viza 1.6.35 → 1.6.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/cli/program.js +5 -3
- package/dist/src/commands/aws/rolesanywhere/rotate/rotate.js +1 -1
- package/dist/src/commands/billing/login/aws/aws.js +72 -0
- package/dist/src/commands/billing/login/aws/register.js +19 -0
- package/dist/src/commands/billing/login/register.js +4 -0
- package/dist/src/commands/billing/login-admin/aws/aws.js +71 -0
- package/dist/src/commands/billing/login-admin/aws/register.js +19 -0
- package/dist/src/commands/billing/login-admin/register.js +4 -0
- package/dist/src/commands/billing/register.js +6 -0
- package/dist/src/commands/login/aws/aws.js +0 -14
- package/dist/src/context/env.js +2 -5
- package/package.json +1 -1
package/dist/src/cli/program.js
CHANGED
|
@@ -7,6 +7,7 @@ import { whoamiCommand } from "../commands/whoami/index.js";
|
|
|
7
7
|
import { registerAwsCommand } from "../commands/aws/register.js";
|
|
8
8
|
import { registerInfraCommand } from "../commands/infra/register.js";
|
|
9
9
|
import { registerAgeCommand } from "../commands/age/register.js";
|
|
10
|
+
import { registerBillingCommand } from "../commands/billing/register.js";
|
|
10
11
|
export function createProgram() {
|
|
11
12
|
const program = new Command();
|
|
12
13
|
program
|
|
@@ -14,11 +15,12 @@ export function createProgram() {
|
|
|
14
15
|
.description("Viza Command Line Interface")
|
|
15
16
|
.version(getCliVersion());
|
|
16
17
|
registerGlobalOptions(program);
|
|
17
|
-
|
|
18
|
-
registerLoginCommand(program);
|
|
18
|
+
registerAgeCommand(program);
|
|
19
19
|
registerAwsCommand(program);
|
|
20
|
+
registerBillingCommand(program);
|
|
21
|
+
registerBootstrapCommand(program);
|
|
20
22
|
registerInfraCommand(program);
|
|
21
|
-
|
|
23
|
+
registerLoginCommand(program);
|
|
22
24
|
program
|
|
23
25
|
.command("whoami")
|
|
24
26
|
.description("Show current GitHub identity and Viza team memberships (local only)")
|
|
@@ -34,7 +34,7 @@ export async function rotateAwsRolesAnywhereCommand(options) {
|
|
|
34
34
|
// 3) Dispatch intent (freeze)
|
|
35
35
|
await dispatchIntentAndWait({
|
|
36
36
|
intent,
|
|
37
|
-
commandType: "aws.rolesanywhere.rotate
|
|
37
|
+
commandType: "aws.rolesanywhere.rotate",
|
|
38
38
|
infraKey: "core",
|
|
39
39
|
targetEnv: env,
|
|
40
40
|
allowedTeams,
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { resolveEnv } from "../../../../context/env.js";
|
|
2
|
+
import { resolveRuntimeHubIntent } from "../../../../context/hubIntent.js";
|
|
3
|
+
import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
|
|
4
|
+
import { showSsoLinkMenu } from "../../../../ui/sso/awsLoginMenu.js";
|
|
5
|
+
/**
|
|
6
|
+
* Target teams for `viza login aws`.
|
|
7
|
+
* This is a CLI-only UX constraint for fail-fast validation.
|
|
8
|
+
* NOT a policy and MUST NOT be sent to gateway.
|
|
9
|
+
*/
|
|
10
|
+
const TARGET_TEAMS = {
|
|
11
|
+
dev: [
|
|
12
|
+
"viza-billing",
|
|
13
|
+
"viza-manager",
|
|
14
|
+
"viza-admin",
|
|
15
|
+
"viza-super",
|
|
16
|
+
],
|
|
17
|
+
prod: [
|
|
18
|
+
"viza-billing",
|
|
19
|
+
"viza-admin",
|
|
20
|
+
"viza-super",
|
|
21
|
+
]
|
|
22
|
+
};
|
|
23
|
+
/**
|
|
24
|
+
* viza login aws
|
|
25
|
+
*
|
|
26
|
+
* Flow:
|
|
27
|
+
* 1) Resolve env (deterministic)
|
|
28
|
+
* 2) Resolve user identity (trusted via gh auth)
|
|
29
|
+
* 3) CLI pre-check against target teams (fail-fast UX)
|
|
30
|
+
* 4) Derive ONE valid team (deterministic)
|
|
31
|
+
* 5) Dispatch frozen intent to gateway
|
|
32
|
+
*/
|
|
33
|
+
export async function loginBillingAwsCommand(options) {
|
|
34
|
+
// 1) Resolve environment
|
|
35
|
+
const env = resolveEnv(options, "prod");
|
|
36
|
+
const intent = resolveRuntimeHubIntent();
|
|
37
|
+
const allowedTeams = TARGET_TEAMS[env];
|
|
38
|
+
// 5) Dispatch intent (freeze)
