npm - @pagopa/dx-cli - Versions diffs - 0.15.2 → 0.15.3 - Mend

@pagopa/dx-cli 0.15.2 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/bin/index.js +8 -1280
package/dist/adapters/azure/__tests__/cloud-account-repository.test.d.ts +1 -0
package/dist/adapters/azure/__tests__/cloud-account-repository.test.js +95 -0
package/dist/adapters/azure/__tests__/cloud-account-service.test.d.ts +1 -0
package/dist/adapters/azure/__tests__/cloud-account-service.test.js +95 -0
package/dist/adapters/azure/cloud-account-repository.d.ts +12 -0
package/dist/adapters/azure/cloud-account-repository.js +23 -0
package/dist/adapters/azure/cloud-account-service.d.ts +22 -0
package/dist/adapters/azure/cloud-account-service.js +255 -0
package/dist/adapters/azure/locations.d.ts +7 -0
package/dist/adapters/azure/locations.js +21 -0
package/dist/adapters/codemods/__tests__/registry.test.d.ts +1 -0
package/dist/adapters/codemods/__tests__/registry.test.js +59 -0
package/dist/adapters/codemods/__tests__/use-azure-appsvc.test.d.ts +1 -0
package/dist/adapters/codemods/__tests__/use-azure-appsvc.test.js +77 -0
package/dist/adapters/codemods/__tests__/use-pnpm.test.d.ts +1 -0
package/dist/adapters/codemods/__tests__/use-pnpm.test.js +148 -0
package/dist/adapters/codemods/git.d.ts +2 -0
package/dist/adapters/codemods/git.js +18 -0
package/dist/adapters/codemods/index.d.ts +3 -0
package/dist/adapters/codemods/index.js +9 -0
package/dist/adapters/codemods/registry.d.ts +8 -0
package/dist/adapters/codemods/registry.js +16 -0
package/dist/adapters/codemods/update-code-review.d.ts +3 -0
package/dist/adapters/codemods/update-code-review.js +60 -0
package/dist/adapters/codemods/use-azure-appsvc.d.ts +3 -0
package/dist/adapters/codemods/use-azure-appsvc.js +84 -0
package/dist/adapters/codemods/use-pnpm.d.ts +22 -0
package/dist/adapters/codemods/use-pnpm.js +214 -0
package/dist/adapters/codemods/yaml.d.ts +2 -0
package/dist/adapters/codemods/yaml.js +8 -0
package/dist/adapters/commander/commands/codemod.d.ts +8 -0
package/dist/adapters/commander/commands/codemod.js +22 -0
package/dist/adapters/commander/commands/doctor.d.ts +4 -0
package/dist/adapters/commander/commands/doctor.js +12 -0
package/dist/adapters/commander/commands/info.d.ts +3 -0
package/dist/adapters/commander/commands/info.js +9 -0
package/dist/adapters/commander/commands/init.d.ts +7 -0
package/dist/adapters/commander/commands/init.js +126 -0
package/dist/adapters/commander/commands/savemoney.d.ts +2 -0
package/dist/adapters/commander/commands/savemoney.js +26 -0
package/dist/adapters/commander/index.d.ts +7 -0
package/dist/adapters/commander/index.js +19 -0
package/dist/adapters/execa/terraform.d.ts +27 -0
package/dist/adapters/execa/terraform.js +28 -0
package/dist/adapters/github/__tests__/github-repo.spec.d.ts +1 -0
package/dist/adapters/github/__tests__/github-repo.spec.js +67 -0
package/dist/adapters/github/github-repo.d.ts +2 -0
package/dist/adapters/github/github-repo.js +31 -0
package/dist/adapters/logtape/validation-reporter.d.ts +2 -0
package/dist/adapters/logtape/validation-reporter.js +14 -0
package/dist/adapters/node/__tests__/data.d.ts +18 -0
package/dist/adapters/node/__tests__/data.js +22 -0
package/dist/adapters/node/__tests__/package-json.test.d.ts +1 -0
package/dist/adapters/node/__tests__/package-json.test.js +86 -0
package/dist/adapters/node/__tests__/repository.test.d.ts +1 -0
package/dist/adapters/node/__tests__/repository.test.js +77 -0
package/dist/adapters/node/fs/__tests__/file-reader.test.d.ts +1 -0
package/dist/adapters/node/fs/__tests__/file-reader.test.js +80 -0
package/dist/adapters/node/fs/file-reader.d.ts +24 -0
package/dist/adapters/node/fs/file-reader.js +26 -0
