aws-cdk-github-oidc 1.0.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitattributes +22 -20
- package/.jsii +2878 -137
- package/API.md +17 -17
- package/changelog.md +7 -0
- package/lib/iam-role-props.d.ts +2 -3
- package/lib/iam-role-props.js +1 -1
- package/lib/provider.d.ts +15 -27
- package/lib/provider.js +14 -24
- package/lib/role.d.ts +18 -29
- package/lib/role.js +8 -10
- package/package.json +37 -41
- package/releasetag.txt +1 -0
- package/version.txt +1 -0
package/API.md
CHANGED
|
@@ -22,7 +22,7 @@ new GithubActionsIdentityProvider(scope: Construct, id: string)
|
|
|
22
22
|
|
|
23
23
|
##### `scope`<sup>Required</sup> <a name="aws-cdk-github-oidc.GithubActionsIdentityProvider.parameter.scope"></a>
|
|
24
24
|
|
|
25
|
-
- *Type:* [
|
|
25
|
+
- *Type:* [`constructs.Construct`](#constructs.Construct)
|
|
26
26
|
|
|
27
27
|
CDK Stack or Construct to which the provider is assigned to.
|
|
28
28
|
|
|
@@ -49,7 +49,7 @@ GithubActionsIdentityProvider.fromAccount(scope: Construct, id: string)
|
|
|
49
49
|
|
|
50
50
|
###### `scope`<sup>Required</sup> <a name="aws-cdk-github-oidc.GithubActionsIdentityProvider.parameter.scope"></a>
|
|
51
51
|
|
|
52
|
-
- *Type:* [
|
|
52
|
+
- *Type:* [`constructs.Construct`](#constructs.Construct)
|
|
53
53
|
|
|
54
54
|
CDK Stack or Construct to which the provider is assigned to.
|
|
55
55
|
|
|
@@ -95,7 +95,7 @@ new GithubActionsRole(scope: Construct, id: string, props: GithubActionsRoleProp
|
|
|
95
95
|
|
|
96
96
|
##### `scope`<sup>Required</sup> <a name="aws-cdk-github-oidc.GithubActionsRole.parameter.scope"></a>
|
|
97
97
|
|
|
98
|
-
- *Type:* [
|
|
98
|
+
- *Type:* [`constructs.Construct`](#constructs.Construct)
|
|
99
99
|
|
|
100
100
|
---
|
|
101
101
|
|
|
@@ -226,7 +226,7 @@ AssumeRole operation will fail.
|
|
|
226
226
|
public readonly inlinePolicies: {[ key: string ]: PolicyDocument};
|
|
227
227
|
```
|
|
228
228
|
|
|
229
|
-
- *Type:* {[ key: string ]: [
|
|
229
|
+
- *Type:* {[ key: string ]: [`aws-cdk-lib.aws_iam.PolicyDocument`](#aws-cdk-lib.aws_iam.PolicyDocument)}
|
|
230
230
|
- *Default:* No policy is inlined in the Role resource.
|
|
231
231
|
|
|
232
232
|
A list of named policies to inline into this role.
|
|
@@ -244,7 +244,7 @@ dependencies that could otherwise be introduced).
|
|
|
244
244
|
public readonly managedPolicies: IManagedPolicy[];
|
|
245
245
|
```
|
|
246
246
|
|
|
247
|
-
- *Type:* [
|
|
247
|
+
- *Type:* [`aws-cdk-lib.aws_iam.IManagedPolicy`](#aws-cdk-lib.aws_iam.IManagedPolicy)[]
|
|
248
248
|
- *Default:* No managed policies.
|
|
249
249
|
|
|
250
250
|
A list of managed policies associated with this role.
|
|
@@ -260,7 +260,7 @@ You can add managed policies later using
|
|
|
260
260
|
public readonly maxSessionDuration: Duration;
|
|
261
261
|
```
|
|
262
262
|
|
|
263
|
-
- *Type:* [
|
|
263
|
+
- *Type:* [`aws-cdk-lib.Duration`](#aws-cdk-lib.Duration)
|
|
264
264
|
- *Default:* Duration.hours(1)
|
|
265
265
|
|
|
266
266
|
The maximum session duration that you want to set for the specified role.
|
|
@@ -304,7 +304,7 @@ Friendly Names and Paths in IAM User Guide.
|
|
|
304
304
|
public readonly permissionsBoundary: IManagedPolicy;
|
|
305
305
|
```
|
|
306
306
|
|
|
307
|
-
- *Type:* [
|
|
307
|
+
- *Type:* [`aws-cdk-lib.aws_iam.IManagedPolicy`](#aws-cdk-lib.aws_iam.IManagedPolicy)
|
|
308
308
|
- *Default:* No permissions boundary.
|
|
309
309
|
|
|
310
310
|
AWS supports permissions boundaries for IAM entities (users or roles).
|
|
@@ -467,7 +467,7 @@ AssumeRole operation will fail.
|
|
|
467
467
|
public readonly inlinePolicies: {[ key: string ]: PolicyDocument};
|
|
468
468
|
```
|
|
469
469
|
|
|
470
|
-
- *Type:* {[ key: string ]: [
|
|
470
|
+
- *Type:* {[ key: string ]: [`aws-cdk-lib.aws_iam.PolicyDocument`](#aws-cdk-lib.aws_iam.PolicyDocument)}
|
|
471
471
|
- *Default:* No policy is inlined in the Role resource.
|
|
472
472
|
|
|
473
473
|
A list of named policies to inline into this role.
|
|
@@ -485,7 +485,7 @@ dependencies that could otherwise be introduced).
|
|
|
485
485
|
public readonly managedPolicies: IManagedPolicy[];
|
|
486
486
|
```
|
|
487
487
|
|
|
488
|
-
- *Type:* [
|
|
488
|
+
- *Type:* [`aws-cdk-lib.aws_iam.IManagedPolicy`](#aws-cdk-lib.aws_iam.IManagedPolicy)[]
|
|
489
489
|
- *Default:* No managed policies.
|
|
490
490
|
|
|
491
491
|
A list of managed policies associated with this role.
|
|
@@ -501,7 +501,7 @@ You can add managed policies later using
|
|
|
501
501
|
public readonly maxSessionDuration: Duration;
|
|
502
502
|
```
|
|
503
503
|
|
|
504
|
-
- *Type:* [
|
|
504
|
+
- *Type:* [`aws-cdk-lib.Duration`](#aws-cdk-lib.Duration)
|
|
505
505
|
- *Default:* Duration.hours(1)
|
|
506
506
|
|
|
507
507
|
The maximum session duration that you want to set for the specified role.
|
|
@@ -545,7 +545,7 @@ Friendly Names and Paths in IAM User Guide.
|
|
|
545
545
|
public readonly permissionsBoundary: IManagedPolicy;
|
|
546
546
|
```
|
|
547
547
|
|
|
548
|
-
- *Type:* [
|
|
548
|
+
- *Type:* [`aws-cdk-lib.aws_iam.IManagedPolicy`](#aws-cdk-lib.aws_iam.IManagedPolicy)
|
|
549
549
|
- *Default:* No permissions boundary.
|
|
550
550
|
|
|
551
551
|
AWS supports permissions boundaries for IAM entities (users or roles).
|
|
@@ -590,7 +590,7 @@ Acknowledging IAM Resources in AWS CloudFormation Templates.
|
|
|
590
590
|
|
|
591
591
|
### IGithubActionsIdentityProvider <a name="aws-cdk-github-oidc.IGithubActionsIdentityProvider"></a>
|
|
592
592
|
|
|
593
|
-
- *Extends:* [
|
|
593
|
+
- *Extends:* [`aws-cdk-lib.aws_iam.IOpenIdConnectProvider`](#aws-cdk-lib.aws_iam.IOpenIdConnectProvider)
|
|
594
594
|
|
|
595
595
|
- *Implemented By:* [`aws-cdk-github-oidc.GithubActionsIdentityProvider`](#aws-cdk-github-oidc.GithubActionsIdentityProvider), [`aws-cdk-github-oidc.IGithubActionsIdentityProvider`](#aws-cdk-github-oidc.IGithubActionsIdentityProvider)
|
|
596
596
|
|
|
@@ -602,12 +602,12 @@ Describes a Github OpenID Connect Identity Provider for AWS IAM.
|
|
|
602
602
|
##### `node`<sup>Required</sup> <a name="aws-cdk-github-oidc.IGithubActionsIdentityProvider.property.node"></a>
|
|
603
603
|
|
|
604
604
|
```typescript
|
|
605
|
-
public readonly node:
|
|
605
|
+
public readonly node: Node;
|
|
606
606
|
```
|
|
607
607
|
|
|
608
|
-
- *Type:* [
|
|
608
|
+
- *Type:* [`constructs.Node`](#constructs.Node)
|
|
609
609
|
|
|
610
|
-
The
|
|
610
|
+
The tree node.
|
|
611
611
|
|
|
612
612
|
---
|
|
613
613
|
|
|
@@ -617,7 +617,7 @@ The construct tree node for this construct.
|
|
|
617
617
|
public readonly env: ResourceEnvironment;
|
|
618
618
|
```
|
|
619
619
|
|
|
620
|
-
- *Type:* [
|
|
620
|
+
- *Type:* [`aws-cdk-lib.ResourceEnvironment`](#aws-cdk-lib.ResourceEnvironment)
|
|
621
621
|
|
|
622
622
|
The environment this resource belongs to.
|
|
623
623
|
|
|
@@ -636,7 +636,7 @@ that might be different than the stack they were imported into.
|
|
|
636
636
|
public readonly stack: Stack;
|
|
637
637
|
```
|
|
638
638
|
|
|
639
|
-
- *Type:* [
|
|
639
|
+
- *Type:* [`aws-cdk-lib.Stack`](#aws-cdk-lib.Stack)
|
|
640
640
|
|
|
641
641
|
The stack in which this resource is defined.
|
|
642
642
|
|
package/changelog.md
ADDED
package/lib/iam-role-props.d.ts
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
1
|
+
import { Duration } from 'aws-cdk-lib';
|
|
2
|
+
import { IManagedPolicy, PolicyDocument } from 'aws-cdk-lib/aws-iam';
|
|
3
3
|
/**
|
|
4
4
|
* Properties for defining an IAM Role.
