aws-cdk-github-oidc 2.3.2 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/.gitattributes +2 -1
  2. package/.jsii +515 -29
  3. package/API.md +0 -6
  4. package/README.md +40 -32
  5. package/lib/provider.d.ts +0 -1
  6. package/lib/provider.js +2 -7
  7. package/lib/role.js +1 -1
  8. package/package.json +22 -19
  9. package/changelog.md +0 -2
  10. package/releasetag.txt +0 -1
  11. package/version.txt +0 -1
package/.gitattributes CHANGED
@@ -8,17 +8,18 @@
8
8
  /.github/workflows/pull-request-lint.yml linguist-generated
9
9
  /.github/workflows/release-cdkv1.yml linguist-generated
10
10
  /.github/workflows/release.yml linguist-generated
11
- /.github/workflows/stale.yml linguist-generated
12
11
  /.github/workflows/upgrade-cdkv1.yml linguist-generated
13
12
  /.github/workflows/upgrade-main.yml linguist-generated
14
13
  /.gitignore linguist-generated
15
14
  /.mergify.yml linguist-generated
16
15
  /.npmignore linguist-generated
16
+ /.npmrc linguist-generated
17
17
  /.nvmrc linguist-generated
18
18
  /.projen/** linguist-generated
19
19
  /.projen/deps.json linguist-generated
20
20
  /.projen/files.json linguist-generated
21
21
  /.projen/tasks.json linguist-generated
22
+ /API.md linguist-generated
22
23
  /LICENSE linguist-generated
23
24
  /package-lock.json linguist-generated
24
25
  /package.json linguist-generated
package/.jsii CHANGED
@@ -7,10 +7,88 @@
7
7
  ]
8
8
  },
9
9
  "dependencies": {
10
- "aws-cdk-lib": "^2.24.1",
10
+ "aws-cdk-lib": "^2.89.0",
11
11
  "constructs": "^10.0.0"
12
12
  },
13
13
  "dependencyClosure": {
14
+ "@aws-cdk/asset-awscli-v1": {
15
+ "targets": {
16
+ "dotnet": {
17
+ "namespace": "Amazon.CDK.Asset.AwsCliV1",
18
+ "packageId": "Amazon.CDK.Asset.AwsCliV1"
19
+ },
20
+ "go": {
21
+ "moduleName": "github.com/cdklabs/awscdk-asset-awscli-go",
22
+ "packageName": "awscliv1"
23
+ },
24
+ "java": {
25
+ "maven": {
26
+ "artifactId": "cdk-asset-awscli-v1",
27
+ "groupId": "software.amazon.awscdk"
28
+ },
29
+ "package": "software.amazon.awscdk.cdk.asset.awscli.v1"
30
+ },
31
+ "js": {
32
+ "npm": "@aws-cdk/asset-awscli-v1"
33
+ },
34
+ "python": {
35
+ "distName": "aws-cdk.asset-awscli-v1",
36
+ "module": "aws_cdk.asset_awscli_v1"
37
+ }
38
+ }
39
+ },
40
+ "@aws-cdk/asset-kubectl-v20": {
41
+ "targets": {
42
+ "dotnet": {
43
+ "namespace": "Amazon.CDK.Asset.KubectlV20",
44
+ "packageId": "Amazon.CDK.Asset.KubectlV20"
45
+ },
46
+ "go": {
47
+ "moduleName": "github.com/cdklabs/awscdk-asset-kubectl-go",
48
+ "packageName": "kubectlv20"
49
+ },
50
+ "java": {
51
+ "maven": {
52
+ "artifactId": "cdk-asset-kubectl-v20",
53
+ "groupId": "software.amazon.awscdk"
54
+ },
55
+ "package": "software.amazon.awscdk.cdk.asset.kubectl.v20"
56
+ },
57
+ "js": {
58
+ "npm": "@aws-cdk/asset-kubectl-v20"
59
+ },
60
+ "python": {
61
+ "distName": "aws-cdk.asset-kubectl-v20",
62
+ "module": "aws_cdk.asset_kubectl_v20"
63
+ }
64
+ }
65
+ },
66
+ "@aws-cdk/asset-node-proxy-agent-v5": {
67
+ "targets": {
68
+ "dotnet": {
69
+ "namespace": "Amazon.CDK.Asset.NodeProxyAgentV5",
70
+ "packageId": "Amazon.CDK.Asset.NodeProxyAgentV5"
71
+ },
72
+ "go": {
73
+ "moduleName": "github.com/cdklabs/awscdk-asset-node-proxy-agent-go",
74
+ "packageName": "nodeproxyagentv5"
75
+ },
76
+ "java": {
77
+ "maven": {
78
+ "artifactId": "cdk-asset-node-proxy-agent-v5",
79
+ "groupId": "software.amazon.awscdk"
80
+ },
81
+ "package": "software.amazon.awscdk.cdk.asset.node.proxy.agent.v5"
82
+ },
83
+ "js": {
84
+ "npm": "@aws-cdk/asset-node-proxy-agent-v5"
85
+ },
86
+ "python": {
87
+ "distName": "aws-cdk.asset-node-proxy-agent-v5",
88
+ "module": "aws_cdk.asset_node_proxy_agent_v5"
89
+ }
90
+ }
91
+ },
14
92
  "aws-cdk-lib": {
15
93
  "submodules": {
16
94
  "aws-cdk-lib.alexa_ask": {
@@ -364,6 +442,19 @@
364
442
  }
365
443
  }
366
444
  },
445
+ "aws-cdk-lib.aws_backupgateway": {
446
+ "targets": {
447
+ "dotnet": {
448
+ "package": "Amazon.CDK.AWS.BackupGateway"
449
+ },
450
+ "java": {
451
+ "package": "services.backupgateway"
452
+ },
453
+ "python": {
454
+ "module": "aws_cdk.aws_backupgateway"
455
+ }
456
+ }
457
+ },
367
458
  "aws-cdk-lib.aws_batch": {
368
459
  "targets": {
369
460
  "dotnet": {
@@ -455,6 +546,19 @@
455
546
  }
456
547
  }
457
548
  },
549
+ "aws-cdk-lib.aws_cleanrooms": {
550
+ "targets": {
551
+ "dotnet": {
552
+ "package": "Amazon.CDK.AWS.CleanRooms"
553
+ },
554
+ "java": {
555
+ "package": "services.cleanrooms"
556
+ },
557
+ "python": {
558
+ "module": "aws_cdk.aws_cleanrooms"
559
+ }
560
+ }
561
+ },
458
562
  "aws-cdk-lib.aws_cloud9": {
459
563
  "targets": {
460
564
  "dotnet": {
@@ -703,6 +807,19 @@
703
807
  }
704
808
  }
705
809
  },
810
+ "aws-cdk-lib.aws_comprehend": {
811
+ "targets": {
812
+ "dotnet": {
813
+ "namespace": "Amazon.CDK.AWS.Comprehend"
814
+ },
815
+ "java": {
816
+ "package": "software.amazon.awscdk.services.comprehend"
817
+ },
818
+ "python": {
819
+ "module": "aws_cdk.aws_comprehend"
820
+ }
821
+ }
822
+ },
706
823
  "aws-cdk-lib.aws_config": {
707
824
  "targets": {
708
825
  "dotnet": {
@@ -729,6 +846,32 @@
729
846
  }
730
847
  }
731
848
  },
849
+ "aws-cdk-lib.aws_connectcampaigns": {
850
+ "targets": {
851
+ "dotnet": {
852
+ "namespace": "Amazon.CDK.AWS.ConnectCampaigns"
853
+ },
854
+ "java": {
855
+ "package": "software.amazon.awscdk.services.connectcampaigns"
856
+ },
857
+ "python": {
858
+ "module": "aws_cdk.aws_connectcampaigns"
859
+ }
860
+ }
861
+ },
862
+ "aws-cdk-lib.aws_controltower": {
863
+ "targets": {
864
+ "dotnet": {
865
+ "namespace": "Amazon.CDK.AWS.ControlTower"
866
+ },
867
+ "java": {
868
+ "package": "software.amazon.awscdk.services.controltower"
869
+ },
870
+ "python": {
871
+ "module": "aws_cdk.aws_controltower"
872
+ }
873
+ }
874
+ },
732
875
  "aws-cdk-lib.aws_cur": {
733
876
  "targets": {
734
877
  "dotnet": {
@@ -820,6 +963,19 @@
820
963
  }
821
964
  }
822
965
  },
966
+ "aws-cdk-lib.aws_devicefarm": {
967
+ "targets": {
968
+ "dotnet": {
969
+ "namespace": "Amazon.CDK.AWS.DeviceFarm"
970
+ },
971
+ "java": {
972
+ "package": "software.amazon.awscdk.services.devicefarm"
973
+ },
974
+ "python": {
975
+ "module": "aws_cdk.aws_devicefarm"
976
+ }
977
+ }
978
+ },
823
979
  "aws-cdk-lib.aws_devopsguru": {
824
980
  "targets": {
825
981
  "dotnet": {
@@ -885,6 +1041,19 @@
885
1041
  }
886
1042
  }
887
1043
  },
1044
+ "aws-cdk-lib.aws_docdbelastic": {
1045
+ "targets": {
1046
+ "dotnet": {
1047
+ "namespace": "Amazon.CDK.AWS.DocDBElastic"
1048
+ },
1049
+ "java": {
1050
+ "package": "software.amazon.awscdk.services.docdbelastic"
1051
+ },
1052
+ "python": {
1053
+ "module": "aws_cdk.aws_docdbelastic"
1054
+ }
1055
+ }
1056
+ },
888
1057
  "aws-cdk-lib.aws_dynamodb": {
889
1058
  "targets": {
890
1059
  "dotnet": {
@@ -1106,6 +1275,19 @@
1106
1275
  }
1107
1276
  }
1108
1277
  },
1278
+ "aws-cdk-lib.aws_emrserverless": {
1279
+ "targets": {
1280
+ "dotnet": {
1281
+ "namespace": "Amazon.CDK.AWS.EMRServerless"
1282
+ },
1283
+ "java": {
1284
+ "package": "software.amazon.awscdk.services.emrserverless"
1285
+ },
1286
+ "python": {
1287
+ "module": "aws_cdk.aws_emrserverless"
1288
+ }
1289
+ }
1290
+ },
1109
1291
  "aws-cdk-lib.aws_events": {
1110
1292
  "targets": {
1111
1293
  "dotnet": {
@@ -1288,6 +1470,19 @@
1288
1470
  }
1289
1471
  }
1290
1472
  },
1473
+ "aws-cdk-lib.aws_grafana": {
1474
+ "targets": {
1475
+ "dotnet": {
1476
+ "namespace": "Amazon.CDK.AWS.Grafana"
1477
+ },
1478
+ "java": {
1479
+ "package": "software.amazon.awscdk.services.grafana"
1480
+ },
1481
+ "python": {
1482
+ "module": "aws_cdk.aws_grafana"
1483
+ }
1484
+ }
1485
+ },
1291
1486
  "aws-cdk-lib.aws_greengrass": {
1292
1487
  "targets": {
1293
1488
  "dotnet": {
@@ -1366,6 +1561,19 @@
1366
1561
  }
1367
1562
  }
1368
1563
  },
1564
+ "aws-cdk-lib.aws_identitystore": {
1565
+ "targets": {
1566
+ "dotnet": {
1567
+ "namespace": "Amazon.CDK.AWS.IdentityStore"
1568
+ },
1569
+ "java": {
1570
+ "package": "software.amazon.awscdk.services.identitystore"
1571
+ },
1572
+ "python": {
1573
+ "module": "aws_cdk.aws_identitystore"
1574
+ }
1575
+ }
1576
+ },
1369
1577
  "aws-cdk-lib.aws_imagebuilder": {
1370
1578
  "targets": {
1371
1579
  "dotnet": {
@@ -1405,6 +1613,19 @@
1405
1613
  }
1406
1614
  }
1407
1615
  },
1616
+ "aws-cdk-lib.aws_internetmonitor": {
1617
+ "targets": {
1618
+ "dotnet": {
1619
+ "namespace": "Amazon.CDK.AWS.InternetMonitor"
1620
+ },
1621
+ "java": {
1622
+ "package": "software.amazon.awscdk.services.internetmonitor"
1623
+ },
1624
+ "python": {
1625
+ "module": "aws_cdk.aws_internetmonitor"
1626
+ }
1627
+ }
1628
+ },
1408
1629
  "aws-cdk-lib.aws_iot": {
1409
1630
  "targets": {
1410
1631
  "dotnet": {
@@ -1483,6 +1704,19 @@
1483
1704
  }
1484
1705
  }
1485
1706
  },
1707
+ "aws-cdk-lib.aws_iotfleetwise": {
1708
+ "targets": {
1709
+ "dotnet": {
1710
+ "namespace": "Amazon.CDK.AWS.IoTFleetWise"
1711
+ },
1712
+ "java": {
1713
+ "package": "software.amazon.awscdk.services.iotfleetwise"
1714
+ },
1715
+ "python": {
1716
+ "module": "aws_cdk.aws_iotfleetwise"
1717
+ }
1718
+ }
1719
+ },
1486
1720
  "aws-cdk-lib.aws_iotsitewise": {
1487
1721
  "targets": {
1488
1722
  "dotnet": {
@@ -1548,6 +1782,19 @@
1548
1782
  }
1549
1783
  }
1550
1784
  },
1785
+ "aws-cdk-lib.aws_ivschat": {
1786
+ "targets": {
1787
+ "dotnet": {
1788
+ "namespace": "Amazon.CDK.AWS.IVSChat"
1789
+ },
1790
+ "java": {
1791
+ "package": "software.amazon.awscdk.services.ivschat"
1792
+ },
1793
+ "python": {
1794
+ "module": "aws_cdk.aws_ivschat"
1795
+ }
1796
+ }
1797
+ },
1551
1798
  "aws-cdk-lib.aws_kafkaconnect": {
1552
1799
  "targets": {
1553
1800
  "dotnet": {
@@ -1574,6 +1821,19 @@
1574
1821
  }
1575
1822
  }
1576
1823
  },
1824
+ "aws-cdk-lib.aws_kendraranking": {
1825
+ "targets": {
1826
+ "dotnet": {
1827
+ "namespace": "Amazon.CDK.AWS.KendraRanking"
1828
+ },
1829
+ "java": {
1830
+ "package": "software.amazon.awscdk.services.kendraranking"
1831
+ },
1832
+ "python": {
1833
+ "module": "aws_cdk.aws_kendraranking"
1834
+ }
1835
+ }
1836
+ },
1577
1837
  "aws-cdk-lib.aws_kinesis": {
1578
1838
  "targets": {
1579
1839
  "dotnet": {
@@ -1834,6 +2094,19 @@
1834
2094
  }
1835
2095
  }
1836
2096
  },
2097
+ "aws-cdk-lib.aws_m2": {
2098
+ "targets": {
2099
+ "dotnet": {
2100
+ "namespace": "Amazon.CDK.AWS.M2"
2101
+ },
2102
+ "java": {
2103
+ "package": "software.amazon.awscdk.services.m2"
2104
+ },
2105
+ "python": {
2106
+ "module": "aws_cdk.aws_m2"
2107
+ }
2108
+ }
2109
+ },
1837
2110
  "aws-cdk-lib.aws_macie": {
1838
2111
  "targets": {
1839
2112
  "dotnet": {
@@ -2029,6 +2302,45 @@
2029
2302
  }
2030
2303
  }
2031
2304
  },
2305
+ "aws-cdk-lib.aws_oam": {
2306
+ "targets": {
2307
+ "dotnet": {
2308
+ "namespace": "Amazon.CDK.AWS.Oam"
2309
+ },
2310
+ "java": {
2311
+ "package": "software.amazon.awscdk.services.oam"
2312
+ },
2313
+ "python": {
2314
+ "module": "aws_cdk.aws_oam"
2315
+ }
2316
+ }
2317
+ },
2318
+ "aws-cdk-lib.aws_omics": {
2319
+ "targets": {
2320
+ "dotnet": {
2321
+ "namespace": "Amazon.CDK.AWS.Omics"
2322
+ },
2323
+ "java": {
2324
+ "package": "software.amazon.awscdk.services.omics"
2325
+ },
2326
+ "python": {
2327
+ "module": "aws_cdk.aws_omics"
2328
+ }
2329
+ }
2330
+ },
2331
+ "aws-cdk-lib.aws_opensearchserverless": {
2332
+ "targets": {
2333
+ "dotnet": {
2334
+ "namespace": "Amazon.CDK.AWS.OpenSearchServerless"
2335
+ },
2336
+ "java": {
2337