package/dist/adapters/node/json/__tests__/index.test.d.ts +1 -0
package/dist/adapters/node/json/__tests__/index.test.js +14 -0
package/dist/adapters/node/json/index.d.ts +2 -0
package/dist/adapters/node/json/index.js +2 -0
package/dist/adapters/node/package-json.d.ts +2 -0
package/dist/adapters/node/package-json.js +22 -0
package/dist/adapters/node/release.d.ts +2 -0
package/dist/adapters/node/release.js +33 -0
package/dist/adapters/node/repository.d.ts +2 -0
package/dist/adapters/node/repository.js +47 -0
package/dist/adapters/octokit/__tests__/index.test.d.ts +1 -0
package/dist/adapters/octokit/__tests__/index.test.js +197 -0
package/dist/adapters/octokit/index.d.ts +24 -0
package/dist/adapters/octokit/index.js +65 -0
package/dist/adapters/plop/actions/__tests__/init-cloud-accounts.test.d.ts +1 -0
package/dist/adapters/plop/actions/__tests__/init-cloud-accounts.test.js +115 -0
package/dist/adapters/plop/actions/__tests__/provision-terraform-backend.test.d.ts +1 -0
package/dist/adapters/plop/actions/__tests__/provision-terraform-backend.test.js +116 -0
package/dist/adapters/plop/actions/fetch-github-release.d.ts +12 -0
package/dist/adapters/plop/actions/fetch-github-release.js +20 -0
package/dist/adapters/plop/actions/get-node-version.d.ts +2 -0
package/dist/adapters/plop/actions/get-node-version.js +9 -0
package/dist/adapters/plop/actions/get-terraform-backend.d.ts +3 -0
package/dist/adapters/plop/actions/get-terraform-backend.js +17 -0
package/dist/adapters/plop/actions/init-cloud-accounts.d.ts +5 -0
package/dist/adapters/plop/actions/init-cloud-accounts.js +13 -0
package/dist/adapters/plop/actions/provision-terraform-backend.d.ts +10 -0
package/dist/adapters/plop/actions/provision-terraform-backend.js +16 -0
package/dist/adapters/plop/actions/semver.d.ts +19 -0
package/dist/adapters/plop/actions/semver.js +27 -0
package/dist/adapters/plop/actions/setup-pnpm.d.ts +2 -0
package/dist/adapters/plop/actions/setup-pnpm.js +26 -0
package/dist/adapters/plop/generators/environment/__tests__/actions.test.d.ts +2 -0
package/dist/adapters/plop/generators/environment/__tests__/actions.test.js +55 -0
package/dist/adapters/plop/generators/environment/actions.d.ts +2 -0
package/dist/adapters/plop/generators/environment/actions.js +54 -0
package/dist/adapters/plop/generators/environment/index.d.ts +3 -0
package/dist/adapters/plop/generators/environment/index.js +19 -0
package/dist/adapters/plop/generators/environment/prompts.d.ts +66 -0
package/dist/adapters/plop/generators/environment/prompts.js +166 -0
package/dist/adapters/plop/generators/monorepo/actions.d.ts +51 -0
package/dist/adapters/plop/generators/monorepo/actions.js +35 -0
package/dist/adapters/plop/generators/monorepo/index.d.ts +6 -0
package/dist/adapters/plop/generators/monorepo/index.js +17 -0
package/dist/adapters/plop/generators/monorepo/prompts.d.ts +10 -0
package/dist/adapters/plop/generators/monorepo/prompts.js +31 -0
package/dist/adapters/plop/helpers/__tests__/resource-prefix.test.d.ts +1 -0
package/dist/adapters/plop/helpers/__tests__/resource-prefix.test.js +113 -0
package/dist/adapters/plop/helpers/env-short.d.ts +3 -0
package/dist/adapters/plop/helpers/env-short.js +9 -0
package/dist/adapters/plop/helpers/resource-prefix.d.ts +5 -0
package/dist/adapters/plop/helpers/resource-prefix.js +18 -0
package/dist/adapters/plop/index.d.ts +8 -0
package/dist/adapters/plop/index.js +24 -0
package/dist/adapters/terraform/fmt.d.ts +1 -0
package/dist/adapters/terraform/fmt.js +17 -0
package/dist/adapters/yaml/__tests__/index.test.d.ts +1 -0
package/dist/adapters/yaml/__tests__/index.test.js +53 -0
package/dist/adapters/yaml/index.d.ts +8 -0