|
|
5
|
-
*
|
|
6
5
|
* These are copied fron @aws-cdk/aws-iam, but since JSII does not support
|
|
7
6
|
* TypeScript <Partial<iam.RoleProps>> (or Omit), we have to do this stupid thing.
|
|
8
7
|
*
|
package/lib/iam-role-props.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
3
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaWFtLXJvbGUtcHJvcHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaWFtLXJvbGUtcHJvcHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IER1cmF0aW9uIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHtcbiAgSU1hbmFnZWRQb2xpY3ksXG4gIFBvbGljeURvY3VtZW50LFxufSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcblxuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIGRlZmluaW5nIGFuIElBTSBSb2xlLlxuICogVGhlc2UgYXJlIGNvcGllZCBmcm9uIEBhd3MtY2RrL2F3cy1pYW0sIGJ1dCBzaW5jZSBKU0lJIGRvZXMgbm90IHN1cHBvcnRcbiAqIFR5cGVTY3JpcHQgPFBhcnRpYWw8aWFtLlJvbGVQcm9wcz4+IChvciBPbWl0KSwgd2UgaGF2ZSB0byBkbyB0aGlzIHN0dXBpZCB0aGluZy5cbiAqXG4gKiBCYXNpY2FsbHkgZXhhY3RseSB0aGUgc2FtZSBhcyBzb3VyY2UsIGJ1dCB3aXRoIGFzc3VtZWRCeSByZW1vdmVkLlxuICpcbiAqIEBzdGFiaWxpdHkgc3RhYmxlXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgUm9sZVByb3BzIHtcbiAgLyoqXG4gICAqIExpc3Qgb2YgSURzIHRoYXQgdGhlIHJvbGUgYXNzdW1lciBuZWVkcyB0byBwcm92aWRlIG9uZSBvZiB3aGVuIGFzc3VtaW5nIHRoaXMgcm9sZS5cbiAgICpcbiAgICogSWYgdGhlIGNvbmZpZ3VyZWQgYW5kIHByb3ZpZGVkIGV4dGVybmFsIElEcyBkbyBub3QgbWF0Y2gsIHRoZVxuICAgKiBBc3N1bWVSb2xlIG9wZXJhdGlvbiB3aWxsIGZhaWwuXG4gICAqXG4gICAqIEBkZWZhdWx0IE5vIGV4dGVybmFsIElEIHJlcXVpcmVkXG4gICAqIEBzdGFiaWxpdHkgc3RhYmxlXG4gICAqL1xuICByZWFkb25seSBleHRlcm5hbElkcz86IHN0cmluZ1tdO1xuICAvKipcbiAgICogQSBsaXN0IG9mIG1hbmFnZWQgcG9saWNpZXMgYXNzb2NpYXRlZCB3aXRoIHRoaXMgcm9sZS5cbiAgICpcbiAgICogWW91IGNhbiBhZGQgbWFuYWdlZCBwb2xpY2llcyBsYXRlciB1c2luZ1xuICAgKiBgYWRkTWFuYWdlZFBvbGljeShNYW5hZ2VkUG9saWN5LmZyb21Bd3NNYW5hZ2VkUG9saWN5TmFtZShwb2xpY3lOYW1lKSlgLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIG1hbmFnZWQgcG9saWNpZXMuXG4gICAqIEBzdGFiaWxpdHkgc3RhYmxlXG4gICAqL1xuICByZWFkb25seSBtYW5hZ2VkUG9saWNpZXM/OiBJTWFuYWdlZFBvbGljeVtdO1xuICAvKipcbiAgICogQSBsaXN0IG9mIG5hbWVkIHBvbGljaWVzIHRvIGlubGluZSBpbnRvIHRoaXMgcm9sZS5cbiAgICpcbiAgICogVGhlc2UgcG9saWNpZXMgd2lsbCBiZVxuICAgKiBjcmVhdGVkIHdpdGggdGhlIHJvbGUsIHdoZXJlYXMgdGhvc2UgYWRkZWQgYnkgYGBhZGRUb1BvbGljeWBgIGFyZSBhZGRlZFxuICAgKiB1c2luZyBhIHNlcGFyYXRlIENsb3VkRm9ybWF0aW9uIHJlc291cmNlIChhbGxvd2luZyBhIHdheSBhcm91bmQgY2lyY3VsYXJcbiAgICogZGVwZW5kZW5jaWVzIHRoYXQgY291bGQgb3RoZXJ3aXNlIGJlIGludHJvZHVjZWQpLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIHBvbGljeSBpcyBpbmxpbmVkIGluIHRoZSBSb2xlIHJlc291cmNlLlxuICAgKiBAc3RhYmlsaXR5IHN0YWJsZVxuICAgKi9cbiAgcmVhZG9ubHkgaW5saW5lUG9saWNpZXM/OiB7XG4gICAgW25hbWU6IHN0cmluZ106IFBvbGljeURvY3VtZW50O1xuICB9O1xuICAvKipcbiAgICogVGhlIHBhdGggYXNzb2NpYXRlZCB3aXRoIHRoaXMgcm9sZS5cbiAgICpcbiAgICogRm9yIGluZm9ybWF0aW9uIGFib3V0IElBTSBwYXRocywgc2VlXG4gICAqIEZyaWVuZGx5IE5hbWVzIGFuZCBQYXRocyBpbiBJQU0gVXNlciBHdWlkZS5cbiAgICpcbiAgICogQGRlZmF1bHQgL1xuICAgKiBAc3RhYmlsaXR5IHN0YWJsZVxuICAgKi9cbiAgcmVhZG9ubHkgcGF0aD86IHN0cmluZztcbiAgLyoqXG4gICAqIEFXUyBzdXBwb3J0cyBwZXJtaXNzaW9ucyBib3VuZGFyaWVzIGZvciBJQU0gZW50aXRpZXMgKHVzZXJzIG9yIHJvbGVzKS5cbiAgICpcbiAgICogQSBwZXJtaXNzaW9ucyBib3VuZGFyeSBpcyBhbiBhZHZhbmNlZCBmZWF0dXJlIGZvciB1c2luZyBhIG1hbmFnZWQgcG9saWN5XG4gICAqIHRvIHNldCB0aGUgbWF4aW11bSBwZXJtaXNzaW9ucyB0aGF0IGFuIGlkZW50aXR5LWJhc2VkIHBvbGljeSBjYW4gZ3JhbnQgdG9cbiAgICogYW4gSUFNIGVudGl0eS4gQW4gZW50aXR5J3MgcGVybWlzc2lvbnMgYm91bmRhcnkgYWxsb3dzIGl0IHRvIHBlcmZvcm0gb25seVxuICAgKiB0aGUgYWN0aW9ucyB0aGF0IGFyZSBhbGxvd2VkIGJ5IGJvdGggaXRzIGlkZW50aXR5LWJhc2VkIHBvbGljaWVzIGFuZCBpdHNcbiAgICogcGVybWlzc2lvbnMgYm91bmRhcmllcy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBwZXJtaXNzaW9ucyBib3VuZGFyeS5cbiAgICogQHN0YWJpbGl0eSBzdGFibGVcbiAgICogQGxpbmsgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0lBTS9sYXRlc3QvVXNlckd1aWRlL2FjY2Vzc19wb2xpY2llc19ib3VuZGFyaWVzLmh0bWxcbiAgICovXG4gIHJlYWRvbmx5IHBlcm1pc3Npb25zQm91bmRhcnk/OiBJTWFuYWdlZFBvbGljeTtcbiAgLyoqXG4gICAqIEEgbmFtZSBmb3IgdGhlIElBTSByb2xlLlxuICAgKlxuICAgKiBGb3IgdmFsaWQgdmFsdWVzLCBzZWUgdGhlIFJvbGVOYW1lIHBhcmFtZXRlciBmb3JcbiAgICogdGhlIENyZWF0ZVJvbGUgYWN0aW9uIGluIHRoZSBJQU0gQVBJIFJlZmVyZW5jZS5cbiAgICpcbiAgICogSU1QT1JUQU5UOiBJZiB5b3Ugc3BlY2lmeSBhIG5hbWUsIHlvdSBjYW5ub3QgcGVyZm9ybSB1cGRhdGVzIHRoYXQgcmVxdWlyZVxuICAgKiByZXBsYWNlbWVudCBvZiB0aGlzIHJlc291cmNlLiBZb3UgY2FuIHBlcmZvcm0gdXBkYXRlcyB0aGF0IHJlcXVpcmUgbm8gb3JcbiAgICogc29tZSBpbnRlcnJ1cHRpb24uIElmIHlvdSBtdXN0IHJlcGxhY2UgdGhlIHJlc291cmNlLCBzcGVjaWZ5IGEgbmV3IG5hbWUuXG4gICAqXG4gICAqIElmIHlvdSBzcGVjaWZ5IGEgbmFtZSwgeW91IG11c3Qgc3BlY2lmeSB0aGUgQ0FQQUJJTElUWV9OQU1FRF9JQU0gdmFsdWUgdG9cbiAgICogYWNrbm93bGVkZ2UgeW91ciB0ZW1wbGF0ZSdzIGNhcGFiaWxpdGllcy4gRm9yIG1vcmUgaW5mb3JtYXRpb24sIHNlZVxuICAgKiBBY2tub3dsZWRnaW5nIElBTSBSZXNvdXJjZXMgaW4gQVdTIENsb3VkRm9ybWF0aW9uIFRlbXBsYXRlcy5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBBV1MgQ2xvdWRGb3JtYXRpb24gZ2VuZXJhdGVzIGEgdW5pcXVlIHBoeXNpY2FsIElEIGFuZCB1c2VzIHRoYXQgSURcbiAgICogZm9yIHRoZSByb2xlIG5hbWUuXG4gICAqIEBzdGFiaWxpdHkgc3RhYmxlXG4gICAqL1xuICByZWFkb25seSByb2xlTmFtZT86IHN0cmluZztcbiAgLyoqXG4gICAqIFRoZSBtYXhpbXVtIHNlc3Npb24gZHVyYXRpb24gdGhhdCB5b3Ugd2FudCB0byBzZXQgZm9yIHRoZSBzcGVjaWZpZWQgcm9sZS5cbiAgICpcbiAgICogVGhpcyBzZXR0aW5nIGNhbiBoYXZlIGEgdmFsdWUgZnJvbSAxIGhvdXIgKDM2MDBzZWMpIHRvIDEyICg0MzIwMHNlYykgaG91cnMuXG4gICAqXG4gICAqIEFueW9uZSB3aG8gYXNzdW1lcyB0aGUgcm9sZSBmcm9tIHRoZSBBV1MgQ0xJIG9yIEFQSSBjYW4gdXNlIHRoZVxuICAgKiBEdXJhdGlvblNlY29uZHMgQVBJIHBhcmFtZXRlciBvciB0aGUgZHVyYXRpb24tc2Vjb25kcyBDTEkgcGFyYW1ldGVyIHRvXG4gICAqIHJlcXVlc3QgYSBsb25nZXIgc2Vzc2lvbi4gVGhlIE1heFNlc3Npb25EdXJhdGlvbiBzZXR0aW5nIGRldGVybWluZXMgdGhlXG4gICAqIG1heGltdW0gZHVyYXRpb24gdGhhdCBjYW4gYmUgcmVxdWVzdGVkIHVzaW5nIHRoZSBEdXJhdGlvblNlY29uZHNcbiAgICogcGFyYW1ldGVyLlxuICAgKlxuICAgKiBJZiB1c2VycyBkb24ndCBzcGVjaWZ5IGEgdmFsdWUgZm9yIHRoZSBEdXJhdGlvblNlY29uZHMgcGFyYW1ldGVyLCB0aGVpclxuICAgKiBzZWN1cml0eSBjcmVkZW50aWFscyBhcmUgdmFsaWQgZm9yIG9uZSBob3VyIGJ5IGRlZmF1bHQuIFRoaXMgYXBwbGllcyB3aGVuXG4gICAqIHlvdSB1c2UgdGhlIEFzc3VtZVJvbGUqIEFQSSBvcGVyYXRpb25zIG9yIHRoZSBhc3N1bWUtcm9sZSogQ0xJIG9wZXJhdGlvbnNcbiAgICogYnV0IGRvZXMgbm90IGFwcGx5IHdoZW4geW91IHVzZSB0aG9zZSBvcGVyYXRpb25zIHRvIGNyZWF0ZSBhIGNvbnNvbGUgVVJMLlxuICAgKlxuICAgKiBAZGVmYXVsdCBEdXJhdGlvbi5ob3VycygxKVxuICAgKiBAc3RhYmlsaXR5IHN0YWJsZVxuICAgKiBAbGluayBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vSUFNL2xhdGVzdC9Vc2VyR3VpZGUvaWRfcm9sZXNfdXNlLmh0bWxcbiAgICovXG4gIHJlYWRvbmx5IG1heFNlc3Npb25EdXJhdGlvbj86IER1cmF0aW9uO1xuICAvKipcbiAgICogQSBkZXNjcmlwdGlvbiBvZiB0aGUgcm9sZS5cbiAgICpcbiAgICogSXQgY2FuIGJlIHVwIHRvIDEwMDAgY2hhcmFjdGVycyBsb25nLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIE5vIGRlc2NyaXB0aW9uLlxuICAgKiBAc3RhYmlsaXR5IHN0YWJsZVxuICAgKi9cbiAgcmVhZG9ubHkgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG59XG4iXX0=
|
package/lib/provider.d.ts
CHANGED
|
@@ -1,56 +1,44 @@
|
|
|
1
|
-
import * as iam from '
|
|
2
|
-
import
|
|
1
|
+
import * as iam from 'aws-cdk-lib/aws-iam';
|
|
2
|
+
import { Construct } from 'constructs';
|
|
3
3
|
/**
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* @experimental
|
|
4
|
+
* Describes a Github OpenID Connect Identity Provider for AWS IAM.
|
|
7
5
|
*/
|
|
8
6
|
export interface IGithubActionsIdentityProvider extends iam.IOpenIdConnectProvider {
|
|
9
7
|
}
|
|
10
8
|
/**
|
|
11
|
-
*
|
|
9
|
+
* Github Actions as OpenID Connect Identity Provider for AWS IAM.
|
|
10
|
+
* There can be only one (per AWS Account).
|
|
12
11
|
*
|
|
13
12
|
* Use `fromAccount` to retrieve a reference to existing Github OIDC provider.
|
|
14
13
|
*
|
|
15
14
|
* @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
|
|
16
|
-
* @experimental
|
|
17
15
|
*/
|
|
18
16
|
export declare class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider implements IGithubActionsIdentityProvider {
|
|
19
|
-
/**
|
|
20
|
-
* @experimental
|
|
21
|
-
*/
|
|
22
17
|
static readonly issuer: string;
|
|
23
|
-
/**
|
|
24
|
-
* @experimental
|
|
25
|
-
*/
|
|
26
18
|
static readonly thumbprints: string[];
|
|
27
19
|
/**
|
|
28
|
-
*
|
|
29
|
-
*
|
|
20
|
+
* Retrieve a reference to existing Github OIDC provider in your AWS account.
|
|
30
21
|
* An AWS account can only have single Github OIDC provider configured into it,
|
|
31
22
|
* so internally the reference is made by constructing the ARN from AWS
|
|
32
23
|
* Account ID & Github issuer URL.
|
|
33
24
|
*
|
|
34
|
-
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
35
|
-
* @param id CDK Construct ID given to the construct
|
|
25
|
+
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
26
|
+
* @param id CDK Construct ID given to the construct
|
|
36
27
|
* @returns a CDK Construct representing the Github OIDC provider
|
|
37
|
-
* @experimental
|
|
38
|
-
* @example
|
|
39
28
|
*
|
|
29
|
+
* @example
|
|
40
30
|
* GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider");
|
|
41
31
|
*/
|
|
42
|
-
static fromAccount(scope:
|
|
32
|
+
static fromAccount(scope: Construct, id: string): IGithubActionsIdentityProvider;
|
|
43
33
|
/**
|
|
44
|
-
*
|
|
45
|
-
*
|
|
34
|
+
* Define a new Github OpenID Connect Identity PRovider for AWS IAM.
|
|
46
35
|
* There can be only one (per AWS Account).
|
|
47
36
|
*
|
|
48
|
-
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
49
|
-
* @param id CDK Construct ID given to the construct
|
|
50
|
-
* @experimental
|
|
51
|
-
* @example
|
|
37
|
+
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
38
|
+
* @param id CDK Construct ID given to the construct
|
|
52
39
|
*
|
|
40
|
+
* @example
|
|
53
41
|
* new GithubActionsIdentityProvider(scope, "GithubProvider");
|
|
54
42
|
*/
|
|
55
|
-
constructor(scope:
|
|
43
|
+
constructor(scope: Construct, id: string);
|
|
56
44
|
}
|
package/lib/provider.js
CHANGED
|
@@ -3,27 +3,25 @@ var _a;
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
4
|
exports.GithubActionsIdentityProvider = void 0;
|
|
5
5
|
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
|
6
|
-
const
|
|
7
|
-
const
|
|
6
|
+
const cdk = require("aws-cdk-lib");
|
|
7
|
+
const iam = require("aws-cdk-lib/aws-iam");
|
|
8
8
|
/**
|
|
9
|
-
*
|
|
9
|
+
* Github Actions as OpenID Connect Identity Provider for AWS IAM.
|
|
10
|
+
* There can be only one (per AWS Account).
|
|
10
11
|
*
|
|
11
12
|
* Use `fromAccount` to retrieve a reference to existing Github OIDC provider.
|
|
12
13
|
*
|
|
13
14
|
* @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
|
|
14
|
-
* @experimental
|
|
15
15
|
*/
|
|
16
16
|
class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider {
|
|
17
17
|
/**
|
|
18
|
-
*
|
|
19
|
-
*
|
|
18
|
+
* Define a new Github OpenID Connect Identity PRovider for AWS IAM.
|
|
20
19
|
* There can be only one (per AWS Account).
|
|
21
20
|
*
|
|
22
|
-
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
23
|
-
* @param id CDK Construct ID given to the construct
|
|
24
|
-
* @experimental
|
|
25
|
-
* @example
|
|
21
|
+
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
22
|
+
* @param id CDK Construct ID given to the construct
|
|
26
23
|
*
|
|
24
|
+
* @example
|
|
27
25
|
* new GithubActionsIdentityProvider(scope, "GithubProvider");
|
|
28
26
|
*/
|
|
29
27
|
constructor(scope, id) {
|
|
@@ -34,18 +32,16 @@ class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider {
|
|
|
34
32
|
});
|
|
35
33
|
}
|
|
36
34
|
/**
|
|
37
|
-
*
|
|
38
|
-
*
|
|
35
|
+
* Retrieve a reference to existing Github OIDC provider in your AWS account.
|
|
39
36
|
* An AWS account can only have single Github OIDC provider configured into it,
|
|
40
37
|
* so internally the reference is made by constructing the ARN from AWS
|
|
41
38
|
* Account ID & Github issuer URL.
