@pagopa/dx-cli 0.18.8 → 0.18.10

package/dist/adapters/codemods/__tests__/registry.test.js

@@ -19,14 +19,14 @@ describe("LocalCodemodRegistry", () => {
         registry.add(a);
         registry.add(b);
         const result = await registry.getAll();
+        expect.assertions(3);
         expect(result.isOk()).toBe(true);
-        if (result.isOk()) {
-            expect(result.value).toHaveLength(2);
-            expect(result.value).toEqual(expect.arrayContaining([
-                expect.objectContaining({ id: "a" }),
-                expect.objectContaining({ id: "b" }),
-            ]));
-        }
+        const expected = result.unwrapOr([]);
+        expect(expected).toHaveLength(2);
+        expect(expected).toEqual(expect.arrayContaining([
+            expect.objectContaining({ id: "a" }),
+            expect.objectContaining({ id: "b" }),
+        ]));
     });
     it("retrieves a codemod by id and returns undefined when missing", async () => {
         const registry = new LocalCodemodRegistry();
@@ -34,14 +34,12 @@ describe("LocalCodemodRegistry", () => {
         registry.add(a);
         const found = await registry.getById("a");
         expect(found.isOk()).toBe(true);
-        if (found.isOk()) {
-            expect(found.value).toBe(a);
-        }
+        const expected = found.unwrapOr(undefined);
+        expect(expected).toBe(a);
         const missing = await registry.getById("nope");
         expect(missing.isOk()).toBe(true);
-        if (missing.isOk()) {
-            expect(missing.value).toBeUndefined();
-        }
+        const missingValue = missing.unwrapOr(undefined);
+        expect(missingValue).toBeUndefined();
     });
     it("overwrites an existing codemod when adding with the same id", async () => {
         const registry = new LocalCodemodRegistry();
@@ -51,9 +49,8 @@ describe("LocalCodemodRegistry", () => {
         registry.add(second);
         const byId = await registry.getById("a");
         expect(byId.isOk()).toBe(true);
-        if (byId.isOk()) {
-            expect(byId.value).toBe(second);
-            expect(byId.value).not.toBe(first);
-        }
+        const byIdValue = byId.unwrapOr(undefined);
+        expect(byIdValue).toBe(second);
+        expect(byIdValue).not.toBe(first);
     });
 });

package/dist/adapters/commander/commands/__tests__/init.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for authorizeCloudAccounts in the init command.
+ */
+export {};