|
|
39
|
+
const result = await dispatchIntentAndWait({
|
|
40
|
+
intent,
|
|
41
|
+
commandType: "billing.login.aws",
|
|
42
|
+
infraKey: "aws",
|
|
43
|
+
targetEnv: env,
|
|
44
|
+
allowedTeams,
|
|
45
|
+
selfHosted: options.selfHosted === true,
|
|
46
|
+
keepLog: options.removeLog !== true,
|
|
47
|
+
flowGates: {
|
|
48
|
+
secrets: false,
|
|
49
|
+
},
|
|
50
|
+
payload: {}
|
|
51
|
+
}, {
|
|
52
|
+
log: "hide",
|
|
53
|
+
});
|
|
54
|
+
if (!result)
|
|
55
|
+
return;
|
|
56
|
+
if (result.status !== "success") {
|
|
57
|
+
return;
|
|
58
|
+
}
|
|
59
|
+
if (result.kind !== "runtime") {
|
|
60
|
+
return;
|
|
61
|
+
}
|
|
62
|
+
if (!result.data) {
|
|
63
|
+
return;
|
|
64
|
+
}
|
|
65
|
+
const awsResult = result.data;
|
|
66
|
+
if (typeof awsResult.loginUrl !== "string" ||
|
|
67
|
+
typeof awsResult.shortUrl !== "string" ||
|
|
68
|
+
typeof awsResult.ttlHours !== "number") {
|
|
69
|
+
throw new Error("invalid_runtime_aws_login_result_shape");
|
|
70
|
+
}
|
|
71
|
+
await showSsoLinkMenu(awsResult.loginUrl, awsResult.shortUrl, awsResult.ttlHours);
|
|
72
|
+
}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { Command } from "commander";
|
|
2
|
+
import { loginBillingAwsCommand } from "./aws.js";
|
|
3
|
+
import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
|
|
4
|
+
export function registerBillingLoginAwsCommand(parent) {
|
|
5
|
+
// billing login
|
|
6
|
+
const loginCommand = new Command("login")
|
|
7
|
+
.description("Login to billing services");
|
|
8
|
+
// billing login aws
|
|
9
|
+
const awsCommand = new Command("aws")
|
|
10
|
+
.description("Login to AWS billing console")
|
|
11
|
+
.option("--prod", "Use production environment")
|
|
12
|
+
.option("--dev", "Use development environment")
|
|
13
|
+
.action(async (_opts, command) => {
|
|
14
|
+
const fullOpts = getResolvedOptions(command);
|
|
15
|
+
await loginBillingAwsCommand(fullOpts);
|
|
16
|
+
});
|
|
17
|
+
loginCommand.addCommand(awsCommand);
|
|
18
|
+
parent.addCommand(loginCommand);
|
|
19
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import { resolveEnv } from "../../../../context/env.js";
|
|
2
|
+
import { resolveRuntimeHubIntent } from "../../../../context/hubIntent.js";
|
|
3
|
+
import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
|
|
4
|
+
import { showSsoLinkMenu } from "../../../../ui/sso/awsLoginMenu.js";
|
|
5
|
+
/**
|
|
6
|
+
* Target teams for `viza login aws`.
|
|
7
|
+
* This is a CLI-only UX constraint for fail-fast validation.
|
|
8
|
+
* NOT a policy and MUST NOT be sent to gateway.
|
|
9
|
+
*/
|
|
10
|
+
const TARGET_TEAMS = {
|
|
11
|
+
dev: [
|
|
12
|
+
"viza-billing",
|
|
13
|
+
"viza-admin",
|
|
14
|
+
"viza-super",
|
|
15
|
+
],
|
|
16
|
+
prod: [
|
|
17
|
+
"viza-billing",
|
|
18
|
+
"viza-admin",
|
|
19
|
+
"viza-super",
|
|
20
|
+
]
|
|
21
|
+
};
|
|
22
|
+
/**
|
|
23
|
+
* viza login aws
|
|
24
|
+
*
|
|
25
|
+
* Flow:
|
|
26
|
+
* 1) Resolve env (deterministic)
|
|
27
|
+
* 2) Resolve user identity (trusted via gh auth)
|
|
28
|
+
* 3) CLI pre-check against target teams (fail-fast UX)
|
|
29
|
+
* 4) Derive ONE valid team (deterministic)
|
|
30
|
+
* 5) Dispatch frozen intent to gateway
|
|
31
|
+
*/
|
|
32
|
+
export async function loginBillingAdminAwsCommand(options) {
|
|
33
|
+
// 1) Resolve environment
|
|
34
|
+
const env = resolveEnv(options, "prod");
|
|
35
|
+
const intent = resolveRuntimeHubIntent();
|
|
36
|
+
const allowedTeams = TARGET_TEAMS[env];
|
|
37
|
+
// 5) Dispatch intent (freeze)
|
|
38
|
+
const result = await dispatchIntentAndWait({
|
|
39
|
+
intent,
|
|
40
|
+
commandType: "billing.login-admin.aws",
|
|
41
|
+
infraKey: "aws",
|
|
42
|
+
targetEnv: env,
|
|
43
|
+
allowedTeams,
|
|
44
|
+
selfHosted: options.selfHosted === true,
|
|
45
|
+
keepLog: options.removeLog !== true,
