@liflig/cdk-vy 1.0.0

package/lib/cognito-resource-server/cognito-resource-server.js

@@ -0,0 +1,120 @@
+/**
+ * CDK Construct for Cognito Resource Server
+ */
+import { createRequire } from "node:module";
+import * as path from "node:path";
+import { fileURLToPath } from "node:url";
+import * as cdk from "aws-cdk-lib";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
+import * as logs from "aws-cdk-lib/aws-logs";
+import * as cr from "aws-cdk-lib/custom-resources";
+import { Construct } from "constructs";
+const require = createRequire(import.meta.url);
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+/**
+ * A Cognito Resource Server managed through Vy's central Cognito service
+ *
+ * A resource server is an integration between a user pool and an API.
+ * Each resource server has custom scopes that you must activate in your app client.
+ * When you configure a resource server, your app can generate access tokens with
+ * OAuth scopes that authorize read and write operations to an API server.
+ *
+ * @example
+ * ```typescript
+ * const resourceServer = new CognitoResourceServer(this, 'ApiResourceServer', {
+ *   environment: VyEnvironment.PROD,
+ *   name: 'my-api',
+ *   identifier: 'https://my-api.vydev.io',
+ *   scopes: [
+ *     { name: 'read', description: 'Read access to the API' },
+ *     { name: 'write', description: 'Write access to the API' }
+ *   ]
+ * });
+ * ```
+ */
+export class CognitoResourceServer extends Construct {
+    /**
+     * The identifier of the resource server
+     */
+    identifier;
+    /**
+     * The name of the resource server
+     */
+    name;
+    /**
+     * The underlying custom resource
+     */
+    resource;
+    /**
+     * The logGroup for the event handler lambda
+     */
+    lambdaLogGroup;
+    /**
+     * The logGroup for the custom resource provider
+     */
+    providerLogGroup;
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.identifier = props.identifier;
+        this.name = props.name;
+        this.lambdaLogGroup = new logs.LogGroup(this, "LambdaLogGroup", {
+            retention: props.logsRetention ?? logs.RetentionDays.ONE_WEEK,
+        });
+        const onEventHandler = new NodejsFunction(this, "OnEventHandler", {
+            runtime: lambda.Runtime.NODEJS_22_X,
+            handler: "handler",
+            entry: require.resolve(`${__dirname}/handler`),
+            timeout: cdk.Duration.minutes(2),
+            memorySize: 256,
+            logGroup: this.lambdaLogGroup,
+            environment: props.cognitoBaseDomain
+                ? {
+                    COGNITO_BASE_DOMAIN: props.cognitoBaseDomain,
+                }
+                : undefined,
+            bundling: {
+                minify: true,
+                sourceMap: true,
+                target: "es2020",
+                externalModules: ["aws-sdk"],
+            },
+        });
+        onEventHandler.addToRolePolicy(new iam.PolicyStatement({
+            effect: iam.Effect.ALLOW,
+            actions: ["execute-api:Invoke"],
+            resources: ["*"], // Can be scoped down if API Gateway ARN is known
+        }));
+        this.providerLogGroup = new logs.LogGroup(this, "ProviderLogGroup", {
+            retention: props.logsRetention ?? logs.RetentionDays.ONE_WEEK,
+        });
+        const provider = new cr.Provider(this, "Provider", {
+            onEventHandler,
+            logGroup: this.providerLogGroup,
+        });
+        this.resource = new cdk.CustomResource(this, "Resource", {
+            serviceToken: provider.serviceToken,
+            properties: {
+                Environment: props.environment,
+                Name: props.name,
+                Identifier: props.identifier,
+                Scopes: props.scopes?.map((s) => ({
+                    Name: s.name,
+                    Description: s.description,
+                })),
+            },
+            resourceType: "Custom::VyCognitoResourceServer",
+        });
+    }
+    /**
+     * Get a reference to a scope in the format expected by app clients
+     * @param scopeName The name of the scope
+     * @returns The full scope identifier (e.g., 'https://api.vydev.io/read')
+     */
+    scopeIdentifier(scopeName) {
+        return `${this.identifier}/${scopeName}`;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by1yZXNvdXJjZS1zZXJ2ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY29nbml0by1yZXNvdXJjZS1zZXJ2ZXIvY29nbml0by1yZXNvdXJjZS1zZXJ2ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sYUFBYSxDQUFBO0FBQzNDLE9BQU8sS0FBSyxJQUFJLE1BQU0sV0FBVyxDQUFBO0FBQ2pDLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxVQUFVLENBQUE7QUFDeEMsT0FBTyxLQUFLLEdBQUcsTUFBTSxhQUFhLENBQUE7QUFDbEMsT0FBTyxLQUFLLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQTtBQUMxQyxPQUFPLEtBQUssTUFBTSxNQUFNLHdCQUF3QixDQUFBO0FBQ2hELE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQTtBQUM5RCxPQUFPLEtBQUssSUFBSSxNQUFNLHNCQUFzQixDQUFBO0FBQzVDLE9BQU8sS0FBSyxFQUFFLE1BQU0sOEJBQThCLENBQUE7QUFDbEQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLFlBQVksQ0FBQTtBQUd0QyxNQUFNLE9BQU8sR0FBRyxhQUFhLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtBQUM5QyxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtBQUNqRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0FBaUQxQzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FvQkc7QUFDSCxNQUFNLE9BQU8scUJBQXNCLFNBQVEsU0FBUztJQUNsRDs7T0FFRztJQUNhLFVBQVUsQ0FBUTtJQUVsQzs7T0FFRztJQUNhLElBQUksQ0FBUTtJQUU1Qjs7T0FFRztJQUNhLFFBQVEsQ0FBb0I7SUFFNUM7O09BRUc7SUFDYSxjQUFjLENBQWU7SUFFN0M7O09BRUc7SUFDYSxnQkFBZ0IsQ0FBZTtJQUUvQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWlDO1FBQ3pFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUE7UUFFaEIsSUFBSSxDQUFDLFVBQVUsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFBO1FBQ2xDLElBQUksQ0FBQyxJQUFJLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQTtRQUV0QixJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7WUFDOUQsU0FBUyxFQUFFLEtBQUssQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRO1NBQzlELENBQUMsQ0FBQTtRQUVGLE1BQU0sY0FBYyxHQUFHLElBQUksY0FBYyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtZQUNoRSxPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXO1lBQ25DLE9BQU8sRUFBRSxTQUFTO1lBQ2xCLEtBQUssRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsU0FBUyxVQUFVLENBQUM7WUFDOUMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNoQyxVQUFVLEVBQUUsR0FBRztZQUNmLFFBQVEsRUFBRSxJQUFJLENBQUMsY0FBYztZQUM3QixXQUFXLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtnQkFDbEMsQ0FBQyxDQUFDO29CQUNFLG1CQUFtQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7aUJBQzdDO2dCQUNILENBQUMsQ0FBQyxTQUFTO1lBQ2IsUUFBUSxFQUFFO2dCQUNSLE1BQU0sRUFBRSxJQUFJO2dCQUNaLFNBQVMsRUFBRSxJQUFJO2dCQUNmLE1BQU0sRUFBRSxRQUFRO2dCQUNoQixlQUFlLEVBQUUsQ0FBQyxTQUFTLENBQUM7YUFDN0I7U0FDRixDQUFDLENBQUE7UUFFRixjQUFjLENBQUMsZUFBZSxDQUM1QixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7WUFDdEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSztZQUN4QixPQUFPLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQztZQUMvQixTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUMsRUFBRSxpREFBaUQ7U0FDcEUsQ0FBQyxDQUNILENBQUE7UUFFRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtZQUNsRSxTQUFTLEVBQUUsS0FBSyxDQUFDLGFBQWEsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLFFBQVE7U0FDOUQsQ0FBQyxDQUFBO1FBRUYsTUFBTSxRQUFRLEdBQUcsSUFBSSxFQUFFLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDakQsY0FBYztZQUNkLFFBQVEsRUFBRSxJQUFJLENBQUMsZ0JBQWdCO1NBQ2hDLENBQUMsQ0FBQTtRQUVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDdkQsWUFBWSxFQUFFLFFBQVEsQ0FBQyxZQUFZO1lBQ25DLFVBQVUsRUFBRTtnQkFDVixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7Z0JBQzlCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtnQkFDaEIