@webiny/project-aws 6.3.0-beta.4 → 6.4.0-beta.0

package/pulumi/apps/core/WatchCommand.js

@@ -1,105 +1,103 @@
-import * as aws from "@pulumi/aws";
 import { createAppModule } from "@webiny/pulumi";
 import { LAMBDA_RUNTIME } from "../../constants.js";
-import * as pulumi from "@pulumi/pulumi";
 import path from "path";
 import { CoreVpc } from "../index.js";
-export const WatchCommand = createAppModule({
-  name: "WatchCommand",
-  config(app, params) {
-    const roleName = "iot-authorizer-lambda-role";
-    const role = app.addResource(aws.iam.Role, {
-      name: roleName,
-      config: {
-        assumeRolePolicy: {
-          Version: "2012-10-17",
-          Statement: [{
-            Action: "sts:AssumeRole",
-            Principal: {
-              Service: "lambda.amazonaws.com"
+import * as __rspack_external__pulumi_aws_e7af83c1 from "@pulumi/aws";
+import * as __rspack_external__pulumi_pulumi_d0276039 from "@pulumi/pulumi";
+const WatchCommand = createAppModule({
+    name: "WatchCommand",
+    config (app, params) {
+        const roleName = "iot-authorizer-lambda-role";
+        const role = app.addResource(__rspack_external__pulumi_aws_e7af83c1.iam.Role, {
+            name: roleName,
+            config: {
+                assumeRolePolicy: {
+                    Version: "2012-10-17",
+                    Statement: [
+                        {
+                            Action: "sts:AssumeRole",
+                            Principal: {
+                                Service: "lambda.amazonaws.com"
+                            },
+                            Effect: "Allow"
+                        }
+                    ]
+                }
             },
-            Effect: "Allow"
-          }]
-        }
-      },
-      meta: {
-        isLambdaFunctionRole: true
-      }
-    });
-    const vpc = app.getModule(CoreVpc, {
-      optional: true
-    });
-
-    // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.
-    if (vpc) {
-      app.addResource(aws.iam.RolePolicyAttachment, {
-        name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,
-        config: {
-          role: role.output,
-          policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
-        }
-      });
-    } else {
-      app.addResource(aws.iam.RolePolicyAttachment, {
-        name: `${roleName}-AWSLambdaBasicExecutionRole`,
-        config: {
-          role: role.output,
-          policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole
-        }
-      });
+            meta: {
+                isLambdaFunctionRole: true
+            }
+        });
+        const vpc = app.getModule(CoreVpc, {
+            optional: true
+        });
+        if (vpc) app.addResource(__rspack_external__pulumi_aws_e7af83c1.iam.RolePolicyAttachment, {
+            name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,
+            config: {
+                role: role.output,
+                policyArn: __rspack_external__pulumi_aws_e7af83c1.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+            }
+        });
+        else app.addResource(__rspack_external__pulumi_aws_e7af83c1.iam.RolePolicyAttachment, {
+            name: `${roleName}-AWSLambdaBasicExecutionRole`,
+            config: {
+                role: role.output,
+                policyArn: __rspack_external__pulumi_aws_e7af83c1.iam.ManagedPolicy.AWSLambdaBasicExecutionRole
+            }
+        });
+        const iotAuthorizerFunction = app.addResource(__rspack_external__pulumi_aws_e7af83c1.lambda.Function, {
+            name: "watch-command-iot-authorizer",
+            config: {
+                role: role.output.arn,
+                runtime: LAMBDA_RUNTIME,
+                handler: "handler.handler",
+                timeout: 10,
+                memorySize: 128,
+                description: "Authorizes 'webiny watch' command communication.",
+                code: new __rspack_external__pulumi_pulumi_d0276039.asset.AssetArchive({
+                    ".": new __rspack_external__pulumi_pulumi_d0276039.asset.FileArchive(path.join(import.meta.dirname, "webinyWatchCommand"))
+                }),
+                environment: {
+                    variables: {
+                        WEBINY_WATCH_COMMAND_TOPIC: params.deploymentId.apply((deploymentId)=>`webiny-watch-${deploymentId}`)
+                    }
+                },
+                vpcConfig: vpc ? {
+                    subnetIds: vpc.subnets.private.map((s)=>s.output.id),
+                    securityGroupIds: [
+                        vpc.vpc.output.defaultSecurityGroupId
+                    ]
+                } : void 0,
+                loggingConfig: {
+                    logFormat: "JSON"
+                }
+            }
+        });
+        const iotAuthorizer = app.addResource(__rspack_external__pulumi_aws_e7af83c1.iot.Authorizer, {
+            name: "watch-command-iot-authorizer",
+            config: {
+                signingDisabled: true,
+                authorizerFunctionArn: iotAuthorizerFunction.output.arn,
+                status: "ACTIVE"
+            }
+        });
+        app.addResource(__rspack_external__pulumi_aws_e7af83c1.lambda.Permission, {
+            name: "webiny-watch-iot-authorizer",
+            config: {
+                principal: "iot.amazonaws.com",
+                function: iotAuthorizerFunction.output.arn,
+                sourceArn: iotAuthorizer.output.arn,
+                action: "lambda:InvokeFunction"
+            }
+        });
+        app.addOutputs({
+            iotAuthorizerName: iotAuthorizer.output.name
+        });
+        return {
+            iotAuthorizerFunction
+        };
     }
-    const iotAuthorizerFunction = app.addResource(aws.lambda.Function, {
-      name: "watch-command-iot-authorizer",
-      config: {
-        role: role.output.arn,
-        runtime: LAMBDA_RUNTIME,
-        handler: "handler.handler",
-        timeout: 10,
-        memorySize: 128,
-        description: "Authorizes 'webiny watch' command communication.",
-        code: new pulumi.asset.AssetArchive({
-          ".": new pulumi.asset.FileArchive(path.join(import.meta.dirname, "webinyWatchCommand"))
-        }),
-        environment: {
-          variables: {
-            WEBINY_WATCH_COMMAND_TOPIC: params.deploymentId.apply(deploymentId => {
-              return `webiny-watch-${deploymentId}`;
-            })
-          }
-        },
-        vpcConfig: vpc ? {
-          subnetIds: vpc.subnets.private.map(s => s.output.id),
-          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
-        } : undefined,
-        loggingConfig: {
-          logFormat: "JSON"
-        }
-      }
-    });
-    const iotAuthorizer = app.addResource(aws.iot.Authorizer, {
-      name: "watch-command-iot-authorizer",
-      config: {
-        signingDisabled: true,
-        authorizerFunctionArn: iotAuthorizerFunction.output.arn,
-        status: "ACTIVE"
-      }
-    });
-    app.addResource(aws.lambda.Permission, {
-      name: "webiny-watch-iot-authorizer",
-      config: {
-        principal: "iot.amazonaws.com",
-        function: iotAuthorizerFunction.output.arn,
-        sourceArn: iotAuthorizer.output.arn,
-        action: "lambda:InvokeFunction"
-      }
-    });
-    app.addOutputs({
-      iotAuthorizerName: iotAuthorizer.output.name
-    });
-    return {
-      iotAuthorizerFunction
-    };
-  }
 });
+export { WatchCommand };
 
