@devramps/cli 0.1.14 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +32 -3
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1528,7 +1528,7 @@ function addOidcProviderResource(template, conditional = true, oidcProviderUrl)
|
|
|
1528
1528
|
...conditional ? { Condition: "CreateOIDCProvider" } : {},
|
|
1529
1529
|
Properties: {
|
|
1530
1530
|
Url: `https://${providerUrl}`,
|
|
1531
|
-
ClientIdList: [
|
|
1531
|
+
ClientIdList: ["sts.amazonaws.com"],
|
|
1532
1532
|
ThumbprintList: [getOidcThumbprint()],
|
|
1533
1533
|
Tags: STANDARD_TAGS
|
|
1534
1534
|
}
|
|
@@ -1548,7 +1548,7 @@ function buildOidcTrustPolicy(accountId, subject, oidcProviderUrl) {
|
|
|
1548
1548
|
Condition: {
|
|
1549
1549
|
StringEquals: {
|
|
1550
1550
|
[`${providerUrl}:sub`]: subject,
|
|
1551
|
-
[`${providerUrl}:aud`]:
|
|
1551
|
+
[`${providerUrl}:aud`]: "sts.amazonaws.com"
|
|
1552
1552
|
}
|
|
1553
1553
|
}
|
|
1554
1554
|
}
|
|
@@ -2064,7 +2064,17 @@ function buildOrgRolePolicies(orgSlug) {
|
|
|
2064
2064
|
"ecr:PutImage",
|
|
2065
2065
|
"ecr:InitiateLayerUpload",
|
|
2066
2066
|
"ecr:UploadLayerPart",
|
|
2067
|
-
"ecr:CompleteLayerUpload"
|
|
2067
|
+
"ecr:CompleteLayerUpload",
|
|
2068
|
+
"ecr:DescribeRepositories"
|
|
2069
|
+
],
|
|
2070
|
+
Resource: "*"
|
|
2071
|
+
},
|
|
2072
|
+
{
|
|
2073
|
+
Sid: "AllowS3ArtifactBuckets",
|
|
2074
|
+
Effect: "Allow",
|
|
2075
|
+
Action: [
|
|
2076
|
+
"s3:ListBucket",
|
|
2077
|
+
"s3:GetBucketLocation"
|
|
2068
2078
|
],
|
|
2069
2079
|
Resource: "*"
|
|
2070
2080
|
}
|
|
@@ -2442,6 +2452,25 @@ function buildStageTrustPolicy(accountId, orgSlug, pipelineSlug, oidcProviderUrl
|
|
|
2442
2452
|
}
|
|
2443
2453
|
function buildStagePolicies(steps, additionalPolicies) {
|
|
2444
2454
|
const policies = [];
|
|
2455
|
+
policies.push({
|
|
2456
|
+
PolicyName: "DevRampsValidationPolicy",
|
|
2457
|
+
PolicyDocument: {
|
|
2458
|
+
Version: "2012-10-17",
|
|
2459
|
+
Statement: [
|
|
2460
|
+
{
|
|
2461
|
+
Sid: "AllowResourceValidation",
|
|
2462
|
+
Effect: "Allow",
|
|
2463
|
+
Action: [
|
|
2464
|
+
"ecr:DescribeRepositories",
|
|
2465
|
+
"s3:ListBucket",
|
|
2466
|
+
"s3:GetBucketLocation",
|
|
2467
|
+
"cloudwatch:DescribeAlarms"
|
|
2468
|
+
],
|
|
2469
|
+
Resource: "*"
|
|
2470
|
+
}
|
|
2471
|
+
]
|
|
2472
|
+
}
|
|
2473
|
+
});
|
|
2445
2474
|
for (const step of steps) {
|
|
2446
2475
|
if (!hasPermissions(step.type)) {
|
|
2447
2476
|
continue;
|