@openhi/constructs 0.0.151 → 0.0.153
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/{chunk-AWYZJFPL.mjs → chunk-CFJDATDK.mjs} +8 -1
- package/lib/chunk-CFJDATDK.mjs.map +1 -0
- package/lib/{chunk-WGA43MMY.mjs → chunk-ZVDVKCNC.mjs} +276 -85
- package/lib/chunk-ZVDVKCNC.mjs.map +1 -0
- package/lib/{events-CMG8xanm.d.mts → events-DTgo2dcW.d.mts} +2 -14
- package/lib/{events-CMG8xanm.d.ts → events-DTgo2dcW.d.ts} +2 -14
- package/lib/index.d.mts +54 -7
- package/lib/index.d.ts +53 -18
- package/lib/index.js +80 -20
- package/lib/index.js.map +1 -1
- package/lib/index.mjs +61 -4
- package/lib/index.mjs.map +1 -1
- package/lib/provision-default-workspace.handler.js +6 -0
- package/lib/provision-default-workspace.handler.js.map +1 -1
- package/lib/provision-default-workspace.handler.mjs +1 -1
- package/lib/rest-api-lambda.handler.js +6 -0
- package/lib/rest-api-lambda.handler.js.map +1 -1
- package/lib/rest-api-lambda.handler.mjs +1 -1
- package/lib/seed-demo-data.handler.d.mts +59 -11
- package/lib/seed-demo-data.handler.d.ts +59 -11
- package/lib/seed-demo-data.handler.js +281 -83
- package/lib/seed-demo-data.handler.js.map +1 -1
- package/lib/seed-demo-data.handler.mjs +10 -4
- package/package.json +5 -5
- package/lib/chunk-AWYZJFPL.mjs.map +0 -1
- package/lib/chunk-WGA43MMY.mjs.map +0 -1
package/lib/index.mjs
CHANGED
|
@@ -18,7 +18,6 @@ import {
|
|
|
18
18
|
OPENHI_RESOURCE_URN_SYSTEM,
|
|
19
19
|
PLACEHOLDER_TENANT_ID,
|
|
20
20
|
PLACEHOLDER_WORKSPACE_ID,
|
|
21
|
-
PLATFORM_SCOPE_TENANT_ID,
|
|
22
21
|
SEED_DEMO_DATA_CONSUMER_NAME,
|
|
23
22
|
SEED_DEMO_DATA_USER_POOL_ID_ENV_VAR,
|
|
24
23
|
demoMembershipId,
|
|
@@ -27,7 +26,7 @@ import {
|
|
|
27
26
|
demoScenarioIdentifier,
|
|
28
27
|
import_workflows,
|
|
29
28
|
openhiResourceIdentifier
|
|
30
|
-
} from "./chunk-
|
|
29
|
+
} from "./chunk-ZVDVKCNC.mjs";
|
|
31
30
|
import {
|
|
32
31
|
OWNING_DELETE_CASCADE_CONSUMER_NAME,
|
|
33
32
|
OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY,
|
|
@@ -61,7 +60,9 @@ import {
|
|
|
61
60
|
import {
|
|
62
61
|
require_lib
|
|
63
62
|
} from "./chunk-ZM4GDHHC.mjs";
|
|
64
|
-
import
|
|
63
|
+
import {
|
|
64
|
+
PLATFORM_SCOPE_TENANT_ID
|
|
65
|
+
} from "./chunk-CFJDATDK.mjs";
|
|
65
66
|
import "./chunk-HQ67J7BP.mjs";
|
|
66
67
|
import "./chunk-QJDHVMKT.mjs";
|
|
67
68
|
import "./chunk-MVQWAIMC.mjs";
|
|
@@ -2313,7 +2314,7 @@ var SeedDemoDataLambda = class extends Construct13 {
|
|
|
2313
2314
|
this.lambda.addToRolePolicy(
|
|
2314
2315
|
new PolicyStatement3({
|
|
2315
2316
|
effect: Effect3.ALLOW,
|
|
2316
|
-
actions: ["dynamodb:PutItem", "dynamodb:UpdateItem"],
|
|
2317
|
+
actions: ["dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:Query"],
|
|
2317
2318
|
resources: [props.dataStoreTable.tableArn]
|
|
2318
2319
|
})
|
|
2319
2320
|
);
|
|
@@ -2334,6 +2335,32 @@ var SeedDemoDataLambda = class extends Construct13 {
|
|
|
2334
2335
|
]
|
|
2335
2336
|
})
|
|
2336
2337
|
);
|
|
2338
|
+
this.lambda.addToRolePolicy(
|
|
2339
|
+
new PolicyStatement3({
|
|
2340
|
+
effect: Effect3.ALLOW,
|
|
2341
|
+
actions: ["ssm:GetParameter"],
|
|
2342
|
+
resources: [
|
|
2343
|
+
Stack5.of(this).formatArn({
|
|
2344
|
+
service: "ssm",
|
|
2345
|
+
resource: "parameter",
|
|
2346
|
+
resourceName: "openhi/seed/users/*/password"
|
|
2347
|
+
})
|
|
2348
|
+
]
|
|
2349
|
+
})
|
|
2350
|
+
);
|
|
2351
|
+
this.lambda.addToRolePolicy(
|
|
2352
|
+
new PolicyStatement3({
|
|
2353
|
+
effect: Effect3.ALLOW,
|
|
2354
|
+
actions: ["kms:Decrypt"],
|
|
2355
|
+
resources: [
|
|
2356
|
+
Stack5.of(this).formatArn({
|
|
2357
|
+
service: "kms",
|
|
2358
|
+
resource: "alias",
|
|
2359
|
+
resourceName: "aws/ssm"
|
|