package/dist/adapters/yaml/index.js +9 -0
package/dist/adapters/zod/index.d.ts +23 -0
package/dist/adapters/zod/index.js +22 -0
package/dist/config.d.ts +6 -0
package/dist/config.js +5 -0
package/dist/domain/__tests__/data.d.ts +17 -0
package/dist/domain/__tests__/data.js +27 -0
package/dist/domain/__tests__/environment.test.d.ts +1 -0
package/dist/domain/__tests__/environment.test.js +282 -0
package/dist/domain/__tests__/info.test.d.ts +1 -0
package/dist/domain/__tests__/info.test.js +77 -0
package/dist/domain/__tests__/package-json.test.d.ts +1 -0
package/dist/domain/__tests__/package-json.test.js +39 -0
package/dist/domain/__tests__/repository.test.d.ts +1 -0
package/dist/domain/__tests__/repository.test.js +101 -0
package/dist/domain/__tests__/workspace.test.d.ts +1 -0
package/dist/domain/__tests__/workspace.test.js +57 -0
package/dist/domain/cloud-account.d.ts +28 -0
package/dist/domain/cloud-account.js +12 -0
package/dist/domain/codemod.d.ts +11 -0
package/dist/domain/codemod.js +1 -0
package/dist/domain/dependencies.d.ts +10 -0
package/dist/domain/dependencies.js +1 -0
package/dist/domain/doctor.d.ts +10 -0
package/dist/domain/doctor.js +50 -0
package/dist/domain/environment.d.ts +40 -0
package/dist/domain/environment.js +57 -0
package/dist/domain/github-repo.d.ts +6 -0
package/dist/domain/github-repo.js +8 -0
package/dist/domain/github.d.ts +37 -0
package/dist/domain/github.js +29 -0
package/dist/domain/info.d.ts +11 -0
package/dist/domain/info.js +52 -0
package/dist/domain/package-json.d.ts +42 -0
package/dist/domain/package-json.js +69 -0
package/dist/domain/remote-backend.d.ts +8 -0
package/dist/domain/remote-backend.js +9 -0
package/dist/domain/repository.d.ts +13 -0
package/dist/domain/repository.js +72 -0
package/dist/domain/validation.d.ts +16 -0
package/dist/domain/validation.js +1 -0
package/dist/domain/workspace.d.ts +9 -0
package/dist/domain/workspace.js +32 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +35 -0
package/dist/use-cases/__tests__/apply-codemod.test.d.ts +1 -0
package/dist/use-cases/__tests__/apply-codemod.test.js +73 -0
package/dist/use-cases/__tests__/list-codemods.test.d.ts +1 -0
package/dist/use-cases/__tests__/list-codemods.test.js +38 -0
package/dist/use-cases/apply-codemod.d.ts +5 -0
package/dist/use-cases/apply-codemod.js +14 -0
package/dist/use-cases/list-codemods.d.ts +4 -0
package/dist/use-cases/list-codemods.js +1 -0
package/package.json +19 -8
package/templates/environment/bootstrapper/{{env.name}}/data.tf.hbs +13 -0
package/templates/environment/bootstrapper/{{env.name}}/main.tf.hbs +70 -0
package/templates/environment/bootstrapper/{{env.name}}/providers.tf.hbs +26 -0
package/templates/environment/core/{{env.name}}/main.tf.hbs +21 -0
package/templates/environment/core/{{env.name}}/outputs.tf.hbs +8 -0
package/templates/environment/core/{{env.name}}/providers.tf.hbs +21 -0
package/templates/environment/shared/backend.tf.hbs +14 -0
package/templates/environment/shared/locals.tf.hbs +26 -0
package/templates/monorepo/.editorconfig +8 -0
package/templates/monorepo/.node-version.hbs +1 -0
package/templates/monorepo/.pre-commit-config.yaml.hbs +34 -0
package/templates/monorepo/.prettierignore +5 -0
package/templates/monorepo/.terraform-version.hbs +1 -0
package/templates/monorepo/.trivyignore +16 -0
package/templates/monorepo/README.md.hbs +163 -0
package/templates/monorepo/infra/repository/main.tf.hbs +11 -0
package/templates/monorepo/infra/repository/outputs.tf.hbs +11 -0
package/templates/monorepo/infra/repository/providers.tf.hbs +13 -0
package/templates/monorepo/package.json.hbs +7 -0
package/templates/monorepo/pnpm-workspace.yaml +7 -0
package/templates/monorepo/turbo.json +29 -0