+ "package": "software.amazon.awscdk.services.opensearchserverless"
2338
+ },
2339
+ "python": {
2340
+ "module": "aws_cdk.aws_opensearchserverless"
2341
+ }
2342
+ }
2343
+ },
2032
2344
  "aws-cdk-lib.aws_opensearchservice": {
2033
2345
  "targets": {
2034
2346
  "dotnet": {
@@ -2068,6 +2380,32 @@
2068
2380
  }
2069
2381
  }
2070
2382
  },
2383
+ "aws-cdk-lib.aws_organizations": {
2384
+ "targets": {
2385
+ "dotnet": {
2386
+ "namespace": "Amazon.CDK.AWS.Organizations"
2387
+ },
2388
+ "java": {
2389
+ "package": "software.amazon.awscdk.services.organizations"
2390
+ },
2391
+ "python": {
2392
+ "module": "aws_cdk.aws_organizations"
2393
+ }
2394
+ }
2395
+ },
2396
+ "aws-cdk-lib.aws_osis": {
2397
+ "targets": {
2398
+ "dotnet": {
2399
+ "package": "Amazon.CDK.AWS.OSIS"
2400
+ },
2401
+ "java": {
2402
+ "package": "services.osis"
2403
+ },
2404
+ "python": {
2405
+ "module": "aws_cdk.aws_osis"
2406
+ }
2407
+ }
2408
+ },
2071
2409
  "aws-cdk-lib.aws_panorama": {
2072
2410
  "targets": {
2073
2411
  "dotnet": {
@@ -2120,6 +2458,32 @@
2120
2458
  }
2121
2459
  }
2122
2460
  },
2461
+ "aws-cdk-lib.aws_pipes": {
2462
+ "targets": {
2463
+ "dotnet": {
2464
+ "namespace": "Amazon.CDK.AWS.Pipes"
2465
+ },
2466
+ "java": {
2467
+ "package": "software.amazon.awscdk.services.pipes"
2468
+ },
2469
+ "python": {
2470
+ "module": "aws_cdk.aws_pipes"
2471
+ }
2472
+ }
2473
+ },
2474
+ "aws-cdk-lib.aws_proton": {
2475
+ "targets": {
2476
+ "dotnet": {
2477
+ "package": "Amazon.CDK.AWS.Proton"
2478
+ },
2479
+ "java": {
2480
+ "package": "services.proton"
2481
+ },
2482
+ "python": {
2483
+ "module": "aws_cdk.aws_proton"
2484
+ }
2485
+ }
2486
+ },
2123
2487
  "aws-cdk-lib.aws_qldb": {
2124
2488
  "targets": {
2125
2489
  "dotnet": {
@@ -2185,6 +2549,19 @@
2185
2549
  }
2186
2550
  }
2187
2551
  },
2552
+ "aws-cdk-lib.aws_redshiftserverless": {
2553
+ "targets": {
2554
+ "dotnet": {
2555
+ "namespace": "Amazon.CDK.AWS.RedshiftServerless"
2556
+ },
2557
+ "java": {
2558
+ "package": "software.amazon.awscdk.services.redshiftserverless"
2559
+ },
2560
+ "python": {
2561
+ "module": "aws_cdk.aws_redshiftserverless"
2562
+ }
2563
+ }
2564
+ },
2188
2565
  "aws-cdk-lib.aws_refactorspaces": {
2189
2566
  "targets": {
2190
2567
  "dotnet": {
@@ -2224,6 +2601,19 @@
2224
2601
  }
2225
2602
  }
2226
2603
  },
2604
+ "aws-cdk-lib.aws_resourceexplorer2": {
2605
+ "targets": {
2606
+ "dotnet": {
2607
+ "namespace": "Amazon.CDK.AWS.ResourceExplorer2"
2608
+ },
2609
+ "java": {
2610
+ "package": "software.amazon.awscdk.services.resourceexplorer2"
2611
+ },
2612
+ "python": {
2613
+ "module": "aws_cdk.aws_resourceexplorer2"
2614
+ }
2615
+ }
2616
+ },
2227
2617
  "aws-cdk-lib.aws_resourcegroups": {
2228
2618
  "targets": {
2229
2619
  "dotnet": {
@@ -2250,6 +2640,19 @@
2250
2640
  }
2251
2641
  }
2252
2642
  },
2643
+ "aws-cdk-lib.aws_rolesanywhere": {
2644
+ "targets": {
2645
+ "dotnet": {
2646
+ "namespace": "Amazon.CDK.AWS.RolesAnywhere"
2647
+ },
2648
+ "java": {
2649
+ "package": "software.amazon.awscdk.services.rolesanywhere"
2650
+ },
2651
+ "python": {
2652
+ "module": "aws_cdk.aws_rolesanywhere"
2653
+ }
2654
+ }
2655
+ },
2253
2656
  "aws-cdk-lib.aws_route53": {
2254
2657
  "targets": {
2255
2658
  "dotnet": {
@@ -2445,6 +2848,19 @@
2445
2848
  }
2446
2849
  }
2447
2850
  },
2851
+ "aws-cdk-lib.aws_scheduler": {
2852
+ "targets": {
2853
+ "dotnet": {
2854
+ "namespace": "Amazon.CDK.AWS.Scheduler"
2855
+ },
2856
+ "java": {
2857
+ "package": "software.amazon.awscdk.services.scheduler"
2858
+ },
2859
+ "python": {
2860
+ "module": "aws_cdk.aws_scheduler"
2861
+ }
2862
+ }
2863
+ },
2448
2864
  "aws-cdk-lib.aws_sdb": {
2449
2865
  "targets": {
2450
2866
  "dotnet": {
@@ -2549,6 +2965,19 @@
2549
2965
  }
2550
2966
  }
2551
2967
  },
2968
+ "aws-cdk-lib.aws_shield": {
2969
+ "targets": {
2970
+ "dotnet": {
2971
+ "package": "Amazon.CDK.AWS.Shield"
2972
+ },
2973
+ "java": {
2974
+ "package": "services.shield"
2975
+ },
2976
+ "python": {
2977
+ "module": "aws_cdk.aws_shield"
2978
+ }
2979
+ }
2980
+ },
2552
2981
  "aws-cdk-lib.aws_signer": {
2553
2982
  "targets": {
2554
2983
  "dotnet": {
@@ -2562,6 +2991,19 @@
2562
2991
  }
2563
2992
  }
2564
2993
  },
2994
+ "aws-cdk-lib.aws_simspaceweaver": {
2995
+ "targets": {
2996
+ "dotnet": {
2997
+ "namespace": "Amazon.CDK.AWS.SimSpaceWeaver"
2998
+ },
2999
+ "java": {
3000
+ "package": "software.amazon.awscdk.services.simspaceweaver"
3001
+ },
3002
+ "python": {
3003
+ "module": "aws_cdk.aws_simspaceweaver"
3004
+ }
3005
+ }
3006
+ },
2565
3007
  "aws-cdk-lib.aws_sns": {
2566
3008
  "targets": {
2567
3009
  "dotnet": {
@@ -2679,6 +3121,19 @@
2679
3121
  }
2680
3122
  }
2681
3123
  },
3124
+ "aws-cdk-lib.aws_supportapp": {
3125
+ "targets": {
3126
+ "dotnet": {
3127
+ "namespace": "Amazon.CDK.AWS.SupportApp"
3128
+ },
3129
+ "java": {
3130
+ "package": "software.amazon.awscdk.services.supportapp"
3131
+ },
3132
+ "python": {
3133
+ "module": "aws_cdk.aws_supportapp"
3134
+ }
3135
+ }
3136
+ },
2682
3137
  "aws-cdk-lib.aws_synthetics": {
2683
3138
  "targets": {
2684
3139
  "dotnet": {
@@ -2692,6 +3147,19 @@
2692
3147
  }
2693
3148
  }
2694
3149
  },
3150
+ "aws-cdk-lib.aws_systemsmanagersap": {
3151
+ "targets": {
3152
+ "dotnet": {
3153
+ "namespace": "Amazon.CDK.AWS.SystemsManagerSAP"
3154
+ },
3155
+ "java": {
3156
+ "package": "software.amazon.awscdk.services.systemsmanagersap"
3157
+ },
3158
+ "python": {
3159
+ "module": "aws_cdk.aws_systemsmanagersap"
3160
+ }
3161
+ }
3162
+ },
2695
3163
  "aws-cdk-lib.aws_timestream": {
2696
3164
  "targets": {
2697
3165
  "dotnet": {
@@ -2718,6 +3186,45 @@
2718
3186
  }
2719
3187
  }
2720
3188
  },
3189
+ "aws-cdk-lib.aws_verifiedpermissions": {
3190
+ "targets": {
3191
+ "dotnet": {
3192
+ "package": "Amazon.CDK.AWS.VerifiedPermissions"
3193
+ },
3194
+ "java": {
3195
+ "package": "services.verifiedpermissions"
3196
+ },
3197
+ "python": {
3198
+ "module": "aws_cdk.aws_verifiedpermissions"
3199
+ }
3200
+ }
3201
+ },
3202
+ "aws-cdk-lib.aws_voiceid": {
3203
+ "targets": {
3204
+ "dotnet": {
3205
+ "namespace": "Amazon.CDK.AWS.VoiceID"
3206
+ },
3207
+ "java": {
3208
+ "package": "software.amazon.awscdk.services.voiceid"
3209
+ },
3210
+ "python": {
3211
+ "module": "aws_cdk.aws_voiceid"
3212
+ }
3213
+ }
3214
+ },
3215
+ "aws-cdk-lib.aws_vpclattice": {
3216
+ "targets": {
3217
+ "dotnet": {
3218
+ "namespace": "Amazon.CDK.AWS.VpcLattice"
3219
+ },
3220
+ "java": {
3221
+ "package": "software.amazon.awscdk.services.vpclattice"
3222
+ },
3223
+ "python": {
3224
+ "module": "aws_cdk.aws_vpclattice"
3225
+ }
3226
+ }
3227
+ },
2721
3228
  "aws-cdk-lib.aws_waf": {
2722
3229
  "targets": {
2723
3230
  "dotnet": {
@@ -2929,7 +3436,7 @@
2929
3436
  },
2930
3437
  "targets": {
2931
3438
  "dotnet": {
2932
- "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png",
3439
+ "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/main/logo/default-256-dark.png",
2933
3440
  "namespace": "Amazon.CDK",
2934
3441
  "packageId": "Amazon.CDK.Lib"
2935
3442
  },
@@ -2984,7 +3491,7 @@
2984
3491
  "stability": "experimental"
2985
3492
  },
2986
3493
  "homepage": "https://github.com/aripalo/aws-cdk-github-oidc.git",
2987
- "jsiiVersion": "1.70.0 (build 03c2f6f)",
3494
+ "jsiiVersion": "1.86.1 (build defb235)",
2988
3495
  "keywords": [
2989
3496
  "aws",
2990
3497
  "aws-cdk",
@@ -3007,7 +3514,7 @@
3007
3514
  },
3008
3515
  "name": "aws-cdk-github-oidc",
3009
3516
  "readme": {
3010
- "markdown": "# AWS CDK Github OpenID Connect\n\n![cdk-support](https://img.shields.io/badge/cdk-%20typescript%20|%20python%20-informational \"TypeScript | Python\")\n[![release](https://github.com/aripalo/aws-cdk-github-oidc/actions/workflows/release.yml/badge.svg)](https://github.com/aripalo/aws-cdk-github-oidc/actions/workflows/release.yml)\n[![codecov](https://codecov.io/gh/aripalo/aws-cdk-github-oidc/branch/main/graph/badge.svg?token=5X44RM6J17)](https://codecov.io/gh/aripalo/aws-cdk-github-oidc)\n\n---\n\nAWS [CDK](https://aws.amazon.com/cdk/) constructs that define:\n- Github Actions as OpenID Connect Identity Provider into AWS IAM\n- IAM Roles that can be assumed by Github Actions workflows\n\nThese constructs allows you to harden your AWS deployment security by removing the need to create long-term access keys for Github Actions and instead use OpenID Connect to Authenticate your Github Action workflow with AWS IAM.\n\n## Background information\n\n![github-aws-oidc](/assets/github-aws-oidc.svg \"Github OIDC with AWS\")\n\n- [GitHub Actions: Secure cloud deployments with OpenID Connect](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) on Github Changelog Blog.\n- [Security hardening your deployments](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments) on Github Docs.\n- [Assuming a role with `aws-actions/configure-aws-credentials`](https://github.com/aws-actions/configure-aws-credentials#assuming-a-role).\n- Shout-out to [Richard H. Boyd](https://twitter.com/rchrdbyd) for helping me to debug Github OIDC setup with AWS IAM and his [Deploying to AWS with Github Actions](https://www.githubuniverse.com/2021/session/692586/deploying-to-aws-with-github-actions)-talk.\n- Shout-out to [Aidan W Steele](https://twitter.com/__steele) and his blog post [AWS federation comes to GitHub Actions](https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html) for being the original inspiration for this.\n\n\n<br/>\n\n## Getting started\n\n```shell\nnpm i -D aws-cdk-github-oidc\n```\n\n<br/>\n\n### OpenID Connect Identity Provider trust for AWS IAM\n\nTo create a new Github OIDC provider configuration into AWS IAM:\n```ts\nimport { GithubActionsIdentityProvider } from 'aws-cdk-github-oidc';\n\nconst provider = new GithubActionsIdentityProvider(scope, 'GithubProvider');\n```\n\nIn the background this creates an OIDC provider trust configuration into AWS IAM with an [issuer URL of `https://token.actions.githubusercontent.com`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws), audiences (client IDs) configured as `['sts.amazonaws.com']` (which matches the [`aws-actions/configure-aws-credentials`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws) implementation) and the thumbprint as Github's `a031c46782e6e6c662c2c87c76da9aa62ccabd8e`\n\n<br/>\n\n### Retrieving a reference to an existing Github OIDC provider configuration\n\nRemember, **there can be only one (Github OIDC provider per AWS Account)**, so to retrieve a reference to existing Github OIDC provider use `fromAccount` static method:\n```ts\nimport { GithubActionsIdentityProvider } from 'aws-cdk-github-oidc';\n\nconst provider = GithubActionsIdentityProvider.fromAccount(scope, 'GithubProvider');\n```\n\n<br/>\n\n### Defining a role for Github Actions workflow to assume\n\n```ts\nimport { GithubActionsRole } from 'aws-cdk-github-oidc';\n\nconst uploadRole = new GithubActionsRole(scope, 'UploadRole', {\n provider: provider, // reference into the OIDC provider\n owner: 'octo-org', // your repository owner (organization or user) name\n repo: 'octo-repo', // your repository name (without the owner name)\n filter: 'ref:refs/tags/v*', // JWT sub suffix filter, defaults to '*'\n});\n\n// use it like any other role, for example grant S3 bucket write access:\nmyBucket.grantWrite(uploadRole);\n```\n\nYou may pass in any `iam.RoleProps` into the construct's props, except `assumedBy` which will be defined by this construct (CDK will fail if you do):\n```ts\nconst deployRole = new GithubActionsRole(scope, 'DeployRole', {\n provider: provider,\n owner: 'octo-org',\n repo: 'octo-repo',\n roleName: 'MyDeployRole',\n description: 'This role deploys stuff to AWS',\n maxSessionDuration: cdk.Duration.hours(2),\n});\n\n// You may also use various \"add*\" policy methods!