 //# sourceMappingURL=WatchCommand.js.map

package/pulumi/apps/core/WatchCommand.js.map

@@ -1 +1 @@
-{"version":3,"names":["aws","createAppModule","LAMBDA_RUNTIME","pulumi","path","CoreVpc","WatchCommand","name","config","app","params","roleName","role","addResource","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","vpc","getModule","optional","RolePolicyAttachment","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","iotAuthorizerFunction","lambda","Function","arn","runtime","handler","timeout","memorySize","description","code","asset","AssetArchive","FileArchive","join","import","dirname","environment","variables","WEBINY_WATCH_COMMAND_TOPIC","deploymentId","apply","vpcConfig","subnetIds","subnets","private","map","s","id","securityGroupIds","defaultSecurityGroupId","undefined","loggingConfig","logFormat","iotAuthorizer","iot","Authorizer","signingDisabled","authorizerFunctionArn","status","Permission","principal","function","sourceArn","action","addOutputs","iotAuthorizerName"],"sources":["WatchCommand.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp } from \"@webiny/pulumi\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport path from \"path\";\nimport { CoreVpc } from \"~/pulumi/apps/index.js\";\n\nexport interface WatchCommandParams {\n    deploymentId: pulumi.Output<string>;\n}\n\nexport const WatchCommand = createAppModule({\n    name: \"WatchCommand\",\n    config(app: PulumiApp, params: WatchCommandParams) {\n        const roleName = \"iot-authorizer-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        const iotAuthorizerFunction = app.addResource(aws.lambda.Function, {\n            name: \"watch-command-iot-authorizer\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 10,\n                memorySize: 128,\n                description: \"Authorizes 'webiny watch' command communication.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(import.meta.dirname, \"webinyWatchCommand\")\n                    )\n                }),\n                environment: {\n                    variables: {\n                        WEBINY_WATCH_COMMAND_TOPIC: params.deploymentId.apply(deploymentId => {\n                            return `webiny-watch-${deploymentId}`;\n                        })\n                    }\n                },\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined,\n                loggingConfig: {\n                    logFormat: \"JSON\"\n                }\n            }\n        });\n\n        const iotAuthorizer = app.addResource(aws.iot.Authorizer, {\n            name: \"watch-command-iot-authorizer\",\n            config: {\n                signingDisabled: true,\n                authorizerFunctionArn: iotAuthorizerFunction.output.arn,\n                status: \"ACTIVE\"\n            }\n        });\n\n        app.addResource(aws.lambda.Permission, {\n            name: \"webiny-watch-iot-authorizer\",\n            config: {\n                principal: \"iot.amazonaws.com\",\n                function: iotAuthorizerFunction.output.arn,\n                sourceArn: iotAuthorizer.output.arn,\n                action: \"lambda:InvokeFunction\"\n            }\n        });\n\n        app.addOutputs({\n            iotAuthorizerName: iotAuthorizer.output.name\n        });\n\n        return { iotAuthorizerFunction };\n    }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAAwB,gBAAgB;AAChE,SAASC,cAAc;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAOC,IAAI,MAAM,MAAM;AACvB,SAASC,OAAO;AAMhB,OAAO,MAAMC,YAAY,GAAGL,eAAe,CAAC;EACxCM,IAAI,EAAE,cAAc;EACpBC,MAAMA,CAACC,GAAc,EAAEC,MAA0B,EAAE;IAC/C,MAAMC,QAAQ,GAAG,4BAA4B;IAE7C,MAAMC,IAAI,GAAGH,GAAG,CAACI,WAAW,CAACb,GAAG,CAACc,GAAG,CAACC,IAAI,EAAE;MACvCR,IAAI,EAAEI,QAAQ;MACdH,MAAM,EAAE;QACJQ,gBAAgB,EAAE;UACdC,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,gBAAgB;YACxBC,SAAS,EAAE;cACPC,OAAO,EAAE;YACb,CAAC;YACDC,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDC,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,GAAG,GAAGhB,GAAG,CAACiB,SAAS,CAACrB,OAAO,EAAE;MAAEsB,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIF,GAAG,EAAE;MACLhB,GAAG,CAACI,WAAW,CAACb,GAAG,CAACc,GAAG,CAACc,oBAAoB,EAAE;QAC1CrB,IAAI,EAAE,GAAGI,QAAQ,kCAAkC;QACnDH,MAAM,EAAE;UACJI,IAAI,EAAEA,IAAI,CAACiB,MAAM;UACjBC,SAAS,EAAE9B,GAAG,CAACc,GAAG,CAACiB,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHvB,GAAG,CAACI,WAAW,CAACb,GAAG,CAACc,GAAG,CAACc,oBAAoB,EAAE;QAC1CrB,IAAI,EAAE,GAAGI,QAAQ,8BAA8B;QAC/CH,MAAM,EAAE;UACJI,IAAI,EAAEA,IAAI,CAACiB,MAAM;UACjBC,SAAS,EAAE9B,GAAG,CAACc,GAAG,CAACiB,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEA,MAAMC,qBAAqB,GAAGzB,GAAG,CAACI,WAAW,CAACb,GAAG,CAACmC,MAAM,CAACC,QAAQ,EAAE;MAC/D7B,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJI,IAAI,EAAEA,IAAI,CAACiB,MAAM,CAACQ,GAAG;QACrBC,OAAO,EAAEpC,cAAc;QACvBqC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,GAAG;QACfC,WAAW,EAAE,kDAAkD;QAC/DC,IAAI,EAAE,IAAIxC,MAAM,CAACyC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI1C,MAAM,CAACyC,KAAK,CAACE,WAAW,CAC7B1C,IAAI,CAAC2C,IAAI,CAACC,MAAM,CAACzB,IAAI,CAAC0B,OAAO,EAAE,oBAAoB,CACvD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,0BAA0B,EAAE1C,MAAM,CAAC2C,YAAY,CAACC,KAAK,CAACD,YAAY,IAAI;cAClE,OAAO,gBAAgBA,YAAY,EAAE;YACzC,CAAC;UACL;QACJ,CAAC;QACDE,SAAS,EAAE9B,GAAG,GACR;UACI+B,SAAS,EAAE/B,GAAG,CAACgC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAAC/B,MAAM,CAACgC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACI,MAAM,CAACkC,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACfC,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,aAAa,GAAG1D,GAAG,CAACI,WAAW,CAACb,GAAG,CAACoE,GAAG,CAACC,UAAU,EAAE;MACtD9D,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJ8D,eAAe,EAAE,IAAI;QACrBC,qBAAqB,EAAErC,qBAAqB,CAACL,MAAM,CAACQ,GAAG;QACvDmC,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;IAEF/D,GAAG,CAACI,WAAW,CAACb,GAAG,CAACmC,MAAM,CAACsC,UAAU,EAAE;MACnClE,IAAI,EAAE,6BAA6B;MACnCC,MAAM,EAAE;QACJkE,SAAS,EAAE,mBAAmB;QAC9BC,QAAQ,EAAEzC,qBAAqB,CAACL,MAAM,CAACQ,GAAG;QAC1CuC,SAAS,EAAET,aAAa,CAACtC,MAAM,CAACQ,GAAG;QACnCwC,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;IAEFpE,GAAG,CAACqE,UAAU,CAAC;MACXC,iBAAiB,EAAEZ,aAAa,CAACtC,MAAM,CAACtB;IAC5C,CAAC,CAAC;IAEF,OAAO;MAAE2B;IAAsB,CAAC;EACpC;AACJ,CAAC,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/WatchCommand.js","sources":["../../../../src/pulumi/apps/core/WatchCommand.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp } from \"@webiny/pulumi\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport path from \"path\";\nimport { CoreVpc } from \"~/pulumi/apps/index.js\";\n\nexport interface WatchCommandParams {\n    deploymentId: pulumi.Output<string>;\n}\n\nexport const WatchCommand = createAppModule({\n    name: \"WatchCommand\",\n    config(app: PulumiApp, params: WatchCommandParams) {\n        const roleName = \"iot-authorizer-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        const iotAuthorizerFunction = app.addResource(aws.lambda.Function, {\n            name: \"watch-command-iot-authorizer\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 10,\n                memorySize: 128,\n                description: \"Authorizes 'webiny watch' command communication.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(import.meta.dirname, \"webinyWatchCommand\")\n                    )\n                }),\n                environment: {\n                    variables: {\n                        WEBINY_WATCH_COMMAND_TOPIC: params.deploymentId.apply(deploymentId => {\n                            return `webiny-watch-${deploymentId}`;\n                        })\n                    }\n                },\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined,\n                loggingConfig: {\n                    logFormat: \"JSON\"\n                }\n            }\n        });\n\n        const iotAuthorizer = app.addResource(aws.iot.Authorizer, {\n            name: \"watch-command-iot-authorizer\",\n            config: {\n                signingDisabled: true,\n                authorizerFunctionArn: iotAuthorizerFunction.output.arn,\n                status: \"ACTIVE\"\n            }\n        });\n\n        app.addResource(aws.lambda.Permission, {\n            name: \"webiny-watch-iot-authorizer\",\n            config: {\n                principal: \"iot.amazonaws.com\",\n                function: iotAuthorizerFunction.output.arn,\n                sourceArn: iotAuthorizer.output.arn,\n                action: \"lambda:InvokeFunction\"\n            }\n        });\n\n        app.addOutputs({\n            iotAuthorizerName: iotAuthorizer.output.name\n        });\n\n        return { iotAuthorizerFunction };\n    }\n});\n"],"names":["WatchCommand","createAppModule","app","params","roleName","role","aws","vpc","CoreVpc","iotAuthorizerFunction","LAMBDA_RUNTIME","pulumi","path","deploymentId","s","undefined","iotAuthorizer"],"mappings":";;;;;;AAWO,MAAMA,eAAeC,gBAAgB;IACxC,MAAM;IACN,QAAOC,GAAc,EAAEC,MAA0B;QAC7C,MAAMC,WAAW;QAEjB,MAAMC,OAAOH,IAAI,WAAW,CAACI,uCAAAA,GAAAA,CAAAA,IAAY,EAAE;YACvC,MAAMF;YACN,QAAQ;gBACJ,kBAAkB;oBACd,SAAS;oBACT,WAAW;wBACP;4BACI,QAAQ;4BACR,WAAW;gCACP,SAAS;4BACb;4BACA,QAAQ;wBACZ;qBACH;gBACL;YACJ;YACA,MAAM;gBAAE,sBAAsB;YAAK;QACvC;QAEA,MAAMG,MAAML,IAAI,SAAS,CAACM,SAAS;YAAE,UAAU;QAAK;QAGpD,IAAID,KACAL,IAAI,WAAW,CAACI,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;YAC1C,MAAM,GAAGF,SAAS,gCAAgC,CAAC;YACnD,QAAQ;gBACJ,MAAMC,KAAK,MAAM;gBACjB,WAAWC,uCAAAA,GAAAA,CAAAA,aAAAA,CAAAA,+BAAqD;YACpE;QACJ;aAEAJ,IAAI,WAAW,CAACI,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;YAC1C,MAAM,GAAGF,SAAS,4BAA4B,CAAC;YAC/C,QAAQ;gBACJ,MAAMC,KAAK,MAAM;gBACjB,WAAWC,uCAAAA,GAAAA,CAAAA,aAAAA,CAAAA,2BAAiD;YAChE;QACJ;QAGJ,MAAMG,wBAAwBP,IAAI,WAAW,CAACI,uCAAAA,MAAAA,CAAAA,QAAmB,EAAE;YAC/D,MAAM;YACN,QAAQ;gBACJ,MAAMD,KAAK,MAAM,CAAC,GAAG;gBACrB,SAASK;gBACT,SAAS;gBACT,SAAS;gBACT,YAAY;gBACZ,aAAa;gBACb,MAAM,IAAIC,0CAAAA,KAAAA,CAAAA,YAAyB,CAAC;oBAChC,KAAK,IAAIA,0CAAAA,KAAAA,CAAAA,WAAwB,CAC7BC,KAAK,IAAI,CAAC,YAAY,OAAO,EAAE;gBAEvC;gBACA,aAAa;oBACT,WAAW;wBACP,4BAA4BT,OAAO,YAAY,CAAC,KAAK,CAACU,CAAAA,eAC3C,CAAC,aAAa,EAAEA,cAAc;oBAE7C;gBACJ;gBACA,WAAWN,MACL;oBACI,WAAWA,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAACO,CAAAA,IAAKA,EAAE,MAAM,CAAC,EAAE;oBACnD,kBAAkB;wBAACP,IAAI,GAAG,CAAC,MAAM,CAAC,sBAAsB;qBAAC;gBAC7D,IACAQ;gBACN,eAAe;oBACX,WAAW;gBACf;YACJ;QACJ;QAEA,MAAMC,gBAAgBd,IAAI,WAAW,CAACI,uCAAAA,GAAAA,CAAAA,UAAkB,EAAE;YACtD,MAAM;YACN,QAAQ;gBACJ,iBAAiB;gBACjB,uBAAuBG,sBAAsB,MAAM,CAAC,GAAG;gBACvD,QAAQ;YACZ;QACJ;QAEAP,IAAI,WAAW,CAACI,uCAAAA,MAAAA,CAAAA,UAAqB,EAAE;YACnC,MAAM;YACN,QAAQ;gBACJ,WAAW;gBACX,UAAUG,sBAAsB,MAAM,CAAC,GAAG;gBAC1C,WAAWO,cAAc,MAAM,CAAC,GAAG;gBACnC,QAAQ;YACZ;QACJ;QAEAd,IAAI,UAAU,CAAC;YACX,mBAAmBc,cAAc,MAAM,CAAC,IAAI;QAChD;QAEA,OAAO;YAAEP;QAAsB;IACnC;AACJ"}