package/dist/adapters/azure/__tests__/cloud-account-repository.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/adapters/azure/__tests__/cloud-account-repository.test.js ADDED Viewed

@@ -0,0 +1,95 @@
+import { describe, expect, it, vi } from "vitest";
+import { AzureSubscriptionRepository } from "../cloud-account-repository.js";
+const createMockSubscription = (overrides = {}) => ({
+    displayName: "Test Subscription",
+    state: "Enabled",
+    subscriptionId: "00000000-0000-0000-0000-000000000001",
+    ...overrides,
+});
+const createMockSubscriptionClient = (subscriptions) => {
+    const listIterator = async function* () {
+        for (const sub of subscriptions) {
+            yield sub;
+        }
+    };
+    return {
+        subscriptions: {
+            list: listIterator,
+        },
+    };
+};
+vi.mock("@azure/arm-resources-subscriptions", () => ({
+    SubscriptionClient: vi.fn(),
+}));
+vi.mock("@azure/identity", () => ({
+    DefaultAzureCredential: vi.fn(),
+}));
+import { SubscriptionClient } from "@azure/arm-resources-subscriptions";
+import { DefaultAzureCredential } from "@azure/identity";
+const MockedSubscriptionClient = SubscriptionClient;
+describe("AzureSubscriptionRepository", () => {
+    it("should return a list of enabled subscriptions", async () => {
+        const subscriptions = [
+            createMockSubscription({
+                displayName: "Sub 1",
+                subscriptionId: "sub-1",
+            }),
+            createMockSubscription({
+                displayName: "Sub 2",
+                subscriptionId: "sub-2",
+            }),
+        ];
+        MockedSubscriptionClient.mockImplementation(() => createMockSubscriptionClient(subscriptions));
+        const repository = new AzureSubscriptionRepository(new DefaultAzureCredential());
+        const result = await repository.list();
+        expect(result).toHaveLength(2);
+        expect(result[0]).toMatchObject({
+            displayName: "Sub 1",
+            id: "sub-1",
+        });
+        expect(result[1]).toMatchObject({
+            displayName: "Sub 2",
+            id: "sub-2",
+        });
+    });
+    it("should filter out disabled subscriptions", async () => {
+        const subscriptions = [
+            createMockSubscription({
+                displayName: "Enabled Sub",
+                state: "Enabled",
+                subscriptionId: "enabled-sub",
+            }),
+            createMockSubscription({
+                displayName: "Disabled Sub",
+                state: "Disabled",
+                subscriptionId: "disabled-sub",
+            }),
+        ];
+        MockedSubscriptionClient.mockImplementation(() => createMockSubscriptionClient(subscriptions));
+        const repository = new AzureSubscriptionRepository(new DefaultAzureCredential());
+        const result = await repository.list();
+        expect(result).toHaveLength(1);
+        expect(result[0]).toMatchObject({
+            displayName: "Enabled Sub",
+            id: "enabled-sub",
+        });
+    });
+    it("should return an empty array when no subscriptions exist", async () => {
+        MockedSubscriptionClient.mockImplementation(() => createMockSubscriptionClient([]));
+        const repository = new AzureSubscriptionRepository(new DefaultAzureCredential());
+        const result = await repository.list();
+        expect(result).toEqual([]);
+    });
+    it("should filter out subscriptions with other states", async () => {
+        const subscriptions = [
+            createMockSubscription({ state: "Enabled" }),
+            createMockSubscription({ state: "Warned" }),
+            createMockSubscription({ state: "PastDue" }),
+            createMockSubscription({ state: "Deleted" }),
+        ];
+        MockedSubscriptionClient.mockImplementation(() => createMockSubscriptionClient(subscriptions));
+        const repository = new AzureSubscriptionRepository(new DefaultAzureCredential());
+        const result = await repository.list();
+        expect(result).toHaveLength(1);
+    });
+});

package/dist/adapters/azure/__tests__/cloud-account-service.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/adapters/azure/__tests__/cloud-account-service.test.js ADDED Viewed

@@ -0,0 +1,95 @@
+import { DefaultAzureCredential } from "@azure/identity";
+import { test as baseTest, describe, expect, vi } from "vitest";
+import { AzureCloudAccountService } from "../cloud-account-service.js";
+const { queryResources } = vi.hoisted(() => ({
+    queryResources: vi.fn().mockRejectedValue(new Error("Not implemented")),
+}));
+vi.mock("@azure/identity", () => ({
+    DefaultAzureCredential: vi.fn(),
+}));
+vi.mock("@azure/arm-resourcegraph", () => ({
+    ResourceGraphClient: class {
+        resources = queryResources;
+    },
+}));
+const test = baseTest.extend({
+    // the empty pattern is required by vitest!!!
+    // eslint-disable-next-line no-empty-pattern
+    cloudAccountService: async ({}, use) => {
+        const cloudAccountService = new AzureCloudAccountService(new DefaultAzureCredential());
+        await use(cloudAccountService);
+    },
+});
+describe("getTerraformBackend", () => {
+    test("returns undefined when no matching storage account is found", async ({ cloudAccountService, }) => {
+        queryResources.mockResolvedValueOnce({
+            data: [],
+            totalRecords: 0,
+        });
+        const result = await cloudAccountService.getTerraformBackend("sub-1", {
+            name: "dev",
+            prefix: "dx",
+        });
+        expect(result).toBeUndefined();
+    });
+    test("return the only matching storage account", async ({ cloudAccountService, }) => {
+        queryResources.mockResolvedValueOnce({
+            data: [
+                {
+                    location: "italynorth",
+                    name: "dxditntfstatest01",
+                    resourceGroup: "dx-d-itn-tfstate-rg-01",
+                    subscriptionId: "sub-1",
+                    type: "microsoft.storage/storageaccounts",
+                },
+            ],
+            totalRecords: 1,
+        });
+        const result = await cloudAccountService.getTerraformBackend("sub-1", {
+            name: "dev",
+            prefix: "dx",
+        });
+        expect(result).toEqual(expect.objectContaining({
+            resourceGroupName: "dx-d-itn-tfstate-rg-01",
+            storageAccountName: "dxditntfstatest01",
+            type: "azurerm",
+        }));
+    });
+    test("returns the best matching storage account among multiple", async ({ cloudAccountService, }) => {
+        queryResources.mockResolvedValueOnce({
+            data: [
+                {
+                    location: "italynorth",
+                    name: "dxditntfstatest01",
+                    resourceGroup: "dx-d-itn-tfstate-rg-01",
+                    subscriptionId: "sub-1",
+                    type: "microsoft.storage/storageaccounts",
+                },
+                {
+                    location: "italynorth",
+                    name: "dxditntfstatest02",
+                    resourceGroup: "dx-d-itn-tfstate-rg-01",
+                    subscriptionId: "sub-1",
+                    type: "microsoft.storage/storageaccounts",
+                },
+                {
+                    location: "westeurope",
+                    name: "dxdweutfstatest01",
+                    resourceGroup: "dx-d-weu-tfstate-rg-01",
+                    subscriptionId: "sub-1",
+                    type: "microsoft.storage/storageaccounts",
+                },
+            ],
+            totalRecords: 3,
+        });
+        const result = await cloudAccountService.getTerraformBackend("sub-1", {
+            name: "dev",
+            prefix: "dx",
+        });
+        expect(result).toEqual(expect.objectContaining({
+            resourceGroupName: "dx-d-itn-tfstate-rg-01",
+            storageAccountName: "dxditntfstatest02",
+            type: "azurerm",
+        }));
+    });
+});