|
|
42
39
|
*
|
|
43
|
-
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
44
|
-
* @param id CDK Construct ID given to the construct
|
|
40
|
+
* @param scope CDK Stack or Construct to which the provider is assigned to
|
|
41
|
+
* @param id CDK Construct ID given to the construct
|
|
45
42
|
* @returns a CDK Construct representing the Github OIDC provider
|
|
46
|
-
* @experimental
|
|
47
|
-
* @example
|
|
48
43
|
*
|
|
44
|
+
* @example
|
|
49
45
|
* GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider");
|
|
50
46
|
*/
|
|
51
47
|
static fromAccount(scope, id) {
|
|
@@ -56,16 +52,10 @@ class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider {
|
|
|
56
52
|
}
|
|
57
53
|
exports.GithubActionsIdentityProvider = GithubActionsIdentityProvider;
|
|
58
54
|
_a = JSII_RTTI_SYMBOL_1;
|
|
59
|
-
GithubActionsIdentityProvider[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsIdentityProvider", version: "
|
|
60
|
-
/**
|
|
61
|
-
* @experimental
|
|
62
|
-
*/
|
|
55
|
+
GithubActionsIdentityProvider[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsIdentityProvider", version: "2.2.0" };
|
|
63
56
|
GithubActionsIdentityProvider.issuer = 'token.actions.githubusercontent.com';
|
|
64
|
-
/**
|
|
65
|
-
* @experimental
|
|
66
|
-
*/
|
|
67
57
|
GithubActionsIdentityProvider.thumbprints = [
|
|
68
58
|
'a031c46782e6e6c662c2c87c76da9aa62ccabd8e',
|
|
69
59
|
'6938fd4d98bab03faadb97b34396831e3780aea1',
|
|
70
60
|
];
|
|
71
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
61
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxtQ0FBbUM7QUFDbkMsMkNBQTJDO0FBUTNDOzs7Ozs7O0dBT0c7QUFDSCxNQUFhLDZCQUE4QixTQUFRLEdBQUcsQ0FBQyxxQkFBcUI7SUEyQjFFOzs7Ozs7Ozs7T0FTRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVO1FBQ3RDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsR0FBRyxFQUFFLFdBQVcsNkJBQTZCLENBQUMsTUFBTSxFQUFFO1lBQ3RELFdBQVcsRUFBRSw2QkFBNkIsQ0FBQyxXQUFXO1lBQ3RELFNBQVMsRUFBRSxDQUFDLG1CQUFtQixDQUFDO1NBQ2pDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFuQ0Q7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksTUFBTSxDQUFDLFdBQVcsQ0FBQyxLQUFnQixFQUFFLEVBQVU7UUFDcEQsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsT0FBTyxDQUFDO1FBQzlDLE1BQU0sV0FBVyxHQUFHLGdCQUFnQixTQUFTLGtCQUFrQiw2QkFBNkIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN0RyxPQUFPLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyw0QkFBNEIsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7O0FBekJILHNFQTRDQzs7O0FBMUN3QixvQ0FBTSxHQUFXLHFDQUFxQyxDQUFDO0FBQ3ZELHlDQUFXLEdBQWE7SUFDN0MsMENBQTBDO0lBQzFDLDBDQUEwQztDQUMzQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIERlc2NyaWJlcyBhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlciBmb3IgQVdTIElBTS5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIgZXh0ZW5kcyBpYW0uSU9wZW5JZENvbm5lY3RQcm92aWRlciB7fVxuXG4vKipcbiAqIEdpdGh1YiBBY3Rpb25zIGFzIE9wZW5JRCBDb25uZWN0IElkZW50aXR5IFByb3ZpZGVyIGZvciBBV1MgSUFNLlxuICogVGhlcmUgY2FuIGJlIG9ubHkgb25lIChwZXIgQVdTIEFjY291bnQpLlxuICpcbiAqIFVzZSBgZnJvbUFjY291bnRgIHRvIHJldHJpZXZlIGEgcmVmZXJlbmNlIHRvIGV4aXN0aW5nIEdpdGh1YiBPSURDIHByb3ZpZGVyLlxuICpcbiAqIEBzZWUgaHR0cHM6Ly9kb2NzLmdpdGh1Yi5jb20vZW4vYWN0aW9ucy9kZXBsb3ltZW50L3NlY3VyaXR5LWhhcmRlbmluZy15b3VyLWRlcGxveW1lbnRzL2NvbmZpZ3VyaW5nLW9wZW5pZC1jb25uZWN0LWluLWFtYXpvbi13ZWItc2VydmljZXNcbiAqL1xuZXhwb3J0IGNsYXNzIEdpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyIGV4dGVuZHMgaWFtLk9wZW5JZENvbm5lY3RQcm92aWRlciBpbXBsZW1lbnRzIElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciB7XG5cbiAgcHVibGljIHN0YXRpYyByZWFkb25seSBpc3N1ZXI6IHN0cmluZyA9ICd0b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbSc7XG4gIHB1YmxpYyBzdGF0aWMgcmVhZG9ubHkgdGh1bWJwcmludHM6IHN0cmluZ1tdID0gW1xuICAgICdhMDMxYzQ2NzgyZTZlNmM2NjJjMmM4N2M3NmRhOWFhNjJjY2FiZDhlJyxcbiAgICAnNjkzOGZkNGQ5OGJhYjAzZmFhZGI5N2IzNDM5NjgzMWUzNzgwYWVhMScsXG4gIF07XG5cbiAgLyoqXG4gICAqIFJldHJpZXZlIGEgcmVmZXJlbmNlIHRvIGV4aXN0aW5nIEdpdGh1YiBPSURDIHByb3ZpZGVyIGluIHlvdXIgQVdTIGFjY291bnQuXG4gICAqIEFuIEFXUyBhY2NvdW50IGNhbiBvbmx5IGhhdmUgc2luZ2xlIEdpdGh1YiBPSURDIHByb3ZpZGVyIGNvbmZpZ3VyZWQgaW50byBpdCxcbiAgICogc28gaW50ZXJuYWxseSB0aGUgcmVmZXJlbmNlIGlzIG1hZGUgYnkgY29uc3RydWN0aW5nIHRoZSBBUk4gZnJvbSBBV1NcbiAgICogQWNjb3VudCBJRCAmIEdpdGh1YiBpc3N1ZXIgVVJMLlxuICAgKlxuICAgKiBAcGFyYW0gc2NvcGUgQ0RLIFN0YWNrIG9yIENvbnN0cnVjdCB0byB3aGljaCB0aGUgcHJvdmlkZXIgaXMgYXNzaWduZWQgdG9cbiAgICogQHBhcmFtIGlkIENESyBDb25zdHJ1Y3QgSUQgZ2l2ZW4gdG8gdGhlIGNvbnN0cnVjdFxuICAgKiBAcmV0dXJucyBhIENESyBDb25zdHJ1Y3QgcmVwcmVzZW50aW5nIHRoZSBHaXRodWIgT0lEQyBwcm92aWRlclxuICAgKlxuICAgKiBAZXhhbXBsZVxuICAgKiBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5mcm9tQWNjb3VudChzY29wZSwgXCJHaXRodWJQcm92aWRlclwiKTtcbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgZnJvbUFjY291bnQoc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZyk6IElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciB7XG4gICAgY29uc3QgYWNjb3VudElkID0gY2RrLlN0YWNrLm9mKHNjb3BlKS5hY2NvdW50O1xuICAgIGNvbnN0IHByb3ZpZGVyQXJuID0gYGFybjphd3M6aWFtOjoke2FjY291bnRJZH06b2lkYy1wcm92aWRlci8ke0dpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyLmlzc3Vlcn1gO1xuICAgIHJldHVybiBpYW0uT3BlbklkQ29ubmVjdFByb3ZpZGVyLmZyb21PcGVuSWRDb25uZWN0UHJvdmlkZXJBcm4oc2NvcGUsIGlkLCBwcm92aWRlckFybik7XG4gIH1cblxuICAvKipcbiAgICogRGVmaW5lIGEgbmV3IEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQUm92aWRlciBmb3IgQVdTIElBTS5cbiAgICogVGhlcmUgY2FuIGJlIG9ubHkgb25lIChwZXIgQVdTIEFjY291bnQpLlxuICAgKlxuICAgKiBAcGFyYW0gc2NvcGUgQ0RLIFN0YWNrIG9yIENvbnN0cnVjdCB0byB3aGljaCB0aGUgcHJvdmlkZXIgaXMgYXNzaWduZWQgdG9cbiAgICogQHBhcmFtIGlkIENESyBDb25zdHJ1Y3QgSUQgZ2l2ZW4gdG8gdGhlIGNvbnN0cnVjdFxuICAgKlxuICAgKiBAZXhhbXBsZVxuICAgKiBuZXcgR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIik7XG4gICAqL1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICB1cmw6IGBodHRwczovLyR7R2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuaXNzdWVyfWAsXG4gICAgICB0aHVtYnByaW50czogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIudGh1bWJwcmludHMsXG4gICAgICBjbGllbnRJZHM6IFsnc3RzLmFtYXpvbmF3cy5jb20nXSxcbiAgICB9KTtcbiAgfVxufVxuIl19
|
package/lib/role.d.ts
CHANGED
|
@@ -1,67 +1,58 @@
|
|
|
1
|
-
import * as iam from '
|
|
2
|
-
import
|
|
1
|
+
import * as iam from 'aws-cdk-lib/aws-iam';
|
|
2
|
+
import { Construct } from 'constructs';
|
|
3
3
|
import { RoleProps } from './iam-role-props';
|
|
4
4
|
import { IGithubActionsIdentityProvider } from './provider';
|
|
5
5
|
/**
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
* @experimental
|
|
6
|
+
* Github related configuration that forms the trust policy for this IAM Role.
|
|
9
7
|
*/
|
|
10
8
|
export interface GithubConfiguration {
|
|
11
9
|
/**
|
|
12
|
-
*
|
|
10
|
+
* Reference to Github OpenID Connect Provider configured in AWS IAM.
|
|
13
11
|
*
|
|
14
12
|
* Either pass an construct defined by `new GithubActionsIdentityProvider`
|
|
15
13
|
* or a retrieved reference from `GithubActionsIdentityProvider.fromAccount`.
|
|
16
14
|
* There can be only one (per AWS Account).
|
|
17
|
-
*
|
|
18
|
-
* @experimental
|
|
19
15
|
*/
|
|
20
16
|
readonly provider: IGithubActionsIdentityProvider;
|
|
21
17
|
/**
|
|
22
|
-
*
|
|
18
|
+
* Repository owner (organization or username).
|
|
23
19
|
*
|
|
24
|
-
* @experimental
|
|
25
20
|
* @example
|
|
26
|
-
*
|
|
27
21
|
* 'octo-org'
|
|
28
22
|
*/
|
|
29
23
|
readonly owner: string;
|
|
30
24
|
/**
|
|
31
|
-
*
|
|
25
|
+
* Repository name (slug) without the owner.