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO2dCQUM1QixNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQ2hDLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTtvQkFDWixXQUFXLEVBQUUsQ0FBQyxDQUFDLFdBQVc7aUJBQzNCLENBQUMsQ0FBQzthQUNKO1lBQ0QsWUFBWSxFQUFFLGlDQUFpQztTQUNoRCxDQUFDLENBQUE7SUFDSixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLGVBQWUsQ0FBQyxTQUFpQjtRQUN0QyxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsSUFBSSxTQUFTLEVBQUUsQ0FBQTtJQUMxQyxDQUFDO0NBQ0YiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIENESyBDb25zdHJ1Y3QgZm9yIENvZ25pdG8gUmVzb3VyY2UgU2VydmVyXG4gKi9cblxuaW1wb3J0IHsgY3JlYXRlUmVxdWlyZSB9IGZyb20gXCJub2RlOm1vZHVsZVwiXG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gXCJub2RlOnBhdGhcIlxuaW1wb3J0IHsgZmlsZVVSTFRvUGF0aCB9IGZyb20gXCJub2RlOnVybFwiXG5pbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBsYW1iZGEgZnJvbSBcImF3cy1jZGstbGliL2F3cy1sYW1iZGFcIlxuaW1wb3J0IHsgTm9kZWpzRnVuY3Rpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxhbWJkYS1ub2RlanNcIlxuaW1wb3J0ICogYXMgbG9ncyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxvZ3NcIlxuaW1wb3J0ICogYXMgY3IgZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIlxuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0IHR5cGUgeyBWeUVudmlyb25tZW50IH0gZnJvbSBcIi4uL3NoYXJlZC90eXBlc1wiXG5cbmNvbnN0IHJlcXVpcmUgPSBjcmVhdGVSZXF1aXJlKGltcG9ydC5tZXRhLnVybClcbmNvbnN0IF9fZmlsZW5hbWUgPSBmaWxlVVJMVG9QYXRoKGltcG9ydC5tZXRhLnVybClcbmNvbnN0IF9fZGlybmFtZSA9IHBhdGguZGlybmFtZShfX2ZpbGVuYW1lKVxuXG5leHBvcnQgaW50ZXJmYWNlIFNjb3BlIHtcbiAgLyoqXG4gICAqIFRoZSBuYW1lIG9mIHRoZSBzY29wZVxuICAgKi9cbiAgcmVhZG9ubHkgbmFtZTogc3RyaW5nXG5cbiAgLyoqXG4gICAqIEEgZGVzY3JpcHRpb24gb2Ygd2hhdCB0aGlzIHNjb3BlIGlzIGZvclxuICAgKi9cbiAgcmVhZG9ubHkgZGVzY3JpcHRpb246IHN0cmluZ1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENvZ25pdG9SZXNvdXJjZVNlcnZlclByb3BzIHtcbiAgLyoqXG4gICAqIFRoZSBWeSBlbnZpcm9ubWVudCB0byBwcm92aXNpb24gaW4gKGUuZy4sIFZ5RW52aXJvbm1lbnQuUFJPRCwgVnlFbnZpcm9ubWVudC5TVEFHRSwgVnlFbnZpcm9ubWVudC5URVNUKVxuICAgKi9cbiAgcmVhZG9ubHkgZW52aXJvbm1lbnQ6IFZ5RW52aXJvbm1lbnRcblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIHJlc291cmNlIHNlcnZlclxuICAgKi9cbiAgcmVhZG9ubHkgbmFtZTogc3RyaW5nXG5cbiAgLyoqXG4gICAqIFRoZSBpZGVudGlmaWVyIGZvciB0aGlzIHJlc291cmNlIHNlcnZlciAodXN1YWxseSBhIFVSTClcbiAgICogQGV4YW1wbGUgJ2h0dHBzOi8vYXBpLnZ5ZGV2LmlvJ1xuICAgKi9cbiAgcmVhZG9ubHkgaWRlbnRpZmllcjogc3RyaW5nXG5cbiAgLyoqXG4gICAqIEN1c3RvbSBzY29wZXMgZm9yIHRoaXMgcmVzb3VyY2Ugc2VydmVyXG4gICAqIEBkZWZhdWx0IC0gTm8gc2NvcGVzXG4gICAqL1xuICByZWFkb25seSBzY29wZXM/OiBTY29wZVtdXG5cbiAgLyoqXG4gICAqIEJhc2UgZG9tYWluIGZvciBDb2duaXRvIHNlcnZpY2VcbiAgICogQGRlZmF1bHQgJ2NvZ25pdG8udnlkZXYuaW8nXG4gICAqL1xuICByZWFkb25seSBjb2duaXRvQmFzZURvbWFpbj86IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBAZGVmYXVsdCBsb2dzLlJldGVudGlvbkRheXMuT05FX1dFRUtcbiAgICovXG4gIHJlYWRvbmx5IGxvZ3NSZXRlbnRpb24/OiBsb2dzLlJldGVudGlvbkRheXNcbn1cblxuLyoqXG4gKiBBIENvZ25pdG8gUmVzb3VyY2UgU2VydmVyIG1hbmFnZWQgdGhyb3VnaCBWeSdzIGNlbnRyYWwgQ29nbml0byBzZXJ2aWNlXG4gKlxuICogQSByZXNvdXJjZSBzZXJ2ZXIgaXMgYW4gaW50ZWdyYXRpb24gYmV0d2VlbiBhIHVzZXIgcG9vbCBhbmQgYW4gQVBJLlxuICogRWFjaCByZXNvdXJjZSBzZXJ2ZXIgaGFzIGN1c3RvbSBzY29wZXMgdGhhdCB5b3UgbXVzdCBhY3RpdmF0ZSBpbiB5b3VyIGFwcCBjbGllbnQuXG4gKiBXaGVuIHlvdSBjb25maWd1cmUgYSByZXNvdXJjZSBzZXJ2ZXIsIHlvdXIgYXBwIGNhbiBnZW5lcmF0ZSBhY2Nlc3MgdG9rZW5zIHdpdGhcbiAqIE9BdXRoIHNjb3BlcyB0aGF0IGF1dGhvcml6ZSByZWFkIGFuZCB3cml0ZSBvcGVyYXRpb25zIHRvIGFuIEFQSSBzZXJ2ZXIuXG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIGNvbnN0IHJlc291cmNlU2VydmVyID0gbmV3IENvZ25pdG9SZXNvdXJjZVNlcnZlcih0aGlzLCAnQXBpUmVzb3VyY2VTZXJ2ZXInLCB7XG4gKiAgIGVudmlyb25tZW50OiBWeUVudmlyb25tZW50LlBST0QsXG4gKiAgIG5hbWU6ICdteS1hcGknLFxuICogICBpZGVudGlmaWVyOiAnaHR0cHM6Ly9teS1hcGkudnlkZXYuaW8nLFxuICogICBzY29wZXM6IFtcbiAqICAgICB7IG5hbWU6ICdyZWFkJywgZGVzY3JpcHRpb246ICdSZWFkIGFjY2VzcyB0byB0aGUgQVBJJyB9LFxuICogICAgIHsgbmFtZTogJ3dyaXRlJywgZGVzY3JpcHRpb246ICdXcml0ZSBhY2Nlc3MgdG8gdGhlIEFQSScgfVxuICogICBdXG4gKiB9KTtcbiAqIGBgYFxuICovXG5leHBvcnQgY2xhc3MgQ29nbml0b1Jlc291cmNlU2VydmVyIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqXG4gICAqIFRoZSBpZGVudGlmaWVyIG9mIHRoZSByZXNvdXJjZSBzZXJ2ZXJcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBpZGVudGlmaWVyOiBzdHJpbmdcblxuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIHJlc291cmNlIHNlcnZlclxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IG5hbWU6IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBUaGUgdW5kZXJseWluZyBjdXN0b20gcmVzb3VyY2VcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSByZXNvdXJjZTogY2RrLkN1c3RvbVJlc291cmNlXG5cbiAgLyoqXG4gICAqIFRoZSBsb2dHcm91cCBmb3IgdGhlIGV2ZW50IGhhbmRsZXIgbGFtYmRhXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgbGFtYmRhTG9nR3JvdXA6IGxvZ3MuTG9nR3JvdXBcblxuICAvKipcbiAgICogVGhlIGxvZ0dyb3VwIGZvciB0aGUgY3VzdG9tIHJlc291cmNlIHByb3ZpZGVyXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcHJvdmlkZXJMb2dHcm91cDogbG9ncy5Mb2dHcm91cFxuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBDb2duaXRvUmVzb3VyY2VTZXJ2ZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIHRoaXMuaWRlbnRpZmllciA9IHByb3BzLmlkZW50aWZpZXJcbiAgICB0aGlzLm5hbWUgPSBwcm9wcy5uYW1lXG5cbiAgICB0aGlzLmxhbWJkYUxvZ0dyb3VwID0gbmV3IGxvZ3MuTG9nR3JvdXAodGhpcywgXCJMYW1iZGFMb2dHcm91cFwiLCB7XG4gICAgICByZXRlbnRpb246IHByb3BzLmxvZ3NSZXRlbnRpb24gPz8gbG9ncy5SZXRlbnRpb25EYXlzLk9ORV9XRUVLLFxuICAgIH0pXG5cbiAgICBjb25zdCBvbkV2ZW50SGFuZGxlciA9IG5ldyBOb2RlanNGdW5jdGlvbih0aGlzLCBcIk9uRXZlbnRIYW5kbGVyXCIsIHtcbiAgICAgIHJ1bnRpbWU6IGxhbWJkYS5SdW50aW1lLk5PREVKU18yMl9YLFxuICAgICAgaGFuZGxlcjogXCJoYW5kbGVyXCIsXG4gICAgICBlbnRyeTogcmVxdWlyZS5yZXNvbHZlKGAke19fZGlybmFtZX0vaGFuZGxlcmApLFxuICAgICAgdGltZW91dDogY2RrLkR1cmF0aW9uLm1pbnV0ZXMoMiksXG4gICAgICBtZW1vcnlTaXplOiAyNTYsXG4gICAgICBsb2dHcm91cDogdGhpcy5sYW1iZGFMb2dHcm91cCxcbiAgICAgIGVudmlyb25tZW50OiBwcm9wcy5jb2duaXRvQmFzZURvbWFpblxuICAgICAgICA/IHtcbiAgICAgICAgICAgIENPR05JVE9fQkFTRV9ET01BSU46IHByb3BzLmNvZ25pdG9CYXNlRG9tYWluLFxuICAgICAgICAgIH1cbiAgICAgICAgOiB1bmRlZmluZWQsXG4gICAgICBidW5kbGluZzoge1xuICAgICAgICBtaW5pZnk6IHRydWUsXG4gICAgICAgIHNvdXJjZU1hcDogdHJ1ZSxcbiAgICAgICAgdGFyZ2V0OiBcImVzMjAyMFwiLFxuICAgICAgICBleHRlcm5hbE1vZHVsZXM6IFtcImF3cy1zZGtcIl0sXG4gICAgICB9LFxuICAgIH0pXG5cbiAgICBvbkV2ZW50SGFuZGxlci5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1wiZXhlY3V0ZS1hcGk6SW52b2tlXCJdLFxuICAgICAgICByZXNvdXJjZXM6IFtcIipcIl0sIC8vIENhbiBiZSBzY29wZWQgZG93biBpZiBBUEkgR2F0ZXdheSBBUk4gaXMga25vd25cbiAgICAgIH0pLFxuICAgIClcblxuICAgIHRoaXMucHJvdmlkZXJMb2dHcm91cCA9IG5ldyBsb2dzLkxvZ0dyb3VwKHRoaXMsIFwiUHJvdmlkZXJMb2dHcm91cFwiLCB7XG4gICAgICByZXRlbnRpb246IHByb3BzLmxvZ3NSZXRlbnRpb24gPz8gbG9ncy5SZXRlbnRpb25EYXlzLk9ORV9XRUVLLFxuICAgIH0pXG5cbiAgICBjb25zdCBwcm92aWRlciA9IG5ldyBjci5Qcm92aWRlcih0aGlzLCBcIlByb3ZpZGVyXCIsIHtcbiAgICAgIG9uRXZlbnRIYW5kbGVyLFxuICAgICAgbG9nR3JvdXA6IHRoaXMucHJvdmlkZXJMb2dHcm91cCxcbiAgICB9KVxuXG4gICAgdGhpcy5yZXNvdXJjZSA9IG5ldyBjZGsuQ3VzdG9tUmVzb3VyY2UodGhpcywgXCJSZXNvdXJjZVwiLCB7XG4gICAgICBzZXJ2aWNlVG9rZW46IHByb3ZpZGVyLnNlcnZpY2VUb2tlbixcbiAgICAgIHByb3BlcnRpZXM6IHtcbiAgICAgICAgRW52aXJvbm1lbnQ6IHByb3BzLmVudmlyb25tZW50LFxuICAgICAgICBOYW1lOiBwcm9wcy5uYW1lLFxuICAgICAgICBJZGVudGlmaWVyOiBwcm9wcy5pZGVudGlmaWVyLFxuICAgICAgICBTY29wZXM6IHByb3BzLnNjb3Blcz8ubWFwKChzKSA9PiAoe1xuICAgICAgICAgIE5hbWU6IHMubmFtZSxcbiAgICAgICAgICBEZXNjcmlwdGlvbjogcy5kZXNjcmlwdGlvbixcbiAgICAgICAgfSkpLFxuICAgICAgfSxcbiAgICAgIHJlc291cmNlVHlwZTogXCJDdXN0b206OlZ5Q29nbml0b1Jlc291cmNlU2VydmVyXCIsXG4gICAgfSlcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgYSByZWZlcmVuY2UgdG8gYSBzY29wZSBpbiB0aGUgZm9ybWF0IGV4cGVjdGVkIGJ5IGFwcCBjbGllbnRzXG4gICAqIEBwYXJhbSBzY29wZU5hbWUgVGhlIG5hbWUgb2YgdGhlIHNjb3BlXG4gICAqIEByZXR1cm5zIFRoZSBmdWxsIHNjb3BlIGlkZW50aWZpZXIgKGUuZy4sICdodHRwczovL2FwaS52eWRldi5pby9yZWFkJylcbiAgICovXG4gIHB1YmxpYyBzY29wZUlkZW50aWZpZXIoc2NvcGVOYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIHJldHVybiBgJHt0aGlzLmlkZW50aWZpZXJ9LyR7c2NvcGVOYW1lfWBcbiAgfVxufVxuIl19