package/dist/adapters/azure/cloud-account-repository.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { TokenCredential } from "@azure/identity";
+import { type CloudAccountRepository } from "../../domain/cloud-account.js";
+export declare class AzureSubscriptionRepository implements CloudAccountRepository {
+    #private;
+    constructor(credential: TokenCredential);
+    list(): Promise<{
+        csp: "azure";
+        defaultLocation: string;
+        displayName: string;
+        id: string;
+    }[]>;
+}

package/dist/adapters/azure/cloud-account-repository.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { SubscriptionClient } from "@azure/arm-resources-subscriptions";
+import { z } from "zod/v4";
+import { cloudAccountSchema, } from "../../domain/cloud-account.js";
+import { defaultLocation } from "./locations.js";
+export class AzureSubscriptionRepository {
+    #subscriptionClient;
+    constructor(credential) {
+        this.#subscriptionClient = new SubscriptionClient(credential);
+    }
+    async list() {
+        const subscriptions = [];
+        for await (const subscription of this.#subscriptionClient.subscriptions.list()) {
+            if (subscription.state === "Enabled") {
+                subscriptions.push({
+                    defaultLocation,
+                    displayName: subscription.displayName,
+                    id: subscription.subscriptionId,
+                });
+            }
+        }
+        return z.array(cloudAccountSchema).parse(subscriptions);
+    }
+}

package/dist/adapters/azure/cloud-account-service.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { TokenCredential } from "@azure/identity";
+import { z } from "zod/v4";
+import { CloudAccount, type CloudAccountService } from "../../domain/cloud-account.js";
+import { type EnvironmentId } from "../../domain/environment.js";
+import { type TerraformBackend } from "../../domain/remote-backend.js";
+export declare const resourceGraphDataSchema: z.ZodObject<{
+    location: z.ZodEnum<{
+        italynorth: "italynorth";
+        westeurope: "westeurope";
+    }>;
+    name: z.ZodString;
+    resourceGroup: z.ZodString;
+}, z.core.$strip>;
+export declare class AzureCloudAccountService implements CloudAccountService {
+    #private;
+    constructor(credential: TokenCredential);
+    getTerraformBackend(cloudAccountId: CloudAccount["id"], { name, prefix }: EnvironmentId): Promise<TerraformBackend | undefined>;
+    hasUserPermissionToInitialize(cloudAccountId: CloudAccount["id"]): Promise<boolean>;
+    initialize(cloudAccount: CloudAccount, { name, prefix }: EnvironmentId, tags?: Record<string, string>): Promise<void>;
+    isInitialized(cloudAccountId: CloudAccount["id"], { name, prefix }: EnvironmentId): Promise<boolean>;
+    provisionTerraformBackend(cloudAccount: CloudAccount, { name, prefix }: EnvironmentId, tags?: Record<string, string>): Promise<TerraformBackend>;
+}