|
|
32
26
|
*
|
|
33
|
-
* @experimental
|
|
34
27
|
* @example
|
|
35
|
-
*
|
|
36
28
|
* 'octo-repo'
|
|
37
29
|
*/
|
|
38
30
|
readonly repo: string;
|
|
39
31
|
/**
|
|
40
|
-
*
|
|
32
|
+
* Subject condition filter, appended after `repo:${owner}/${repo}:` string in IAM Role trust relationship.
|
|
41
33
|
*
|
|
42
|
-
* @default
|
|
34
|
+
* @default
|
|
35
|
+
* '*'
|
|
43
36
|
*
|
|
44
37
|
* You may use this value to only allow Github to assume the role on specific branches, tags, environments, pull requests etc.
|
|
45
|
-
* @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#examples
|
|
46
|
-
* @experimental
|
|
47
38
|
* @example
|
|
48
|
-
*
|
|
49
39
|
* 'ref:refs/tags/v*'
|
|
50
40
|
* 'ref:refs/heads/demo-branch'
|
|
51
41
|
* 'pull_request'
|
|
52
42
|
* 'environment:Production'
|
|
43
|
+
*
|
|
44
|
+
* @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#examples
|
|
53
45
|
*/
|
|
54
46
|
readonly filter?: string;
|
|
55
47
|
}
|
|
56
48
|
/**
|
|
57
|
-
*
|
|
49
|
+
* Props that define the IAM Role that can be assumed by Github Actions workflow
|
|
50
|
+
* via Github OpenID Connect Identity Provider.
|
|
58
51
|
*
|
|
59
52
|
* Besides `GithubConfiguration`, you may pass in any `iam.RoleProps` except `assumedBy`
|
|
60
53
|
* which will be defined by this construct (CDK will fail if you do).
|
|
61
54
|
*
|
|
62
|
-
* @experimental
|
|
63
55
|
* @example
|
|
64
|
-
*
|
|
65
56
|
* {
|
|
66
57
|
* provider: GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider"),
|
|
67
58
|
* owner: 'octo-org',
|
|
@@ -73,14 +64,13 @@ export interface GithubConfiguration {
|
|
|
73
64
|
export interface GithubActionsRoleProps extends GithubConfiguration, RoleProps {
|
|
74
65
|
}
|
|
75
66
|
/**
|
|
76
|
-
*
|
|
67
|
+
* Define an IAM Role that can be assumed by Github Actions workflow
|
|
68
|
+
* via Github OpenID Connect Identity Provider.
|
|
77
69
|
*
|
|
78
70
|
* Besides `GithubConfiguration`, you may pass in any `iam.RoleProps` except `assumedBy`
|
|
79
71
|
* which will be defined by this construct (CDK will fail if you do).
|
|
80
72
|
*
|
|
81
|
-
* @experimental
|
|
82
73
|
* @example
|
|
83
|
-
*
|
|
84
74
|
* const uploadRole = new GithubActionsRole(scope, "UploadRole", {
|
|
85
75
|
* provider: GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider"),
|
|
86
76
|
* owner: 'octo-org',
|
|
@@ -105,14 +95,13 @@ export declare class GithubActionsRole extends iam.Role {
|
|
|
105
95
|
/** Formats the `sub` value used in trust policy. */
|
|
106
96
|
private static formatSubject;
|
|
107
97
|
/**
|
|
108
|
-
*
|
|
98
|
+
* Define an IAM Role that can be assumed by Github Actions workflow
|
|
99
|
+
* via Github OpenID Connect Identity Provider.
|
|
109
100
|
*
|
|
110
101
|
* Besides `GithubConfiguration`, you may pass in any `iam.RoleProps` except `assumedBy`
|
|
111
102
|
* which will be defined by this construct (CDK will fail if you do).
|
|
112
103
|
*
|
|
113
|
-
* @experimental
|
|
114
104
|
* @example
|
|
115
|
-
*
|
|
116
105
|
* const uploadRole = new GithubActionsRole(scope, "UploadRole", {
|
|
117
106
|
* provider: GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider"),
|
|
118
107
|
* owner: 'octo-org',
|
|
@@ -123,5 +112,5 @@ export declare class GithubActionsRole extends iam.Role {
|
|
|
123
112
|
*
|
|
124
113
|
* myBucket.grantWrite(uploadRole);
|
|
125
114
|
*/
|
|
126
|
-
constructor(scope:
|
|
115
|
+
constructor(scope: Construct, id: string, props: GithubActionsRoleProps);
|
|
127
116
|
}
|
package/lib/role.js
CHANGED
|
@@ -3,19 +3,18 @@ var _a;
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
4
|
exports.GithubActionsRole = void 0;
|
|
5
5
|
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
|
6
|
-
const
|
|
7
|
-
const
|
|
6
|
+
const cdk = require("aws-cdk-lib");
|
|
7
|
+
const iam = require("aws-cdk-lib/aws-iam");
|
|
8
8
|
const owner_regexp_1 = require("./owner-regexp");
|
|
9
9
|
const provider_1 = require("./provider");
|
|
10
10
|
/**
|
|
11
|
-
*
|
|
11
|
+
* Define an IAM Role that can be assumed by Github Actions workflow
|
|
12
|
+
* via Github OpenID Connect Identity Provider.
|
|
12
13
|
*
|
|
13
14
|
* Besides `GithubConfiguration`, you may pass in any `iam.RoleProps` except `assumedBy`
|
|
14
15
|
* which will be defined by this construct (CDK will fail if you do).
|
|
15
16
|
*
|
|
16
|
-
* @experimental
|
|
17
17
|
* @example
|
|
18
|
-
*
|
|
19
18
|
* const uploadRole = new GithubActionsRole(scope, "UploadRole", {
|
|
20
19
|
* provider: GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider"),
|
|
21
20
|
* owner: 'octo-org',
|
|
@@ -28,14 +27,13 @@ const provider_1 = require("./provider");
|
|
|
28
27
|
*/
|
|
29
28
|
class GithubActionsRole extends iam.Role {
|
|
30
29
|
/**
|
|
31
|
-
*
|
|
30
|
+
* Define an IAM Role that can be assumed by Github Actions workflow
|
|
31
|
+
* via Github OpenID Connect Identity Provider.
|
|
32
32
|
*
|
|
33
33
|
* Besides `GithubConfiguration`, you may pass in any `iam.RoleProps` except `assumedBy`
|
|
34
34
|
* which will be defined by this construct (CDK will fail if you do).
|
|
35
35
|
*
|
|
36
|
-
* @experimental
|
|
37
36
|
* @example
|
|
38
|
-
*
|
|
39
37
|
* const uploadRole = new GithubActionsRole(scope, "UploadRole", {
|
|
40
38
|
* provider: GithubActionsIdentityProvider.fromAccount(scope, "GithubProvider"),
|
|
41
39
|
* owner: 'octo-org',
|
|
@@ -103,5 +101,5 @@ class GithubActionsRole extends iam.Role {
|
|
|
103
101
|
}
|
|
104
102
|
exports.GithubActionsRole = GithubActionsRole;
|
|
105
103
|
_a = JSII_RTTI_SYMBOL_1;
|
|
106
|
-
GithubActionsRole[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsRole", version: "
|
|
107