package/dist/adapters/commander/commands/__tests__/init.test.js

@@ -0,0 +1,159 @@
+/**
+ * Tests for authorizeCloudAccounts in the init command.
+ */
+import { errAsync, okAsync } from "neverthrow";
+import { describe, expect, it } from "vitest";
+import { mock } from "vitest-mock-extended";
+import { AuthorizationError, AuthorizationResult, IdentityAlreadyExistsError, } from "../../../../domain/authorization.js";
+import { authorizeCloudAccounts } from "../init.js";
+const makeEnvPayload = (overrides = {}) => ({
+    env: {
+        cloudAccounts: [
+            {
+                csp: "azure",
+                defaultLocation: "italynorth",
+                displayName: "DEV-FooBar",
+                id: "sub-123",
+            },
+        ],
+        name: "dev",
+        prefix: "dx",
+    },
+    github: { owner: "pagopa", repo: "test-repo" },
+    tags: { BusinessUnit: "BU", CostCenter: "TS000", ManagementTeam: "MT" },
+    workspace: { domain: "" },
+    ...overrides,
+});
+describe("authorizeCloudAccounts", () => {
+    it("returns empty array when init is undefined (env already initialized)", async () => {
+        const authService = mock();
+        const envPayload = makeEnvPayload({ init: undefined });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        expect(result._unsafeUnwrap()).toEqual([]);
+        expect(authService.requestAuthorization).not.toHaveBeenCalled();
+    });
+    it("returns empty array when cloudAccountsToInitialize is empty", async () => {
+        const authService = mock();
+        const envPayload = makeEnvPayload({
+            init: { cloudAccountsToInitialize: [] },
+        });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        expect(result._unsafeUnwrap()).toEqual([]);
+    });
+    it("requests authorization for each initialized account", async () => {
+        const authService = mock();
+        const expectedPr = new AuthorizationResult("https://github.com/pagopa/eng-azure-authorization/pull/42");
+        authService.requestAuthorization.mockReturnValue(okAsync(expectedPr));
+        const account = {
+            csp: "azure",
+            defaultLocation: "italynorth",
+            displayName: "DEV-FooBar",
+            id: "sub-123",
+        };
+        const envPayload = makeEnvPayload({
+            env: {
+                cloudAccounts: [account],
+                name: "dev",
+                prefix: "dx",
+            },
+            init: { cloudAccountsToInitialize: [account] },
+        });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        expect(result._unsafeUnwrap()).toEqual([expectedPr]);
+        expect(authService.requestAuthorization).toHaveBeenCalledWith(expect.objectContaining({
+            bootstrapIdentityId: "dx-d-itn-bootstrap-id-01",
+            subscriptionName: "DEV-FooBar",
+        }));
+    });
+    it("computes correct identity for westeurope location", async () => {
+        const authService = mock();
+        authService.requestAuthorization.mockReturnValue(okAsync(new AuthorizationResult("https://example.com/pr/1")));
+        const account = {
+            csp: "azure",
+            defaultLocation: "westeurope",
+            displayName: "PROD-Bar",
+            id: "sub-456",
+        };
+        const envPayload = makeEnvPayload({
+            env: {
+                cloudAccounts: [account],
+                name: "prod",
+                prefix: "io",
+            },
+            init: { cloudAccountsToInitialize: [account] },
+        });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        expect(authService.requestAuthorization).toHaveBeenCalledWith(expect.objectContaining({
+            bootstrapIdentityId: "io-p-weu-bootstrap-id-01",
+            subscriptionName: "PROD-Bar",
+        }));
+    });
+    it("skips accounts with unsupported locations", async () => {
+        const authService = mock();
+        const account = {
+            csp: "azure",
+            defaultLocation: "eastus",
+            displayName: "DEV-Unsupported",
+            id: "sub-789",
+        };
+        const envPayload = makeEnvPayload({
+            init: { cloudAccountsToInitialize: [account] },
+        });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        expect(result._unsafeUnwrap()).toEqual([]);
+        expect(authService.requestAuthorization).not.toHaveBeenCalled();
+    });
+    it("continues when authorization fails for one account", async () => {
+        const authService = mock();
+        const account1 = {
+            csp: "azure",
+            defaultLocation: "italynorth",
+            displayName: "DEV-First",
+            id: "sub-1",
+        };
+        const account2 = {
+            csp: "azure",
+            defaultLocation: "italynorth",
+            displayName: "DEV-Second",
+            id: "sub-2",
+        };
+        const expectedPr = new AuthorizationResult("https://example.com/pr/2");
+        authService.requestAuthorization
+            .mockReturnValueOnce(errAsync(new AuthorizationError("Branch already exists")))
+            .mockReturnValueOnce(okAsync(expectedPr));
+        const envPayload = makeEnvPayload({
+            env: {
+                cloudAccounts: [account1, account2],
+                name: "dev",
+                prefix: "dx",
+            },
+            init: { cloudAccountsToInitialize: [account1, account2] },
+        });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        const prs = result._unsafeUnwrap();
+        expect(prs).toHaveLength(1);
+        expect(prs[0]).toEqual(expectedPr);
+    });
+    it("handles IdentityAlreadyExistsError gracefully", async () => {
+        const authService = mock();
+        const account = {
+            csp: "azure",
+            defaultLocation: "italynorth",
+            displayName: "DEV-Existing",
+            id: "sub-exists",
+        };
+        authService.requestAuthorization.mockReturnValue(errAsync(new IdentityAlreadyExistsError("dx-d-itn-bootstrap-id-01")));
+        const envPayload = makeEnvPayload({
+            init: { cloudAccountsToInitialize: [account] },
+        });
+        const result = await authorizeCloudAccounts(authService)(envPayload);
+        expect(result.isOk()).toBe(true);
+        expect(result._unsafeUnwrap()).toEqual([]);
+    });
+});