package/pulumi/apps/core/cognitoIdentityProviders/amazon.js

@@ -1,24 +1,18 @@
-/**
- * Amazon doesn't provide first/last name as separate attributes. Instead, it gives you a `name`.
- * To handle this, developers will need to set up a pre-authentication Lambda trigger on the user pool,
- * to generate proper first/last name using custom code.
- */
-export const getAmazonIdpConfig = (userPoolId, config) => {
-  return {
-    userPoolId,
-    providerName: "Amazon",
-    providerType: "LoginWithAmazon",
-    providerDetails: config.providerDetails,
-    idpIdentifiers: config.idpIdentifiers,
-    attributeMapping: {
-      "custom:id": "user_id",
-      username: "user_id",
-      email: "email",
-      given_name: "name",
-      family_name: "name",
-      ...config.attributeMapping
-    }
-  };
-};
+const getAmazonIdpConfig = (userPoolId, config)=>({
+        userPoolId,
+        providerName: "Amazon",
+        providerType: "LoginWithAmazon",
+        providerDetails: config.providerDetails,
+        idpIdentifiers: config.idpIdentifiers,
+        attributeMapping: {
+            "custom:id": "user_id",
+            username: "user_id",
+            email: "email",
+            given_name: "name",
+            family_name: "name",
+            ...config.attributeMapping
+        }
+    });
+export { getAmazonIdpConfig };
 
 //# sourceMappingURL=amazon.js.map

package/pulumi/apps/core/cognitoIdentityProviders/amazon.js.map

@@ -1 +1 @@
-{"version":3,"names":["getAmazonIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["amazon.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\n\n/**\n * Amazon doesn't provide first/last name as separate attributes. Instead, it gives you a `name`.\n * To handle this, developers will need to set up a pre-authentication Lambda trigger on the user pool,\n * to generate proper first/last name using custom code.\n */\nexport const getAmazonIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Amazon\",\n        providerType: \"LoginWithAmazon\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"user_id\",\n            username: \"user_id\",\n            email: \"email\",\n            given_name: \"name\",\n            family_name: \"name\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"mappings":"AAIA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,kBAAkB,GAAGA,CAC9BC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,QAAQ;IACtBC,YAAY,EAAE,iBAAiB;IAC/BC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,SAAS;MACtBC,QAAQ,EAAE,SAAS;MACnBC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,MAAM;MAClBC,WAAW,EAAE,MAAM;MACnB,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/cognitoIdentityProviders/amazon.js","sources":["../../../../../src/pulumi/apps/core/cognitoIdentityProviders/amazon.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\n\n/**\n * Amazon doesn't provide first/last name as separate attributes. Instead, it gives you a `name`.\n * To handle this, developers will need to set up a pre-authentication Lambda trigger on the user pool,\n * to generate proper first/last name using custom code.\n */\nexport const getAmazonIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Amazon\",\n        providerType: \"LoginWithAmazon\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"user_id\",\n            username: \"user_id\",\n            email: \"email\",\n            given_name: \"name\",\n            family_name: \"name\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"names":["getAmazonIdpConfig","userPoolId","config"],"mappings":"AASO,MAAMA,qBAAqB,CAC9BC,YACAC,SAEO;QACHD;QACA,cAAc;QACd,cAAc;QACd,iBAAiBC,OAAO,eAAe;QACvC,gBAAgBA,OAAO,cAAc;QACrC,kBAAkB;YACd,aAAa;YACb,UAAU;YACV,OAAO;YACP,YAAY;YACZ,aAAa;YACb,GAAGA,OAAO,gBAAgB;QAC9B;IACJ"}

package/pulumi/apps/core/cognitoIdentityProviders/apple.js

@@ -1,19 +1,18 @@
-export const getAppleIdpConfig = (userPoolId, config) => {
-  return {
-    userPoolId,
-    providerName: "Apple",
-    providerType: "SignInWithApple",
-    providerDetails: config.providerDetails,
-    idpIdentifiers: config.idpIdentifiers,
-    attributeMapping: {
-      "custom:id": "sub",
-      username: "sub",
-      email: "email",
-      given_name: "firstName",
-      family_name: "lastName",
-      ...config.attributeMapping
-    }
-  };
-};
+const getAppleIdpConfig = (userPoolId, config)=>({
+        userPoolId,
+        providerName: "Apple",
+        providerType: "SignInWithApple",
+        providerDetails: config.providerDetails,
+        idpIdentifiers: config.idpIdentifiers,
+        attributeMapping: {
+            "custom:id": "sub",
+            username: "sub",
+            email: "email",
+            given_name: "firstName",
+            family_name: "lastName",
+            ...config.attributeMapping
+        }
+    });
+export { getAppleIdpConfig };
 
 //# sourceMappingURL=apple.js.map

package/pulumi/apps/core/cognitoIdentityProviders/apple.js.map

@@ -1 +1 @@
-{"version":3,"names":["getAppleIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["apple.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\n\nexport const getAppleIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Apple\",\n        providerType: \"SignInWithApple\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"sub\",\n            username: \"sub\",\n            email: \"email\",\n            given_name: \"firstName\",\n            family_name: \"lastName\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"mappings":"AAIA,OAAO,MAAMA,iBAAiB,GAAGA,CAC7BC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,OAAO;IACrBC,YAAY,EAAE,iBAAiB;IAC/BC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,KAAK;MAClBC,QAAQ,EAAE,KAAK;MACfC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,WAAW;MACvBC,WAAW,EAAE,UAAU;MACvB,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/cognitoIdentityProviders/apple.js","sources":["../../../../../src/pulumi/apps/core/cognitoIdentityProviders/apple.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\n\nexport const getAppleIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Apple\",\n        providerType: \"SignInWithApple\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"sub\",\n            username: \"sub\",\n            email: \"email\",\n            given_name: \"firstName\",\n            family_name: \"lastName\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"names":["getAppleIdpConfig","userPoolId","config"],"mappings":"AAIO,MAAMA,oBAAoB,CAC7BC,YACAC,SAEO;QACHD;QACA,cAAc;QACd,cAAc;QACd,iBAAiBC,OAAO,eAAe;QACvC,gBAAgBA,OAAO,cAAc;QACrC,kBAAkB;YACd,aAAa;YACb,UAAU;YACV,OAAO;YACP,YAAY;YACZ,aAAa;YACb,GAAGA,OAAO,gBAAgB;QAC9B;IACJ"}