package/lib/cognito-resource-server/handler.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Lambda handler for CognitoResourceServer custom resource
+ */
+import type { CustomResourceRequest, CustomResourceResponse } from "../shared/types";
+export declare function handler(event: CustomResourceRequest): Promise<CustomResourceResponse>;

package/lib/cognito-resource-server/handler.js

@@ -0,0 +1,104 @@
+/**
+ * Lambda handler for CognitoResourceServer custom resource
+ */
+import { createFailureResponse, createSuccessResponse, handleError, } from "../shared/custom-resource-handler";
+import { createUrlFromEnvironment, signedRequest } from "../shared/sigv4-client";
+const COGNITO_BASE_DOMAIN = process.env.COGNITO_BASE_DOMAIN || "cognito.vydev.io";
+async function createResourceServer(baseUrl, server) {
+    const response = await signedRequest({
+        method: "POST",
+        hostname: baseUrl,
+        path: "/resource-servers",
+        body: JSON.stringify(server),
+    });
+    if (response.statusCode !== 201) {
+        throw new Error(`Could not create resource: ${response.statusCode} - ${response.body}`);
+    }
+    return JSON.parse(response.body);
+}
+async function readResourceServer(baseUrl, identifier) {
+    const encodedIdentifier = encodeURIComponent(identifier);
+    const response = await signedRequest({
+        method: "GET",
+        hostname: baseUrl,
+        path: `/resource-servers/${encodedIdentifier}`,
+    });
+    if (response.statusCode !== 200) {
+        throw new Error(`Could not read resource: ${response.statusCode} - ${response.body}`);
+    }
+    return JSON.parse(response.body);
+}
+async function updateResourceServer(baseUrl, update) {
+    const encodedIdentifier = encodeURIComponent(update.identifier);
+    const response = await signedRequest({
+        method: "PUT",
+        hostname: baseUrl,
+        path: `/resource-servers/${encodedIdentifier}`,
+        body: JSON.stringify(update),
+    });
+    if (response.statusCode !== 200) {
+        throw new Error(`Could not update resource: ${response.statusCode} - ${response.body}`);
+    }
+}
+async function deleteResourceServer(baseUrl, identifier) {
+    const encodedIdentifier = encodeURIComponent(identifier);
+    const response = await signedRequest({
+        method: "DELETE",
+        hostname: baseUrl,
+        path: `/resource-servers/${encodedIdentifier}`,
+    });
+    if (response.statusCode !== 200) {
+        throw new Error(`Could not delete resource: ${response.statusCode} - ${response.body}`);
+    }
+}
+export async function handler(event) {
+    const props = event.ResourceProperties;
+    const baseUrl = createUrlFromEnvironment(COGNITO_BASE_DOMAIN, "delegated", props.Environment);
+    try {
+        switch (event.RequestType) {
+            case "Create": {
+                const server = {
+                    identifier: props.Identifier,
+                    name: props.Name,
+                    scopes: props.Scopes?.map((s) => ({
+                        name: s.Name,
+                        description: s.Description,
+                    })),
+                };
+                const created = await createResourceServer(baseUrl, server);
+                return createSuccessResponse(event.PhysicalResourceId ?? created.identifier, {
+                    Identifier: created.identifier,
+                    Name: created.name,
+                    Scopes: created.scopes,
+                });
+            }
+            case "Update": {
+                const update = {
+                    identifier: props.Identifier,
+                    name: props.Name,
+                    scopes: props.Scopes?.map((s) => ({
+                        name: s.Name,
+                        description: s.Description,
+                    })),
+                };
+                await updateResourceServer(baseUrl, update);
+                const updated = await readResourceServer(baseUrl, props.Identifier);
+                return createSuccessResponse(event.PhysicalResourceId ?? updated.identifier, {
+                    Identifier: updated.identifier,
+                    Name: updated.name,
+                    Scopes: updated.scopes,
+                });
+            }
+            case "Delete": {
+                const identifier = event.PhysicalResourceId || props.Identifier;
+                await deleteResourceServer(baseUrl, identifier);
+                return createSuccessResponse(identifier, {});
+            }
+        }
+    }
+    catch (error) {
+        console.error("Error:", error);
+        return createFailureResponse(event.PhysicalResourceId || props.Identifier || "unknown", handleError(error));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jb2duaXRvLXJlc291cmNlLXNlcnZlci9oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBRUgsT0FBTyxFQUNMLHFCQUFxQixFQUNyQixxQkFBcUIsRUFDckIsV0FBVyxHQUNaLE1BQU0sbUNBQW1DLENBQUE7QUFDMUMsT0FBTyxFQUFFLHdCQUF3QixFQUFFLGFBQWEsRUFBRSxNQUFNLHdCQUF3QixDQUFBO0FBUWhGLE1BQU0sbUJBQW1CLEdBQ3ZCLE9BQU8sQ0FBQyxHQUFHLENBQUMsbUJBQW1CLElBQUksa0JBQWtCLENBQUE7QUFTdkQsS0FBSyxVQUFVLG9CQUFvQixDQUNqQyxPQUFlLEVBQ2YsTUFBc0I7SUFFdEIsTUFBTSxRQUFRLEdBQUcsTUFBTSxhQUFhLENBQUM7UUFDbkMsTUFBTSxFQUFFLE1BQU07UUFDZCxRQUFRLEVBQUUsT0FBTztRQUNqQixJQUFJLEVBQUUsbUJBQW1CO1FBQ3pCLElBQUksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQztLQUM3QixDQUFDLENBQUE7SUFFRixJQUFJLFFBQVEsQ0FBQyxVQUFVLEtBQUssR0FBRyxFQUFFLENBQUM7UUFDaEMsTUFBTSxJQUFJLEtBQUssQ0FDYiw4QkFBOEIsUUFBUSxDQUFDLFVBQVUsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQ3ZFLENBQUE7SUFDSCxDQUFDO0lBRUQsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQTtBQUNsQyxDQUFDO0FBRUQsS0FBSyxVQUFVLGtCQUFrQixDQUMvQixPQUFlLEVBQ2YsVUFBa0I7SUFFbEIsTUFBTSxpQkFBaUIsR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUN4RCxNQUFNLFFBQVEsR0FBRyxNQUFNLGFBQWEsQ0FBQztRQUNuQyxNQUFNLEVBQUUsS0FBSztRQUNiLFFBQVEsRUFBRSxPQUFPO1FBQ2pCLElBQUksRUFBRSxxQkFBcUIsaUJBQWlCLEVBQUU7S0FDL0MsQ0FBQyxDQUFBO0lBRUYsSUFBSSxRQUFRLENBQUMsVUFBVSxLQUFLLEdBQUcsRUFBRSxDQUFDO1FBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IsNEJBQTRCLFFBQVEsQ0FBQyxVQUFVLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUNyRSxDQUFBO0lBQ0gsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUE7QUFDbEMsQ0FBQztBQUVELEtBQUssVUFBVSxvQkFBb0IsQ0FDakMsT0FBZSxFQUNmLE1BQW1DO0lBRW5DLE1BQU0saUJBQWlCLEdBQUcsa0JBQWtCLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQy9ELE1BQU0sUUFBUSxHQUFHLE1BQU0sYUFBYSxDQUFDO1FBQ25DLE1BQU0sRUFBRSxLQUFLO1FBQ2IsUUFBUSxFQUFFLE9BQU87UUFDakIsSUFBSSxFQUFFLHFCQUFxQixpQkFBaUIsRUFBRTtRQUM5QyxJQUFJLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7S0FDN0IsQ0FBQyxDQUFBO0lBRUYsSUFBSSxRQUFRLENBQUMsVUFBVSxLQUFLLEdBQUcsRUFBRSxDQUFDO1FBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IsOEJBQThCLFFBQVEsQ0FBQyxVQUFVLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUN2RSxDQUFBO0lBQ0gsQ0FBQztBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsb0JBQW9CLENBQ2pDLE9BQWUsRUFDZixVQUFrQjtJQUVsQixNQUFNLGlCQUFpQixHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3hELE1BQU0sUUFBUSxHQUFHLE1BQU0sYUFBYSxDQUFDO1FBQ25DLE1BQU0sRUFBRSxRQUFRO1FBQ2hCLFFBQVEsRUFBRSxPQUFPO1FBQ2pCLElBQUksRUFBRSxxQkFBcUIsaUJBQWlCLEVBQUU7S0FDL0MsQ0FBQyxDQUFBO0lBRUYsSUFBSSxRQUFRLENBQUMsVUFBVSxLQUFLLEdBQUcsRUFBRSxDQUFDO1FBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IsOEJBQThCLFFBQVEsQ0FBQyxVQUFVLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUN2RSxDQUFBO0lBQ0gsQ0FBQztBQUNILENBQUM7QUFFRCxNQUFNLENBQUMsS0FBSyxVQUFVLE9BQU8sQ0FDM0IsS0FBNEI7SUFFNUIsTUFBTSxLQUFLLEdBQUcsS0FBSyxDQUFDLGtCQUE4QyxDQUFBO0lBQ2xFLE1BQU0sT0FBTyxHQUFHLHdCQUF3QixDQUN0QyxtQkFBbUIsRUFDbkIsV0FBVyxFQUNYLEtBQUssQ0FBQyxXQUFXLENBQ2xCLENBQUE7SUFFRCxJQUFJLENBQUM7UUFDSCxRQUFRLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUMxQixLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUM7Z0JBQ2QsTUFBTSxNQUFNLEdBQW1CO29CQUM3QixVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7b0JBQzVCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtvQkFDaEIsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO3dCQUNoQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUk7d0JBQ1osV0FBVyxFQUFFLENBQUMsQ0FBQyxXQUFXO3FCQUMzQixDQUFDLENBQUM7aUJBQ0osQ0FBQTtnQkFFRCxNQUFNLE9BQU8sR0FBRyxNQUFNLG9CQUFvQixDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQTtnQkFFM0QsT0FBTyxxQkFBcUIsQ0FDMUIsS0FBSyxDQUFDLGtCQUFrQixJQUFJLE9BQU8sQ0FBQyxVQUFVLEVBQzlDO29CQUNFLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtvQkFDOUIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJO29CQUNsQixNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU07aUJBQ3ZCLENBQ3dCLENBQUE7WUFDN0IsQ0FBQztZQUVELEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQztnQkFDZCxNQUFNLE1BQU0sR0FBZ0M7b0JBQzFDLFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBVTtvQkFDNUIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO29CQUNoQixNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7d0JBQ2hDLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTt3QkFDWixXQUFXLEVBQUUsQ0FBQyxDQUFDLFdBQVc7cUJBQzNCLENBQUMsQ0FBQztpQkFDSixDQUFBO2dCQUVELE1BQU0sb0JBQW9CLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFBO2dCQUMzQyxNQUFNLE9BQU8sR0FBRyxNQUFNLGtCQUFrQixDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUE7Z0JBRW5FLE9BQU8scUJBQXFCLENBQzFCLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSxPQUFPLENBQUMsVUFBVSxFQUM5QztvQkFDRSxVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7b0JBQzlCLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtvQkFDbEIsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNO2lCQUN2QixDQUN3QixDQUFBO1lBQzdCLENBQUM7WUFFRCxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUM7Z0JBQ2QsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLGtCQUFrQixJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUE7Z0JBQy9ELE1BQU0sb0JBQW9CLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxDQUFBO2dCQUUvQyxPQUFPLHFCQUFxQixDQUFDLFVBQVUsRUFBRSxFQUFFLENBQTJCLENBQUE7WUFDeEUsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLE9BQU8sQ0FBQyxLQUFLLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFBO1FBQzlCLE9BQU8scUJBQXFCLENBQzFCLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSxLQUFLLENBQUMsVUFBVSxJQUFJLFNBQVMsRUFDekQsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUNPLENBQUE7SUFDN0IsQ0FBQztBQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIExhbWJkYSBoYW5kbGVyIGZvciBDb2duaXRvUmVzb3VyY2VTZXJ2ZXIgY3VzdG9tIHJlc291cmNlXG4gKi9cblxuaW1wb3J0IHtcbiAgY3JlYXRlRmFpbHVyZVJlc3BvbnNlLFxuICBjcmVhdGVTdWNjZXNzUmVzcG9uc2UsXG4gIGhhbmRsZUVycm9yLFxufSBmcm9tIFwiLi4vc2hhcmVkL2N1c3RvbS1yZXNvdXJjZS1oYW5kbGVyXCJcbmltcG9ydCB7IGNyZWF0ZVVybEZyb21FbnZpcm9ubWVudCwgc2lnbmVkUmVxdWVzdCB9IGZyb20gXCIuLi9zaGFyZWQvc2lndjQtY2xpZW50XCJcbmltcG9ydCB0eXBlIHtcbiAgQ3VzdG9tUmVzb3VyY2VSZXF1ZXN0LFxuICBDdXN0b21SZXNvdXJjZVJlc3BvbnNlLFxuICBSZXNvdXJjZVNlcnZlcixcbiAgUmVzb3VyY2VTZXJ2ZXJVcGRhdGVSZXF1ZXN0LFxufSBmcm9tIFwiLi4vc2hhcmVkL3R5cGVzXCJcblxuY29uc3QgQ09HTklUT19CQVNFX0RPTUFJTiA9XG4gIHByb2Nlc3MuZW52LkNPR05JVE9fQkFTRV9ET01BSU4gfHwgXCJjb2duaXRvLnZ5ZGV2LmlvXCJcblxuaW50ZXJmYWNlIFJlc291cmNlU2VydmVyUHJvcGVydGllcyB7XG4gIEVudmlyb25tZW50OiBzdHJpbmdcbiAgTmFtZTogc3RyaW5nXG4gIElkZW50aWZpZXI6IHN0cmluZ1xuICBTY29wZXM/OiBBcnJheTx7IE5hbWU6IHN0cmluZzsgRGVzY3JpcHRpb246IHN0cmluZyB9PlxufVxuXG5hc3luYyBmdW5jdGlvbiBjcmVhdGVSZXNvdXJjZVNlcnZlcihcbiAgYmFzZVVybDogc3RyaW5nLFxuICBzZXJ2ZXI6IFJlc291cmNlU2VydmVyLFxuKTogUHJvbWlzZTxSZXNvdXJjZVNlcnZlcj4ge1xuICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHNpZ25lZFJlcXVlc3Qoe1xuICAgIG1ldGhvZDogXCJQT1NUXCIsXG4gICAgaG9zdG5hbWU6IGJhc2VVcmwsXG4gICAgcGF0aDogXCIvcmVzb3VyY2Utc2VydmVyc1wiLFxuICAgIGJvZHk6IEpTT04uc3RyaW5naWZ5KHNlcnZlciksXG4gIH0pXG5cbiAgaWYgKHJlc3BvbnNlLnN0YXR1c0NvZGUgIT09IDIwMSkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBDb3VsZCBub3QgY3JlYXRlIHJlc291cmNlOiAke3Jlc3BvbnNlLnN0YXR1c0NvZGV9IC0gJHtyZXNwb25zZS5ib2R5fWAsXG4gICAgKVxuICB9XG5cbiAgcmV0dXJuIEpTT04ucGFyc2UocmVzcG9uc2UuYm9keSlcbn1cblxuYXN5bmMgZnVuY3Rpb24gcmVhZFJlc291cmNlU2VydmVyKFxuICBiYXNlVXJsOiBzdHJpbmcsXG4gIGlkZW50aWZpZXI6IHN0cmluZyxcbik6IFByb21pc2U8UmVzb3VyY2VTZXJ2ZXI+IHtcbiAgY29uc3QgZW5jb2RlZElkZW50aWZpZXIgPSBlbmNvZGVVUklDb21wb25lbnQoaWRlbnRpZmllcilcbiAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBzaWduZWRSZXF1ZXN0KHtcbiAgICBtZXRob2Q6IFwiR0VUXCIsXG4gICAgaG9zdG5hbWU6IGJhc2VVcmwsXG4gICAgcGF0aDogYC9yZXNvdXJjZS1zZXJ2ZXJzLyR7ZW5jb2RlZElkZW50aWZpZXJ9YCxcbiAgfSlcblxuICBpZiAocmVzcG9uc2Uuc3RhdHVzQ29kZSAhPT0gMjAwKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgYENvdWxkIG5vdCByZWFkIHJlc291cmNlOiAke3Jlc3BvbnNlLnN0YXR1c0NvZGV9IC0gJHtyZXNwb25zZS5ib2R5fWAsXG4gICAgKVxuICB9XG5cbiAgcmV0dXJuIEpTT04ucGFyc2UocmVzcG9uc2UuYm9keSlcbn1cblxuYXN5bmMgZnVuY3Rpb24gdXBkYXRlUmVzb3VyY2VTZXJ2ZXIoXG4gIGJhc2VVcmw6IHN0cmluZyxcbiAgdXBkYXRlOiBSZXNvdXJjZVNlcnZlclVwZGF0ZVJlcXVlc3QsXG4pOiBQcm9taXNlPHZvaWQ+IHtcbiAgY29uc3QgZW5jb2RlZElkZW50aWZpZXIgPSBlbmNvZGVVUklDb21wb25lbnQodXBkYXRlLmlkZW50aWZpZXIpXG4gIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgc2lnbmVkUmVxdWVzdCh7XG4gICAgbWV0aG9kOiBcIlBVVFwiLFxuICAgIGhvc3RuYW1lOiBiYXNlVXJsLFxuICAgIHBhdGg6IGAvcmVzb3VyY2Utc2VydmVycy8ke2VuY29kZWRJZGVudGlmaWVyfWAsXG4gICAgYm9keTogSlNPTi5zdHJpbmdpZnkodXBkYXRlKSxcbiAgfSlcblxuICBpZiAocmVzcG9uc2Uuc3RhdHVzQ29kZSAhPT0gMjAwKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgYENvdWxkIG5vdCB1cGRhdGUgcmVzb3VyY2U6ICR7cmVzcG9uc2Uuc3RhdHVzQ29kZX0gLSAke3Jlc3BvbnNlLmJvZHl9YCxcbiAgICApXG4gIH1cbn1cblxuYXN5bmMgZnVuY3Rpb24gZGVsZXRlUmVzb3VyY2VTZXJ2ZXIoXG4gIGJhc2VVcmw6IHN0cmluZyxcbiAgaWRlbnRpZmllcjogc3RyaW5nLFxuKTogUHJvbWlzZTx2b2lkPiB7XG4gIGNvbnN0IGVuY29kZWRJZGVudGlmaWVyID0gZW5jb2RlVVJJQ29tcG9uZW50KGlkZW50aWZpZXIpXG4gIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgc2lnbmVkUmVxdWVzdCh7XG4gICAgbWV0aG9kOiBcIkRFTEVURVwiLFxuICAgIGhvc3RuYW1lOiBiYXNlVXJsLFxuICAgIHBhdGg6IGAvcmVzb3VyY2Utc2VydmVycy8ke2VuY29kZWRJZGVudGlmaWVyfWAsXG4gIH0pXG5cbiAgaWYgKHJlc3BvbnNlLnN0YXR1c0NvZGUgIT09IDIwMCkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBDb3VsZCBub3QgZGVsZXRlIHJlc291cmNlOiAke3Jlc3BvbnNlLnN0YXR1c0NvZGV9IC0gJHtyZXNwb25zZS5ib2R5fWAsXG4gICAgKVxuICB9XG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKFxuICBldmVudDogQ3VzdG9tUmVzb3VyY2VSZXF1ZXN0LFxuKTogUHJvbWlzZTxDdXN0b21SZXNvdXJjZVJlc3BvbnNlPiB7XG4gIGNvbnN0IHByb3BzID0gZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzIGFzIFJlc291cmNlU2VydmVyUHJvcGVydGllc1xuICBjb25zdCBiYXNlVXJsID0gY3JlYXRlVXJsRnJvbUVudmlyb25tZW50KFxuICAgIENPR05JVE9fQkFTRV9ET01BSU4sXG4gICAgXCJkZWxlZ2F0ZWRcIixcbiAgICBwcm9wcy5FbnZpcm9ubWVudCxcbiAgKVxuXG4gIHRyeSB7XG4gICAgc3dpdGNoIChldmVudC5SZXF1ZXN0VHlwZSkge1xuICAgICAgY2FzZSBcIkNyZWF0ZVwiOiB7XG4gICAgICAgIGNvbnN0IHNlcnZlcjogUmVzb3VyY2VTZXJ2ZXIgPSB7XG4gICAgICAgICAgaWRlbnRpZmllcjogcHJvcHMuSWRlbnRpZmllcixcbiAgICAgICAgICBuYW1lOiBwcm9wcy5OYW1lLFxuICAgICAgICAgIHNjb3BlczogcHJvcHMuU2NvcGVzPy5tYXAoKHMpID0+ICh7XG4gICAgICAgICAgICBuYW1lOiBzLk5hbWUsXG4gICAgICAgICAgICBkZXNjcmlwdGlvbjogcy5EZXNjcmlwdGlvbixcbiAgICAgICAgICB9KSksXG4gICAgICAgIH1cblxuICAgICAgICBjb25zdCBjcmVhdGVkID0gYXdhaXQgY3JlYXRlUmVzb3VyY2VTZXJ2ZXIoYmFzZVVybCwgc2VydmVyKVxuXG4gICAgICAgIHJldHVybiBjcmVhdGVTdWNjZXNzUmVzcG9uc2UoXG4gICAgICAgICAgZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkID8/IGNyZWF0ZWQuaWRlbnRpZmllcixcbiAgICAgICAgICB7XG4gICAgICAgICAgICBJZGVudGlmaWVyOiBjcmVhdGVkLmlkZW50aWZpZXIsXG4gICAgICAgICAgICBOYW1lOiBjcmVhdGVkLm5hbWUsXG4gICAgICAgICAgICBTY29wZXM6IGNyZWF0ZWQuc2NvcGVzLFxuICAgICAgICAgIH0sXG4gICAgICAgICkgYXMgQ3VzdG9tUmVzb3VyY2VSZXNwb25zZVxuICAgICAgfVxuXG4gICAgICBjYXNlIFwiVXBkYXRlXCI6IHtcbiAgICAgICAgY29uc3QgdXBkYXRlOiBSZXNvdXJjZVNlcnZlclVwZGF0ZVJlcXVlc3QgPSB7XG4gICAgICAgICAgaWRlbnRpZmllcjogcHJvcHMuSWRlbnRpZmllcixcbiAgICAgICAgICBuYW1lOiBwcm9wcy5OYW1lLFxuICAgICAgICAgIHNjb3BlczogcHJvcHMuU2NvcGVzPy5tYXAoKHMpID0+ICh7XG4gICAgICAgICAgICBuYW1lOiBzLk5hbWUsXG4gICAgICAgICAgICBkZXNjcmlwdGlvbjogcy5EZXNjcmlwdGlvbixcbiAgICAgICAgICB9KSksXG4gICAgICAgIH1cblxuICAgICAgICBhd2FpdCB1cGRhdGVSZXNvdXJjZVNlcnZlcihiYXNlVXJsLCB1cGRhdGUpXG4gICAgICAgIGNvbnN0IHVwZGF0ZWQgPSBhd2FpdCByZWFkUmVzb3VyY2VTZXJ2ZXIoYmFzZVVybCwgcHJvcHMuSWRlbnRpZmllcilcblxuICAgICAgICByZXR1cm4gY3JlYXRlU3VjY2Vzc1Jlc3BvbnNlKFxuICAgICAgICAgIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA/PyB1cGRhdGVkLmlkZW50aWZpZXIsXG4gICAgICAgICAge1xuICAgICAgICAgICAgSWRlbnRpZmllcjogdXBkYXRlZC5pZGVudGlmaWVyLFxuICAgICAgICAgICAgTmFtZTogdXBkYXRlZC5uYW1lLFxuICAgICAgICAgICAgU2NvcGVzOiB1cGRhdGVkLnNjb3BlcyxcbiAgICAgICAgICB9LFxuICAgICAgICApIGFzIEN1c3RvbVJlc291cmNlUmVzcG9uc2VcbiAgICAgIH1cblxuICAgICAgY2FzZSBcIkRlbGV0ZVwiOiB7XG4gICAgICAgIGNvbnN0IGlkZW50aWZpZXIgPSBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgfHwgcHJvcHMuSWRlbnRpZmllclxuICAgICAgICBhd2FpdCBkZWxldGVSZXNvdXJjZVNlcnZlcihiYXNlVXJsLCBpZGVudGlmaWVyKVxuXG4gICAgICAgIHJldHVybiBjcmVhdGVTdWNjZXNzUmVzcG9uc2UoaWRlbnRpZmllciwge30pIGFzIEN1c3RvbVJlc291cmNlUmVzcG9uc2VcbiAgICAgIH1cbiAgICB9XG4gIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgY29uc29sZS5lcnJvcihcIkVycm9yOlwiLCBlcnJvcilcbiAgICByZXR1cm4gY3JlYXRlRmFpbHVyZVJlc3BvbnNlKFxuICAgICAgZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkIHx8IHByb3BzLklkZW50aWZpZXIgfHwgXCJ1bmtub3duXCIsXG4gICAgICBoYW5kbGVFcnJvcihlcnJvciksXG4gICAgKSBhcyBDdXN0b21SZXNvdXJjZVJlc3BvbnNlXG4gIH1cbn1cbiJdfQ==

