viza 1.6.45 → 1.7.1

package/dist/src/commands/aws/rolesanywhere/register.js

@@ -1,6 +1,7 @@
 import { registerAwsRolesAnywhereBootstrap } from "./bootstrap/register.js";
 import { registerAwsRolesAnywhereRotate } from "./rotate/register.js";
 import { registerAwsRolesAnywhereRebootstrap } from "./rebootstrap/register.js";
+import { registerAwsRolesAnywhereUpdateRole } from "./update-role/register.js";
 export function registerAwsRolesAnywhereCommand(program) {
     const aws = program.command("aws").description("AWS related commands");
     const rolesanywhere = aws
@@ -9,4 +10,5 @@ export function registerAwsRolesAnywhereCommand(program) {
     registerAwsRolesAnywhereBootstrap(rolesanywhere);
     registerAwsRolesAnywhereRebootstrap(rolesanywhere);
     registerAwsRolesAnywhereRotate(rolesanywhere);
+    registerAwsRolesAnywhereUpdateRole(rolesanywhere);
 }

package/dist/src/commands/aws/rolesanywhere/update-role/register.js

@@ -0,0 +1,13 @@
+import { updateAwsRolesAnywhereRoleCommand } from "./update-role.js";
+import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
+export function registerAwsRolesAnywhereUpdateRole(program) {
+    program
+        .command("update-role")
+        .description("Update AWS RolesAnywhere IAM role policies")
+        .option("--prod", "Use production environment")
+        .option("--dev", "Use development environment")
+        .action(async (_opts, command) => {
+        const fullOpts = getResolvedOptions(command);
+        await updateAwsRolesAnywhereRoleCommand(fullOpts);
+    });
+}

package/dist/src/commands/aws/rolesanywhere/update-role/update-role.js

@@ -0,0 +1,52 @@
+import { resolveEnv } from "../../../../context/env.js";
+import { resolveResourceHubIntent } from "../../../../context/hubIntent.js";
+import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
+/**
+ * Target teams for `viza aws rolesanywhere update-role`.
+ * CLI-only fail-fast UX constraint.
+ * NOT a policy and MUST NOT be sent to gateway.
+ */
+const TARGET_TEAMS = {
+    "dev": [
+        "viza-admin",
+        "viza-super"
+    ],
+    "prod": [
+        "viza-admin",
+        "viza-super"
+    ]
+};
+/**
+ * viza aws rolesanywhere update-role
+ *
+ * Flow:
+ * 1) Resolve env
+ * 2) Resolve hub intent
+ * 3) Derive allowed teams (CLI UX only)
+ * 4) Dispatch frozen intent
+ */
+export async function updateAwsRolesAnywhereRoleCommand(options) {
+    // 1) Resolve environment
+    const env = resolveEnv(options);
+    const intent = resolveResourceHubIntent(env);
+    // 2) Resolve allowed teams (no status mode for rotate)
+    const allowedTeams = TARGET_TEAMS[env];
+    // 3) Dispatch intent (freeze)
+    await dispatchIntentAndWait({
+        intent,
+        commandType: "aws.rolesanywhere.update-role",
+        infraKey: "core",
+        targetEnv: env,
+        allowedTeams,
+        // Canonical CLI contract (explicit, non-magical)
+        selfHosted: options.selfHosted === true,
+        keepLog: options.removeLog !== true,
+        flowGates: {
+            secrets: true,
+        },
+        payload: {}
+    }, {
+        status: options.status === true,
+        log: "show",
+    });
+}

package/dist/src/commands/billing/login/aws/aws.js

@@ -1,4 +1,3 @@
-import { resolveEnv } from "../../../../context/env.js";
 import { resolveRuntimeHubIntent } from "../../../../context/hubIntent.js";
 import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
 import { showSsoLinkMenu } from "../../../../ui/sso/awsLoginMenu.js";
@@ -7,19 +6,11 @@ import { showSsoLinkMenu } from "../../../../ui/sso/awsLoginMenu.js";
  * This is a CLI-only UX constraint for fail-fast validation.
  * NOT a policy and MUST NOT be sent to gateway.
  */
-const TARGET_TEAMS = {
-    dev: [
-        "viza-billing",
-        "viza-manager",
-        "viza-admin",
-        "viza-super",
-    ],
-    prod: [
-        "viza-billing",
-        "viza-admin",
-        "viza-super",
-    ]
-};
+const TARGET_TEAMS = [
+    "viza-billing",
+    "viza-admin",
+    "viza-super",
+];
 /**
  * viza login aws
  *
@@ -32,22 +23,23 @@ const TARGET_TEAMS = {
  */
 export async function loginBillingAwsCommand(options) {
     // 1) Resolve environment
-    const env = resolveEnv(options, "prod");
     const intent = resolveRuntimeHubIntent();
-    const allowedTeams = TARGET_TEAMS[env];
+    const allowedTeams = TARGET_TEAMS;
     // 5) Dispatch intent (freeze)
     const result = await dispatchIntentAndWait({
         intent,
         commandType: "billing.login.aws",
         infraKey: "aws",
-        targetEnv: env,
+        targetEnv: "prod",
         allowedTeams,
         selfHosted: options.selfHosted === true,
         keepLog: options.removeLog !== true,
         flowGates: {
             secrets: false,
         },
-        payload: {}
+        payload: {
+            admin: options.admin === true
+        }
     }, {
         log: "hide",
     });