package/dist/adapters/azure/cloud-account-service.js ADDED Viewed

@@ -0,0 +1,255 @@
+import { AuthorizationManagementClient } from "@azure/arm-authorization";
+import { ManagedServiceIdentityClient } from "@azure/arm-msi";
+import { ResourceGraphClient } from "@azure/arm-resourcegraph";
+import { ResourceManagementClient } from "@azure/arm-resources";
+import { StorageManagementClient } from "@azure/arm-storage";
+import { BlobServiceClient } from "@azure/storage-blob";
+import { getLogger } from "@logtape/logtape";
+import { Client } from "@microsoft/microsoft-graph-client";
+import * as assert from "node:assert/strict";
+import { z } from "zod/v4";
+import { environmentShort, } from "../../domain/environment.js";
+import { terraformBackendSchema, } from "../../domain/remote-backend.js";
+import { isAzureLocation, locations, locationShort } from "./locations.js";
+// We are only interested in these properties for now;
+// the actual result structure contains the full cloud resource object
+export const resourceGraphDataSchema = z.object({
+    location: z.enum(locations),
+    name: z.string(),
+    resourceGroup: z.string(),
+});
+const graphUserResponseSchema = z.object({
+    id: z.string(),
+});
+const graphGroupMembershipItemSchema = z.object({
+    id: z.string(),
+});
+const graphGroupMembershipResponseSchema = z.object({
+    "@odata.nextLink": z.string().optional(),
+    value: z.array(graphGroupMembershipItemSchema),
+});
+export class AzureCloudAccountService {
+    #credential;
+    #resourceGraphClient;
+    constructor(credential) {
+        this.#resourceGraphClient = new ResourceGraphClient(credential);
+        this.#credential = credential;
+    }
+    async getTerraformBackend(cloudAccountId, { name, prefix }) {
+        const allLocations = Object.values(locationShort).join("|");
+        const shortEnv = environmentShort[name];
+        // Check if a storage account with the expected name exists
+        // $prefix + environment short + location + "tfstatest" + suffix (e.g., "dxpitntfstatest01")
+        // it can return multiple results (e.g. for different location or instance number)
+        const resourceName = `${prefix}${shortEnv}(${allLocations})tfstatest(0[1-9]|[1-9]\\d)`;
+        const query = `resources
+             | where type == 'microsoft.storage/storageaccounts'
+             | where name matches regex @'${resourceName}'
+            `;
+        const result = await this.#resourceGraphClient.resources({
+            query,
+            subscriptions: [cloudAccountId],
+        });
+        if (result.totalRecords === 0) {
+            return undefined;
+        }
+        const storageAccounts = z.array(resourceGraphDataSchema).parse(result.data);
+        // on multiple results, rank storage accounts by location priority and instance number
+        if (storageAccounts.length > 0) {
+            storageAccounts.sort((a, b) => {
+                // compare locations priority
+                const locationComparison = locations.indexOf(a.location) - locations.indexOf(b.location);
+                if (locationComparison === 0) {
+                    // same location, compare by name (to get the highest instance number)
+                    return b.name.localeCompare(a.name);
+                }
+                return locationComparison;
+            });
+        }
+        return terraformBackendSchema.parse({
+            resourceGroupName: storageAccounts[0].resourceGroup,
+            storageAccountName: storageAccounts[0].name,
+            subscriptionId: cloudAccountId,
+            type: "azurerm",
+        });
+    }
+    async hasUserPermissionToInitialize(cloudAccountId) {
+        try {
+            // All principal IDs to check (user + all groups)
+            const allPrincipalIds = await this.#getCurrentPrincipalIds();
+            // Get role assignments for the subscription
+            const authClient = new AuthorizationManagementClient(this.#credential, cloudAccountId);
+            const requiredRoles = [
+                "8e3af657-a8ff-443c-a75c-2fe8c4bcb635", // Owner
+                "ba92f5b4-2d11-453d-a403-e96b0029c9fe", // Storage Blob Data Contributor
+            ];
+            const scope = `/subscriptions/${cloudAccountId}`;
+            // Collect all role definition IDs assigned to the user or their groups
+            const assignedRoleDefinitionIds = new Set();
+            for await (const assignment of authClient.roleAssignments.listForScope(scope)) {
+                // Check if this assignment is for the user or any of their groups
+                if (assignment.principalId &&
+                    allPrincipalIds.has(assignment.principalId)) {
+                    // Extract role definition ID from the full resource ID
+                    // Format: /subscriptions/{sub}/providers/Microsoft.Authorization/roleDefinitions/{roleId}
+                    const roleDefId = assignment.roleDefinitionId?.split("/").pop();
+                    if (roleDefId) {
+                        assignedRoleDefinitionIds.add(roleDefId);
+                    }
+                }
+                // Short-circuit: stop if all required roles have been found
+                if (requiredRoles.every((requiredRole) => assignedRoleDefinitionIds.has(requiredRole))) {
+                    return true;
+                }
+            }
+            // Check if all required roles are present
+            const hasAllRoles = requiredRoles.every((requiredRole) => assignedRoleDefinitionIds.has(requiredRole));
+            return hasAllRoles;
+        }
+        catch (error) {
+            // Handle authorization errors (403 Forbidden) - user lacks permissions
+            if (error &&
+                typeof error === "object" &&
+                "statusCode" in error &&
+                error.statusCode === 403) {
+                return false;
+            }
+            // Re-throw other errors
+            throw error;
+        }
+    }
+    async initialize(cloudAccount, { name, prefix }, tags = {}) {
+        assert.equal(cloudAccount.csp, "azure", "Cloud account must be Azure");
+        assert.ok(isAzureLocation(cloudAccount.defaultLocation), "The default location of the cloud account is not a valid Azure location");
+        const logger = getLogger(["gen", "env"]);
+        const resourceManagementClient = new ResourceManagementClient(this.#credential, cloudAccount.id);
+        const short = {
+            env: environmentShort[name],