\n// \"AdministratorAccess\" not really a good idea, just for an example here:\ndeployRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));\n```\n\n<br/>\n\n#### Subject Filter\n\nBy default the value of `filter` property will be `'*'` which means any workflow (from given repository) from any branch, tag, environment or pull request can assume this role. To further stricten the OIDC trust policy on the role, you may adjust the subject filter as seen on the [examples in Github Docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud); For example:\n\n| `filter` value | Descrition |\n| :----------------------------- | :--------------------------------------- |\n| `'ref:refs/tags/v*'` | Allow only tags with prefix of `v` |\n| `'ref:refs/heads/demo-branch'` | Allow only from branch `demo-branch` |\n| `'pull_request'` | Allow only from pull request |\n| `'environment:Production'` | Allow only from `Production` environment |\n\n<br/>\n\n### Github Actions Workflow\n\nTo actually utilize this in your Github Actions workflow, use [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) to [assume a role](https://github.com/aws-actions/configure-aws-credentials#assuming-a-role).\n\nAt the moment you must use the `master` version (until AWS releases a new tag):\n\n```yaml\njobs:\n deploy:\n name: Upload to Amazon S3\n runs-on: ubuntu-latest\n permissions:\n id-token: write # needed to interact with GitHub's OIDC Token endpoint.\n contents: read\n steps:\n - name: Checkout\n uses: actions/checkout@v2\n\n - name: Configure AWS credentials\n uses: aws-actions/configure-aws-credentials@master\n with:\n role-to-assume: arn:aws:iam::123456789012:role/MyUploadRole\n #role-session-name: MySessionName # Optional\n aws-region: us-east-1\n\n - name: Sync files to S3\n run: |\n aws s3 sync . s3://my-example-bucket\n```\n\n<br/>\n\n### Development Status\n\nThese constructs are fresh out from the oven, since [Github just announced](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) the OpenID Connect feature as generally available. I've been playing around with the feature for some time, but the construct itself haven't yet been widely used.\n\nThese constructs will stay in `v0.x.x` for a while, to allow easier bug fixing & breaking changes _if absolutely needed_. Once bugs are fixed (if any), the constructs will be published with `v1` major version and will be marked as stable.\n\nCurrently only TypeScript, Python and Go versions provided, but before going to stable, I'll probably others (supported by JSII) depending on the amount of work required - so no promises!\n"
3517
+ "markdown": "# AWS CDK Github OpenID Connect\n\n![cdk-support](https://img.shields.io/badge/cdk-%20typescript%20|%20python%20-informational \"TypeScript | Python\")\n[![release](https://github.com/aripalo/aws-cdk-github-oidc/actions/workflows/release.yml/badge.svg)](https://github.com/aripalo/aws-cdk-github-oidc/actions/workflows/release.yml)\n[![codecov](https://codecov.io/gh/aripalo/aws-cdk-github-oidc/branch/main/graph/badge.svg?token=5X44RM6J17)](https://codecov.io/gh/aripalo/aws-cdk-github-oidc)\n\n---\n\nAWS [CDK](https://aws.amazon.com/cdk/) constructs that define:\n\n- Github Actions as OpenID Connect Identity Provider into AWS IAM\n- IAM Roles that can be assumed by Github Actions workflows\n\nThese constructs allows you to harden your AWS deployment security by removing the need to create long-term access keys for Github Actions and instead use OpenID Connect to Authenticate your Github Action workflow with AWS IAM.\n\n## Background information\n\n![github-aws-oidc](/assets/github-aws-oidc.svg \"Github OIDC with AWS\")\n\n- [GitHub Actions: Secure cloud deployments with OpenID Connect](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) on Github Changelog Blog.\n- [Security hardening your deployments](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments) on Github Docs.\n- [Assuming a role with `aws-actions/configure-aws-credentials`](https://github.com/aws-actions/configure-aws-credentials#assuming-a-role).\n- Shout-out to [Richard H. Boyd](https://twitter.com/rchrdbyd) for helping me to debug Github OIDC setup with AWS IAM and his [Deploying to AWS with Github Actions](https://www.githubuniverse.com/2021/session/692586/deploying-to-aws-with-github-actions)-talk.\n- Shout-out to [Aidan W Steele](https://twitter.com/__steele) and his blog post [AWS federation comes to GitHub Actions](https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html) for being the original inspiration for this.\n\n<br/>\n\n## Getting started\n\n```shell\nnpm i -D aws-cdk-github-oidc\n```\n\n<br/>\n\n### OpenID Connect Identity Provider trust for AWS IAM\n\nTo create a new Github OIDC provider configuration into AWS IAM:\n\n```ts\nimport { GithubActionsIdentityProvider } from \"aws-cdk-github-oidc\";\n\nconst provider = new GithubActionsIdentityProvider(scope, \"GithubProvider\");\n```\n\nIn the background this creates an OIDC provider trust configuration into AWS IAM with an [issuer URL of `https://token.actions.githubusercontent.com`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws) and audiences (client IDs) configured as `['sts.amazonaws.com']` (which matches the [`aws-actions/configure-aws-credentials`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws) implementation).\n\n<br/>\n\n### Retrieving a reference to an existing Github OIDC provider configuration\n\nRemember, **there can be only one (Github OIDC provider per AWS Account)**, so to retrieve a reference to existing Github OIDC provider use `fromAccount` static method:\n\n```ts\nimport { GithubActionsIdentityProvider } from \"aws-cdk-github-oidc\";\n\nconst provider = GithubActionsIdentityProvider.fromAccount(\n scope,\n \"GithubProvider\"\n);\n```\n\n<br/>\n\n### Defining a role for Github Actions workflow to assume\n\n```ts\nimport { GithubActionsRole } from \"aws-cdk-github-oidc\";\n\nconst uploadRole = new GithubActionsRole(scope, \"UploadRole\", {\n provider: provider, // reference into the OIDC provider\n owner: \"octo-org\", // your repository owner (organization or user) name\n repo: \"octo-repo\", // your repository name (without the owner name)\n filter: \"ref:refs/tags/v*\", // JWT sub suffix filter, defaults to '*'\n});\n\n// use it like any other role, for example grant S3 bucket write access:\nmyBucket.grantWrite(uploadRole);\n```\n\nYou may pass in any `iam.RoleProps` into the construct's props, except `assumedBy` which will be defined by this construct (CDK will fail if you do):\n\n```ts\nconst deployRole = new GithubActionsRole(scope, \"DeployRole\", {\n provider: provider,\n owner: \"octo-org\",\n repo: \"octo-repo\",\n roleName: \"MyDeployRole\",\n description: \"This role deploys stuff to AWS\",\n maxSessionDuration: cdk.Duration.hours(2),\n});\n\n// You may also use various \"add*\" policy methods!\n// \"AdministratorAccess\" not really a good idea, just for an example here:\ndeployRole.addManagedPolicy(\n iam.ManagedPolicy.fromAwsManagedPolicyName(\"AdministratorAccess\")\n);\n```\n\n<br/>\n\n#### Subject Filter\n\nBy default the value of `filter` property will be `'*'` which means any workflow (from given repository) from any branch, tag, environment or pull request can assume this role. To further stricten the OIDC trust policy on the role, you may adjust the subject filter as seen on the [examples in Github Docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud); For example:\n\n| `filter` value | Descrition |\n| :----------------------------- | :--------------------------------------- |\n| `'ref:refs/tags/v*'` | Allow only tags with prefix of `v` |\n| `'ref:refs/heads/demo-branch'` | Allow only from branch `demo-branch` |\n| `'pull_request'` | Allow only from pull request |\n| `'environment:Production'` | Allow only from `Production` environment |\n\n<br/>\n\n### Github Actions Workflow\n\nTo actually utilize this in your Github Actions workflow, use [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) to [assume a role](https://github.com/aws-actions/configure-aws-credentials#assuming-a-role).\n\nAt the moment you must use the `master` version (until AWS releases a new tag):\n\n```yaml\njobs:\n deploy:\n name: Upload to Amazon S3\n runs-on: ubuntu-latest\n permissions:\n id-token: write # needed to interact with GitHub's OIDC Token endpoint.\n contents: read\n steps:\n - name: Checkout\n uses: actions/checkout@v2\n\n - name: Configure AWS credentials\n uses: aws-actions/configure-aws-credentials@master\n with:\n role-to-assume: arn:aws:iam::123456789012:role/MyUploadRole\n #role-session-name: MySessionName # Optional\n aws-region: us-east-1\n\n - name: Sync files to S3\n run: |\n aws s3 sync . s3://my-example-bucket\n```\n\n<br/>\n\n### Development Status\n\nThese constructs are fresh out from the oven, since [Github just announced](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) the OpenID Connect feature as generally available. I've been playing around with the feature for some time, but the construct itself haven't yet been widely used.\n\nThese constructs will stay in `v0.x.x` for a while, to allow easier bug fixing & breaking changes _if absolutely needed_. Once bugs are fixed (if any), the constructs will be published with `v1` major version and will be marked as stable.\n\nCurrently only TypeScript, Python and Go versions provided, but before going to stable, I'll probably others (supported by JSII) depending on the amount of work required - so no promises!\n"
3011
3518
  },
3012
3519
  "repository": {
3013
3520
  "type": "git",
@@ -3046,7 +3553,7 @@
3046
3553
  },
3047
3554
  "locationInModule": {
3048
3555
  "filename": "src/provider.ts",
3049
- "line": 55
3556
+ "line": 51
3050
3557
  },
3051
3558
  "parameters": [
3052
3559
  {
@@ -3088,7 +3595,7 @@
3088
3595
  },
3089
3596
  "locationInModule": {
3090
3597
  "filename": "src/provider.ts",
3091
- "line": 39
3598
+ "line": 35
3092
3599
  },
3093
3600
  "name": "fromAccount",
3094
3601
  "parameters": [
@@ -3136,27 +3643,6 @@
3136
3643
  "type": {
3137
3644
  "primitive": "string"
3138
3645
  }
3139
- },
3140
- {
3141
- "const": true,
3142
- "docs": {
3143
- "stability": "experimental"
3144
- },
3145
- "immutable": true,
3146
- "locationInModule": {
3147
- "filename": "src/provider.ts",
3148
- "line": 21
3149
- },
3150
- "name": "thumbprints",
3151
- "static": true,
3152
- "type": {
3153
- "collection": {
3154
- "elementtype": {
3155
- "primitive": "string"
3156
- },
3157
- "kind": "array"
3158
- }
3159
- }
3160
3646
  }
3161
3647
  ],
3162
3648
  "symbolId": "src/provider:GithubActionsIdentityProvider"
@@ -3533,6 +4019,6 @@
3533
4019
  "symbolId": "src/iam-role-props:RoleProps"
3534
4020
  }
3535
4021
  },
3536
- "version": "2.3.2",
3537
- "fingerprint": "asBHPoJBPf0doMDcRHtBP3efQZVzuLrTps6qqQFcE+Q="
4022
+ "version": "2.3.4",
4023
+ "fingerprint": "93JTFOX2H50AvbR5ZzpBl6BAHFkaid/4GzgWjIoWSAY="
3538
4024
  }
package/API.md CHANGED
@@ -72,12 +72,6 @@ CDK Construct ID given to the construct.
72
72
 
