stack, authData, currentAccountId, options) {
2988
3003
  await previewStackChanges(deployOptions);
2989
3004
  await deployStack(deployOptions);
2990
3005
  }
2991
- async function deployAccountStack(stack, currentAccountId, options) {
3006
+ async function deployAccountStack(stack, currentAccountId, options, oidcProviderUrl) {
2992
3007
  const credentials = stack.accountId !== currentAccountId ? (await assumeRoleForAccount({
2993
3008
  targetAccountId: stack.accountId,
2994
3009
  currentAccountId,
2995
3010
  targetRoleName: options.targetAccountRoleName
2996
3011
  }))?.credentials : void 0;
2997
- const template = generateAccountStackTemplate();
3012
+ const template = generateAccountStackTemplate({ oidcProviderUrl });
2998
3013
  const deployOptions = {
2999
3014
  stackName: stack.stackName,
3000
3015
  template,
@@ -3005,7 +3020,7 @@ async function deployAccountStack(stack, currentAccountId, options) {
3005
3020
  await previewStackChanges(deployOptions);
3006
3021
  await deployStack(deployOptions);
3007
3022
  }
3008
- async function deployStageStack(stack, authData, currentAccountId, options) {
3023
+ async function deployStageStack(stack, authData, currentAccountId, options, oidcProviderUrl) {
3009
3024
  const credentials = stack.accountId !== currentAccountId ? (await assumeRoleForAccount({
3010
3025
  targetAccountId: stack.accountId,
3011
3026
  currentAccountId,
@@ -3019,7 +3034,8 @@ async function deployStageStack(stack, authData, currentAccountId, options) {
3019
3034
  steps: stack.steps,
3020
3035
  additionalPolicies: stack.additionalPolicies,
3021
3036
  dockerArtifacts: stack.dockerArtifacts,
3022
- bundleArtifacts: stack.bundleArtifacts
3037
+ bundleArtifacts: stack.bundleArtifacts,
3038
+ oidcProviderUrl
3023
3039
  });
3024
3040
  const deployOptions = {
3025
3041
  stackName: stack.stackName,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@devramps/cli",
3
- "version": "0.1.12",
3
+ "version": "0.1.13",
4
4
  "description": "DevRamps CLI - Bootstrap AWS infrastructure for CI/CD pipelines",
5
5
  "main": "dist/index.js",
6
6
  "bin": {