package/pulumi/apps/core/cognitoIdentityProviders/configure.js

@@ -1,57 +1,51 @@
-import * as aws from "@pulumi/aws";
-import * as pulumi from "@pulumi/pulumi";
 import { getIdpConfig } from "./getIdpConfig.js";
 import { getEnvVariableAwsRegion } from "../../../env/awsRegion.js";
-const isString = value => {
-  return typeof value === "string";
-};
-export const configureAdminCognitoFederation = (app, config) => {
-  const region = getEnvVariableAwsRegion();
-  const userPool = app.resources.userPool;
-  const appClient = app.resources.userPoolClient;
-
-  /**
-   * We need to create a user pool domain, which is used to interact with the federated identity providers.
-   */
-  const userPoolDomain = app.addResource(aws.cognito.UserPoolDomain, {
-    name: "cognitoUserPoolDomain",
-    config: {
-      domain: isString(config.domain) ? config.domain : config.domain.name,
-      certificateArn: isString(config.domain) ? undefined : config.domain.certificateArn,
-      userPoolId: userPool.output.id
-    }
-  });
-  app.addOutput("cognitoUserPoolDomain", pulumi.interpolate`${userPoolDomain.output.domain}.auth.${region}.amazoncognito.com`);
-  const idpConfigs = [];
-  for (const idp of config.identityProviders) {
-    const config = getIdpConfig(idp.type, userPool.output.id, idp);
-
-    // The idea to lowercase the provider name emerged while working on backwards compatibility issue.
-    // Basically, in cases where a user used the OIDC provider and did not specify a name, instead of
-    // using `OIDC` as the name, we wanted to ensure `oidc` is used. But, what I soon realized is that
-    // by simply lowercasing the name, we can avoid the need to check for the provider type and name.
-    // And although this will now happen for all providers, it's not a problem since Pulumi requires
-    // names to be all lowercase anyway.
-    const name = config.providerName.toString().toLowerCase();
-    app.addResource(aws.cognito.IdentityProvider, {
-      name,
-      config
+import * as __rspack_external__pulumi_aws_e7af83c1 from "@pulumi/aws";
+import * as __rspack_external__pulumi_pulumi_d0276039 from "@pulumi/pulumi";
+const isString = (value)=>"string" == typeof value;
+const configureAdminCognitoFederation = (app, config)=>{
+    const region = getEnvVariableAwsRegion();
+    const userPool = app.resources.userPool;
+    const appClient = app.resources.userPoolClient;
+    const userPoolDomain = app.addResource(__rspack_external__pulumi_aws_e7af83c1.cognito.UserPoolDomain, {
+        name: "cognitoUserPoolDomain",
+        config: {
+            domain: isString(config.domain) ? config.domain : config.domain.name,
+            certificateArn: isString(config.domain) ? void 0 : config.domain.certificateArn,
+            userPoolId: userPool.output.id
+        }
     });
-    idpConfigs.push(config);
-  }
-  appClient.config.supportedIdentityProviders(["COGNITO", ...idpConfigs.map(config => {
-    // For built-in identity providers, we use the type as the name. Only for OIDC,
-    // we allow the user to provide a custom name, and we only use the type as a fallback.
-    if (config.providerType === "OIDC") {
-      return config.providerName;
+    app.addOutput("cognitoUserPoolDomain", __rspack_external__pulumi_pulumi_d0276039.interpolate`${userPoolDomain.output.domain}.auth.${region}.amazoncognito.com`);
+    const idpConfigs = [];
+    for (const idp of config.identityProviders){
+        const config = getIdpConfig(idp.type, userPool.output.id, idp);
+        const name = config.providerName.toString().toLowerCase();
+        app.addResource(__rspack_external__pulumi_aws_e7af83c1.cognito.IdentityProvider, {
+            name,
+            config
+        });
+        idpConfigs.push(config);
     }
-    return config.providerType;
-  })]);
-  appClient.config.allowedOauthScopes(["profile", "email", "openid"]);
-  appClient.config.allowedOauthFlows(["implicit", "code"]);
-  appClient.config.allowedOauthFlowsUserPoolClient(true);
-  appClient.config.callbackUrls(config.callbackUrls);
-  appClient.config.logoutUrls(config.logoutUrls ?? config.callbackUrls);
+    appClient.config.supportedIdentityProviders([
+        "COGNITO",
+        ...idpConfigs.map((config)=>{
+            if ("OIDC" === config.providerType) return config.providerName;
+            return config.providerType;
+        })
+    ]);
+    appClient.config.allowedOauthScopes([
+        "profile",
+        "email",
+        "openid"
+    ]);
+    appClient.config.allowedOauthFlows([
+        "implicit",
+        "code"
+    ]);
+    appClient.config.allowedOauthFlowsUserPoolClient(true);
+    appClient.config.callbackUrls(config.callbackUrls);
+    appClient.config.logoutUrls(config.logoutUrls ?? config.callbackUrls);
 };
+export { configureAdminCognitoFederation };
 
