aws-lambda-api-tools 0.1.23 → 0.1.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/bin/generate-swagger.js
CHANGED
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
4
4
|
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
5
5
|
const child_process_1 = require("child_process");
|
|
6
|
+
const client_iam_1 = require("@aws-sdk/client-iam");
|
|
6
7
|
console.log('Starting GitHub OIDC IAM setup...');
|
|
7
8
|
// Parse command line arguments
|
|
8
9
|
const args = process.argv.slice(2);
|
|
@@ -18,22 +19,53 @@ const repoNames = repoArgs;
|
|
|
18
19
|
const policyName = policyArg ? policyArg.split("=")[1] : "AdministratorAccess";
|
|
19
20
|
console.log(`Configuring for repositories: ${repoNames.join(", ")}`);
|
|
20
21
|
console.log(`Using policy: ${policyName}`);
|
|
22
|
+
// Check if GitHub OIDC provider already exists
|
|
23
|
+
async function checkOidcProviderExists() {
|
|
24
|
+
try {
|
|
25
|
+
const iamClient = new client_iam_1.IAMClient({ region: process.env.AWS_REGION || 'us-east-1' });
|
|
26
|
+
const command = new client_iam_1.ListOpenIDConnectProvidersCommand({});
|
|
27
|
+
const response = await iamClient.send(command);
|
|
28
|
+
const githubProvider = response.OpenIDConnectProviderList?.find(provider => provider.Arn?.includes('token.actions.githubusercontent.com'));
|
|
29
|
+
if (githubProvider) {
|
|
30
|
+
console.log(`✅ Found existing GitHub OIDC provider: ${githubProvider.Arn}`);
|
|
31
|
+
return true;
|
|
32
|
+
}
|
|
33
|
+
else {
|
|
34
|
+
console.log('ℹ️ No existing GitHub OIDC provider found');
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
catch (error) {
|
|
39
|
+
console.log('⚠️ Could not check for existing OIDC provider:', error);
|
|
40
|
+
return false;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
21
43
|
const app = new aws_cdk_lib_1.App();
|
|
22
44
|
class GithubActionsIamStack extends aws_cdk_lib_1.Stack {
|
|
23
45
|
constructor(scope, id, props) {
|
|
24
46
|
super(scope, id, props);
|
|
25
|
-
console.log('
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
47
|
+
console.log('Setting up OIDC Provider...');
|
|
48
|
+
// Reference existing OIDC provider or create new one
|
|
49
|
+
const accountId = aws_cdk_lib_1.Stack.of(this).account;
|
|
50
|
+
const githubOidcProviderArn = `arn:aws:iam::${accountId}:oidc-provider/token.actions.githubusercontent.com`;
|
|
51
|
+
// Create OIDC provider only if it doesn't exist
|
|
52
|
+
if (props?.createOidcProvider) {
|
|
53
|
+
console.log('Creating new OIDC Provider...');
|
|
54
|
+
new aws_iam_1.CfnOIDCProvider(this, "GithubOidcProvider", {
|
|
55
|
+
url: "https://token.actions.githubusercontent.com",
|
|
56
|
+
clientIdList: ["sts.amazonaws.com"],
|
|
57
|
+
thumbprintList: [
|
|
58
|
+
"6938fd4d98bab03faadb97b34396831e3780aea1",
|
|
59
|
+
"1c58a3a8518e8759bf075b76b750d4f2df264fcd"
|
|
60
|
+
]
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
console.log('Using existing OIDC Provider');
|
|
65
|
+
}
|
|
34
66
|
console.log('Creating IAM Role...');
|
|
35
67
|
const deploymentRole = new aws_iam_1.Role(this, "GithubActionsRole", {
|
|
36
|
-
assumedBy: new aws_iam_1.WebIdentityPrincipal(
|
|
68
|
+
assumedBy: new aws_iam_1.WebIdentityPrincipal(githubOidcProviderArn, {
|
|
37
69
|
StringEquals: {