package/dist/src/commands/billing/login/aws/register.js

@@ -5,8 +5,7 @@ export function registerAwsUnderBillingLogin(parent) {
     // billing login aws
     const awsCommand = new Command("aws")
         .description("Login to AWS billing console")
-        .option("--prod", "Use production environment")
-        .option("--dev", "Use development environment")
+        .option("--admin", "Login as billing admin")
         .action(async (_opts, command) => {
         const fullOpts = getResolvedOptions(command);
         await loginBillingAwsCommand(fullOpts);

package/dist/src/commands/billing/register.js

@@ -1,13 +1,11 @@
 import { Command } from "commander";
 import { registerBillingLoginCommand } from "./login/register.js";
-import { registerBillingLoginAdminCommand } from "./login-admin/register.js";
 export function registerBillingCommand(program) {
     // Create top-level `billing` command
     const billingCommand = new Command("billing")
         .description("Billing related commands");
     // Attach subcommands under `billing`
     registerBillingLoginCommand(billingCommand);
-    registerBillingLoginAdminCommand(billingCommand);
     // Attach `billing` to root program
     program.addCommand(billingCommand);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "viza",
-  "version": "1.6.45",
+  "version": "1.7.1",
   "type": "module",
   "description": "Viza unified command line interface",
   "bin": {

package/dist/src/commands/billing/login-admin/aws/aws.js

@@ -1,71 +0,0 @@
-import { resolveEnv } from "../../../../context/env.js";
-import { resolveRuntimeHubIntent } from "../../../../context/hubIntent.js";
-import { dispatchIntentAndWait } from "../../../../core/dispatch.js";
-import { showSsoLinkMenu } from "../../../../ui/sso/awsLoginMenu.js";
-/**
- * Target teams for `viza login aws`.
- * This is a CLI-only UX constraint for fail-fast validation.
- * NOT a policy and MUST NOT be sent to gateway.
- */
-const TARGET_TEAMS = {
-    dev: [
-        "viza-billing",
-        "viza-admin",
-        "viza-super",
-    ],
-    prod: [
-        "viza-billing",
-        "viza-admin",
-        "viza-super",
-    ]
-};
-/**
- * viza login aws
- *
- * Flow:
- * 1) Resolve env (deterministic)
- * 2) Resolve user identity (trusted via gh auth)
- * 3) CLI pre-check against target teams (fail-fast UX)
- * 4) Derive ONE valid team (deterministic)
- * 5) Dispatch frozen intent to gateway
- */
-export async function loginBillingAdminAwsCommand(options) {
-    // 1) Resolve environment
-    const env = resolveEnv(options, "prod");
-    const intent = resolveRuntimeHubIntent();
-    const allowedTeams = TARGET_TEAMS[env];
-    // 5) Dispatch intent (freeze)
-    const result = await dispatchIntentAndWait({
-        intent,
-        commandType: "billing.login-admin.aws",
-        infraKey: "aws",
-        targetEnv: env,
-        allowedTeams,
-        selfHosted: options.selfHosted === true,
-        keepLog: options.removeLog !== true,
-        flowGates: {
-            secrets: false,
-        },
-        payload: {}
-    }, {
-        log: "hide",
-    });
-    if (!result)
-        return;
-    if (result.status !== "success") {
-        return;
-    }
-    if (result.kind !== "runtime") {
-        return;
-    }
-    if (!result.data) {
-        return;
-    }
-    const awsResult = result.data;
-    if (typeof awsResult.loginUrl !== "string" ||
-        typeof awsResult.shortUrl !== "string" ||
-        typeof awsResult.ttlHours !== "number") {
-        throw new Error("invalid_runtime_aws_login_result_shape");
-    }
-    await showSsoLinkMenu(awsResult.loginUrl, awsResult.shortUrl, awsResult.ttlHours);
-}

package/dist/src/commands/billing/login-admin/aws/register.js

@@ -1,15 +0,0 @@
-import { Command } from "commander";
-import { loginBillingAdminAwsCommand } from "./aws.js";
-import { getResolvedOptions } from "../../../../cli/resolveOptions.js";
-export function registerBillingLoginAdminAwsCommand(parent) {
-    // billing login-admin aws
-    const awsCommand = new Command("aws")
-        .description("Login to AWS billing console (admin)")
-        .option("--prod", "Use production environment")
-        .option("--dev", "Use development environment")
-        .action(async (_opts, command) => {
-        const fullOpts = getResolvedOptions(command);
-        await loginBillingAdminAwsCommand(fullOpts);
-    });
-    parent.addCommand(awsCommand);
-}

package/dist/src/commands/billing/login-admin/register.js

@@ -1,10 +0,0 @@
-import { Command } from "commander";
-import { registerBillingLoginAdminAwsCommand } from "./aws/register.js";
-export function registerBillingLoginAdminCommand(parent) {
-    // billing login-admin
-    const loginAdminCommand = new Command("login-admin")
-        .description("Login to billing services with admin privileges");
-    // attach provider-level commands (e.g. aws)
-    registerBillingLoginAdminAwsCommand(loginAdminCommand);
-    parent.addCommand(loginAdminCommand);
-}