+            location: locationShort[cloudAccount.defaultLocation],
+        };
+        const resourceGroupName = `${prefix}-${short.env}-${short.location}-bootstrap-rg-01`;
+        const parameters = {
+            location: cloudAccount.defaultLocation,
+            tags: {
+                Environment: name,
+                ...tags,
+            },
+        };
+        await resourceManagementClient.resourceGroups.createOrUpdate(resourceGroupName, parameters);
+        logger.debug("Created resource group {resourceGroupName} in subscription {subscriptionId}", { resourceGroupName, subscriptionId: cloudAccount.id });
+        const msiClient = new ManagedServiceIdentityClient(this.#credential, cloudAccount.id);
+        const identityName = `${prefix}-${short.env}-${short.location}-bootstrap-id-01`;
+        await msiClient.userAssignedIdentities.createOrUpdate(resourceGroupName, identityName, parameters);
+        logger.debug("Created identity {identityName} in subscription {subscriptionId}", { identityName, subscriptionId: cloudAccount.id });
+    }
+    async isInitialized(cloudAccountId, { name, prefix }) {
+        const allLocations = Object.values(locationShort).join("|");
+        const shortEnv = environmentShort[name];
+        const resourceName = `${prefix}-${shortEnv}-(${allLocations})-bootstrap-id-(0[1-9]|[1-9]\\d)`;
+        const query = `resources
+             | where type == 'microsoft.managedidentity/userassignedidentities'
+             | where name matches regex @'${resourceName}'
+            `;
+        const result = await this.#resourceGraphClient.resources({
+            query,
+            subscriptions: [cloudAccountId],
+        });
+        const initialized = result.totalRecords > 0;
+        const logger = getLogger(["gen", "env"]);
+        logger.debug("subscription {subscriptionId} initialized: {initialized}", {
+            initialized,
+            subscriptionId: cloudAccountId,
+        });
+        return initialized;
+    }
+    async provisionTerraformBackend(cloudAccount, { name, prefix }, tags = {}) {
+        assert.equal(cloudAccount.csp, "azure", "Cloud account must be Azure");
+        assert.ok(isAzureLocation(cloudAccount.defaultLocation), "The default location of the cloud account is not a valid Azure location");
+        const logger = getLogger(["gen", "env"]);
+        const resourceManagementClient = new ResourceManagementClient(this.#credential, cloudAccount.id);
+        const short = {
+            env: environmentShort[name],
+            location: locationShort[cloudAccount.defaultLocation],
+        };
+        const parameters = {
+            location: cloudAccount.defaultLocation,
+            tags: {
+                Environment: name,
+                ...tags,
+            },
+        };
+        const resourceGroupName = `${prefix}-${short.env}-${short.location}-tfstate-rg-01`;
+        await resourceManagementClient.resourceGroups.createOrUpdate(resourceGroupName, parameters);
+        logger.debug("Created resource group {resourceGroupName} in subscription {subscriptionId}", { resourceGroupName, subscriptionId: cloudAccount.id });
+        const storageManagementClient = new StorageManagementClient(this.#credential, cloudAccount.id);
+        const storageAccount = await storageManagementClient.storageAccounts.beginCreateAndWait(resourceGroupName, `${prefix}${short.env}${short.location}tfstatest01`, {
+            kind: "StorageV2",
+            sku: {
+                name: "Standard_LRS",
+                tier: "Standard",
+            },
+            ...parameters,
+        });
+        assert.ok(storageAccount.primaryEndpoints?.blob, "Storage account blob endpoint is undefined");
+        assert.ok(storageAccount.name, "Storage account name is undefined");
+        logger.debug("Created storage account {storageAccountName} in subscription {subscriptionId}", {
+            storageAccountName: storageAccount.name,
+            subscriptionId: cloudAccount.id,
+        });
+        const blobServiceClient = new BlobServiceClient(storageAccount.primaryEndpoints?.blob, this.#credential);
+        const containerClient = blobServiceClient.getContainerClient("terraform-state");
+        try {
+            await containerClient.create();
+        }
+        catch (e) {
+            // Cleanup resource group if blob container creation fails
+            // resource group deletion also deletes all contained resources
+            await resourceManagementClient.resourceGroups.beginDeleteAndWait(resourceGroupName);
+            throw new Error(`Error during the creation of the blob container`, {
+                cause: e,
+            });
+        }
+        return terraformBackendSchema.parse({
+            resourceGroupName,
+            storageAccountName: storageAccount.name,
+            subscriptionId: cloudAccount.id,
+            type: "azurerm",
+        });
+    }
+    async #getCurrentPrincipalIds() {
+        // Create Graph client with custom auth provider that fetches fresh tokens
+        const graphClient = Client.init({
+            authProvider: async (done) => {
+                try {
+                    const tokenResponse = await this.#credential.getToken("https://graph.microsoft.com/.default");
+                    if (!tokenResponse) {
+                        done(new Error("Failed to acquire token for Microsoft Graph"), null);
+                        return;
+                    }
+                    done(null, tokenResponse.token);
+                }
+                catch (error) {
+                    done(error, null);
+                }
+            },
+        });
+        // Get current user's info
+        const meResponse = await graphClient.api("/me").get();
+        const me = graphUserResponseSchema.parse(meResponse);
+        const userObjectId = me.id;
+        // Get all group memberships (transitive - includes nested groups)
+        const groupIds = [];
+        let nextLink = "/me/transitiveMemberOf?$select=id";
+        while (nextLink) {
+            const rawResponse = await graphClient.api(nextLink).get();
+            const response = graphGroupMembershipResponseSchema.parse(rawResponse);
+            for (const item of response.value) {
+                groupIds.push(item.id);
+            }
+            nextLink = response["@odata.nextLink"];
+        }
+        // All principal IDs to check (user + all groups)
+        const allPrincipalIds = new Set([userObjectId, ...groupIds]);
+        return allPrincipalIds;
+    }
+}