package/dist/adapters/commander/commands/init.d.ts

@@ -1,5 +1,7 @@
 import { Command } from "commander";
 import { ResultAsync } from "neverthrow";
+import type { Payload as EnvironmentPayload } from "../../plop/generators/environment/index.js";
+import { AuthorizationResult, AuthorizationService } from "../../../domain/authorization.js";
 import { GitHubService } from "../../../domain/github.js";
 export declare const checkPreconditions: () => ResultAsync<import("execa").Result<{
     environment: {
@@ -9,8 +11,13 @@ export declare const checkPreconditions: () => ResultAsync<import("execa").Resul
     };
     shell: true;
 }>, Error>;
+/**
+ * Authorize a Cloud Account (Azure Subscription, AWS Account, ...), creating a Pull Request for each account that requires authorization.
+ */
+export declare const authorizeCloudAccounts: (authorizationService: AuthorizationService) => (envPayload: EnvironmentPayload) => ResultAsync<AuthorizationResult[], never>;
 type InitCommandDependencies = {
+    authorizationService: AuthorizationService;
     gitHubService: GitHubService;
 };
-export declare const makeInitCommand: ({ gitHubService, }: InitCommandDependencies) => Command;
+export declare const makeInitCommand: ({ authorizationService, gitHubService, }: InitCommandDependencies) => Command;
 export {};

package/dist/adapters/commander/commands/init.js

@@ -6,7 +6,10 @@ import { okAsync, ResultAsync } from "neverthrow";
 import * as path from "node:path";
 import { oraPromise } from "ora";
 import { z } from "zod";
+import { requestAuthorizationInputSchema, } from "../../../domain/authorization.js";
+import { environmentShort } from "../../../domain/environment.js";
 import { Repository, } from "../../../domain/github.js";
+import { isAzureLocation, locationShort } from "../../azure/locations.js";
 import { tf$ } from "../../execa/terraform.js";
 import { getPlopInstance, runDeploymentEnvironmentGenerator, runMonorepoGenerator, } from "../../plop/index.js";
 import { exitWithError } from "../index.js";
@@ -16,7 +19,7 @@ const withSpinner = (text, successText, failText, promise) => ResultAsync.fromPr
     text,
 }), (cause) => new Error(failText, { cause }));
 const displaySummary = (initResult) => {
-    const { pr, repository } = initResult;
+    const { authorizationPrs, pr, repository } = initResult;
     console.log(chalk.green.bold("\nWorkspace created successfully!"));
     if (repository) {
         console.log(`- Name: ${chalk.cyan(repository.name)}`);
@@ -26,9 +29,16 @@ const displaySummary = (initResult) => {
         console.log(chalk.yellow(`\n⚠️ GitHub repository may not have been created automatically.`));
     }
     if (pr) {
+        let step = 1;
         console.log(chalk.green.bold("\nNext Steps:"));
-        console.log(`1. Review the Pull Request in the GitHub repository: ${chalk.underline(pr.url)}`);
-        console.log(`2. Visit ${chalk.underline("https://dx.pagopa.it/getting-started")} to deploy your first project\n`);
+        console.log(`${step++}. Review the Pull Request in the GitHub repository: ${chalk.underline(pr.url)}`);
+        if (authorizationPrs.length > 0) {
+            console.log(`${step++}. Review the Azure authorization Pull Request(s):`);
+            for (const authPr of authorizationPrs) {
+                console.log(`   - ${chalk.underline(authPr.url)}`);
+            }
+        }
+        console.log(`${step}. Visit ${chalk.underline("https://dx.pagopa.it/getting-started")} to deploy your first project\n`);
     }
     else {