 //# sourceMappingURL=configure.js.map

package/pulumi/apps/core/cognitoIdentityProviders/configure.js.map

@@ -1 +1 @@
-{"version":3,"names":["aws","pulumi","getIdpConfig","getEnvVariableAwsRegion","isString","value","configureAdminCognitoFederation","app","config","region","userPool","resources","appClient","userPoolClient","userPoolDomain","addResource","cognito","UserPoolDomain","name","domain","certificateArn","undefined","userPoolId","output","id","addOutput","interpolate","idpConfigs","idp","identityProviders","type","providerName","toString","toLowerCase","IdentityProvider","push","supportedIdentityProviders","map","providerType","allowedOauthScopes","allowedOauthFlows","allowedOauthFlowsUserPoolClient","callbackUrls","logoutUrls"],"sources":["configure.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { type UserPoolDomainArgs } from \"@pulumi/aws/cognito/userPoolDomain.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport {\n    type PulumiApp,\n    type PulumiAppResource,\n    type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\nimport { getIdpConfig } from \"./getIdpConfig.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport type IdentityAttributeMapping = {\n    \"custom:id\": string;\n    username: string;\n    email: string;\n    family_name: string;\n    given_name: string;\n    [key: string]: string;\n};\n\nexport interface CognitoIdentityProvidersConfig {\n    domain:\n        | string\n        | {\n              name: UserPoolDomainArgs[\"domain\"];\n              certificateArn?: UserPoolDomainArgs[\"certificateArn\"];\n          };\n    identityProviders: CognitoIdentityProviderConfig[];\n    callbackUrls: string[];\n    logoutUrls?: string[];\n}\n\nexport interface CognitoIdentityProviderConfig {\n    name?: string;\n    type: \"google\" | \"facebook\" | \"amazon\" | \"apple\" | \"oidc\";\n    providerDetails: IdentityProviderArgs[\"providerDetails\"];\n    idpIdentifiers?: IdentityProviderArgs[\"idpIdentifiers\"];\n    attributeMapping?: IdentityAttributeMapping;\n}\n\nconst isString = (value?: any): value is string => {\n    return typeof value === \"string\";\n};\n\nexport const configureAdminCognitoFederation = (\n    app: PulumiApp,\n    config: CognitoIdentityProvidersConfig\n) => {\n    const region = getEnvVariableAwsRegion();\n\n    const userPool = app.resources.userPool as PulumiAppResource<\n        PulumiAppResourceConstructor<aws.cognito.UserPool>\n    >;\n\n    const appClient = app.resources.userPoolClient as PulumiAppResource<\n        PulumiAppResourceConstructor<aws.cognito.UserPoolClient>\n    >;\n\n    /**\n     * We need to create a user pool domain, which is used to interact with the federated identity providers.\n     */\n    const userPoolDomain = app.addResource(aws.cognito.UserPoolDomain, {\n        name: \"cognitoUserPoolDomain\",\n        config: {\n            domain: isString(config.domain) ? config.domain : config.domain.name,\n            certificateArn: isString(config.domain) ? undefined : config.domain.certificateArn,\n            userPoolId: userPool.output.id\n        }\n    });\n\n    app.addOutput(\n        \"cognitoUserPoolDomain\",\n        pulumi.interpolate`${userPoolDomain.output.domain}.auth.${region}.amazoncognito.com`\n    );\n\n    const idpConfigs: aws.cognito.IdentityProviderArgs[] = [];\n\n    for (const idp of config.identityProviders) {\n        const config = getIdpConfig(idp.type, userPool.output.id, idp);\n\n        // The idea to lowercase the provider name emerged while working on backwards compatibility issue.\n        // Basically, in cases where a user used the OIDC provider and did not specify a name, instead of\n        // using `OIDC` as the name, we wanted to ensure `oidc` is used. But, what I soon realized is that\n        // by simply lowercasing the name, we can avoid the need to check for the provider type and name.\n        // And although this will now happen for all providers, it's not a problem since Pulumi requires\n        // names to be all lowercase anyway.\n        const name = config.providerName.toString().toLowerCase();\n\n        app.addResource(aws.cognito.IdentityProvider, { name, config });\n\n        idpConfigs.push(config);\n    }\n\n    appClient.config.supportedIdentityProviders([\n        \"COGNITO\",\n        ...idpConfigs.map(config => {\n            // For built-in identity providers, we use the type as the name. Only for OIDC,\n            // we allow the user to provide a custom name, and we only use the type as a fallback.\n            if (config.providerType === \"OIDC\") {\n                return config.providerName;\n            }\n            return config.providerType;\n        })\n    ]);\n\n    appClient.config.allowedOauthScopes([\"profile\", \"email\", \"openid\"]);\n    appClient.config.allowedOauthFlows([\"implicit\", \"code\"]);\n    appClient.config.allowedOauthFlowsUserPoolClient(true);\n    appClient.config.callbackUrls(config.callbackUrls);\n    appClient.config.logoutUrls(config.logoutUrls ?? config.callbackUrls);\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAGlC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAMxC,SAASC,YAAY;AACrB,SAASC,uBAAuB;AA+BhC,MAAMC,QAAQ,GAAIC,KAAW,IAAsB;EAC/C,OAAO,OAAOA,KAAK,KAAK,QAAQ;AACpC,CAAC;AAED,OAAO,MAAMC,+BAA+B,GAAGA,CAC3CC,GAAc,EACdC,MAAsC,KACrC;EACD,MAAMC,MAAM,GAAGN,uBAAuB,CAAC,CAAC;EAExC,MAAMO,QAAQ,GAAGH,GAAG,CAACI,SAAS,CAACD,QAE9B;EAED,MAAME,SAAS,GAAGL,GAAG,CAACI,SAAS,CAACE,cAE/B;;EAED;AACJ;AACA;EACI,MAAMC,cAAc,GAAGP,GAAG,CAACQ,WAAW,CAACf,GAAG,CAACgB,OAAO,CAACC,cAAc,EAAE;IAC/DC,IAAI,EAAE,uBAAuB;IAC7BV,MAAM,EAAE;MACJW,MAAM,EAAEf,QAAQ,CAACI,MAAM,CAACW,MAAM,CAAC,GAAGX,MAAM,CAACW,MAAM,GAAGX,MAAM,CAACW,MAAM,CAACD,IAAI;MACpEE,cAAc,EAAEhB,QAAQ,CAACI,MAAM,CAACW,MAAM,CAAC,GAAGE,SAAS,GAAGb,MAAM,CAACW,MAAM,CAACC,cAAc;MAClFE,UAAU,EAAEZ,QAAQ,CAACa,MAAM,CAACC;IAChC;EACJ,CAAC,CAAC;EAEFjB,GAAG,CAACkB,SAAS,CACT,uBAAuB,EACvBxB,MAAM,CAACyB,WAAW,GAAGZ,cAAc,CAACS,MAAM,CAACJ,MAAM,SAASV,MAAM,oBACpE,CAAC;EAED,MAAMkB,UAA8C,GAAG,EAAE;EAEzD,KAAK,MAAMC,GAAG,IAAIpB,MAAM,CAACqB,iBAAiB,EAAE;IACxC,MAAMrB,MAAM,GAAGN,YAAY,CAAC0B,GAAG,CAACE,IAAI,EAAEpB,QAAQ,CAACa,MAAM,CAACC,EAAE,EAAEI,GAAG,CAAC;;IAE9D;IACA;IACA;IACA;IACA;IACA;IACA,MAAMV,IAAI,GAAGV,MAAM,CAACuB,YAAY,CAACC,QAAQ,CAAC,CAAC,CAACC,WAAW,CAAC,CAAC;IAEzD1B,GAAG,CAACQ,WAAW,CAACf,GAAG,CAACgB,OAAO,CAACkB,gBAAgB,EAAE;MAAEhB,IAAI;MAAEV;IAAO,CAAC,CAAC;IAE/DmB,UAAU,CAACQ,IAAI,CAAC3B,MAAM,CAAC;EAC3B;EAEAI,SAAS,CAACJ,MAAM,CAAC4B,0BAA0B,CAAC,CACxC,SAAS,EACT,GAAGT,UAAU,CAACU,GAAG,CAAC7B,MAAM,IAAI;IACxB;IACA;IACA,IAAIA,MAAM,CAAC8B,YAAY,KAAK,MAAM,EAAE;MAChC,OAAO9B,MAAM,CAACuB,YAAY;IAC9B;IACA,OAAOvB,MAAM,CAAC8B,YAAY;EAC9B,CAAC,CAAC,CACL,CAAC;EAEF1B,SAAS,CAACJ,MAAM,CAAC+B,kBAAkB,CAAC,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;EACnE3B,SAAS,CAACJ,MAAM,CAACgC,iBAAiB,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;EACxD5B,SAAS,CAACJ,MAAM,CAACiC,+BAA+B,CAAC,IAAI,CAAC;EACtD7B,SAAS,CAACJ,MAAM,CAACkC,YAAY,CAAClC,MAAM,CAACkC,YAAY,CAAC;EAClD9B,SAAS,CAACJ,MAAM,CAACmC,UAAU,CAACnC,MAAM,CAACmC,UAAU,IAAInC,MAAM,CAACkC,YAAY,CAAC;AACzE,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/cognitoIdentityProviders/configure.js","sources":["../../../../../src/pulumi/apps/core/cognitoIdentityProviders/configure.