package/dist/adapters/azure/locations.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { CloudRegion } from "../../domain/cloud-account.js";
+export declare const locations: readonly ["italynorth", "westeurope"];
+export type AzureLocation = (typeof locations)[number];
+export declare function isAzureLocation(location: string): location is AzureLocation;
+export declare const defaultLocation: "italynorth";
+export declare const locationShort: Record<AzureLocation, string>;
+export declare const cloudRegions: CloudRegion[];

package/dist/adapters/azure/locations.js ADDED Viewed

@@ -0,0 +1,21 @@
+// These are the only regions we currently support for DX
+// Order matters! they go from the preferred to the less preferred ones
+export const locations = ["italynorth", "westeurope"];
+export function isAzureLocation(location) {
+    return locations.includes(location);
+}
+// The default location is the first one
+export const defaultLocation = locations[0];
+export const locationShort = {
+    italynorth: "itn",
+    westeurope: "weu",
+};
+const displayName = {
+    italynorth: "Italy North",
+    westeurope: "West Europe",
+};
+export const cloudRegions = locations.map((l) => ({
+    displayName: displayName[l],
+    name: l,
+    short: locationShort[l],
+}));

package/dist/adapters/codemods/__tests__/registry.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/adapters/codemods/__tests__/registry.test.js ADDED Viewed

@@ -0,0 +1,59 @@
+import { ok } from "neverthrow";
+import { describe, expect, it, vi } from "vitest";
+import { LocalCodemodRegistry } from "../registry.js";
+describe("LocalCodemodRegistry", () => {
+    const makeCodemod = (id, description = id) => ({
+        apply: vi.fn().mockResolvedValue(undefined),
+        description,
+        id,
+    });
+    it("returns empty list when no codemods are registered", async () => {
+        const registry = new LocalCodemodRegistry();
+        const result = await registry.getAll();
+        expect(result).toStrictEqual(ok([]));
+    });
+    it("adds codemods and lists them via getAll", async () => {
+        const registry = new LocalCodemodRegistry();
+        const a = makeCodemod("a", "A");
+        const b = makeCodemod("b", "B");
+        registry.add(a);
+        registry.add(b);
+        const result = await registry.getAll();
+        expect(result.isOk()).toBe(true);
+        if (result.isOk()) {
+            expect(result.value).toHaveLength(2);
+            expect(result.value).toEqual(expect.arrayContaining([
+                expect.objectContaining({ id: "a" }),
+                expect.objectContaining({ id: "b" }),
+            ]));
+        }
+    });
+    it("retrieves a codemod by id and returns undefined when missing", async () => {
+        const registry = new LocalCodemodRegistry();
+        const a = makeCodemod("a", "A");
+        registry.add(a);
+        const found = await registry.getById("a");
+        expect(found.isOk()).toBe(true);
+        if (found.isOk()) {
+            expect(found.value).toBe(a);
+        }
+        const missing = await registry.getById("nope");
+        expect(missing.isOk()).toBe(true);
+        if (missing.isOk()) {
+            expect(missing.value).toBeUndefined();
+        }
+    });
+    it("overwrites an existing codemod when adding with the same id", async () => {
+        const registry = new LocalCodemodRegistry();
+        const first = makeCodemod("a", "first");
+        const second = makeCodemod("a", "second");
+        registry.add(first);
+        registry.add(second);
+        const byId = await registry.getById("a");
+        expect(byId.isOk()).toBe(true);
+        if (byId.isOk()) {
+            expect(byId.value).toBe(second);
+            expect(byId.value).not.toBe(first);
+        }
+    });
+});

package/dist/adapters/codemods/__tests__/use-azure-appsvc.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};