         console.log(chalk.yellow(`\n⚠️ There was an error during Pull Request creation.`));
@@ -113,7 +123,46 @@ const handleGeneratorError = (err) => {
     }
     return new Error("Failed to run the generator");
 };
-export const makeInitCommand = ({ gitHubService, }) => new Command()
+/**
+ * Authorize a Cloud Account (Azure Subscription, AWS Account, ...), creating a Pull Request for each account that requires authorization.
+ */
+export const authorizeCloudAccounts = (authorizationService) => (envPayload) => {
+    const accountsToInitialize = envPayload.init?.cloudAccountsToInitialize ?? [];
+    if (accountsToInitialize.length === 0) {
+        return okAsync([]);
+    }
+    const logger = getLogger(["dx-cli", "init"]);
+    const { name, prefix } = envPayload.env;
+    const envShort = environmentShort[name];
+    const requestAll = async () => {
+        const results = [];
+        for (const account of accountsToInitialize) {
+            if (!isAzureLocation(account.defaultLocation)) {
+                logger.warn("Skipping authorization for {account}: unsupported location", { account: account.displayName });
+                continue;
+            }
+            const locShort = locationShort[account.defaultLocation];
+            const input = requestAuthorizationInputSchema.safeParse({
+                bootstrapIdentityId: `${prefix}-${envShort}-${locShort}-bootstrap-id-01`,
+                subscriptionName: account.displayName,
+            });
+            if (!input.success) {
+                logger.warn("Skipping authorization for {account}: invalid input", {
+                    account: account.displayName,
+                });
+                continue;
+            }
+            const result = await authorizationService.requestAuthorization(input.data);
+            result.match((authResult) => results.push(authResult), (error) => logger.warn("Authorization request failed for {account}: {error}", {
+                account: account.displayName,
+                error: error.message,
+            }));
+        }
+        return results;
+    };
+    return ResultAsync.fromPromise(requestAll(), () => []).orElse(() => okAsync([]));
+};
+export const makeInitCommand = ({ authorizationService, gitHubService, }) => new Command()
     .name("init")
     .description("Initialize a new DX workspace")
     .action(async function () {
@@ -127,11 +176,11 @@ export const makeInitCommand = ({ gitHubService, }) => new Command()
         process.chdir(payload.repoName);
         console.log(chalk.blue.bold("\nCloud Environment"));
     })
-        .andThen((payload) => ResultAsync.fromPromise(runDeploymentEnvironmentGenerator(plop, {
-        owner: payload.repoOwner,
-        repo: payload.repoName,
-    }), handleGeneratorError).map(() => payload)))
+        .andThen((monorepoPayload) => ResultAsync.fromPromise(runDeploymentEnvironmentGenerator(plop, {
+        owner: monorepoPayload.repoOwner,
+        repo: monorepoPayload.repoName,
+    }), handleGeneratorError).map((envPayload) => ({ envPayload, monorepoPayload }))))
         .andTee(() => console.log()) // Print a new line before the gh repo creation logs
-        .andThen((payload) => handleNewGitHubRepository(gitHubService)(payload))
+        .andThen(({ envPayload, monorepoPayload }) => handleNewGitHubRepository(gitHubService)(monorepoPayload).andThen((repoPr) => authorizeCloudAccounts(authorizationService)(envPayload).map((authorizationPrs) => ({ ...repoPr, authorizationPrs }))))
         .match(displaySummary, exitWithError(this));
 });