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { type UserPoolDomainArgs } from \"@pulumi/aws/cognito/userPoolDomain.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport {\n    type PulumiApp,\n    type PulumiAppResource,\n    type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\nimport { getIdpConfig } from \"./getIdpConfig.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport type IdentityAttributeMapping = {\n    \"custom:id\": string;\n    username: string;\n    email: string;\n    family_name: string;\n    given_name: string;\n    [key: string]: string;\n};\n\nexport interface CognitoIdentityProvidersConfig {\n    domain:\n        | string\n        | {\n              name: UserPoolDomainArgs[\"domain\"];\n              certificateArn?: UserPoolDomainArgs[\"certificateArn\"];\n          };\n    identityProviders: CognitoIdentityProviderConfig[];\n    callbackUrls: string[];\n    logoutUrls?: string[];\n}\n\nexport interface CognitoIdentityProviderConfig {\n    name?: string;\n    type: \"google\" | \"facebook\" | \"amazon\" | \"apple\" | \"oidc\";\n    providerDetails: IdentityProviderArgs[\"providerDetails\"];\n    idpIdentifiers?: IdentityProviderArgs[\"idpIdentifiers\"];\n    attributeMapping?: IdentityAttributeMapping;\n}\n\nconst isString = (value?: any): value is string => {\n    return typeof value === \"string\";\n};\n\nexport const configureAdminCognitoFederation = (\n    app: PulumiApp,\n    config: CognitoIdentityProvidersConfig\n) => {\n    const region = getEnvVariableAwsRegion();\n\n    const userPool = app.resources.userPool as PulumiAppResource<\n        PulumiAppResourceConstructor<aws.cognito.UserPool>\n    >;\n\n    const appClient = app.resources.userPoolClient as PulumiAppResource<\n        PulumiAppResourceConstructor<aws.cognito.UserPoolClient>\n    >;\n\n    /**\n     * We need to create a user pool domain, which is used to interact with the federated identity providers.\n     */\n    const userPoolDomain = app.addResource(aws.cognito.UserPoolDomain, {\n        name: \"cognitoUserPoolDomain\",\n        config: {\n            domain: isString(config.domain) ? config.domain : config.domain.name,\n            certificateArn: isString(config.domain) ? undefined : config.domain.certificateArn,\n            userPoolId: userPool.output.id\n        }\n    });\n\n    app.addOutput(\n        \"cognitoUserPoolDomain\",\n        pulumi.interpolate`${userPoolDomain.output.domain}.auth.${region}.amazoncognito.com`\n    );\n\n    const idpConfigs: aws.cognito.IdentityProviderArgs[] = [];\n\n    for (const idp of config.identityProviders) {\n        const config = getIdpConfig(idp.type, userPool.output.id, idp);\n\n        // The idea to lowercase the provider name emerged while working on backwards compatibility issue.\n        // Basically, in cases where a user used the OIDC provider and did not specify a name, instead of\n        // using `OIDC` as the name, we wanted to ensure `oidc` is used. But, what I soon realized is that\n        // by simply lowercasing the name, we can avoid the need to check for the provider type and name.\n        // And although this will now happen for all providers, it's not a problem since Pulumi requires\n        // names to be all lowercase anyway.\n        const name = config.providerName.toString().toLowerCase();\n\n        app.addResource(aws.cognito.IdentityProvider, { name, config });\n\n        idpConfigs.push(config);\n    }\n\n    appClient.config.supportedIdentityProviders([\n        \"COGNITO\",\n        ...idpConfigs.map(config => {\n            // For built-in identity providers, we use the type as the name. Only for OIDC,\n            // we allow the user to provide a custom name, and we only use the type as a fallback.\n            if (config.providerType === \"OIDC\") {\n                return config.providerName;\n            }\n            return config.providerType;\n        })\n    ]);\n\n    appClient.config.allowedOauthScopes([\"profile\", \"email\", \"openid\"]);\n    appClient.config.allowedOauthFlows([\"implicit\", \"code\"]);\n    appClient.config.allowedOauthFlowsUserPoolClient(true);\n    appClient.config.callbackUrls(config.callbackUrls);\n    appClient.config.logoutUrls(config.logoutUrls ?? config.callbackUrls);\n};\n"],"names":["isString","value","configureAdminCognitoFederation","app","config","region","getEnvVariableAwsRegion","userPool","appClient","userPoolDomain","aws","undefined","pulumi","idpConfigs","idp","getIdpConfig","name"],"mappings":";;;;AAyCA,MAAMA,WAAW,CAACC,QACP,AAAiB,YAAjB,OAAOA;AAGX,MAAMC,kCAAkC,CAC3CC,KACAC;IAEA,MAAMC,SAASC;IAEf,MAAMC,WAAWJ,IAAI,SAAS,CAAC,QAAQ;IAIvC,MAAMK,YAAYL,IAAI,SAAS,CAAC,cAAc;IAO9C,MAAMM,iBAAiBN,IAAI,WAAW,CAACO,uCAAAA,OAAAA,CAAAA,cAA0B,EAAE;QAC/D,MAAM;QACN,QAAQ;YACJ,QAAQV,SAASI,OAAO,MAAM,IAAIA,OAAO,MAAM,GAAGA,OAAO,MAAM,CAAC,IAAI;YACpE,gBAAgBJ,SAASI,OAAO,MAAM,IAAIO,SAAYP,OAAO,MAAM,CAAC,cAAc;YAClF,YAAYG,SAAS,MAAM,CAAC,EAAE;QAClC;IACJ;IAEAJ,IAAI,SAAS,CACT,yBACAS,0CAAAA,WAAkB,CAAC,EAAEH,eAAe,MAAM,CAAC,MAAM,CAAC,MAAM,EAAEJ,OAAO,kBAAkB,CAAC;IAGxF,MAAMQ,aAAiD,EAAE;IAEzD,KAAK,MAAMC,OAAOV,OAAO,iBAAiB,CAAE;QACxC,MAAMA,SAASW,aAAaD,IAAI,IAAI,EAAEP,SAAS,MAAM,CAAC,EAAE,EAAEO;QAQ1D,MAAME,OAAOZ,OAAO,YAAY,CAAC,QAAQ,GAAG,WAAW;QAEvDD,IAAI,WAAW,CAACO,uCAAAA,OAAAA,CAAAA,gBAA4B,EAAE;YAAEM;YAAMZ;QAAO;QAE7DS,WAAW,IAAI,CAACT;IACpB;IAEAI,UAAU,MAAM,CAAC,0BAA0B,CAAC;QACxC;WACGK,WAAW,GAAG,CAACT,CAAAA;YAGd,IAAIA,AAAwB,WAAxBA,OAAO,YAAY,EACnB,OAAOA,OAAO,YAAY;YAE9B,OAAOA,OAAO,YAAY;QAC9B;KACH;IAEDI,UAAU,MAAM,CAAC,kBAAkB,CAAC;QAAC;QAAW;QAAS;KAAS;IAClEA,UAAU,MAAM,CAAC,iBAAiB,CAAC;QAAC;QAAY;KAAO;IACvDA,UAAU,MAAM,CAAC,+BAA+B,CAAC;IACjDA,UAAU,MAAM,CAAC,YAAY,CAACJ,OAAO,YAAY;IACjDI,UAAU,MAAM,CAAC,UAAU,CAACJ,OAAO,UAAU,IAAIA,OAAO,YAAY;AACxE"}