73
73
  ---
74
74
 
75
- ##### `thumbprints` <a name="aws-cdk-github-oidc.GithubActionsIdentityProvider.property.thumbprints"></a>
76
-
77
- - *Type:* `string`[]
78
-
79
- ---
80
-
81
75
  ### GithubActionsRole <a name="aws-cdk-github-oidc.GithubActionsRole"></a>
82
76
 
83
77
  Define an IAM Role that can be assumed by Github Actions workflow via Github OpenID Connect Identity Provider.
package/README.md CHANGED
@@ -7,6 +7,7 @@
7
7
  ---
8
8
 
9
9
  AWS [CDK](https://aws.amazon.com/cdk/) constructs that define:
10
+
10
11
  - Github Actions as OpenID Connect Identity Provider into AWS IAM
11
12
  - IAM Roles that can be assumed by Github Actions workflows
12
13
 
@@ -22,7 +23,6 @@ These constructs allows you to harden your AWS deployment security by removing t
22
23
  - Shout-out to [Richard H. Boyd](https://twitter.com/rchrdbyd) for helping me to debug Github OIDC setup with AWS IAM and his [Deploying to AWS with Github Actions](https://www.githubuniverse.com/2021/session/692586/deploying-to-aws-with-github-actions)-talk.
23
24
  - Shout-out to [Aidan W Steele](https://twitter.com/__steele) and his blog post [AWS federation comes to GitHub Actions](https://awsteele.com/blog/2021/09/15/aws-federation-comes-to-github-actions.html) for being the original inspiration for this.
24
25
 
25
-
26
26
  <br/>
27
27
 
28
28
  ## Getting started
@@ -36,23 +36,28 @@ npm i -D aws-cdk-github-oidc
36
36
  ### OpenID Connect Identity Provider trust for AWS IAM
37
37
 
38
38
  To create a new Github OIDC provider configuration into AWS IAM:
39
+
39
40
  ```ts
40
- import { GithubActionsIdentityProvider } from 'aws-cdk-github-oidc';
41
+ import { GithubActionsIdentityProvider } from "aws-cdk-github-oidc";
41
42
 
42
- const provider = new GithubActionsIdentityProvider(scope, 'GithubProvider');
43
+ const provider = new GithubActionsIdentityProvider(scope, "GithubProvider");
43
44
  ```
44
45
 
45
- In the background this creates an OIDC provider trust configuration into AWS IAM with an [issuer URL of `https://token.actions.githubusercontent.com`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws), audiences (client IDs) configured as `['sts.amazonaws.com']` (which matches the [`aws-actions/configure-aws-credentials`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws) implementation) and the thumbprint as Github's `a031c46782e6e6c662c2c87c76da9aa62ccabd8e`
46
+ In the background this creates an OIDC provider trust configuration into AWS IAM with an [issuer URL of `https://token.actions.githubusercontent.com`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws) and audiences (client IDs) configured as `['sts.amazonaws.com']` (which matches the [`aws-actions/configure-aws-credentials`](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws) implementation).
46
47
 