package/dist/adapters/plop/index.d.ts

@@ -1,6 +1,7 @@
 import type { NodePlopAPI } from "plop";
 import { GitHubRepo } from "../../domain/github-repo.js";
 import { GitHubService } from "../../domain/github.js";
+import { Payload as EnvironmentPayload } from "../plop/generators/environment/index.js";
 import { Payload as MonorepoPayload } from "../plop/generators/monorepo/index.js";
 export declare const setMonorepoGenerator: (plop: NodePlopAPI) => void;
 export declare const getPlopInstance: () => Promise<NodePlopAPI>;
@@ -13,7 +14,7 @@ export declare const runMonorepoGenerator: (plop: NodePlopAPI, githubService: Gi
  *                 uses the explicitly passed repository. When omitted (by add command),
  *                 the generator infers it from the local git context.
  */
-export declare const runDeploymentEnvironmentGenerator: (plop: NodePlopAPI, github?: GitHubRepo) => Promise<void>;
+export declare const runDeploymentEnvironmentGenerator: (plop: NodePlopAPI, github?: GitHubRepo) => Promise<EnvironmentPayload>;
 /**
  * Configure the deployment environment generator
  *

package/dist/adapters/plop/index.js

@@ -7,7 +7,7 @@ import { oraPromise } from "ora";
 import { RepositoryNotFoundError } from "../../domain/github.js";
 import { AzureSubscriptionRepository } from "../azure/cloud-account-repository.js";
 import { AzureCloudAccountService } from "../azure/cloud-account-service.js";
-import createDeploymentEnvironmentGenerator, { PLOP_ENVIRONMENT_GENERATOR_NAME, } from "../plop/generators/environment/index.js";
+import createDeploymentEnvironmentGenerator, { payloadSchema as environmentPayloadSchema, PLOP_ENVIRONMENT_GENERATOR_NAME, } from "../plop/generators/environment/index.js";
 import createMonorepoGenerator, { payloadSchema as monorepoPayloadSchema, PLOP_MONOREPO_GENERATOR_NAME, } from "../plop/generators/monorepo/index.js";
 export const setMonorepoGenerator = (plop) => {
     const octokit = new Octokit({ auth: process.env.GITHUB_TOKEN });
@@ -65,12 +65,14 @@ export const runMonorepoGenerator = async (plop, githubService) => {
 export const runDeploymentEnvironmentGenerator = async (plop, github) => {
     setDeploymentEnvironmentGenerator(plop, github);
     const generator = plop.getGenerator(PLOP_ENVIRONMENT_GENERATOR_NAME);
-    const payload = await generator.runPrompts();
+    const answers = await generator.runPrompts();
+    const payload = environmentPayloadSchema.parse(answers);
     await oraPromise(runActions(generator, payload), {
         failText: "Failed to create deployment environment",
         successText: "Environment created successfully!",
         text: "Creating environment...",
     });
+    return payload;
 };
 /**
  * Configure the deployment environment generator

package/dist/use-cases/__tests__/apply-codemod.test.js

@@ -31,10 +31,9 @@ describe("applyCodemodById", () => {
         };
         const result = await applyCodemodById(registry, info)("missing-id");
         expect(result.isErr()).toBe(true);
-        if (result.isErr()) {
-            expect(result.error).toBeInstanceOf(Error);
-            expect(result.error.message).toBe("Codemod with id missing-id not found");
-        }
+        const value = result.isErr() ? result.error : null;
+        expect(value).toBeInstanceOf(Error);
+        expect(value?.message).toBe("Codemod with id missing-id not found");
     });
     it("propagates getById errors", async () => {
         const registryError = new Error("registry failed");
@@ -46,9 +45,9 @@ describe("applyCodemodById", () => {
         };
         const result = await applyCodemodById(registry, info)("foo");
         expect(result.isErr()).toBe(true);
-        if (result.isErr()) {
-            expect(result.error.message).toContain(registryError.message);
-        }
+        const value = result.isErr() ? result.error : null;
+        expect(value).toBeInstanceOf(Error);
+        expect(value?.message).toContain(registryError.message);
     });
     it("propagates apply errors", async () => {
         const applyError = new Error("apply failed");
@@ -65,9 +64,8 @@ describe("applyCodemodById", () => {
         };
         const result = await applyCodemodById(registry, info)("foo");
         expect(result.isErr()).toBe(true);
-        if (result.isErr()) {
-            expect(result.error).toBeInstanceOf(Error);
-            expect(result.error.message).toContain(applyError.message);
-        }
+        const value = result.isErr() ? result.error : null;
+        expect(value).toBeInstanceOf(Error);
+        expect(value?.message).toContain(applyError.message);
     });
 });

package/dist/use-cases/__tests__/list-codemods.test.js

@@ -31,8 +31,7 @@ describe("listCodemods", () => {
         };
         const result = await listCodemods(registry)();
         expect(result.isErr()).toBe(true);
-        if (result.isErr()) {
-            expect(result.error).toBe(error);
-        }
+        const value = result.isErr() ? result.error : null;
+        expect(value).toBe(error);
     });
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/dx-cli",
-  "version": "0.18.8",
+  "version": "0.18.10",
   "type": "module",
   "description": "A CLI useful to manage DX tools.",
   "repository": {
@@ -47,7 +47,7 @@
     "semver": "^7.7.4",
     "yaml": "^2.8.2",
     "zod": "^4.3.6",
-    "@pagopa/dx-savemoney": "^0.2.0"
+    "@pagopa/dx-savemoney": "^0.2.1"
   },
   "devDependencies": {
     "@tsconfig/node24": "24.0.4",
@@ -55,14 +55,14 @@
     "@types/node": "^22.19.15",
     "@types/semver": "^7.7.1",
     "@vitest/coverage-v8": "^3.2.4",
-    "eslint": "^9.39.2",
+    "eslint": "^10.1.0",
     "memfs": "^4.51.1",
     "plop": "^4.0.5",
     "prettier": "3.8.1",
     "typescript": "~5.9.3",
     "vitest": "^3.2.4",
     "vitest-mock-extended": "^3.1.0",
-    "@pagopa/eslint-config": "^5.1.2"
+    "@pagopa/eslint-config": "^6.0.0"
   },
   "engines": {
     "node": ">=22.0.0"