package/pulumi/apps/core/cognitoIdentityProviders/facebook.js

@@ -1,19 +1,18 @@
-export const getFacebookIdpConfig = (userPoolId, config) => {
-  return {
-    userPoolId,
-    providerName: "Facebook",
-    providerType: "Facebook",
-    providerDetails: config.providerDetails,
-    idpIdentifiers: config.idpIdentifiers,
-    attributeMapping: {
-      "custom:id": "id",
-      username: "id",
-      email: "email",
-      given_name: "first_name",
-      family_name: "last_name",
-      ...config.attributeMapping
-    }
-  };
-};
+const getFacebookIdpConfig = (userPoolId, config)=>({
+        userPoolId,
+        providerName: "Facebook",
+        providerType: "Facebook",
+        providerDetails: config.providerDetails,
+        idpIdentifiers: config.idpIdentifiers,
+        attributeMapping: {
+            "custom:id": "id",
+            username: "id",
+            email: "email",
+            given_name: "first_name",
+            family_name: "last_name",
+            ...config.attributeMapping
+        }
+    });
+export { getFacebookIdpConfig };
 
 //# sourceMappingURL=facebook.js.map

package/pulumi/apps/core/cognitoIdentityProviders/facebook.js.map

@@ -1 +1 @@
-{"version":3,"names":["getFacebookIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["facebook.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\n\nexport const getFacebookIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Facebook\",\n        providerType: \"Facebook\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"id\",\n            username: \"id\",\n            email: \"email\",\n            given_name: \"first_name\",\n            family_name: \"last_name\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"mappings":"AAIA,OAAO,MAAMA,oBAAoB,GAAGA,CAChCC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,UAAU;IACxBC,YAAY,EAAE,UAAU;IACxBC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,IAAI;MACjBC,QAAQ,EAAE,IAAI;MACdC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,YAAY;MACxBC,WAAW,EAAE,WAAW;MACxB,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/cognitoIdentityProviders/facebook.js","sources":["../../../../../src/pulumi/apps/core/cognitoIdentityProviders/facebook.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\n\nexport const getFacebookIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Facebook\",\n        providerType: \"Facebook\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"id\",\n            username: \"id\",\n            email: \"email\",\n            given_name: \"first_name\",\n            family_name: \"last_name\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"names":["getFacebookIdpConfig","userPoolId","config"],"mappings":"AAIO,MAAMA,uBAAuB,CAChCC,YACAC,SAEO;QACHD;QACA,cAAc;QACd,cAAc;QACd,iBAAiBC,OAAO,eAAe;QACvC,gBAAgBA,OAAO,cAAc;QACrC,kBAAkB;YACd,aAAa;YACb,UAAU;YACV,OAAO;YACP,YAAY;YACZ,aAAa;YACb,GAAGA,OAAO,gBAAgB;QAC9B;IACJ"}

package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js

@@ -4,14 +4,13 @@ import { getAppleIdpConfig } from "./apple.js";
 import { getAmazonIdpConfig } from "./amazon.js";
 import { getOidcIdpConfig } from "./oidc.js";
 const idpMap = {
-  google: getGoogleIdpConfig,
-  facebook: getFacebookIdpConfig,
-  amazon: getAmazonIdpConfig,
-  apple: getAppleIdpConfig,
-  oidc: getOidcIdpConfig
-};
-export const getIdpConfig = (type, userPoolId, config) => {
-  return idpMap[type](userPoolId, config);
+    google: getGoogleIdpConfig,
+    facebook: getFacebookIdpConfig,
+    amazon: getAmazonIdpConfig,
+    apple: getAppleIdpConfig,
+    oidc: getOidcIdpConfig
 };
+const getIdpConfig = (type, userPoolId, config)=>idpMap[type](userPoolId, config);
+export { getIdpConfig };
 
 //# sourceMappingURL=getIdpConfig.js.map

package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js.map

@@ -1 +1 @@
-{"version":3,"names":["getGoogleIdpConfig","getFacebookIdpConfig","getAppleIdpConfig","getAmazonIdpConfig","getOidcIdpConfig","idpMap","google","facebook","amazon","apple","oidc","getIdpConfig","type","userPoolId","config"],"sources":["getIdpConfig.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { getGoogleIdpConfig } from \"./google.js\";\nimport { getFacebookIdpConfig } from \"./facebook.js\";\nimport { getAppleIdpConfig } from \"./apple.js\";\nimport { getAmazonIdpConfig } from \"./amazon.js\";\nimport { getOidcIdpConfig } from \"./oidc.js\";\n\nconst idpMap = {\n    google: getGoogleIdpConfig,\n    facebook: getFacebookIdpConfig,\n    amazon: getAmazonIdpConfig,\n    apple: getAppleIdpConfig,\n    oidc: getOidcIdpConfig\n};\n\nexport const getIdpConfig = (\n    type: CognitoIdentityProviderConfig[\"type\"],\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n) => {\n    return idpMap[type](userPoolId, config);\n};\n"],"mappings":"AAEA,SAASA,kBAAkB;AAC3B,SAASC,oBAAoB;AAC7B,SAASC,iBAAiB;AAC1B,SAASC,kBAAkB;AAC3B,SAASC,gBAAgB;AAEzB,MAAMC,MAAM,GAAG;EACXC,MAAM,EAAEN,kBAAkB;EAC1BO,QAAQ,EAAEN,oBAAoB;EAC9BO,MAAM,EAAEL,kBAAkB;EAC1BM,KAAK,EAAEP,iBAAiB;EACxBQ,IAAI,EAAEN;AACV,CAAC;AAED,OAAO,MAAMO,YAAY,GAAGA,CACxBC,IAA2C,EAC3CC,UAAgC,EAChCC,MAAqC,KACpC;EACD,OAAOT,MAAM,CAACO,IAAI,CAAC,CAACC,UAAU,EAAEC,MAAM,CAAC;AAC3C,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js","sources":["../../../../../src/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { getGoogleIdpConfig } from \"./google.js\";\nimport { getFacebookIdpConfig } from \"./facebook.js\";\nimport { getAppleIdpConfig } from \"./apple.js\";\nimport { getAmazonIdpConfig } from \"./amazon.js\";\nimport { getOidcIdpConfig } from \"./oidc.js\";\n\nconst idpMap = {\n    google: getGoogleIdpConfig,\n    facebook: getFacebookIdpConfig,\n    amazon: getAmazonIdpConfig,\n    apple: getAppleIdpConfig,\n    oidc: getOidcIdpConfig\n};\n\nexport const getIdpConfig = (\n    type: CognitoIdentityProviderConfig[\"type\"],\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n) => {\n    return idpMap[type](userPoolId, config);\n};\n"],"names":["idpMap","getGoogleIdpConfig","getFacebookIdpConfig","getAmazonIdpConfig","getAppleIdpConfig","getOidcIdpConfig","getIdpConfig","type","userPoolId","config"],"mappings":";;;;;AAQA,MAAMA,SAAS;IACX,QAAQC;IACR,UAAUC;IACV,QAAQC;IACR,OAAOC;IACP,MAAMC;AACV;AAEO,MAAMC,eAAe,CACxBC,MACAC,YACAC,SAEOT,MAAM,CAACO,KAAK,CAACC,YAAYC"}

package/pulumi/apps/core/cognitoIdentityProviders/google.js

@@ -1,19 +1,18 @@
-export const getGoogleIdpConfig = (userPoolId, config) => {
-  return {
-    userPoolId,
-    providerName: "Google",
-    providerType: "Google",
-    providerDetails: config.providerDetails,
-    idpIdentifiers: config.idpIdentifiers,
-    attributeMapping: {
-      "custom:id": "sub",
-      username: "sub",
-      email: "email",
-      given_name: "given_name",
-      family_name: "family_name",
-      ...config.attributeMapping
-    }
-  };
-};
+const getGoogleIdpConfig = (userPoolId, config)=>({
+        userPoolId,
+        providerName: "Google",
+        providerType: "Google",
+        providerDetails: config.providerDetails,
+        idpIdentifiers: config.idpIdentifiers,
+        attributeMapping: {
+            "custom:id": "sub",
+            username: "sub",
+            email: "email",
+            given_name: "given_name",
+            family_name: "family_name",
+            ...config.attributeMapping
+        }
+    });
+export { getGoogleIdpConfig };
 
 //# sourceMappingURL=google.js.map