47
48
  <br/>
48
49
 
49
50
  ### Retrieving a reference to an existing Github OIDC provider configuration
50
51
 
51
52
  Remember, **there can be only one (Github OIDC provider per AWS Account)**, so to retrieve a reference to existing Github OIDC provider use `fromAccount` static method:
53
+
52
54
  ```ts
53
- import { GithubActionsIdentityProvider } from 'aws-cdk-github-oidc';
55
+ import { GithubActionsIdentityProvider } from "aws-cdk-github-oidc";
54
56
 
55
- const provider = GithubActionsIdentityProvider.fromAccount(scope, 'GithubProvider');
57
+ const provider = GithubActionsIdentityProvider.fromAccount(
58
+ scope,
59
+ "GithubProvider"
60
+ );
56
61
  ```
57
62
 
58
63
  <br/>
@@ -60,13 +65,13 @@ const provider = GithubActionsIdentityProvider.fromAccount(scope, 'GithubProvide
60
65
  ### Defining a role for Github Actions workflow to assume
61
66
 
62
67
  ```ts
63
- import { GithubActionsRole } from 'aws-cdk-github-oidc';
68
+ import { GithubActionsRole } from "aws-cdk-github-oidc";
64
69
 
65
- const uploadRole = new GithubActionsRole(scope, 'UploadRole', {
66
- provider: provider, // reference into the OIDC provider
67
- owner: 'octo-org', // your repository owner (organization or user) name
68
- repo: 'octo-repo', // your repository name (without the owner name)
69
- filter: 'ref:refs/tags/v*', // JWT sub suffix filter, defaults to '*'
70
+ const uploadRole = new GithubActionsRole(scope, "UploadRole", {
71
+ provider: provider, // reference into the OIDC provider
72
+ owner: "octo-org", // your repository owner (organization or user) name
73
+ repo: "octo-repo", // your repository name (without the owner name)
74
+ filter: "ref:refs/tags/v*", // JWT sub suffix filter, defaults to '*'
70
75
  });
71
76
 
72
77
  // use it like any other role, for example grant S3 bucket write access:
@@ -74,19 +79,22 @@ myBucket.grantWrite(uploadRole);
74
79
  ```
75
80
 
76
81
  You may pass in any `iam.RoleProps` into the construct's props, except `assumedBy` which will be defined by this construct (CDK will fail if you do):
82
+
77
83
  ```ts
78
- const deployRole = new GithubActionsRole(scope, 'DeployRole', {
84
+ const deployRole = new GithubActionsRole(scope, "DeployRole", {
79
85
  provider: provider,
80
- owner: 'octo-org',
81
- repo: 'octo-repo',
82
- roleName: 'MyDeployRole',
83
- description: 'This role deploys stuff to AWS',
86
+ owner: "octo-org",
87
+ repo: "octo-repo",
88
+ roleName: "MyDeployRole",
89
+ description: "This role deploys stuff to AWS",
84
90
  maxSessionDuration: cdk.Duration.hours(2),
85
91
  });
86
92
 
87
93
  // You may also use various "add*" policy methods!
88
94
  // "AdministratorAccess" not really a good idea, just for an example here:
89
- deployRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));
95
+ deployRole.addManagedPolicy(
96
+ iam.ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess")
97
+ );
90
98
  ```
91
99
 
92
100
  <br/>
@@ -95,7 +103,7 @@ deployRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('Administ
95
103
 
96
104
  By default the value of `filter` property will be `'*'` which means any workflow (from given repository) from any branch, tag, environment or pull request can assume this role. To further stricten the OIDC trust policy on the role, you may adjust the subject filter as seen on the [examples in Github Docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud); For example:
97
105
 