2360
|
+
})
|
|
2361
|
+
]
|
|
2362
|
+
})
|
|
2363
|
+
);
|
|
2337
2364
|
this.rule = new Rule2(this, "rule", {
|
|
2338
2365
|
eventBus: props.controlEventBus,
|
|
2339
2366
|
eventPattern: {
|
|
@@ -2569,6 +2596,7 @@ var OpenHiDataService = _OpenHiDataService;
|
|
|
2569
2596
|
|
|
2570
2597
|
// src/services/open-hi-website-service.ts
|
|
2571
2598
|
var import_config6 = __toESM(require_lib2());
|
|
2599
|
+
import { CfnOutput } from "aws-cdk-lib";
|
|
2572
2600
|
import { Bucket as Bucket3 } from "aws-cdk-lib/aws-s3";
|
|
2573
2601
|
|
|
2574
2602
|
// src/services/open-hi-rest-api-service.ts
|
|
@@ -3157,6 +3185,7 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
|
|
|
3157
3185
|
const isReleaseBranch = this.branchName === this.defaultReleaseBranch;
|
|
3158
3186
|
const hostedZone = this.createHostedZone();
|
|
3159
3187
|
this.fullDomain = this.computeFullDomain(hostedZone);
|
|
3188
|
+
this.createAdminConsoleEndpointOutput();
|
|
3160
3189
|
const shouldCreateHostingInfra = props.createHostingInfrastructure ?? isReleaseBranch;
|
|
3161
3190
|
if (shouldCreateHostingInfra) {
|
|
3162
3191
|
const certificate = this.createCertificate();
|
|
@@ -3296,6 +3325,25 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
|
|
|
3296
3325
|
description: "Full website domain (e.g. www.example.com)"
|
|
3297
3326
|
});
|
|
3298
3327
|
}
|
|
3328
|
+
/**
|
|
3329
|
+
* Adds a CloudFormation `AdminConsoleEndpoint` output exposing the
|
|
3330
|
+
* admin-console invocation URL (`https://<fullDomain>`) on every
|
|
3331
|
+
* deploy of this stack — release-branch and per-PR alike. The
|
|
3332
|
+
* configulator `aws-deploy-workflow` filters CFN outputs by the
|
|
3333
|
+
* `Endpoint$` logical-id suffix to surface them in the GitHub
|
|
3334
|
+
* Actions run summary and sticky PR comment, so the logical id is
|
|
3335
|
+
* pinned via {@link CfnOutput.overrideLogicalId} to keep the
|
|
3336
|
+
* literal key stable across synths.
|
|
3337
|
+
*/
|
|
3338
|
+
createAdminConsoleEndpointOutput() {
|
|
3339
|
+
const output = new CfnOutput(this, "admin-console-endpoint-output", {
|
|
3340
|
+
value: `https://${this.fullDomain}`,
|
|
3341
|
+
description: "Admin console endpoint for this deploy (https://<fullDomain>). Surfaced by the deploy workflow's sticky PR comment and job summary."
|
|
3342
|
+
});
|
|
3343
|
+
output.overrideLogicalId(
|
|
3344
|
+
_OpenHiWebsiteService.ADMIN_CONSOLE_ENDPOINT_OUTPUT_NAME
|
|
3345
|
+
);
|
|
3346
|
+
}
|
|
3299
3347
|
/**
|
|
3300
3348
|
* Creates the StaticContent uploader. Receives the resolved static-hosting
|
|
3301
3349
|
* bucket from the constructor — on the release-branch deploy this is the
|
|
@@ -3362,6 +3410,15 @@ _OpenHiWebsiteService.SERVICE_TYPE = "website";
|
|
|
3362
3410
|
* `www-<childZonePrefix>.<zone>`.
|
|
3363
3411
|
*/
|
|
3364
3412
|
_OpenHiWebsiteService.DEFAULT_DOMAIN_PREFIX = "www";
|
|
3413
|
+
/**
|
|
3414
|
+
* CloudFormation logical key for the admin-console endpoint `CfnOutput`.
|
|
3415
|
+
* The configulator deploy workflow filters outputs whose logical id
|
|
3416
|
+
* matches the `Endpoint$` regex to surface them in the GitHub Actions
|
|
3417
|
+
* run summary and sticky PR comment, so the suffix must be `Endpoint`.
|
|
3418
|
+
* The logical id is pinned via {@link CfnOutput.overrideLogicalId} so
|
|
3419
|
+
* it does not pick up a synth-time hash suffix.
|
|
3420
|
+
*/
|
|
3421
|
+
_OpenHiWebsiteService.ADMIN_CONSOLE_ENDPOINT_OUTPUT_NAME = "AdminConsoleEndpoint";
|
|
3365
3422
|
var OpenHiWebsiteService = _OpenHiWebsiteService;
|
|
3366
3423
|
|
|
3367
3424
|
// src/workflows/control-plane/user-onboarding/provision-default-workspace-lambda.ts
|