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0NBQXdDO0FBQ3hDLHFDQUFxQztBQUVyQyxpREFBaUQ7QUFDakQseUNBQTJGOzs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQXNCM0YsTUFBYSxpQkFBa0IsU0FBUSxHQUFHLENBQUMsSUFBSTs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7SUFzQzdDLFlBQVksS0FBb0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFFekUsTUFBTSxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLEdBQUcsS0FBSyxDQUFDO1FBRXhDLHNCQUFzQjtRQUN0QixpQkFBaUIsQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzlDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFFNUMsaUJBQWlCO1FBQ2pCLE1BQU0sT0FBTyxHQUFHLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN2RCxNQUFNLFNBQVMsR0FBRyxpQkFBaUIsQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUU1RCwrQkFBK0I7UUFDL0IsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUU7WUFDZixHQUFHLFNBQVM7WUFDWixTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsb0JBQW9CLENBQUMsUUFBUSxDQUFDLHdCQUF3QixFQUFFO2dCQUN6RSxVQUFVLEVBQUU7b0JBQ1Ysb0RBQW9EO29CQUNwRCxDQUFDLEdBQUcsd0NBQTZCLENBQUMsTUFBTSxNQUFNLENBQUMsRUFBRSxPQUFPO2lCQUN6RDtnQkFDRCxZQUFZLEVBQUU7b0JBQ1osdUVBQXVFO29CQUN2RSwwS0FBMEs7b0JBQzFLLENBQUMsR0FBRyx3Q0FBNkIsQ0FBQyxNQUFNLE1BQU0sQ0FBQyxFQUFFLG1CQUFtQjtpQkFDckU7YUFDRixDQUFDO1NBQ0gsQ0FBQyxDQUFDO0lBRUwsQ0FBQztJQWhFRDs7OztPQUlHO0lBQ0ssTUFBTSxDQUFDLGdCQUFnQixDQUFDLEtBQTZCO1FBQzNELE1BQU0sWUFBWSxHQUFRLEtBQUssQ0FBQztRQUNoQyxPQUFPLFlBQVksQ0FBQyxRQUFRLENBQUM7UUFDN0IsT0FBTyxZQUFZLENBQUMsS0FBSyxDQUFDO1FBQzFCLE9BQU8sWUFBWSxDQUFDLElBQUksQ0FBQztRQUN6QixPQUFPLFlBQVksQ0FBQyxNQUFNLENBQUM7UUFDM0IsT0FBTyxZQUFZLENBQUM7SUFDdEIsQ0FBQztJQUVELDhEQUE4RDtJQUN0RCxNQUFNLENBQUMsYUFBYSxDQUFDLEtBQW9CLEVBQUUsS0FBYTtRQUM5RCxJQUFJLHNCQUFtQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDNUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsUUFBUSxDQUFDLG9DQUFvQyxLQUFLLDBLQUEwSyxDQUFDLENBQUM7U0FDelA7SUFDSCxDQUFDO0lBRUQsNERBQTREO0lBQ3BELE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBb0IsRUFBRSxJQUFZO1FBQzVELElBQUksSUFBSSxLQUFLLEVBQUUsRUFBRTtZQUNmLEdBQUcsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxtQ0FBbUMsSUFBSSw2QkFBNkIsQ0FBQyxDQUFDO1NBQzFHO0lBQ0gsQ0FBQztJQUVELG9EQUFvRDtJQUM1QyxNQUFNLENBQUMsYUFBYSxDQUFDLEtBQTBCO1FBQ3JELE1BQU0sRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLE1BQU0sR0FBRyxHQUFHLEVBQUUsR0FBRyxLQUFLLENBQUM7UUFDNUMsT0FBTyxRQUFRLEtBQUssSUFBSSxJQUFJLElBQUksTUFBTSxFQUFFLENBQUM7SUFDM0MsQ0FBQzs7QUFsQ0gsOENBbUVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgaWFtIGZyb20gJ0Bhd3MtY2RrL2F3cy1pYW0nO1xuaW1wb3J0ICogYXMgY2RrIGZyb20gJ0Bhd3MtY2RrL2NvcmUnO1xuaW1wb3J0IHsgUm9sZVByb3BzIH0gZnJvbSAnLi9pYW0tcm9sZS1wcm9wcyc7XG5pbXBvcnQgZ2l0aHViVXNlcm5hbWVSZWdleCBmcm9tICcuL293bmVyLXJlZ2V4cCc7XG5pbXBvcnQgeyBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciwgSUdpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyIH0gZnJvbSAnLi9wcm92aWRlcic7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG5leHBvcnQgaW50ZXJmYWNlIEdpdGh1YkNvbmZpZ3VyYXRpb24ge1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgcmVhZG9ubHkgcHJvdmlkZXI6IElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlcjtcblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IG93bmVyOiBzdHJpbmc7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgcmVhZG9ubHkgcmVwbzogc3RyaW5nO1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGZpbHRlcj86IHN0cmluZztcbn1cblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbmV4cG9ydCBpbnRlcmZhY2UgR2l0aHViQWN0aW9uc1JvbGVQcm9wcyBleHRlbmRzIEdpdGh1YkNvbmZpZ3VyYXRpb24sIFJvbGVQcm9wcyB7fVxuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbmV4cG9ydCBjbGFzcyBHaXRodWJBY3Rpb25zUm9sZSBleHRlbmRzIGlhbS5Sb2xlIHtcblxuICAvKipcbiAgICogRXh0cmFjdHMgcHJvcHMgZ2l2ZW4gZm9yIHRoZSBjcmVhdGVkIElBTSBSb2xlIENvbnN0cnVjdC5cbiAgICogQHBhcmFtIHByb3BzIGZvciB0aGUgR2l0aHViQWN0aW9uc1JvbGVcbiAgICogQHJldHVybnMgZm9yIHRoZSBJQU0gUm9sZVxuICAgKi9cbiAgcHJpdmF0ZSBzdGF0aWMgZXh0cmFjdFJvbGVQcm9wcyhwcm9wczogR2l0aHViQWN0aW9uc1JvbGVQcm9wcyk6IGlhbS5Sb2xlUHJvcHMge1xuICAgIGNvbnN0IGV4dHJhY3RQcm9wcyA9IDxhbnk+cHJvcHM7XG4gICAgZGVsZXRlIGV4dHJhY3RQcm9wcy5wcm92aWRlcjtcbiAgICBkZWxldGUgZXh0cmFjdFByb3BzLm93bmVyO1xuICAgIGRlbGV0ZSBleHRyYWN0UHJvcHMucmVwbztcbiAgICBkZWxldGUgZXh0cmFjdFByb3BzLmZpbHRlcjtcbiAgICByZXR1cm4gZXh0cmFjdFByb3BzO1xuICB9XG5cbiAgLyoqIFZhbGlkYXRlcyB0aGUgR2l0aHViIG93bmVyIChvcmdhbml6YXRpb24gb3IgdXNlcikgbmFtZS4gKi9cbiAgcHJpdmF0ZSBzdGF0aWMgdmFsaWRhdGVPd25lcihzY29wZTogY2RrLkNvbnN0cnVjdCwgb3duZXI6IHN0cmluZyk6IHZvaWQge1xuICAgIGlmIChnaXRodWJVc2VybmFtZVJlZ2V4LnRlc3Qob3duZXIpICE9PSB0cnVlKSB7XG4gICAgICBjZGsuQW5ub3RhdGlvbnMub2Yoc2NvcGUpLmFkZEVycm9yKGBJbnZhbGlkIEdpdGh1YiBSZXBvc2l0b3J5IE93bmVyIFwiJHtvd25lcn1cIi4gTXVzdCBvbmx5IGNvbnRhaW4gYWxwaGFudW1lcmljIGNoYXJhY3RlcnMgb3IgaHlwaGVucywgY2Fubm90IGhhdmUgbXVsdGlwbGUgY29uc2VjdXRpdmUgaHlwaGVucywgY2Fubm90IGJlZ2luIG9yIGVuZCB3aXRoIGEgaHlwZW4gYW5kIG1heGltdW0gbGVuZ2h0IGlzIDM5IGNoYXJhY3RlcnMuYCk7XG4gICAgfVxuICB9XG5cbiAgLyoqIFZhbGlkYXRlcyB0aGUgR2l0aHViIHJlcG9zaXRvcnkgbmFtZSAod2l0aG91dCBvd25lcikuICovXG4gIHByaXZhdGUgc3RhdGljIHZhbGlkYXRlUmVwbyhzY29wZTogY2RrLkNvbnN0cnVjdCwgcmVwbzogc3RyaW5nKTogdm9pZCB7XG4gICAgaWYgKHJlcG8gPT09ICcnKSB7XG4gICAgICBjZGsuQW5ub3RhdGlvbnMub2Yoc2NvcGUpLmFkZEVycm9yKGBJbnZhbGlkIEdpdGh1YiBSZXBvc2l0b3J5IE5hbWUgXCIke3JlcG99XCIuIE1heSBub3QgYmUgZW1wdHkgc3RyaW5nLmApO1xuICAgIH1cbiAgfVxuXG4gIC8qKiBGb3JtYXRzIHRoZSBgc3ViYCB2YWx1ZSB1c2VkIGluIHRydXN0IHBvbGljeS4gKi9cbiAgcHJpdmF0ZSBzdGF0aWMgZm9ybWF0U3ViamVjdChwcm9wczogR2l0aHViQ29uZmlndXJhdGlvbik6IHN0cmluZyB7XG4gICAgY29uc3QgeyBvd25lciwgcmVwbywgZmlsdGVyID0gJyonIH0gPSBwcm9wcztcbiAgICByZXR1cm4gYHJlcG86JHtvd25lcn0vJHtyZXBvfToke2ZpbHRlcn1gO1xuICB9XG5cblxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBjZGsuQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogR2l0aHViQWN0aW9uc1JvbGVQcm9wcykge1xuXG4gICAgY29uc3QgeyBwcm92aWRlciwgb3duZXIsIHJlcG8gfSA9IHByb3BzO1xuXG4gICAgLy8gUGVyZm9ybSB2YWxpZGF0aW9uc1xuICAgIEdpdGh1YkFjdGlvbnNSb2xlLnZhbGlkYXRlT3duZXIoc2NvcGUsIG93bmVyKTtcbiAgICBHaXRodWJBY3Rpb25zUm9sZS52YWxpZGF0ZVJlcG8oc2NvcGUsIHJlcG8pO1xuXG4gICAgLy8gUHJlcGFyZSB2YWx1ZXNcbiAgICBjb25zdCBzdWJqZWN0ID0gR2l0aHViQWN0aW9uc1JvbGUuZm9ybWF0U3ViamVjdChwcm9wcyk7XG4gICAgY29uc3Qgcm9sZVByb3BzID0gR2l0aHViQWN0aW9uc1JvbGUuZXh0cmFjdFJvbGVQcm9wcyhwcm9wcyk7XG5cbiAgICAvLyBUaGUgYWN0dWFsIElBTSBSb2xlIGNyZWF0aW9uXG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICAuLi5yb2xlUHJvcHMsXG4gICAgICBhc3N1bWVkQnk6IG5ldyBpYW0uV2ViSWRlbnRpdHlQcmluY2lwYWwocHJvdmlkZXIub3BlbklkQ29ubmVjdFByb3ZpZGVyQXJuLCB7XG4gICAgICAgIFN0cmluZ0xpa2U6IHtcbiAgICAgICAgICAvLyBPbmx5IGFsbG93IHNwZWNpZmllZCBzdWJqZWN0cyB0byBhc3N1bWUgdGhpcyByb2xlXG4gICAgICAgICAgW2Ake0dpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyLmlzc3Vlcn06c3ViYF06IHN1YmplY3QsXG4gICAgICAgIH0sXG4gICAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICAgIC8vIEF1ZGllbmNlIGlzIGFsd2F5cyBzdHMuYW1hem9uYXdzLmNvbSB3aXRoIEFXUyBvZmZpY2lhbCBHaXRodWIgQWN0aW9uXG4gICAgICAgICAgLy8gaHR0cHM6Ly9kb2NzLmdpdGh1Yi5jb20vZW4vYWN0aW9ucy9kZXBsb3ltZW50L3NlY3VyaXR5LWhhcmRlbmluZy15b3VyLWRlcGxveW1lbnRzL2NvbmZpZ3VyaW5nLW9wZW5pZC1jb25uZWN0LWluLWFtYXpvbi13ZWItc2VydmljZXMjYWRkaW5nLXRoZS1pZGVudGl0eS1wcm92aWRlci10by1hd3NcbiAgICAgICAgICBbYCR7R2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuaXNzdWVyfTphdWRgXTogJ3N0cy5hbWF6b25hd3MuY29tJyxcbiAgICAgICAgfSxcbiAgICAgIH0pLFxuICAgIH0pO1xuXG4gIH1cbn1cblxuIl19