package/lib/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * @vy/cdk-resources
+ * CDK constructs for Vy internal services
+ *
+ * This library provides CDK equivalents to the Terraform provider `terraform-provider-vy`.
+ */
+export * from "./cognito-app-client/cognito-app-client";
+export * from "./cognito-info";
+export * from "./cognito-resource-server/cognito-resource-server";

package/lib/index.js

@@ -0,0 +1,12 @@
+/**
+ * @vy/cdk-resources
+ * CDK constructs for Vy internal services
+ *
+ * This library provides CDK equivalents to the Terraform provider `terraform-provider-vy`.
+ */
+// Resources
+export * from "./cognito-app-client/cognito-app-client";
+// Data Sources
+export * from "./cognito-info";
+export * from "./cognito-resource-server/cognito-resource-server";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7O0dBS0c7QUFFSCxZQUFZO0FBQ1osY0FBYyx5Q0FBeUMsQ0FBQTtBQUN2RCxlQUFlO0FBQ2YsY0FBYyxnQkFBZ0IsQ0FBQTtBQUM5QixjQUFjLG1EQUFtRCxDQUFBIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBAdnkvY2RrLXJlc291cmNlc1xuICogQ0RLIGNvbnN0cnVjdHMgZm9yIFZ5IGludGVybmFsIHNlcnZpY2VzXG4gKlxuICogVGhpcyBsaWJyYXJ5IHByb3ZpZGVzIENESyBlcXVpdmFsZW50cyB0byB0aGUgVGVycmFmb3JtIHByb3ZpZGVyIGB0ZXJyYWZvcm0tcHJvdmlkZXItdnlgLlxuICovXG5cbi8vIFJlc291cmNlc1xuZXhwb3J0ICogZnJvbSBcIi4vY29nbml0by1hcHAtY2xpZW50L2NvZ25pdG8tYXBwLWNsaWVudFwiXG4vLyBEYXRhIFNvdXJjZXNcbmV4cG9ydCAqIGZyb20gXCIuL2NvZ25pdG8taW5mb1wiXG5leHBvcnQgKiBmcm9tIFwiLi9jb2duaXRvLXJlc291cmNlLXNlcnZlci9jb2duaXRvLXJlc291cmNlLXNlcnZlclwiXG4iXX0=