98
- | `filter` value | Descrition |
106
+ | `filter` value | Descrition |
99
107
  | :----------------------------- | :--------------------------------------- |
100
108
  | `'ref:refs/tags/v*'` | Allow only tags with prefix of `v` |
101
109
  | `'ref:refs/heads/demo-branch'` | Allow only from branch `demo-branch` |
@@ -119,19 +127,19 @@ jobs:
119
127
  id-token: write # needed to interact with GitHub's OIDC Token endpoint.
120
128
  contents: read
121
129
  steps:
122
- - name: Checkout
123
- uses: actions/checkout@v2
124
-
125
- - name: Configure AWS credentials
126
- uses: aws-actions/configure-aws-credentials@master
127
- with:
128
- role-to-assume: arn:aws:iam::123456789012:role/MyUploadRole
129
- #role-session-name: MySessionName # Optional
130
- aws-region: us-east-1
131
-
132
- - name: Sync files to S3
133
- run: |
134
- aws s3 sync . s3://my-example-bucket
130
+ - name: Checkout
131
+ uses: actions/checkout@v2
132
+
133
+ - name: Configure AWS credentials
134
+ uses: aws-actions/configure-aws-credentials@master
135
+ with:
136
+ role-to-assume: arn:aws:iam::123456789012:role/MyUploadRole
137
+ #role-session-name: MySessionName # Optional
138
+ aws-region: us-east-1
139
+
140
+ - name: Sync files to S3
141
+ run: |
142
+ aws s3 sync . s3://my-example-bucket
135
143
  ```
136
144
 
137
145
  <br/>
package/lib/provider.d.ts CHANGED
@@ -15,7 +15,6 @@ export interface IGithubActionsIdentityProvider extends iam.IOpenIdConnectProvid
15
15
  */
16
16
  export declare class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider implements IGithubActionsIdentityProvider {
17
17
  static readonly issuer: string;
18
- static readonly thumbprints: string[];
19
18
  /**
20
19
  * Retrieve a reference to existing Github OIDC provider in your AWS account.
21
20
  * An AWS account can only have single Github OIDC provider configured into it,
package/lib/provider.js CHANGED
@@ -27,7 +27,6 @@ class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider {
27
27
  constructor(scope, id) {
28
28
  super(scope, id, {
29
29
  url: `https://${GithubActionsIdentityProvider.issuer}`,
30
- thumbprints: GithubActionsIdentityProvider.thumbprints,
31
30
  clientIds: ['sts.amazonaws.com'],
32
31
  });
33
32
  }
@@ -52,10 +51,6 @@ class GithubActionsIdentityProvider extends iam.OpenIdConnectProvider {
52
51
  }
53
52
  exports.GithubActionsIdentityProvider = GithubActionsIdentityProvider;
54
53
  _a = JSII_RTTI_SYMBOL_1;
55
- GithubActionsIdentityProvider[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsIdentityProvider", version: "2.3.2" };
54
+ GithubActionsIdentityProvider[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsIdentityProvider", version: "2.3.4" };
56
55
  GithubActionsIdentityProvider.issuer = 'token.actions.githubusercontent.com';
57
- GithubActionsIdentityProvider.thumbprints = [
58
- 'a031c46782e6e6c662c2c87c76da9aa62ccabd8e',
59
- '6938fd4d98bab03faadb97b34396831e3780aea1',
60
- ];
61
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxtQ0FBbUM7QUFDbkMsMkNBQTJDO0FBUTNDOzs7Ozs7O0dBT0c7QUFDSCxNQUFhLDZCQUE4QixTQUFRLEdBQUcsQ0FBQyxxQkFBcUI7SUEyQjFFOzs7Ozs7Ozs7T0FTRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVO1FBQ3RDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsR0FBRyxFQUFFLFdBQVcsNkJBQTZCLENBQUMsTUFBTSxFQUFFO1lBQ3RELFdBQVcsRUFBRSw2QkFBNkIsQ0FBQyxXQUFXO1lBQ3RELFNBQVMsRUFBRSxDQUFDLG1CQUFtQixDQUFDO1NBQ2pDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFuQ0Q7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksTUFBTSxDQUFDLFdBQVcsQ0FBQyxLQUFnQixFQUFFLEVBQVU7UUFDcEQsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsT0FBTyxDQUFDO1FBQzlDLE1BQU0sV0FBVyxHQUFHLGdCQUFnQixTQUFTLGtCQUFrQiw2QkFBNkIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN0RyxPQUFPLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyw0QkFBNEIsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7O0FBekJILHNFQTRDQzs7O0FBMUN3QixvQ0FBTSxHQUFXLHFDQUFxQyxDQUFDO0FBQ3ZELHlDQUFXLEdBQWE7SUFDN0MsMENBQTBDO0lBQzFDLDBDQUEwQztDQUMzQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIERlc2NyaWJlcyBhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlciBmb3IgQVdTIElBTS5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIgZXh0ZW5kcyBpYW0uSU9wZW5JZENvbm5lY3RQcm92aWRlciB7fVxuXG4vKipcbiAqIEdpdGh1YiBBY3Rpb25zIGFzIE9wZW5JRCBDb25uZWN0IElkZW50aXR5IFByb3ZpZGVyIGZvciBBV1MgSUFNLlxuICogVGhlcmUgY2FuIGJlIG9ubHkgb25lIChwZXIgQVdTIEFjY291bnQpLlxuICpcbiAqIFVzZSBgZnJvbUFjY291bnRgIHRvIHJldHJpZXZlIGEgcmVmZXJlbmNlIHRvIGV4aXN0aW5nIEdpdGh1YiBPSURDIHByb3ZpZGVyLlxuICpcbiAqIEBzZWUgaHR0cHM6Ly9kb2NzLmdpdGh1Yi5jb20vZW4vYWN0aW9ucy9kZXBsb3ltZW50L3NlY3VyaXR5LWhhcmRlbmluZy15b3VyLWRlcGxveW1lbnRzL2NvbmZpZ3VyaW5nLW9wZW5pZC1jb25uZWN0LWluLWFtYXpvbi13ZWItc2VydmljZXNcbiAqL1xuZXhwb3J0IGNsYXNzIEdpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyIGV4dGVuZHMgaWFtLk9wZW5JZENvbm5lY3RQcm92aWRlciBpbXBsZW1lbnRzIElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciB7XG5cbiAgcHVibGljIHN0YXRpYyByZWFkb25seSBpc3N1ZXI6IHN0cmluZyA9ICd0b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbSc7XG4gIHB1YmxpYyBzdGF0aWMgcmVhZG9ubHkgdGh1bWJwcmludHM6IHN0cmluZ1tdID0gW1xuICAgICdhMDMxYzQ2NzgyZTZlNmM2NjJjMmM4N2M3NmRhOWFhNjJjY2FiZDhlJyxcbiAgICAnNjkzOGZkNGQ5OGJhYjAzZmFhZGI5N2IzNDM5NjgzMWUzNzgwYWVhMScsXG4gIF07XG5cbiAgLyoqXG4gICAqIFJldHJpZXZlIGEgcmVmZXJlbmNlIHRvIGV4aXN0aW5nIEdpdGh1YiBPSURDIHByb3ZpZGVyIGluIHlvdXIgQVdTIGFjY291bnQuXG4gICAqIEFuIEFXUyBhY2NvdW50IGNhbiBvbmx5IGhhdmUgc2luZ2xlIEdpdGh1YiBPSURDIHByb3ZpZGVyIGNvbmZpZ3VyZWQgaW50byBpdCxcbiAgICogc28gaW50ZXJuYWxseSB0aGUgcmVmZXJlbmNlIGlzIG1hZGUgYnkgY29uc3RydWN0aW5nIHRoZSBBUk4gZnJvbSBBV1NcbiAgICogQWNjb3VudCBJRCAmIEdpdGh1YiBpc3N1ZXIgVVJMLlxuICAgKlxuICAgKiBAcGFyYW0gc2NvcGUgQ0RLIFN0YWNrIG9yIENvbnN0cnVjdCB0byB3aGljaCB0aGUgcHJvdmlkZXIgaXMgYXNzaWduZWQgdG9cbiAgICogQHBhcmFtIGlkIENESyBDb25zdHJ1Y3QgSUQgZ2l2ZW4gdG8gdGhlIGNvbnN0cnVjdFxuICAgKiBAcmV0dXJucyBhIENESyBDb25zdHJ1Y3QgcmVwcmVzZW50aW5nIHRoZSBHaXRodWIgT0lEQyBwcm92aWRlclxuICAgKlxuICAgKiBAZXhhbXBsZVxuICAgKiBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5mcm9tQWNjb3VudChzY29wZSwgXCJHaXRodWJQcm92aWRlclwiKTtcbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgZnJvbUFjY291bnQoc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZyk6IElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciB7XG4gICAgY29uc3QgYWNjb3VudElkID0gY2RrLlN0YWNrLm9mKHNjb3BlKS5hY2NvdW50O1xuICAgIGNvbnN0IHByb3ZpZGVyQXJuID0gYGFybjphd3M6aWFtOjoke2FjY291bnRJZH06b2lkYy1wcm92aWRlci8ke0dpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyLmlzc3Vlcn1gO1xuICAgIHJldHVybiBpYW0uT3BlbklkQ29ubmVjdFByb3ZpZGVyLmZyb21PcGVuSWRDb25uZWN0UHJvdmlkZXJBcm4oc2NvcGUsIGlkLCBwcm92aWRlckFybik7XG4gIH1cblxuICAvKipcbiAgICogRGVmaW5lIGEgbmV3IEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQUm92aWRlciBmb3IgQVdTIElBTS5cbiAgICogVGhlcmUgY2FuIGJlIG9ubHkgb25lIChwZXIgQVdTIEFjY291bnQpLlxuICAgKlxuICAgKiBAcGFyYW0gc2NvcGUgQ0RLIFN0YWNrIG9yIENvbnN0cnVjdCB0byB3aGljaCB0aGUgcHJvdmlkZXIgaXMgYXNzaWduZWQgdG9cbiAgICogQHBhcmFtIGlkIENESyBDb25zdHJ1Y3QgSUQgZ2l2ZW4gdG8gdGhlIGNvbnN0cnVjdFxuICAgKlxuICAgKiBAZXhhbXBsZVxuICAgKiBuZXcgR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIik7XG4gICAqL1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICB1cmw6IGBodHRwczovLyR7R2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuaXNzdWVyfWAsXG4gICAgICB0aHVtYnByaW50czogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIudGh1bWJwcmludHMsXG4gICAgICBjbGllbnRJZHM6IFsnc3RzLmFtYXpvbmF3cy5jb20nXSxcbiAgICB9KTtcbiAgfVxufVxuIl19
56