|
|
38
70
|
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
|
|
39
71
|
},
|
|
@@ -51,31 +83,43 @@ class GithubActionsIamStack extends aws_cdk_lib_1.Stack {
|
|
|
51
83
|
});
|
|
52
84
|
}
|
|
53
85
|
}
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
console.log('
|
|
57
|
-
const
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
const cdkCommand = [
|
|
62
|
-
'cdk deploy',
|
|
63
|
-
'GithubActionsIam',
|
|
64
|
-
'--require-approval never',
|
|
65
|
-
`--app "${assembly.directory}"`,
|
|
66
|
-
].join(' ');
|
|
67
|
-
console.log(`Executing: ${cdkCommand}`);
|
|
68
|
-
(0, child_process_1.execSync)(cdkCommand, {
|
|
69
|
-
stdio: 'inherit',
|
|
70
|
-
env: {
|
|
71
|
-
...process.env,
|
|
72
|
-
AWS_REGION: process.env.AWS_REGION || 'us-east-1',
|
|
73
|
-
}
|
|
86
|
+
// Main execution
|
|
87
|
+
async function main() {
|
|
88
|
+
console.log('Checking for existing OIDC provider...');
|
|
89
|
+
const oidcExists = await checkOidcProviderExists();
|
|
90
|
+
console.log('Creating CloudFormation stack...');
|
|
91
|
+
new GithubActionsIamStack(app, "GithubActionsIam", {
|
|
92
|
+
createOidcProvider: !oidcExists
|
|
74
93
|
});
|
|
75
|
-
console.log('
|
|
94
|
+
console.log('Synthesizing CloudFormation template...');
|
|
95
|
+
const assembly = app.synth();
|
|
96
|
+
// Execute the deployment
|
|
97
|
+
console.log('Starting deployment...');
|
|
98
|
+
try {
|
|
99
|
+
const cdkCommand = [
|
|
100
|
+
'cdk deploy',
|
|
101
|
+
'GithubActionsIam',
|
|
102
|
+
'--require-approval never',
|
|
103
|
+
`--app "${assembly.directory}"`,
|
|
104
|
+
].join(' ');
|
|
105
|
+
console.log(`Executing: ${cdkCommand}`);
|
|
106
|
+
(0, child_process_1.execSync)(cdkCommand, {
|
|
107
|
+
stdio: 'inherit',
|
|
108
|
+
env: {
|
|
109
|
+
...process.env,
|
|
110
|
+
AWS_REGION: process.env.AWS_REGION || 'us-east-1',
|
|
111
|
+
}
|
|
112
|
+
});
|
|
113
|
+
console.log('✅ Deployment completed successfully!');
|
|
114
|
+
}
|
|
115
|
+
catch (error) {
|
|
116
|
+
console.error('❌ Deployment failed:', error);
|
|
117
|
+
process.exit(1);
|
|
118
|
+
}
|
|
76
119
|
}
|
|
77
|
-
|
|
78
|
-
|
|
120
|
+
// Run the main function
|
|
121
|
+
main().catch(error => {
|
|
122
|
+
console.error('❌ Setup failed:', error);
|
|
79
123
|
process.exit(1);
|
|
80
|
-
}
|
|
124
|
+
});
|
|
81
125
|
//# sourceMappingURL=bootstrap-iam.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap-iam.js","sourceRoot":"","sources":["../../src/bin/bootstrap-iam.ts"],"names":[],"mappings":";;AAAA,6CAAgE;AAChE,
|
|
1
|
+
{"version":3,"file":"bootstrap-iam.js","sourceRoot":"","sources":["../../src/bin/bootstrap-iam.ts"],"names":[],"mappings":";;AAAA,6CAAgE;AAChE,iDAAwH;AACxH,iDAAyC;AACzC,oDAAmF;AAEnF,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;AAEjD,+BAA+B;AAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;AAE5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;IACzB,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACjE,OAAO,CAAC,KAAK,CAAC,sGAAsG,CAAC,CAAC;IACtH,OAAO,CAAC,KAAK,CAAC,2GAA2G,CAAC,CAAC;IAC3H,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;CACjB;AAED,MAAM,SAAS,GAAG,QAAQ,CAAC;AAC3B,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC;AAE/E,OAAO,CAAC,GAAG,CAAC,iCAAiC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB,UAAU,EAAE,CAAC,CAAC;AAE3C,+CAA+C;AAC/C,KAAK,UAAU,uBAAuB;IACpC,IAAI;QACF,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,EAAE,CAAC,CAAC;QACnF,MAAM,OAAO,GAAG,IAAI,8CAAiC,CAAC,EAAE,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/C,MAAM,cAAc,GAAG,QAAQ,CAAC,yBAAyB,EAAE,IAAI,CAC7D,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,qCAAqC,CAAC,CAC1E,CAAC;QAEF,IAAI,cAAc,EAAE;YAClB,OAAO,CAAC,GAAG,CAAC,0CAA0C,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC;YAC5E,OAAO,IAAI,CAAC;SACb;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;YAC1D,OAAO,KAAK,CAAC;SACd;KACF;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,iDAAiD,EAAE,KAAK,CAAC,CAAC;QACtE,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,MAAM,GAAG,GAAG,IAAI,iBAAG,EAAE,CAAC;AAEtB,MAAM,qBAAsB,SAAQ,mBAAK;IACvC,YAAY,KAAU,EAAE,EAAU,EAAE,KAAqD;QACvF,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAExB,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,qDAAqD;QACrD,MAAM,SAAS,GAAG,mBAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;QACzC,MAAM,qBAAqB,GAAG,gBAAgB,SAAS,oDAAoD,CAAC;QAE5G,gDAAgD;QAChD,IAAI,KAAK,EAAE,kBAAkB,EAAE;YAC7B,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAC7C,IAAI,yBAAe,CAAC,IAAI,EAAE,oBAAoB,EAAE;gBAC9C,GAAG,EAAE,6CAA6C;gBAClD,YAAY,EAAE,CAAC,mBAAmB,CAAC;gBACnC,cAAc,EAAE;oBACd,0CAA0C;oBAC1C,0CAA0C;iBAC3C;aACF,CAAC,CAAC;SACJ;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;SAC7C;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,cAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE;YACzD,SAAS,EAAE,IAAI,8BAAoB,CACjC,qBAAqB,EACrB;gBACE,YAAY,EAAE;oBACZ,yCAAyC,EAAE,mBAAmB;iBAC/D;gBACD,UAAU,EAAE;oBACV,yCAAyC,EAAE,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,IAAI,IAAI,CAAC;iBACnF;aACF,CACF;YACD,eAAe,EAAE;gBACf,uBAAa,CAAC,wBAAwB,CAAC,UAAW,CAAC;aACpD;SACF,CAAC,CAAC;QAEH,IAAI,uBAAS,CAAC,IAAI,EAAE,SAAS,EAAE;YAC7B,KAAK,EAAE,cAAc,CAAC,OAAO;YAC7B,WAAW,EAAE,sCAAsC;SACpD,CAAC,CAAC;IACL,CAAC;CACF;AAED,iBAAiB;AACjB,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,MAAM,uBAAuB,EAAE,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,IAAI,qBAAqB,CAAC,GAAG,EAAE,kBAAkB,EAAE;QACjD,kBAAkB,EAAE,CAAC,UAAU;KAChC,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC;IAE7B,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACtC,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,YAAY;YACZ,kBAAkB;YAClB,0BAA0B;YAC1B,UAAU,QAAQ,CAAC,SAAS,GAAG;SAChC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,OAAO,CAAC,GAAG,CAAC,cAAc,UAAU,EAAE,CAAC,CAAC;QAExC,IAAA,wBAAQ,EAAC,UAAU,EAAE;YACnB,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;aAClD;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;KACrD;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC;AAED,wBAAwB;AACxB,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;IACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "aws-lambda-api-tools",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.25",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -41,6 +41,7 @@
|
|
|
41
41
|
"typescript": "~4.9.5"
|
|
42
42
|
},
|
|
43
43
|
"dependencies": {
|
|
44
|
+
"@aws-sdk/client-iam": "^3.896.0",
|
|
44
45
|
"@types/atob": "^2.1.2",
|
|
45
46
|
"@types/aws-lambda": "^8.10.152",
|
|
46
47
|
"@types/formidable": "^1.2.3",
|