package/lib/shared/custom-resource-handler.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Base handler for Custom Resources
+ * Handles the CloudFormation response protocol
+ */
+import type { CustomResourceResponse } from "./types";
+export declare function createSuccessResponse(physicalResourceId: string, data?: Record<string, any>): Pick<CustomResourceResponse, "Status" | "PhysicalResourceId" | "Data">;
+export declare function createFailureResponse(physicalResourceId: string, reason: string): Pick<CustomResourceResponse, "Status" | "PhysicalResourceId" | "Reason">;
+/**
+ * Base error handler for custom resource operations
+ */
+export declare function handleError(error: unknown): string;

package/lib/shared/custom-resource-handler.js

@@ -0,0 +1,28 @@
+/**
+ * Base handler for Custom Resources
+ * Handles the CloudFormation response protocol
+ */
+export function createSuccessResponse(physicalResourceId, data) {
+    return {
+        Status: "SUCCESS",
+        PhysicalResourceId: physicalResourceId,
+        Data: data,
+    };
+}
+export function createFailureResponse(physicalResourceId, reason) {
+    return {
+        Status: "FAILED",
+        PhysicalResourceId: physicalResourceId,
+        Reason: reason,
+    };
+}
+/**
+ * Base error handler for custom resource operations
+ */
+export function handleError(error) {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    return String(error);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3VzdG9tLXJlc291cmNlLWhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2hhcmVkL2N1c3RvbS1yZXNvdXJjZS1oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7R0FHRztBQUlILE1BQU0sVUFBVSxxQkFBcUIsQ0FDbkMsa0JBQTBCLEVBQzFCLElBQTBCO0lBRTFCLE9BQU87UUFDTCxNQUFNLEVBQUUsU0FBUztRQUNqQixrQkFBa0IsRUFBRSxrQkFBa0I7UUFDdEMsSUFBSSxFQUFFLElBQUk7S0FDWCxDQUFBO0FBQ0gsQ0FBQztBQUVELE1BQU0sVUFBVSxxQkFBcUIsQ0FDbkMsa0JBQTBCLEVBQzFCLE1BQWM7SUFFZCxPQUFPO1FBQ0wsTUFBTSxFQUFFLFFBQVE7UUFDaEIsa0JBQWtCLEVBQUUsa0JBQWtCO1FBQ3RDLE1BQU0sRUFBRSxNQUFNO0tBQ2YsQ0FBQTtBQUNILENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSxXQUFXLENBQUMsS0FBYztJQUN4QyxJQUFJLEtBQUssWUFBWSxLQUFLLEVBQUUsQ0FBQztRQUMzQixPQUFPLEtBQUssQ0FBQyxPQUFPLENBQUE7SUFDdEIsQ0FBQztJQUNELE9BQU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFBO0FBQ3RCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIEJhc2UgaGFuZGxlciBmb3IgQ3VzdG9tIFJlc291cmNlc1xuICogSGFuZGxlcyB0aGUgQ2xvdWRGb3JtYXRpb24gcmVzcG9uc2UgcHJvdG9jb2xcbiAqL1xuXG5pbXBvcnQgdHlwZSB7IEN1c3RvbVJlc291cmNlUmVzcG9uc2UgfSBmcm9tIFwiLi90eXBlc1wiXG5cbmV4cG9ydCBmdW5jdGlvbiBjcmVhdGVTdWNjZXNzUmVzcG9uc2UoXG4gIHBoeXNpY2FsUmVzb3VyY2VJZDogc3RyaW5nLFxuICBkYXRhPzogUmVjb3JkPHN0cmluZywgYW55Pixcbik6IFBpY2s8Q3VzdG9tUmVzb3VyY2VSZXNwb25zZSwgXCJTdGF0dXNcIiB8IFwiUGh5c2ljYWxSZXNvdXJjZUlkXCIgfCBcIkRhdGFcIj4ge1xuICByZXR1cm4ge1xuICAgIFN0YXR1czogXCJTVUNDRVNTXCIsXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBwaHlzaWNhbFJlc291cmNlSWQsXG4gICAgRGF0YTogZGF0YSxcbiAgfVxufVxuXG5leHBvcnQgZnVuY3Rpb24gY3JlYXRlRmFpbHVyZVJlc3BvbnNlKFxuICBwaHlzaWNhbFJlc291cmNlSWQ6IHN0cmluZyxcbiAgcmVhc29uOiBzdHJpbmcsXG4pOiBQaWNrPEN1c3RvbVJlc291cmNlUmVzcG9uc2UsIFwiU3RhdHVzXCIgfCBcIlBoeXNpY2FsUmVzb3VyY2VJZFwiIHwgXCJSZWFzb25cIj4ge1xuICByZXR1cm4ge1xuICAgIFN0YXR1czogXCJGQUlMRURcIixcbiAgICBQaHlzaWNhbFJlc291cmNlSWQ6IHBoeXNpY2FsUmVzb3VyY2VJZCxcbiAgICBSZWFzb246IHJlYXNvbixcbiAgfVxufVxuXG4vKipcbiAqIEJhc2UgZXJyb3IgaGFuZGxlciBmb3IgY3VzdG9tIHJlc291cmNlIG9wZXJhdGlvbnNcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGhhbmRsZUVycm9yKGVycm9yOiB1bmtub3duKTogc3RyaW5nIHtcbiAgaWYgKGVycm9yIGluc3RhbmNlb2YgRXJyb3IpIHtcbiAgICByZXR1cm4gZXJyb3IubWVzc2FnZVxuICB9XG4gIHJldHVybiBTdHJpbmcoZXJyb3IpXG59XG4iXX0=

package/lib/shared/sigv4-client.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Shared utility for making AWS SigV4 signed HTTP requests
+ */
+export interface SignedRequestOptions {
+    method: string;
+    hostname: string;
+    path: string;
+    body?: string;
+    headers?: Record<string, string>;
+    region?: string;
+}
+export interface SignedResponse {
+    statusCode: number;
+    body: string;
+    headers: Record<string, string>;
+}
+export declare function signedRequest(options: SignedRequestOptions): Promise<SignedResponse>;
+/**
+ * Helper to create base URL from environment
+ */
+export declare function createUrlFromEnvironment(baseUrl: string, urlPrefix: string, environment: string): string;