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxtQ0FBbUM7QUFDbkMsMkNBQTJDO0FBUTNDOzs7Ozs7O0dBT0c7QUFDSCxNQUFhLDZCQUE4QixTQUFRLEdBQUcsQ0FBQyxxQkFBcUI7SUF1QjFFOzs7Ozs7Ozs7T0FTRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVO1FBQ3RDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsR0FBRyxFQUFFLFdBQVcsNkJBQTZCLENBQUMsTUFBTSxFQUFFO1lBQ3RELFNBQVMsRUFBRSxDQUFDLG1CQUFtQixDQUFDO1NBQ2pDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFsQ0Q7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksTUFBTSxDQUFDLFdBQVcsQ0FBQyxLQUFnQixFQUFFLEVBQVU7UUFDcEQsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsT0FBTyxDQUFDO1FBQzlDLE1BQU0sV0FBVyxHQUFHLGdCQUFnQixTQUFTLGtCQUFrQiw2QkFBNkIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN0RyxPQUFPLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyw0QkFBNEIsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7O0FBckJILHNFQXVDQzs7O0FBckN3QixvQ0FBTSxHQUFXLHFDQUFxQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIERlc2NyaWJlcyBhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlciBmb3IgQVdTIElBTS5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBJR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIgZXh0ZW5kcyBpYW0uSU9wZW5JZENvbm5lY3RQcm92aWRlciB7IH1cblxuLyoqXG4gKiBHaXRodWIgQWN0aW9ucyBhcyBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlciBmb3IgQVdTIElBTS5cbiAqIFRoZXJlIGNhbiBiZSBvbmx5IG9uZSAocGVyIEFXUyBBY2NvdW50KS5cbiAqXG4gKiBVc2UgYGZyb21BY2NvdW50YCB0byByZXRyaWV2ZSBhIHJlZmVyZW5jZSB0byBleGlzdGluZyBHaXRodWIgT0lEQyBwcm92aWRlci5cbiAqXG4gKiBAc2VlIGh0dHBzOi8vZG9jcy5naXRodWIuY29tL2VuL2FjdGlvbnMvZGVwbG95bWVudC9zZWN1cml0eS1oYXJkZW5pbmcteW91ci1kZXBsb3ltZW50cy9jb25maWd1cmluZy1vcGVuaWQtY29ubmVjdC1pbi1hbWF6b24td2ViLXNlcnZpY2VzXG4gKi9cbmV4cG9ydCBjbGFzcyBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciBleHRlbmRzIGlhbS5PcGVuSWRDb25uZWN0UHJvdmlkZXIgaW1wbGVtZW50cyBJR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIge1xuXG4gIHB1YmxpYyBzdGF0aWMgcmVhZG9ubHkgaXNzdWVyOiBzdHJpbmcgPSAndG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20nO1xuXG4gIC8qKlxuICAgKiBSZXRyaWV2ZSBhIHJlZmVyZW5jZSB0byBleGlzdGluZyBHaXRodWIgT0lEQyBwcm92aWRlciBpbiB5b3VyIEFXUyBhY2NvdW50LlxuICAgKiBBbiBBV1MgYWNjb3VudCBjYW4gb25seSBoYXZlIHNpbmdsZSBHaXRodWIgT0lEQyBwcm92aWRlciBjb25maWd1cmVkIGludG8gaXQsXG4gICAqIHNvIGludGVybmFsbHkgdGhlIHJlZmVyZW5jZSBpcyBtYWRlIGJ5IGNvbnN0cnVjdGluZyB0aGUgQVJOIGZyb20gQVdTXG4gICAqIEFjY291bnQgSUQgJiBHaXRodWIgaXNzdWVyIFVSTC5cbiAgICpcbiAgICogQHBhcmFtIHNjb3BlIENESyBTdGFjayBvciBDb25zdHJ1Y3QgdG8gd2hpY2ggdGhlIHByb3ZpZGVyIGlzIGFzc2lnbmVkIHRvXG4gICAqIEBwYXJhbSBpZCBDREsgQ29uc3RydWN0IElEIGdpdmVuIHRvIHRoZSBjb25zdHJ1Y3RcbiAgICogQHJldHVybnMgYSBDREsgQ29uc3RydWN0IHJlcHJlc2VudGluZyB0aGUgR2l0aHViIE9JREMgcHJvdmlkZXJcbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuZnJvbUFjY291bnQoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIik7XG4gICAqL1xuICBwdWJsaWMgc3RhdGljIGZyb21BY2NvdW50KHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcpOiBJR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIge1xuICAgIGNvbnN0IGFjY291bnRJZCA9IGNkay5TdGFjay5vZihzY29wZSkuYWNjb3VudDtcbiAgICBjb25zdCBwcm92aWRlckFybiA9IGBhcm46YXdzOmlhbTo6JHthY2NvdW50SWR9Om9pZGMtcHJvdmlkZXIvJHtHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5pc3N1ZXJ9YDtcbiAgICByZXR1cm4gaWFtLk9wZW5JZENvbm5lY3RQcm92aWRlci5mcm9tT3BlbklkQ29ubmVjdFByb3ZpZGVyQXJuKHNjb3BlLCBpZCwgcHJvdmlkZXJBcm4pO1xuICB9XG5cbiAgLyoqXG4gICAqIERlZmluZSBhIG5ldyBHaXRodWIgT3BlbklEIENvbm5lY3QgSWRlbnRpdHkgUFJvdmlkZXIgZm9yIEFXUyBJQU0uXG4gICAqIFRoZXJlIGNhbiBiZSBvbmx5IG9uZSAocGVyIEFXUyBBY2NvdW50KS5cbiAgICpcbiAgICogQHBhcmFtIHNjb3BlIENESyBTdGFjayBvciBDb25zdHJ1Y3QgdG8gd2hpY2ggdGhlIHByb3ZpZGVyIGlzIGFzc2lnbmVkIHRvXG4gICAqIEBwYXJhbSBpZCBDREsgQ29uc3RydWN0IElEIGdpdmVuIHRvIHRoZSBjb25zdHJ1Y3RcbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogbmV3IEdpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyKHNjb3BlLCBcIkdpdGh1YlByb3ZpZGVyXCIpO1xuICAgKi9cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwge1xuICAgICAgdXJsOiBgaHR0cHM6Ly8ke0dpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyLmlzc3Vlcn1gLFxuICAgICAgY2xpZW50SWRzOiBbJ3N0cy5hbWF6b25hd3MuY29tJ10sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
package/lib/role.js CHANGED
@@ -101,5 +101,5 @@ class GithubActionsRole extends iam.Role {
101
101
  }
102
102
  exports.GithubActionsRole = GithubActionsRole;
103
103
  _a = JSII_RTTI_SYMBOL_1;
104
- GithubActionsRole[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsRole", version: "2.3.2" };
104
+ GithubActionsRole[_a] = { fqn: "aws-cdk-github-oidc.GithubActionsRole", version: "2.3.4" };
105
105
  //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsbUNBQW1DO0FBQ25DLDJDQUEyQztBQUczQyxpREFBaUQ7QUFDakQseUNBQTJGO0FBb0UzRjs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCxNQUFhLGlCQUFrQixTQUFRLEdBQUcsQ0FBQyxJQUFJO0lBcUM3Qzs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FpQkc7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTZCO1FBRXJFLE1BQU0sRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxHQUFHLEtBQUssQ0FBQztRQUV4QyxzQkFBc0I7UUFDdEIsaUJBQWlCLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTVDLGlCQUFpQjtRQUNqQixNQUFNLE9BQU8sR0FBRyxpQkFBaUIsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDdkQsTUFBTSxTQUFTLEdBQUcsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFNUQsK0JBQStCO1FBQy9CLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsR0FBRyxTQUFTO1lBQ1osU0FBUyxFQUFFLElBQUksR0FBRyxDQUFDLG9CQUFvQixDQUFDLFFBQVEsQ0FBQyx3QkFBd0IsRUFBRTtnQkFDekUsVUFBVSxFQUFFO29CQUNWLG9EQUFvRDtvQkFDcEQsQ0FBQyxHQUFHLHdDQUE2QixDQUFDLE1BQU0sTUFBTSxDQUFDLEVBQUUsT0FBTztpQkFDekQ7Z0JBQ0QsWUFBWSxFQUFFO29CQUNaLHVFQUF1RTtvQkFDdkUsMEtBQTBLO29CQUMxSyxDQUFDLEdBQUcsd0NBQTZCLENBQUMsTUFBTSxNQUFNLENBQUMsRUFBRSxtQkFBbUI7aUJBQ3JFO2FBQ0YsQ0FBQztTQUNILENBQUMsQ0FBQztJQUVMLENBQUM7SUFqRkQ7Ozs7T0FJRztJQUNLLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxLQUE2QjtRQUMzRCxNQUFNLFlBQVksR0FBUSxLQUFLLENBQUM7UUFDaEMsT0FBTyxZQUFZLENBQUMsUUFBUSxDQUFDO1FBQzdCLE9BQU8sWUFBWSxDQUFDLEtBQUssQ0FBQztRQUMxQixPQUFPLFlBQVksQ0FBQyxJQUFJLENBQUM7UUFDekIsT0FBTyxZQUFZLENBQUMsTUFBTSxDQUFDO1FBQzNCLE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7SUFFRCw4REFBOEQ7SUFDdEQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFnQixFQUFFLEtBQWE7UUFDMUQsSUFBSSxzQkFBbUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQzVDLEdBQUcsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxvQ0FBb0MsS0FBSywwS0FBMEssQ0FBQyxDQUFDO1NBQ3pQO0lBQ0gsQ0FBQztJQUVELDREQUE0RDtJQUNwRCxNQUFNLENBQUMsWUFBWSxDQUFDLEtBQWdCLEVBQUUsSUFBWTtRQUN4RCxJQUFJLElBQUksS0FBSyxFQUFFLEVBQUU7WUFDZixHQUFHLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxRQUFRLENBQUMsbUNBQW1DLElBQUksNkJBQTZCLENBQUMsQ0FBQztTQUMxRztJQUNILENBQUM7SUFFRCxvREFBb0Q7SUFDNUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUEwQjtRQUNyRCxNQUFNLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxNQUFNLEdBQUcsR0FBRyxFQUFFLEdBQUcsS0FBSyxDQUFDO1FBQzVDLE9BQU8sUUFBUSxLQUFLLElBQUksSUFBSSxJQUFJLE1BQU0sRUFBRSxDQUFDO0lBQzNDLENBQUM7O0FBbENILDhDQW9GQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IFJvbGVQcm9wcyB9IGZyb20gJy4vaWFtLXJvbGUtcHJvcHMnO1xuaW1wb3J0IGdpdGh1YlVzZXJuYW1lUmVnZXggZnJvbSAnLi9vd25lci1yZWdleHAnO1xuaW1wb3J0IHsgR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIsIElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlciB9IGZyb20gJy4vcHJvdmlkZXInO1xuXG4vKipcbiAqIEdpdGh1YiByZWxhdGVkIGNvbmZpZ3VyYXRpb24gdGhhdCBmb3JtcyB0aGUgdHJ1c3QgcG9saWN5IGZvciB0aGlzIElBTSBSb2xlLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIEdpdGh1YkNvbmZpZ3VyYXRpb24ge1xuXG4gIC8qKlxuICAgKiBSZWZlcmVuY2UgdG8gR2l0aHViIE9wZW5JRCBDb25uZWN0IFByb3ZpZGVyIGNvbmZpZ3VyZWQgaW4gQVdTIElBTS5cbiAgICpcbiAgICogRWl0aGVyIHBhc3MgYW4gY29uc3RydWN0IGRlZmluZWQgYnkgYG5ldyBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlcmBcbiAgICogb3IgYSByZXRyaWV2ZWQgcmVmZXJlbmNlIGZyb20gYEdpdGh1YkFjdGlvbnNJZGVudGl0eVByb3ZpZGVyLmZyb21BY2NvdW50YC5cbiAgICogVGhlcmUgY2FuIGJlIG9ubHkgb25lIChwZXIgQVdTIEFjY291bnQpLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJvdmlkZXI6IElHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlcjtcblxuICAvKipcbiAgICogUmVwb3NpdG9yeSBvd25lciAob3JnYW5pemF0aW9uIG9yIHVzZXJuYW1lKS5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogJ29jdG8tb3JnJ1xuICAgKi9cbiAgcmVhZG9ubHkgb3duZXI6IHN0cmluZztcblxuICAvKipcbiAgICogUmVwb3NpdG9yeSBuYW1lIChzbHVnKSB3aXRob3V0IHRoZSBvd25lci5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogJ29jdG8tcmVwbydcbiAgICovXG4gIHJlYWRvbmx5IHJlcG86IHN0cmluZztcblxuICAvKipcbiAgICogU3ViamVjdCBjb25kaXRpb24gZmlsdGVyLCBhcHBlbmRlZCBhZnRlciBgcmVwbzoke293bmVyfS8ke3JlcG99OmAgc3RyaW5nIGluIElBTSBSb2xlIHRydXN0IHJlbGF0aW9uc2hpcC5cbiAgICpcbiAgICogQGRlZmF1bHRcbiAgICogJyonXG4gICAqXG4gICAqIFlvdSBtYXkgdXNlIHRoaXMgdmFsdWUgdG8gb25seSBhbGxvdyBHaXRodWIgdG8gYXNzdW1lIHRoZSByb2xlIG9uIHNwZWNpZmljIGJyYW5jaGVzLCB0YWdzLCBlbnZpcm9ubWVudHMsIHB1bGwgcmVxdWVzdHMgZXRjLlxuICAgKiBAZXhhbXBsZVxuICAgKiAncmVmOnJlZnMvdGFncy92KidcbiAgICogJ3JlZjpyZWZzL2hlYWRzL2RlbW8tYnJhbmNoJ1xuICAgKiAncHVsbF9yZXF1ZXN0J1xuICAgKiAnZW52aXJvbm1lbnQ6UHJvZHVjdGlvbidcbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuZ2l0aHViLmNvbS9lbi9hY3Rpb25zL2RlcGxveW1lbnQvc2VjdXJpdHktaGFyZGVuaW5nLXlvdXItZGVwbG95bWVudHMvYWJvdXQtc2VjdXJpdHktaGFyZGVuaW5nLXdpdGgtb3BlbmlkLWNvbm5lY3QjZXhhbXBsZXNcbiAgICovXG4gIHJlYWRvbmx5IGZpbHRlcj86IHN0cmluZztcbn1cblxuLyoqXG4gKiBQcm9wcyB0aGF0IGRlZmluZSB0aGUgSUFNIFJvbGUgdGhhdCBjYW4gYmUgYXNzdW1lZCBieSBHaXRodWIgQWN0aW9ucyB3b3JrZmxvd1xuICogdmlhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlci5cbiAqXG4gKiBCZXNpZGVzIGBHaXRodWJDb25maWd1cmF0aW9uYCwgeW91IG1heSBwYXNzIGluIGFueSBgaWFtLlJvbGVQcm9wc2AgZXhjZXB0IGBhc3N1bWVkQnlgXG4gKiB3aGljaCB3aWxsIGJlIGRlZmluZWQgYnkgdGhpcyBjb25zdHJ1Y3QgKENESyB3aWxsIGZhaWwgaWYgeW91IGRvKS5cbiAqXG4gKiBAZXhhbXBsZVxuICoge1xuICogICBwcm92aWRlcjogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuZnJvbUFjY291bnQoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIiksXG4gKiAgIG93bmVyOiAnb2N0by1vcmcnLFxuICogICByZXBvOiAnb2N0by1yZXBvJyxcbiAqICAgZmlsdGVyOiAncmVmOnJlZnMvdGFncy92KicsXG4gKiAgIHJvbGVOYW1lOiAnTXlEZXBsb3lSb2xlJyxcbiAqIH1cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBHaXRodWJBY3Rpb25zUm9sZVByb3BzIGV4dGVuZHMgR2l0aHViQ29uZmlndXJhdGlvbiwgUm9sZVByb3BzIHt9XG5cbi8qKlxuICogRGVmaW5lIGFuIElBTSBSb2xlIHRoYXQgY2FuIGJlIGFzc3VtZWQgYnkgR2l0aHViIEFjdGlvbnMgd29ya2Zsb3dcbiAqIHZpYSBHaXRodWIgT3BlbklEIENvbm5lY3QgSWRlbnRpdHkgUHJvdmlkZXIuXG4gKlxuICogQmVzaWRlcyBgR2l0aHViQ29uZmlndXJhdGlvbmAsIHlvdSBtYXkgcGFzcyBpbiBhbnkgYGlhbS5Sb2xlUHJvcHNgIGV4Y2VwdCBgYXNzdW1lZEJ5YFxuICogd2hpY2ggd2lsbCBiZSBkZWZpbmVkIGJ5IHRoaXMgY29uc3RydWN0IChDREsgd2lsbCBmYWlsIGlmIHlvdSBkbykuXG4gKlxuICogQGV4YW1wbGVcbiAqIGNvbnN0IHVwbG9hZFJvbGUgPSBuZXcgR2l0aHViQWN0aW9uc1JvbGUoc2NvcGUsIFwiVXBsb2FkUm9sZVwiLCB7XG4gKiAgIHByb3ZpZGVyOiBHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5mcm9tQWNjb3VudChzY29wZSwgXCJHaXRodWJQcm92aWRlclwiKSxcbiAqICAgb3duZXI6ICdvY3RvLW9yZycsXG4gKiAgIHJlcG86ICdvY3RvLXJlcG8nLFxuICogICBmaWx0ZXI6ICdyZWY6cmVmcy90YWdzL3YqJyxcbiAqICAgcm9sZU5hbWU6ICdNeVVwbG9hZFJvbGUnLFxuICogfSk7XG4gKlxuICogbXlCdWNrZXQuZ3JhbnRXcml0ZSh1cGxvYWRSb2xlKTtcbiAqL1xuZXhwb3J0IGNsYXNzIEdpdGh1YkFjdGlvbnNSb2xlIGV4dGVuZHMgaWFtLlJvbGUge1xuXG4gIC8qKlxuICAgKiBFeHRyYWN0cyBwcm9wcyBnaXZlbiBmb3IgdGhlIGNyZWF0ZWQgSUFNIFJvbGUgQ29uc3RydWN0LlxuICAgKiBAcGFyYW0gcHJvcHMgZm9yIHRoZSBHaXRodWJBY3Rpb25zUm9sZVxuICAgKiBAcmV0dXJucyBmb3IgdGhlIElBTSBSb2xlXG4gICAqL1xuICBwcml2YXRlIHN0YXRpYyBleHRyYWN0Um9sZVByb3BzKHByb3BzOiBHaXRodWJBY3Rpb25zUm9sZVByb3BzKTogaWFtLlJvbGVQcm9wcyB7XG4gICAgY29uc3QgZXh0cmFjdFByb3BzID0gPGFueT5wcm9wcztcbiAgICBkZWxldGUgZXh0cmFjdFByb3BzLnByb3ZpZGVyO1xuICAgIGRlbGV0ZSBleHRyYWN0UHJvcHMub3duZXI7XG4gICAgZGVsZXRlIGV4dHJhY3RQcm9wcy5yZXBvO1xuICAgIGRlbGV0ZSBleHRyYWN0UHJvcHMuZmlsdGVyO1xuICAgIHJldHVybiBleHRyYWN0UHJvcHM7XG4gIH1cblxuICAvKiogVmFsaWRhdGVzIHRoZSBHaXRodWIgb3duZXIgKG9yZ2FuaXphdGlvbiBvciB1c2VyKSBuYW1lLiAqL1xuICBwcml2YXRlIHN0YXRpYyB2YWxpZGF0ZU93bmVyKHNjb3BlOiBDb25zdHJ1Y3QsIG93bmVyOiBzdHJpbmcpOiB2b2lkIHtcbiAgICBpZiAoZ2l0aHViVXNlcm5hbWVSZWdleC50ZXN0KG93bmVyKSAhPT0gdHJ1ZSkge1xuICAgICAgY2RrLkFubm90YXRpb25zLm9mKHNjb3BlKS5hZGRFcnJvcihgSW52YWxpZCBHaXRodWIgUmVwb3NpdG9yeSBPd25lciBcIiR7b3duZXJ9XCIuIE11c3Qgb25seSBjb250YWluIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzIG9yIGh5cGhlbnMsIGNhbm5vdCBoYXZlIG11bHRpcGxlIGNvbnNlY3V0aXZlIGh5cGhlbnMsIGNhbm5vdCBiZWdpbiBvciBlbmQgd2l0aCBhIGh5cGVuIGFuZCBtYXhpbXVtIGxlbmdodCBpcyAzOSBjaGFyYWN0ZXJzLmApO1xuICAgIH1cbiAgfVxuXG4gIC8qKiBWYWxpZGF0ZXMgdGhlIEdpdGh1YiByZXBvc2l0b3J5IG5hbWUgKHdpdGhvdXQgb3duZXIpLiAqL1xuICBwcml2YXRlIHN0YXRpYyB2YWxpZGF0ZVJlcG8oc2NvcGU6IENvbnN0cnVjdCwgcmVwbzogc3RyaW5nKTogdm9pZCB7XG4gICAgaWYgKHJlcG8gPT09ICcnKSB7XG4gICAgICBjZGsuQW5ub3RhdGlvbnMub2Yoc2NvcGUpLmFkZEVycm9yKGBJbnZhbGlkIEdpdGh1YiBSZXBvc2l0b3J5IE5hbWUgXCIke3JlcG99XCIuIE1heSBub3QgYmUgZW1wdHkgc3RyaW5nLmApO1xuICAgIH1cbiAgfVxuXG4gIC8qKiBGb3JtYXRzIHRoZSBgc3ViYCB2YWx1ZSB1c2VkIGluIHRydXN0IHBvbGljeS4gKi9cbiAgcHJpdmF0ZSBzdGF0aWMgZm9ybWF0U3ViamVjdChwcm9wczogR2l0aHViQ29uZmlndXJhdGlvbik6IHN0cmluZyB7XG4gICAgY29uc3QgeyBvd25lciwgcmVwbywgZmlsdGVyID0gJyonIH0gPSBwcm9wcztcbiAgICByZXR1cm4gYHJlcG86JHtvd25lcn0vJHtyZXBvfToke2ZpbHRlcn1gO1xuICB9XG5cblxuICAvKipcbiAgICogRGVmaW5lIGFuIElBTSBSb2xlIHRoYXQgY2FuIGJlIGFzc3VtZWQgYnkgR2l0aHViIEFjdGlvbnMgd29ya2Zsb3dcbiAgICogdmlhIEdpdGh1YiBPcGVuSUQgQ29ubmVjdCBJZGVudGl0eSBQcm92aWRlci5cbiAgICpcbiAgICogQmVzaWRlcyBgR2l0aHViQ29uZmlndXJhdGlvbmAsIHlvdSBtYXkgcGFzcyBpbiBhbnkgYGlhbS5Sb2xlUHJvcHNgIGV4Y2VwdCBgYXNzdW1lZEJ5YFxuICAgKiB3aGljaCB3aWxsIGJlIGRlZmluZWQgYnkgdGhpcyBjb25zdHJ1Y3QgKENESyB3aWxsIGZhaWwgaWYgeW91IGRvKS5cbiAgICpcbiAgICogQGV4YW1wbGVcbiAgICogY29uc3QgdXBsb2FkUm9sZSA9IG5ldyBHaXRodWJBY3Rpb25zUm9sZShzY29wZSwgXCJVcGxvYWRSb2xlXCIsIHtcbiAgICogICBwcm92aWRlcjogR2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuZnJvbUFjY291bnQoc2NvcGUsIFwiR2l0aHViUHJvdmlkZXJcIiksXG4gICAqICAgb3duZXI6ICdvY3RvLW9yZycsXG4gICAqICAgcmVwbzogJ29jdG8tcmVwbycsXG4gICAqICAgZmlsdGVyOiAncmVmOnJlZnMvdGFncy92KicsXG4gICAqICAgcm9sZU5hbWU6ICdNeVVwbG9hZFJvbGUnLFxuICAgKiB9KTtcbiAgICpcbiAgICogbXlCdWNrZXQuZ3JhbnRXcml0ZSh1cGxvYWRSb2xlKTtcbiAgICovXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBHaXRodWJBY3Rpb25zUm9sZVByb3BzKSB7XG5cbiAgICBjb25zdCB7IHByb3ZpZGVyLCBvd25lciwgcmVwbyB9ID0gcHJvcHM7XG5cbiAgICAvLyBQZXJmb3JtIHZhbGlkYXRpb25zXG4gICAgR2l0aHViQWN0aW9uc1JvbGUudmFsaWRhdGVPd25lcihzY29wZSwgb3duZXIpO1xuICAgIEdpdGh1YkFjdGlvbnNSb2xlLnZhbGlkYXRlUmVwbyhzY29wZSwgcmVwbyk7XG5cbiAgICAvLyBQcmVwYXJlIHZhbHVlc1xuICAgIGNvbnN0IHN1YmplY3QgPSBHaXRodWJBY3Rpb25zUm9sZS5mb3JtYXRTdWJqZWN0KHByb3BzKTtcbiAgICBjb25zdCByb2xlUHJvcHMgPSBHaXRodWJBY3Rpb25zUm9sZS5leHRyYWN0Um9sZVByb3BzKHByb3BzKTtcblxuICAgIC8vIFRoZSBhY3R1YWwgSUFNIFJvbGUgY3JlYXRpb25cbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIC4uLnJvbGVQcm9wcyxcbiAgICAgIGFzc3VtZWRCeTogbmV3IGlhbS5XZWJJZGVudGl0eVByaW5jaXBhbChwcm92aWRlci5vcGVuSWRDb25uZWN0UHJvdmlkZXJBcm4sIHtcbiAgICAgICAgU3RyaW5nTGlrZToge1xuICAgICAgICAgIC8vIE9ubHkgYWxsb3cgc3BlY2lmaWVkIHN1YmplY3RzIHRvIGFzc3VtZSB0aGlzIHJvbGVcbiAgICAgICAgICBbYCR7R2l0aHViQWN0aW9uc0lkZW50aXR5UHJvdmlkZXIuaXNzdWVyfTpzdWJgXTogc3ViamVjdCxcbiAgICAgICAgfSxcbiAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgLy8gQXVkaWVuY2UgaXMgYWx3YXlzIHN0cy5hbWF6b25hd3MuY29tIHdpdGggQVdTIG9mZmljaWFsIEdpdGh1YiBBY3Rpb25cbiAgICAgICAgICAvLyBodHRwczovL2RvY3MuZ2l0aHViLmNvbS9lbi9hY3Rpb25zL2RlcGxveW1lbnQvc2VjdXJpdHktaGFyZGVuaW5nLXlvdXItZGVwbG95bWVudHMvY29uZmlndXJpbmctb3BlbmlkLWNvbm5lY3QtaW4tYW1hem9uLXdlYi1zZXJ2aWNlcyNhZGRpbmctdGhlLWlkZW50aXR5LXByb3ZpZGVyLXRvLWF3c1xuICAgICAgICAgIFtgJHtHaXRodWJBY3Rpb25zSWRlbnRpdHlQcm92aWRlci5pc3N1ZXJ9OmF1ZGBdOiAnc3RzLmFtYXpvbmF3cy5jb20nLFxuICAgICAgICB9LFxuICAgICAgfSksXG4gICAgfSk7XG5cbiAgfVxufVxuXG4iXX0=
package/package.json CHANGED
@@ -26,11 +26,9 @@
26
26
  "release": "npx projen release",
27
27
  "release:cdkv1": "npx projen release:cdkv1",
28
28
  "test": "npx projen test",
29
- "test:update": "npx projen test:update",
30
29
  "test:watch": "npx projen test:watch",
31
30
  "unbump": "npx projen unbump",
32
31
  "upgrade": "npx projen upgrade",
33
- "upgrade-projen": "npx projen upgrade-projen",
34
32
  "watch": "npx projen watch",
35
33
  "projen": "npx projen"
36
34
  },
@@ -41,32 +39,37 @@
41
39
  },
42
40
  "devDependencies": {
43
41
  "@types/github-username-regex": "^1.0.0",
44
- "@types/jest": "^27.5.2",
42
+ "@types/jest": "^27",
45
43
  "@types/node": "^14",
46
44
  "@typescript-eslint/eslint-plugin": "^5",
47
45
  "@typescript-eslint/parser": "^5",
48
- "aws-cdk-lib": "2.24.1",
46
+ "aws-cdk-lib": "2.89.0",
49
47
  "constructs": "10.0.0",
50
48
  "eslint": "^8",
51
- "eslint-import-resolver-node": "^0.3.6",
49
+ "eslint-import-resolver-node": "^0.3.7",
52
50
  "eslint-import-resolver-typescript": "^2.7.1",
53
- "eslint-plugin-import": "^2.26.0",
54
- "jest": "^27.5.1",
55
- "jest-junit": "^13",
56
- "jsii": "^1.70.0",
57
- "jsii-diff": "^1.70.0",
51
+ "eslint-plugin-import": "^2.28.0",
52
+ "jest": "^27",
53
+ "jest-junit": "^15",
54
+ "jsii": "1.x",
55
+ "jsii-diff": "^1.86.1",
58
56
  "jsii-docgen": "^3.8.31",
59
- "json-schema": "^0.4.0",
60
- "npm-check-updates": "^12",
61
- "projen": "^0.52.43",
57
+ "jsii-pacmak": "^1.86.1",
58
+ "jsii-rosetta": "1.x",
59
+ "npm-check-updates": "^16",
60
+ "projen": "^0.71.161",
62
61
  "standard-version": "^9",
63
- "ts-jest": "^27.1.5",
64
- "typescript": "^4.8.4"
62
+ "ts-jest": "^27",
63
+ "typescript": "^4.9.5"
65
64
  },
66
65
  "peerDependencies": {
67
- "aws-cdk-lib": "^2.24.1",
66
+ "aws-cdk-lib": "^2.89.0",
68
67
  "constructs": "^10.0.0"
69
68
  },
69
+ "overrides": {
70
+ "@types/babel__traverse": "7.18.2",
71
+ "@types/prettier": "2.6.0"
72
+ },
70
73
  "keywords": [
71
74
  "aws",
72
75
  "aws-cdk",
@@ -83,11 +86,11 @@
83
86
  },
84
87
  "main": "lib/index.js",
85
88
  "license": "Apache-2.0",
86
- "version": "2.3.2",
89
+ "version": "2.3.4",
87
90
  "jest": {
88
91
  "testMatch": [
89
92
  "<rootDir>/src/**/__tests__/**/*.ts?(x)",
90
- "<rootDir>/(test|src)/**/?(*.)+(spec|test).ts?(x)"
93
+ "<rootDir>/(test|src)/**/*(*.)@(spec|test).ts?(x)"
91
94
  ],
92
95
  "clearMocks": true,
93
96
  "collectCoverage": true,
@@ -143,4 +146,4 @@
143
146
  }
144
147
  },
145
148
  "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"."
146
- }
149
+ }
package/changelog.md DELETED
@@ -1,2 +0,0 @@
1
-
2
- ### [2.3.2](https://github.com/aripalo/aws-cdk-github-oidc/compare/v2.3.1...v2.3.2) (2022-11-08)
package/releasetag.txt DELETED
@@ -1 +0,0 @@
1
- v2.3.2
package/version.txt DELETED
@@ -1 +0,0 @@
1
- 2.3.2