|
|
104
|
+
GithubActionsRole[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsRole", version: "2.2.0" };
|
|
105
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsbUNBQW1DO0FBQ25DLDJDQUEyQztBQUczQyxpREFBaUQ7QUFDakQseUNBQTJGO0FBb0UzRjs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCxNQUFhLGlCQUFrQixTQUFRLEdBQUcsQ0FBQyxJQUFJO0lBcUM3Qzs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FpQkc7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTZCO1FBRXJFLE1BQU0sRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxHQUFHLEtBQUssQ0FBQztRQUV4QyxzQkFBc0I7UUFDdEIsaUJBQWlCLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTVDLGlCQUFpQjtRQUNqQixNQUFNLE9BQU8sR0FBRyxpQkFBaUIsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDdkQsTUFBTSxTQUFTLEdBQUcsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFNUQsK0JBQStCO1FBQy9CLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsR0FBRyxTQUFTO1lBQ1osU0FBUyxFQUFFLElBQUksR0FBRyxDQUFDLG9CQUFvQixDQUFDLFFBQVEsQ0FBQyx3QkFBd0IsRUFBRTtnQkFDekUsVUFBVSxFQUFFO29CQUNWLG9EQUFvRDtvQkFDcEQsQ0FBQyxHQUFHLHdDQUE2QixDQUFDLE1BQU0sTUFBTSxDQUFDLEVBQUUsT0FBTztpQkFDekQ7Z0JBQ0QsWUFBWSxFQUFFO29CQUNaLHVFQUF1RTtvQkFDdkUsMEtBQTBLO29CQUMxSyxDQUFDLEdBQUcsd0NBQTZCLENBQUMsTUFBTSxNQUFNLENBQUMsRUFBRSxtQkFBbUI7aUJBQ3JFO2FBQ0YsQ0FBQztTQUNILENBQUMsQ0FBQztJQUVMLENBQUM7SUFqRkQ7Ozs7T0FJRztJQUNLLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxLQUE2QjtRQUMzRCxNQUFNLFlBQVksR0FBUSxLQUFLLENBQUM7UUFDaEMsT0FBTyxZQUFZLENBQUMsUUFBUSxDQUFDO1FBQzdCLE9BQU8sWUFBWSxDQUFDLEtBQUssQ0FBQztRQUMxQixPQUFPLFlBQVksQ0FBQyxJQUFJLENBQUM7UUFDekIsT0FBTyxZQUFZLENBQUMsTUFBTSxDQUFDO1FBQzNCLE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7SUFFRCw4REFBOEQ7SUFDdEQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFnQixFQUFFLEtBQWE7UUFDMUQsSUFBSSxzQkFBbUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQzVDLEdBQUcsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxvQ0FBb0MsS0FBSywwS0FBMEssQ0FBQyxDQUFDO1NBQ3pQO0lBQ0gsQ0FBQztJQUVELDREQUE0RDtJQUNwRCxNQUFNLENBQUMsWUFBWSxDQUFDLEtBQWdCLEVBQUUsSUFBWTtRQUN4RCxJQUFJLElBQUksS0FBSyxFQUFFLEVBQUU7WUFDZixHQUFHLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsbUNBQW1DLElBQUksNkJBQTZCLENBQUMsQ0FBQztTQUMxRztJQUNILENBQUM7SUFFRCxvREFBb0Q7SUFDNUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUEwQjtRQUNyRCxNQUFNLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxNQUFNLEdBQUcsR0FBRyxFQUFFLEdBQUcsS0FBSyxDQUFDO1FBQzVDLE9BQU8sUUFBUSxLQUFLLElBQUksSUFBSSxJQUFJLE1BQU0sRUFBRSxDQUFDO0lBQzNDLENBQUM7O0FBbENILDhDQW9GQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IFJvbGVQcm9wcyB9IGZyb20gJy4vaWFtLXJvbGUtcHJvcHMnO1xuaW1wb3J0IGdpdGh1YlVzZXJuYW1lUmVnZXggZnJvbSAnLi9vd25lci1yZWdleHAnO1xuaW1wb3J0IHsgR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIsIElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciB9IGZyb20gJy4vcHJvdmlkZXInO1xuXG4vKipcbiAqIEdpdGh1YiByZWxhdGVkIGNvbmZpZ3VyYXRpb24gdGhhdCBmb3JtcyB0aGUgdHJ1c3QgcG9saWN5IGZvciB0aGlzIElBTSBSb2xlLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIEdpdGh1YkNvbmZpZ3VyYXRpb24ge1xuXG4gIC8qKlxuICAgKiBSZWZlcmVuY2UgdG8gR2l0aHViIE9wZW5JRCBDb25uZWN0IFByb3ZpZGVyIGNvbmZpZ3VyZWQgaW4gQVdTIElBTS5cbiAgICpcbiAgICogRWl0aGVyIHBhc3MgYW4gY29uc3RydWN0IGRlZmluZWQgYnkgYG5ldyBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlcmBcbiAgICogb3IgYSByZXRyaWV2ZWQgcmVmZXJlbmNlIGZyb20gYEdpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyLmZyb21BY2NvdW50YC5cbiAgICogVGhlcmUgY2FuIGJlIG9ubHkgb25lIChwZXIgQVdTIEFjY291bnQpLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJvdmlkZXI6IElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlcjtcblxuICAvKipcbiAgICogUmVwb3NpdG9yeSBvd25lciAob3JnYW5pemF0aW9uIG9yIHVzZXJuYW1lKS5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogJ29jdG8tb3JnJ1xuICAgKi9cbiAgcmVhZG9ubHkgb3duZXI6IHN0cmluZztcblxuICAvKipcbiAgICogUmVwb3NpdG9yeSBuYW1lIChzbHVnKSB3aXRob3V0IHRoZSBvd25lci5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogJ29jdG8tcmVwbydcbiAgICovXG4gIHJlYWRvbmx5IHJlcG86IHN0cmluZztcblxuICAvKipcbiAgICogU3ViamVjdCBjb25kaXRpb24gZmlsdGVyLCBhcHBlbmRlZCBhZnRlciBgcmVwbzoke293bmVyfS8ke3JlcG99OmAgc3RyaW5nIGluIElBTSBSb2xlIHRydXN0IHJlbGF0aW9uc2hpcC5cbiAgICpcbiAgICogQGRlZmF1bHRcbiAgICogJyonXG4gICAqXG4gICAqIFlvdSBtYXkgdXNlIHRoaXMgdmFsdWUgdG8gb25seSBhbGxvdyBHaXRodWIgdG8gYXNzdW1lIHRoZSByb2xlIG9uIHNwZWNpZmljIGJyYW5jaGVzLCB0YWdzLCBlbnZpcm9ubWVudHMsIHB1bGwgcmVxdWVzdHMgZXRjLlxuICAgKiBAZXhhbXBsZVxuICAgKiAncmVmOnJlZnMvdGFncy92KidcbiAgICogJ3JlZjpyZWZzL2hlYWRzL2RlbW8tYnJhbmNoJ1xuICAgKiAncHVsbF9yZXF1ZXN0J1xuICAgKiAnZW52aXJvbm1lbnQ6UHJvZHVjdGlvbidcbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuZ2l0aHViLmNvbS9lbi9hY3Rpb25zL2RlcGxveW1lbnQvc2VjdXJpdHktaGFyZGVuaW5nLXlvdXItZGVwbG95bWVudHMvYWJvdXQtc2VjdXJpdHktaGFyZGVuaW5nLXdpdGgtb3BlbmlkLWNvbm5lY3QjZXhhbXBsZXNcbiAgICovXG4gIHJlYWRvbmx5IGZpbHRlcj86IHN0cmluZztcbn1cblxuLyoqXG4gKiBQcm9wcyB0aGF0IGRlZmluZSB0aGUgSUFNIFJvbGUgdGhhdCBjYW4gYmUgYXNzdW1lZCBieSBHaXRodWIgQWN0aW9ucyB3b3JrZmxvd1xuICogdmlhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlci5cbiAqXG4gKiBCZXNpZGVzIGBHaXRodWJDb25maWd1cmF0aW9uYCwgeW91IG1heSBwYXNzIGluIGFueSBgaWFtLlJvbGVQcm9wc2AgZXhjZXB0IGBhc3N1bWVkQnlgXG4gKiB3aGljaCB3aWxsIGJlIGRlZmluZWQgYnkgdGhpcyBjb25zdHJ1Y3QgKENESyB3aWxsIGZhaWwgaWYgeW91IGRvKS5cbiAqXG4gKiBAZXhhbXBsZVxuICoge1xuICogICBwcm92aWRlcjogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuZnJvbUFjY291bnQoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIiksXG4gKiAgIG93bmVyOiAnb2N0by1vcmcnLFxuICogICByZXBvOiAnb2N0by1yZXBvJyxcbiAqICAgZmlsdGVyOiAncmVmOnJlZnMvdGFncy92KicsXG4gKiAgIHJvbGVOYW1lOiAnTXlEZXBsb3lSb2xlJyxcbiAqIH1cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBHaXRodWJBY3Rpb25zUm9sZVByb3BzIGV4dGVuZHMgR2l0aHViQ29uZmlndXJhdGlvbiwgUm9sZVByb3BzIHt9XG5cbi8qKlxuICogRGVmaW5lIGFuIElBTSBSb2xlIHRoYXQgY2FuIGJlIGFzc3VtZWQgYnkgR2l0aHViIEFjdGlvbnMgd29ya2Zsb3dcbiAqIHZpYSBHaXRodWIgT3BlbklEIENvbm5lY3QgSWRlbnRpdHkgUHJvdmlkZXIuXG4gKlxuICogQmVzaWRlcyBgR2l0aHViQ29uZmlndXJhdGlvbmAsIHlvdSBtYXkgcGFzcyBpbiBhbnkgYGlhbS5Sb2xlUHJvcHNgIGV4Y2VwdCBgYXNzdW1lZEJ5YFxuICogd2hpY2ggd2lsbCBiZSBkZWZpbmVkIGJ5IHRoaXMgY29uc3RydWN0IChDREsgd2lsbCBmYWlsIGlmIHlvdSBkbykuXG4gKlxuICogQGV4YW1wbGVcbiAqIGNvbnN0IHVwbG9hZFJvbGUgPSBuZXcgR2l0aHViQWN0aW9uc1JvbGUoc2NvcGUsIFwiVXBsb2FkUm9sZVwiLCB7XG4gKiAgIHByb3ZpZGVyOiBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5mcm9tQWNjb3VudChzY29wZSwgXCJHaXRodWJQcm92aWRlclwiKSxcbiAqICAgb3duZXI6ICdvY3RvLW9yZycsXG4gKiAgIHJlcG86ICdvY3RvLXJlcG8nLFxuICogICBmaWx0ZXI6ICdyZWY6cmVmcy90YWdzL3YqJyxcbiAqICAgcm9sZU5hbWU6ICdNeVVwbG9hZFJvbGUnLFxuICogfSk7XG4gKlxuICogbXlCdWNrZXQuZ3JhbnRXcml0ZSh1cGxvYWRSb2xlKTtcbiAqL1xuZXhwb3J0IGNsYXNzIEdpdGh1YkFjdGlvbnNSb2xlIGV4dGVuZHMgaWFtLlJvbGUge1xuXG4gIC8qKlxuICAgKiBFeHRyYWN0cyBwcm9wcyBnaXZlbiBmb3IgdGhlIGNyZWF0ZWQgSUFNIFJvbGUgQ29uc3RydWN0LlxuICAgKiBAcGFyYW0gcHJvcHMgZm9yIHRoZSBHaXRodWJBY3Rpb25zUm9sZVxuICAgKiBAcmV0dXJucyBmb3IgdGhlIElBTSBSb2xlXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBleHRyYWN0Um9sZVByb3BzKHByb3BzOiBHaXRodWJBY3Rpb25zUm9sZVByb3BzKTogaWFtLlJvbGVQcm9wcyB7XG4gICAgY29uc3QgZXh0cmFjdFByb3BzID0gPGFueT5wcm9wcztcbiAgICBkZWxldGUgZXh0cmFjdFByb3BzLnByb3ZpZGVyO1xuICAgIGRlbGV0ZSBleHRyYWN0UHJvcHMub3duZXI7XG4gICAgZGVsZXRlIGV4dHJhY3RQcm9wcy5yZXBvO1xuICAgIGRlbGV0ZSBleHRyYWN0UHJvcHMuZmlsdGVyO1xuICAgIHJldHVybiBleHRyYWN0UHJvcHM7XG4gIH1cblxuICAvKiogVmFsaWRhdGVzIHRoZSBHaXRodWIgb3duZXIgKG9yZ2FuaXphdGlvbiBvciB1c2VyKSBuYW1lLiAqL1xuICBwcml2YXRlIHN0YXRpYyB2YWxpZGF0ZU93bmVyKHNjb3BlOiBDb25zdHJ1Y3QsIG93bmVyOiBzdHJpbmcpOiB2b2lkIHtcbiAgICBpZiAoZ2l0aHViVXNlcm5hbWVSZWdleC50ZXN0KG93bmVyKSAhPT0gdHJ1ZSkge1xuICAgICAgY2RrLkFubm90YXRpb25zLm9mKHNjb3BlKS5hZGRFcnJvcihgSW52YWxpZCBHaXRodWIgUmVwb3NpdG9yeSBPd25lciBcIiR7b3duZXJ9XCIuIE11c3Qgb25seSBjb250YWluIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzIG9yIGh5cGhlbnMsIGNhbm5vdCBoYXZlIG11bHRpcGxlIGNvbnNlY3V0aXZlIGh5cGhlbnMsIGNhbm5vdCBiZWdpbiBvciBlbmQgd2l0aCBhIGh5cGVuIGFuZCBtYXhpbXVtIGxlbmdodCBpcyAzOSBjaGFyYWN0ZXJzLmApO1xuICAgIH1cbiAgfVxuXG4gIC8qKiBWYWxpZGF0ZXMgdGhlIEdpdGh1YiByZXBvc2l0b3J5IG5hbWUgKHdpdGhvdXQgb3duZXIpLiAqL1xuICBwcml2YXRlIHN0YXRpYyB2YWxpZGF0ZVJlcG8oc2NvcGU6IENvbnN0cnVjdCwgcmVwbzogc3RyaW5nKTogdm9pZCB7XG4gICAgaWYgKHJlcG8gPT09ICcnKSB7XG4gICAgICBjZGsuQW5ub3RhdGlvbnMub2Yoc2NvcGUpLmFkZEVycm9yKGBJbnZhbGlkIEdpdGh1YiBSZXBvc2l0b3J5IE5hbWUgXCIke3JlcG99XCIuIE1heSBub3QgYmUgZW1wdHkgc3RyaW5nLmApO1xuICAgIH1cbiAgfVxuXG4gIC8qKiBGb3JtYXRzIHRoZSBgc3ViYCB2YWx1ZSB1c2VkIGluIHRydXN0IHBvbGljeS4gKi9cbiAgcHJpdmF0ZSBzdGF0aWMgZm9ybWF0U3ViamVjdChwcm9wczogR2l0aHViQ29uZmlndXJhdGlvbik6IHN0cmluZyB7XG4gICAgY29uc3QgeyBvd25lciwgcmVwbywgZmlsdGVyID0gJyonIH0gPSBwcm9wcztcbiAgICByZXR1cm4gYHJlcG86JHtvd25lcn0vJHtyZXBvfToke2ZpbHRlcn1gO1xuICB9XG5cblxuICAvKipcbiAgICogRGVmaW5lIGFuIElBTSBSb2xlIHRoYXQgY2FuIGJlIGFzc3VtZWQgYnkgR2l0aHViIEFjdGlvbnMgd29ya2Zsb3dcbiAgICogdmlhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlci5cbiAgICpcbiAgICogQmVzaWRlcyBgR2l0aHViQ29uZmlndXJhdGlvbmAsIHlvdSBtYXkgcGFzcyBpbiBhbnkgYGlhbS5Sb2xlUHJvcHNgIGV4Y2VwdCBgYXNzdW1lZEJ5YFxuICAgKiB3aGljaCB3aWxsIGJlIGRlZmluZWQgYnkgdGhpcyBjb25zdHJ1Y3QgKENESyB3aWxsIGZhaWwgaWYgeW91IGRvKS5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogY29uc3QgdXBsb2FkUm9sZSA9IG5ldyBHaXRodWJBY3Rpb25zUm9sZShzY29wZSwgXCJVcGxvYWRSb2xlXCIsIHtcbiAgICogICBwcm92aWRlcjogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuZnJvbUFjY291bnQoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIiksXG4gICAqICAgb3duZXI6ICdvY3RvLW9yZycsXG4gICAqICAgcmVwbzogJ29jdG8tcmVwbycsXG4gICAqICAgZmlsdGVyOiAncmVmOnJlZnMvdGFncy92KicsXG4gICAqICAgcm9sZU5hbWU6ICdNeVVwbG9hZFJvbGUnLFxuICAgKiB9KTtcbiAgICpcbiAgICogbXlCdWNrZXQuZ3JhbnRXcml0ZSh1cGxvYWRSb2xlKTtcbiAgICovXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBHaXRodWJBY3Rpb25zUm9sZVByb3BzKSB7XG5cbiAgICBjb25zdCB7IHByb3ZpZGVyLCBvd25lciwgcmVwbyB9ID0gcHJvcHM7XG5cbiAgICAvLyBQZXJmb3JtIHZhbGlkYXRpb25zXG4gICAgR2l0aHViQWN0aW9uc1JvbGUudmFsaWRhdGVPd25lcihzY29wZSwgb3duZXIpO1xuICAgIEdpdGh1YkFjdGlvbnNSb2xlLnZhbGlkYXRlUmVwbyhzY29wZSwgcmVwbyk7XG5cbiAgICAvLyBQcmVwYXJlIHZhbHVlc1xuICAgIGNvbnN0IHN1YmplY3QgPSBHaXRodWJBY3Rpb25zUm9sZS5mb3JtYXRTdWJqZWN0KHByb3BzKTtcbiAgICBjb25zdCByb2xlUHJvcHMgPSBHaXRodWJBY3Rpb25zUm9sZS5leHRyYWN0Um9sZVByb3BzKHByb3BzKTtcblxuICAgIC8vIFRoZSBhY3R1YWwgSUFNIFJvbGUgY3JlYXRpb25cbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIC4uLnJvbGVQcm9wcyxcbiAgICAgIGFzc3VtZWRCeTogbmV3IGlhbS5XZWJJZGVudGl0eVByaW5jaXBhbChwcm92aWRlci5vcGVuSWRDb25uZWN0UHJvdmlkZXJBcm4sIHtcbiAgICAgICAgU3RyaW5nTGlrZToge1xuICAgICAgICAgIC8vIE9ubHkgYWxsb3cgc3BlY2lmaWVkIHN1YmplY3RzIHRvIGFzc3VtZSB0aGlzIHJvbGVcbiAgICAgICAgICBbYCR7R2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuaXNzdWVyfTpzdWJgXTogc3ViamVjdCxcbiAgICAgICAgfSxcbiAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgLy8gQXVkaWVuY2UgaXMgYWx3YXlzIHN0cy5hbWF6b25hd3MuY29tIHdpdGggQVdTIG9mZmljaWFsIEdpdGh1YiBBY3Rpb25cbiAgICAgICAgICAvLyBodHRwczovL2RvY3MuZ2l0aHViLmNvbS9lbi9hY3Rpb25zL2RlcGxveW1lbnQvc2VjdXJpdHktaGFyZGVuaW5nLXlvdXItZGVwbG95bWVudHMvY29uZmlndXJpbmctb3BlbmlkLWNvbm5lY3QtaW4tYW1hem9uLXdlYi1zZXJ2aWNlcyNhZGRpbmctdGhlLWlkZW50aXR5LXByb3ZpZGVyLXRvLWF3c1xuICAgICAgICAgIFtgJHtHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5pc3N1ZXJ9OmF1ZGBdOiAnc3RzLmFtYXpvbmF3cy5jb20nLFxuICAgICAgICB9LFxuICAgICAgfSksXG4gICAgfSk7XG5cbiAgfVxufVxuXG4iXX0=
|