package/lib/shared/sigv4-client.js

@@ -0,0 +1,53 @@
+/**
+ * Shared utility for making AWS SigV4 signed HTTP requests
+ */
+import { Sha256 } from "@aws-crypto/sha256-js";
+import { defaultProvider } from "@aws-sdk/credential-provider-node";
+import { HttpRequest } from "@smithy/protocol-http";
+import { SignatureV4 } from "@smithy/signature-v4";
+export async function signedRequest(options) {
+    const { method, hostname, path, body, headers = {}, region } = options;
+    const request = new HttpRequest({
+        method,
+        protocol: "https:",
+        hostname,
+        path,
+        headers: {
+            "Content-Type": "application/json",
+            Host: hostname,
+            ...headers,
+        },
+        body,
+    });
+    const credentialsProvider = defaultProvider();
+    const credentials = await credentialsProvider();
+    const signer = new SignatureV4({
+        credentials,
+        region: region ?? "eu-west-1",
+        service: "execute-api",
+        sha256: Sha256,
+    });
+    const signedRequest = await signer.sign(request);
+    const url = `https://${signedRequest.hostname}${signedRequest.path}`;
+    const response = await fetch(url, {
+        method: signedRequest.method,
+        headers: signedRequest.headers,
+        body: signedRequest.body,
+    });
+    const responseBody = await response.text();
+    return {
+        statusCode: response.status,
+        body: responseBody,
+        headers: Object.fromEntries(response.headers.entries()),
+    };
+}
+/**
+ * Helper to create base URL from environment
+ */
+export function createUrlFromEnvironment(baseUrl, urlPrefix, environment) {
+    if (environment === "prod") {
+        return `${urlPrefix}.${baseUrl}`;
+    }
+    return `${urlPrefix}.${environment}.${baseUrl}`;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2lndjQtY2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NoYXJlZC9zaWd2NC1jbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sdUJBQXVCLENBQUE7QUFDOUMsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG1DQUFtQyxDQUFBO0FBQ25FLE9BQU8sRUFBRSxXQUFXLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQTtBQUNuRCxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sc0JBQXNCLENBQUE7QUFpQmxELE1BQU0sQ0FBQyxLQUFLLFVBQVUsYUFBYSxDQUNqQyxPQUE2QjtJQUU3QixNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLE9BQU8sR0FBRyxFQUFFLEVBQUUsTUFBTSxFQUFFLEdBQUcsT0FBTyxDQUFBO0lBRXRFLE1BQU0sT0FBTyxHQUFHLElBQUksV0FBVyxDQUFDO1FBQzlCLE1BQU07UUFDTixRQUFRLEVBQUUsUUFBUTtRQUNsQixRQUFRO1FBQ1IsSUFBSTtRQUNKLE9BQU8sRUFBRTtZQUNQLGNBQWMsRUFBRSxrQkFBa0I7WUFDbEMsSUFBSSxFQUFFLFFBQVE7WUFDZCxHQUFHLE9BQU87U0FDWDtRQUNELElBQUk7S0FDTCxDQUFDLENBQUE7SUFFRixNQUFNLG1CQUFtQixHQUFHLGVBQWUsRUFBRSxDQUFBO0lBQzdDLE1BQU0sV0FBVyxHQUFHLE1BQU0sbUJBQW1CLEVBQUUsQ0FBQTtJQUUvQyxNQUFNLE1BQU0sR0FBRyxJQUFJLFdBQVcsQ0FBQztRQUM3QixXQUFXO1FBQ1gsTUFBTSxFQUFFLE1BQU0sSUFBSSxXQUFXO1FBQzdCLE9BQU8sRUFBRSxhQUFhO1FBQ3RCLE1BQU0sRUFBRSxNQUFNO0tBQ2YsQ0FBQyxDQUFBO0lBRUYsTUFBTSxhQUFhLEdBQUcsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFBO0lBRWhELE1BQU0sR0FBRyxHQUFHLFdBQVcsYUFBYSxDQUFDLFFBQVEsR0FBRyxhQUFhLENBQUMsSUFBSSxFQUFFLENBQUE7SUFDcEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxFQUFFO1FBQ2hDLE1BQU0sRUFBRSxhQUFhLENBQUMsTUFBTTtRQUM1QixPQUFPLEVBQUUsYUFBYSxDQUFDLE9BQWlDO1FBQ3hELElBQUksRUFBRSxhQUFhLENBQUMsSUFBSTtLQUN6QixDQUFDLENBQUE7SUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtJQUUxQyxPQUFPO1FBQ0wsVUFBVSxFQUFFLFFBQVEsQ0FBQyxNQUFNO1FBQzNCLElBQUksRUFBRSxZQUFZO1FBQ2xCLE9BQU8sRUFBRSxNQUFNLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7S0FDeEQsQ0FBQTtBQUNILENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sVUFBVSx3QkFBd0IsQ0FDdEMsT0FBZSxFQUNmLFNBQWlCLEVBQ2pCLFdBQW1CO0lBRW5CLElBQUksV0FBVyxLQUFLLE1BQU0sRUFBRSxDQUFDO1FBQzNCLE9BQU8sR0FBRyxTQUFTLElBQUksT0FBTyxFQUFFLENBQUE7SUFDbEMsQ0FBQztJQUNELE9BQU8sR0FBRyxTQUFTLElBQUksV0FBVyxJQUFJLE9BQU8sRUFBRSxDQUFBO0FBQ2pELENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFNoYXJlZCB1dGlsaXR5IGZvciBtYWtpbmcgQVdTIFNpZ1Y0IHNpZ25lZCBIVFRQIHJlcXVlc3RzXG4gKi9cblxuaW1wb3J0IHsgU2hhMjU2IH0gZnJvbSBcIkBhd3MtY3J5cHRvL3NoYTI1Ni1qc1wiXG5pbXBvcnQgeyBkZWZhdWx0UHJvdmlkZXIgfSBmcm9tIFwiQGF3cy1zZGsvY3JlZGVudGlhbC1wcm92aWRlci1ub2RlXCJcbmltcG9ydCB7IEh0dHBSZXF1ZXN0IH0gZnJvbSBcIkBzbWl0aHkvcHJvdG9jb2wtaHR0cFwiXG5pbXBvcnQgeyBTaWduYXR1cmVWNCB9IGZyb20gXCJAc21pdGh5L3NpZ25hdHVyZS12NFwiXG5cbmV4cG9ydCBpbnRlcmZhY2UgU2lnbmVkUmVxdWVzdE9wdGlvbnMge1xuICBtZXRob2Q6IHN0cmluZ1xuICBob3N0bmFtZTogc3RyaW5nXG4gIHBhdGg6IHN0cmluZ1xuICBib2R5Pzogc3RyaW5nXG4gIGhlYWRlcnM/OiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmc+XG4gIHJlZ2lvbj86IHN0cmluZ1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNpZ25lZFJlc3BvbnNlIHtcbiAgc3RhdHVzQ29kZTogbnVtYmVyXG4gIGJvZHk6IHN0cmluZ1xuICBoZWFkZXJzOiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmc+XG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBzaWduZWRSZXF1ZXN0KFxuICBvcHRpb25zOiBTaWduZWRSZXF1ZXN0T3B0aW9ucyxcbik6IFByb21pc2U8U2lnbmVkUmVzcG9uc2U+IHtcbiAgY29uc3QgeyBtZXRob2QsIGhvc3RuYW1lLCBwYXRoLCBib2R5LCBoZWFkZXJzID0ge30sIHJlZ2lvbiB9ID0gb3B0aW9uc1xuXG4gIGNvbnN0IHJlcXVlc3QgPSBuZXcgSHR0cFJlcXVlc3Qoe1xuICAgIG1ldGhvZCxcbiAgICBwcm90b2NvbDogXCJodHRwczpcIixcbiAgICBob3N0bmFtZSxcbiAgICBwYXRoLFxuICAgIGhlYWRlcnM6IHtcbiAgICAgIFwiQ29udGVudC1UeXBlXCI6IFwiYXBwbGljYXRpb24vanNvblwiLFxuICAgICAgSG9zdDogaG9zdG5hbWUsXG4gICAgICAuLi5oZWFkZXJzLFxuICAgIH0sXG4gICAgYm9keSxcbiAgfSlcblxuICBjb25zdCBjcmVkZW50aWFsc1Byb3ZpZGVyID0gZGVmYXVsdFByb3ZpZGVyKClcbiAgY29uc3QgY3JlZGVudGlhbHMgPSBhd2FpdCBjcmVkZW50aWFsc1Byb3ZpZGVyKClcblxuICBjb25zdCBzaWduZXIgPSBuZXcgU2lnbmF0dXJlVjQoe1xuICAgIGNyZWRlbnRpYWxzLFxuICAgIHJlZ2lvbjogcmVnaW9uID8/IFwiZXUtd2VzdC0xXCIsXG4gICAgc2VydmljZTogXCJleGVjdXRlLWFwaVwiLFxuICAgIHNoYTI1NjogU2hhMjU2LFxuICB9KVxuXG4gIGNvbnN0IHNpZ25lZFJlcXVlc3QgPSBhd2FpdCBzaWduZXIuc2lnbihyZXF1ZXN0KVxuXG4gIGNvbnN0IHVybCA9IGBodHRwczovLyR7c2lnbmVkUmVxdWVzdC5ob3N0bmFtZX0ke3NpZ25lZFJlcXVlc3QucGF0aH1gXG4gIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgZmV0Y2godXJsLCB7XG4gICAgbWV0aG9kOiBzaWduZWRSZXF1ZXN0Lm1ldGhvZCxcbiAgICBoZWFkZXJzOiBzaWduZWRSZXF1ZXN0LmhlYWRlcnMgYXMgUmVjb3JkPHN0cmluZywgc3RyaW5nPixcbiAgICBib2R5OiBzaWduZWRSZXF1ZXN0LmJvZHksXG4gIH0pXG5cbiAgY29uc3QgcmVzcG9uc2VCb2R5ID0gYXdhaXQgcmVzcG9uc2UudGV4dCgpXG5cbiAgcmV0dXJuIHtcbiAgICBzdGF0dXNDb2RlOiByZXNwb25zZS5zdGF0dXMsXG4gICAgYm9keTogcmVzcG9uc2VCb2R5LFxuICAgIGhlYWRlcnM6IE9iamVjdC5mcm9tRW50cmllcyhyZXNwb25zZS5oZWFkZXJzLmVudHJpZXMoKSksXG4gIH1cbn1cblxuLyoqXG4gKiBIZWxwZXIgdG8gY3JlYXRlIGJhc2UgVVJMIGZyb20gZW52aXJvbm1lbnRcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNyZWF0ZVVybEZyb21FbnZpcm9ubWVudChcbiAgYmFzZVVybDogc3RyaW5nLFxuICB1cmxQcmVmaXg6IHN0cmluZyxcbiAgZW52aXJvbm1lbnQ6IHN0cmluZyxcbik6IHN0cmluZyB7XG4gIGlmIChlbnZpcm9ubWVudCA9PT0gXCJwcm9kXCIpIHtcbiAgICByZXR1cm4gYCR7dXJsUHJlZml4fS4ke2Jhc2VVcmx9YFxuICB9XG4gIHJldHVybiBgJHt1cmxQcmVmaXh9LiR7ZW52aXJvbm1lbnR9LiR7YmFzZVVybH1gXG59XG4iXX0=

package/lib/shared/types.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Shared type definitions for Vy custom resources
+ */
+/**
+ * The different Vy environments
+ */
+export declare enum VyEnvironment {
+    /**
+     * Development environment
+     */
+    TEST = "test",
+    /**
+     * Production-like environment
+     */
+    STAGE = "stage",
+    /**
+     * Production environment
+     */
+    PROD = "prod"
+}
+export interface Scope {
+    name: string;
+    description: string;
+}
+export interface ResourceServer {
+    identifier: string;
+    name: string;
+    scopes?: Scope[];
+}
+export interface ResourceServerUpdateRequest {
+    identifier: string;
+    name: string;
+    scopes?: Scope[];
+}
+export interface AppClient {
+    name: string;
+    scopes: string[];
+    type: "frontend" | "backend";
+    callback_urls: string[];
+    logout_urls: string[];
+    generate_secret?: boolean;
+    client_id?: string;
+    client_secret?: string;
+}
+export interface AppClientUpdateRequest {
+    name: string;
+    scopes: string[];
+    callback_urls: string[];
+    logout_urls: string[];
+}
+export interface DeploymentAccount {
+    accountId: string;
+    slackChannel: string;
+}
+export interface EnvironmentAccount {
+    accountId: string;
+    ownerAccountId: string;
+}
+export interface ArtifactVersion {
+    uri: string;
+    store: string;
+    path: string;
+    version: string;
+}
+export interface CognitoDetails {
+    authUrl: string;
+    jwksUrl: string;
+    openIdUrl: string;
+    issuer: string;
+}
+/**
+ * Custom Resource event types
+ */
+export interface CustomResourceRequest {
+    RequestType: "Create" | "Update" | "Delete";
+    RequestId: string;
+    ResponseURL: string;
+    ResourceType: string;
+    LogicalResourceId: string;
+    StackId: string;
+    PhysicalResourceId?: string;
+    ResourceProperties: Record<string, any>;
+    OldResourceProperties?: Record<string, any>;
+}
+export interface CustomResourceResponse {
+    Status: "SUCCESS" | "FAILED";
+    Reason?: string;
+    PhysicalResourceId: string;
+    StackId: string;
+    RequestId: string;
+    LogicalResourceId: string;
+    Data?: Record<string, any>;
+}