|
|
46
|
+
flowGates: {
|
|
47
|
+
secrets: false,
|
|
48
|
+
},
|
|
49
|
+
payload: {}
|
|
50
|
+
}, {
|
|
51
|
+
log: "hide",
|
|
52
|
+
});
|
|
53
|
+
if (!result)
|
|
54
|
+
return;
|
|
55
|
+
if (result.status !== "success") {
|
|
56
|
+
return;
|
|
57
|
+
}
|
|
58
|
+
if (result.kind !== "runtime") {
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
61
|
+
if (!result.data) {
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
const awsResult = result.data;
|
|
65
|
+
if (typeof awsResult.loginUrl !== "string" ||
|
|
66
|
+
typeof awsResult.shortUrl !== "string" ||
|
|
67
|
+
typeof awsResult.ttlHours !== "number") {
|
|
68
|
+
throw new Error("invalid_runtime_aws_login_result_shape");
|
|
69
|
+
}
|
|
70
|
+
await showSsoLinkMenu(awsResult.loginUrl, awsResult.shortUrl, awsResult.ttlHours);
|
|
71
|
+
}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { Command } from "commander";
|
|
2
|
+
import { loginBillingAdminAwsCommand } from "./aws.js";
|
|
3
|
+
import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
|
|
4
|
+
export function registerBillingLoginAdminAwsCommand(parent) {
|
|
5
|
+
// billing login-admin
|
|
6
|
+
const loginAdminCommand = new Command("login-admin")
|
|
7
|
+
.description("Login to billing services with admin privileges");
|
|
8
|
+
// billing login-admin aws
|
|
9
|
+
const awsCommand = new Command("aws")
|
|
10
|
+
.description("Login to AWS billing console (admin)")
|
|
11
|
+
.option("--prod", "Use production environment")
|
|
12
|
+
.option("--dev", "Use development environment")
|
|
13
|
+
.action(async (_opts, command) => {
|
|
14
|
+
const fullOpts = getResolvedOptions(command);
|
|
15
|
+
await loginBillingAdminAwsCommand(fullOpts);
|
|
16
|
+
});
|
|
17
|
+
loginAdminCommand.addCommand(awsCommand);
|
|
18
|
+
parent.addCommand(loginAdminCommand);
|
|
19
|
+
}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { registerBillingLoginCommand } from "./login/register.js";
|
|
2
|
+
import { registerBillingLoginAdminCommand } from "./login-admin/register.js";
|
|
3
|
+
export function registerBillingCommand(program) {
|
|
4
|
+
registerBillingLoginCommand(program);
|
|
5
|
+
registerBillingLoginAdminCommand(program);
|
|
6
|
+
}
|
|
@@ -2,20 +2,6 @@ import { resolveEnv } from "../../../context/env.js";
|
|
|
2
2
|
import { resolveRuntimeHubIntent } from "../../../context/hubIntent.js";
|
|
3
3
|
import { dispatchIntentAndWait } from "../../../core/dispatch.js";
|
|
4
4
|
import { showSsoLinkMenu } from "../../../ui/sso/awsLoginMenu.js";
|
|
5
|
-
function parseAwsLoginResult(buffer) {
|
|
6
|
-
try {
|
|
7
|
-
const json = JSON.parse(buffer.toString("utf8"));
|
|
8
|
-
if (typeof json?.loginUrl === "string" &&
|
|
9
|
-
typeof json?.shortUrl === "string" &&
|
|
10
|
-
typeof json?.ttlHours === "number") {
|
|
11
|
-
return json;
|
|
12
|
-
}
|
|
13
|
-
throw new Error("invalid_aws_login_result_shape");
|
|
14
|
-
}
|
|
15
|
-
catch (err) {
|
|
16
|
-
throw new Error("failed_to_parse_aws_login_result");
|
|
17
|
-
}
|
|
18
|
-
}
|
|
19
5
|
/**
|
|
20
6
|
* Target teams for `viza login aws`.
|
|
21
7
|
* This is a CLI-only UX constraint for fail-fast validation.
|
package/dist/src/context/env.js
CHANGED
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
export function resolveEnv(flags) {
|
|
2
|
-
// Fail fast on conflicting deterministic flags
|
|
1
|
+
export function resolveEnv(flags, defaultEnv = "dev") {
|
|
3
2
|
if (flags.prod && flags.dev) {
|
|
4
3
|
throw new Error("Conflicting flags: --prod and --dev cannot be used together");
|
|
5
4
|
}
|
|
6
|
-
// Deterministic environment resolution
|
|
7
5
|
if (flags.prod)
|
|
8
6
|
return "prod";
|
|
9
7
|
if (flags.dev)
|
|
10
8
|
return "dev";
|
|
11
|
-
|
|
12
|
-
return "dev";
|
|
9
|
+
return defaultEnv;
|
|
13
10
|
}
|