package/lib/shared/types.js

@@ -0,0 +1,22 @@
+/**
+ * Shared type definitions for Vy custom resources
+ */
+/**
+ * The different Vy environments
+ */
+export var VyEnvironment;
+(function (VyEnvironment) {
+    /**
+     * Development environment
+     */
+    VyEnvironment["TEST"] = "test";
+    /**
+     * Production-like environment
+     */
+    VyEnvironment["STAGE"] = "stage";
+    /**
+     * Production environment
+     */
+    VyEnvironment["PROD"] = "prod";
+})(VyEnvironment || (VyEnvironment = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2hhcmVkL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBRUg7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxhQWVYO0FBZkQsV0FBWSxhQUFhO0lBQ3ZCOztPQUVHO0lBQ0gsOEJBQWEsQ0FBQTtJQUViOztPQUVHO0lBQ0gsZ0NBQWUsQ0FBQTtJQUVmOztPQUVHO0lBQ0gsOEJBQWEsQ0FBQTtBQUNmLENBQUMsRUFmVyxhQUFhLEtBQWIsYUFBYSxRQWV4QiIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogU2hhcmVkIHR5cGUgZGVmaW5pdGlvbnMgZm9yIFZ5IGN1c3RvbSByZXNvdXJjZXNcbiAqL1xuXG4vKipcbiAqIFRoZSBkaWZmZXJlbnQgVnkgZW52aXJvbm1lbnRzXG4gKi9cbmV4cG9ydCBlbnVtIFZ5RW52aXJvbm1lbnQge1xuICAvKipcbiAgICogRGV2ZWxvcG1lbnQgZW52aXJvbm1lbnRcbiAgICovXG4gIFRFU1QgPSBcInRlc3RcIixcblxuICAvKipcbiAgICogUHJvZHVjdGlvbi1saWtlIGVudmlyb25tZW50XG4gICAqL1xuICBTVEFHRSA9IFwic3RhZ2VcIixcblxuICAvKipcbiAgICogUHJvZHVjdGlvbiBlbnZpcm9ubWVudFxuICAgKi9cbiAgUFJPRCA9IFwicHJvZFwiLFxufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNjb3BlIHtcbiAgbmFtZTogc3RyaW5nXG4gIGRlc2NyaXB0aW9uOiBzdHJpbmdcbn1cblxuZXhwb3J0IGludGVyZmFjZSBSZXNvdXJjZVNlcnZlciB7XG4gIGlkZW50aWZpZXI6IHN0cmluZ1xuICBuYW1lOiBzdHJpbmdcbiAgc2NvcGVzPzogU2NvcGVbXVxufVxuXG5leHBvcnQgaW50ZXJmYWNlIFJlc291cmNlU2VydmVyVXBkYXRlUmVxdWVzdCB7XG4gIGlkZW50aWZpZXI6IHN0cmluZ1xuICBuYW1lOiBzdHJpbmdcbiAgc2NvcGVzPzogU2NvcGVbXVxufVxuXG5leHBvcnQgaW50ZXJmYWNlIEFwcENsaWVudCB7XG4gIG5hbWU6IHN0cmluZ1xuICBzY29wZXM6IHN0cmluZ1tdXG4gIHR5cGU6IFwiZnJvbnRlbmRcIiB8IFwiYmFja2VuZFwiXG4gIGNhbGxiYWNrX3VybHM6IHN0cmluZ1tdXG4gIGxvZ291dF91cmxzOiBzdHJpbmdbXVxuICBnZW5lcmF0ZV9zZWNyZXQ/OiBib29sZWFuXG4gIGNsaWVudF9pZD86IHN0cmluZ1xuICBjbGllbnRfc2VjcmV0Pzogc3RyaW5nXG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQXBwQ2xpZW50VXBkYXRlUmVxdWVzdCB7XG4gIG5hbWU6IHN0cmluZ1xuICBzY29wZXM6IHN0cmluZ1tdXG4gIGNhbGxiYWNrX3VybHM6IHN0cmluZ1tdXG4gIGxvZ291dF91cmxzOiBzdHJpbmdbXVxufVxuXG5leHBvcnQgaW50ZXJmYWNlIERlcGxveW1lbnRBY2NvdW50IHtcbiAgYWNjb3VudElkOiBzdHJpbmdcbiAgc2xhY2tDaGFubmVsOiBzdHJpbmdcbn1cblxuZXhwb3J0IGludGVyZmFjZSBFbnZpcm9ubWVudEFjY291bnQge1xuICBhY2NvdW50SWQ6IHN0cmluZ1xuICBvd25lckFjY291bnRJZDogc3RyaW5nXG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQXJ0aWZhY3RWZXJzaW9uIHtcbiAgdXJpOiBzdHJpbmdcbiAgc3RvcmU6IHN0cmluZ1xuICBwYXRoOiBzdHJpbmdcbiAgdmVyc2lvbjogc3RyaW5nXG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29nbml0b0RldGFpbHMge1xuICBhdXRoVXJsOiBzdHJpbmdcbiAgandrc1VybDogc3RyaW5nXG4gIG9wZW5JZFVybDogc3RyaW5nXG4gIGlzc3Vlcjogc3RyaW5nXG59XG5cbi8qKlxuICogQ3VzdG9tIFJlc291cmNlIGV2ZW50IHR5cGVzXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3VzdG9tUmVzb3VyY2VSZXF1ZXN0IHtcbiAgUmVxdWVzdFR5cGU6IFwiQ3JlYXRlXCIgfCBcIlVwZGF0ZVwiIHwgXCJEZWxldGVcIlxuICBSZXF1ZXN0SWQ6IHN0cmluZ1xuICBSZXNwb25zZVVSTDogc3RyaW5nXG4gIFJlc291cmNlVHlwZTogc3RyaW5nXG4gIExvZ2ljYWxSZXNvdXJjZUlkOiBzdHJpbmdcbiAgU3RhY2tJZDogc3RyaW5nXG4gIFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZ1xuICBSZXNvdXJjZVByb3BlcnRpZXM6IFJlY29yZDxzdHJpbmcsIGFueT5cbiAgT2xkUmVzb3VyY2VQcm9wZXJ0aWVzPzogUmVjb3JkPHN0cmluZywgYW55PlxufVxuXG5leHBvcnQgaW50ZXJmYWNlIEN1c3RvbVJlc291cmNlUmVzcG9uc2Uge1xuICBTdGF0dXM6IFwiU1VDQ0VTU1wiIHwgXCJGQUlMRURcIlxuICBSZWFzb24/OiBzdHJpbmdcbiAgUGh5c2ljYWxSZXNvdXJjZUlkOiBzdHJpbmdcbiAgU3RhY2tJZDogc3RyaW5nXG4gIFJlcXVlc3RJZDogc3RyaW5nXG4gIExvZ2ljYWxSZXNvdXJjZUlkOiBzdHJpbmdcbiAgRGF0YT86IFJlY29yZDxzdHJpbmcsIGFueT5cbn1cbiJdfQ==

package/package.json

@@ -0,0 +1,71 @@
+{
+  "name": "@liflig/cdk-vy",
+  "version": "1.0.0",
+  "description": "CDK constructs for the Vy internal services, based on nsbno/terraform-provider-vy",
+  "keywords": [
+    "aws-cdk",
+    "cdk",
+    "vy",
+    "cognito",
+    "custom-resource"
+  ],
+  "homepage": "https://github.com/capralifecycle/vy-cdk-lib#readme",
+  "bugs": {
+    "url": "https://github.com/capralifecycle/vy-cdk-lib/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/capralifecycle/liflig-cdk-vy.git"
+  },
+  "license": "MPL-2.0",
+  "author": "Liflig",
+  "type": "module",
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "files": [
+    "lib"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "watch": "tsc -w",
+    "test": "NODE_OPTIONS=--experimental-vm-modules jest --runInBand",
+    "lint": "biome check",
+    "lint:fix": "biome check --fix",
+    "format": "biome format --write",
+    "semantic-release": "semantic-release",
+    "package": "jsii-pacmak",
+    "upgrade-dependencies": "ncu --upgrade --install always --format group"
+  },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "devDependencies": {
+    "@biomejs/biome": "2.3.2",
+    "@commitlint/cli": "20.1.0",
+    "@commitlint/config-conventional": "20.0.0",
+    "@types/aws-lambda": "8.10.157",
+    "@types/jest": "30.0.0",
+    "@types/node": "24.9.2",
+    "aws-cdk-lib": "2.221.0",
+    "constructs": "10.4.2",
+    "jest": "30.2.0",
+    "jest-cdk-snapshot": "2.3.6",
+    "semantic-release": "25.0.1",
+    "ts-jest": "29.4.5",
+    "ts-node": "10.9.2",
+    "tsx": "4.20.6",
+    "typescript": "5.9.3",
+    "npm-check-updates": "19.1.2"
+  },
+  "dependencies": {
+    "@aws-crypto/sha256-js": "5.2.0",
+    "@aws-sdk/client-sts": "3.919.0",
+    "@smithy/protocol-http": "5.3.3",
+    "@smithy/signature-v4": "5.3.3"
+  },
+  "peerDependencies": {
+    "aws-cdk-lib": "^2.0.0",
+    "constructs": "^10.0.0"
+  }
+}