aws-cdk-github-oidc 2.4.0__tar.gz → 3.0.0__tar.gz

{aws-cdk-github-oidc-2.4.0/src/aws_cdk_github_oidc.egg-info → aws_cdk_github_oidc-3.0.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-github-oidc
-Version: 2.4.0
+Version: 3.0.0
 Summary: CDK constructs to use OpenID Connect for authenticating your Github Action workflow with AWS IAM
 Home-page: https://github.com/aripalo/aws-cdk-github-oidc.git
 Author: Ari Palo<opensource@aripalo.com>
@@ -10,17 +10,20 @@ Classifier: Intended Audience :: Developers
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: JavaScript
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Typing :: Typed
 Classifier: Development Status :: 4 - Beta
 Classifier: License :: OSI Approved
-Requires-Python: ~=3.7
+Requires-Python: ~=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
+Requires-Dist: aws-cdk-lib<3.0.0,>=2.220.0
+Requires-Dist: constructs<11.0.0,>=10.3.0
+Requires-Dist: jsii<2.0.0,>=1.127.0
+Requires-Dist: publication>=0.0.3
+Requires-Dist: typeguard==2.13.3
 
 # AWS CDK Github OpenID Connect
 
@@ -168,11 +171,3 @@ jobs:
 ```
 
 <br/>
-
-### Development Status
-
-These constructs are fresh out from the oven, since [Github just announced](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) the OpenID Connect feature as generally available. I've been playing around with the feature for some time, but the construct itself haven't yet been widely used.
-
-These constructs will stay in `v0.x.x` for a while, to allow easier bug fixing & breaking changes *if absolutely needed*. Once bugs are fixed (if any), the constructs will be published with `v1` major version and will be marked as stable.
-
-Currently only TypeScript, Python and Go versions provided, but before going to stable, I'll probably others (supported by JSII) depending on the amount of work required - so no promises!

{aws-cdk-github-oidc-2.4.0 → aws_cdk_github_oidc-3.0.0}/README.md

@@ -144,11 +144,3 @@ jobs:
 ```
 
 <br/>
-
-### Development Status
-
-These constructs are fresh out from the oven, since [Github just announced](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) the OpenID Connect feature as generally available. I've been playing around with the feature for some time, but the construct itself haven't yet been widely used.
-
-These constructs will stay in `v0.x.x` for a while, to allow easier bug fixing & breaking changes *if absolutely needed*. Once bugs are fixed (if any), the constructs will be published with `v1` major version and will be marked as stable.
-
-Currently only TypeScript, Python and Go versions provided, but before going to stable, I'll probably others (supported by JSII) depending on the amount of work required - so no promises!

{aws-cdk-github-oidc-2.4.0 → aws_cdk_github_oidc-3.0.0}/pyproject.toml

@@ -1,9 +1,9 @@
 [build-system]
-requires = ["setuptools~=67.3.2", "wheel~=0.40"]
+requires = ["setuptools~=75.3.2", "build~=1.3.0"]
 build-backend = "setuptools.build_meta"
 
 [tool.pyright]
 defineConstant = { DEBUG = true }
-pythonVersion = "3.7"
+pythonVersion = "3.9"
 pythonPlatform = "All"
 reportSelfClsParameterName = false

{aws-cdk-github-oidc-2.4.0 → aws_cdk_github_oidc-3.0.0}/setup.py

@@ -5,7 +5,7 @@ kwargs = json.loads(
     """
 {
     "name": "aws-cdk-github-oidc",
-    "version": "2.4.0",
+    "version": "3.0.0",
     "description": "CDK constructs to use OpenID Connect for authenticating your Github Action workflow with AWS IAM",
     "license": "Apache-2.0",
     "url": "https://github.com/aripalo/aws-cdk-github-oidc.git",
@@ -26,27 +26,25 @@ kwargs = json.loads(
     ],
     "package_data": {
         "aws_cdk_github_oidc._jsii": [
-            "aws-cdk-github-oidc@2.4.0.jsii.tgz"
+            "aws-cdk-github-oidc@3.0.0.jsii.tgz"
         ],
         "aws_cdk_github_oidc": [
             "py.typed"
         ]
     },
-    "python_requires": "~=3.7",
+    "python_requires": "~=3.9",
     "install_requires": [
-        "aws-cdk-lib>=2.89.0, <3.0.0",
-        "constructs>=10.0.0, <11.0.0",
-        "jsii>=1.86.1, <2.0.0",
+        "aws-cdk-lib>=2.220.0, <3.0.0",
+        "constructs>=10.3.0, <11.0.0",
+        "jsii>=1.127.0, <2.0.0",
         "publication>=0.0.3",
-        "typeguard~=2.13.3"
+        "typeguard==2.13.3"
     ],
     "classifiers": [
         "Intended Audience :: Developers",
         "Operating System :: OS Independent",
         "Programming Language :: JavaScript",
         "Programming Language :: Python :: 3 :: Only",
-        "Programming Language :: Python :: 3.7",
-        "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
         "Programming Language :: Python :: 3.10",
         "Programming Language :: Python :: 3.11",

{aws-cdk-github-oidc-2.4.0 → aws_cdk_github_oidc-3.0.0}/src/aws_cdk_github_oidc/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # AWS CDK Github OpenID Connect
 
 ![cdk-support](https://img.shields.io/badge/cdk-%20typescript%20%7C%20python%20-informational)
@@ -145,15 +145,10 @@ jobs:
 ```
 
 <br/>
-
-### Development Status
-
-These constructs are fresh out from the oven, since [Github just announced](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) the OpenID Connect feature as generally available. I've been playing around with the feature for some time, but the construct itself haven't yet been widely used.
-
-These constructs will stay in `v0.x.x` for a while, to allow easier bug fixing & breaking changes *if absolutely needed*. Once bugs are fixed (if any), the constructs will be published with `v1` major version and will be marked as stable.
-
-Currently only TypeScript, Python and Go versions provided, but before going to stable, I'll probably others (supported by JSII) depending on the amount of work required - so no promises!
 '''
+from pkgutil import extend_path
+__path__ = extend_path(__path__, __name__)
+
 import abc
 import builtins
 import datetime
@@ -164,7 +159,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 from ._jsii import *
 
@@ -200,7 +210,7 @@ class GithubActionsRole(
 
     def __init__(
         self,
-        scope: _constructs_77d1e7e8.Construct,
+        scope: "_constructs_77d1e7e8.Construct",
         id: builtins.str,
         *,
         owner: builtins.str,
@@ -209,11 +219,11 @@ class GithubActionsRole(
         filter: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         external_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
-        inline_policies: typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]] = None,
-        managed_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]] = None,
-        max_session_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        inline_policies: typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]] = None,
+        managed_policies: typing.Optional[typing.Sequence["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]] = None,
+        max_session_duration: typing.Optional["_aws_cdk_ceddda9d.Duration"] = None,
         path: typing.Optional[builtins.str] = None,
-        permissions_boundary: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy] = None,
+        permissions_boundary: typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"] = None,
         role_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''(experimental) Define an IAM Role that can be assumed by Github Actions workflow via Github OpenID Connect Identity Provider.
@@ -439,19 +449,16 @@ class RoleProps:
         *,
         description: typing.Optional[builtins.str] = None,
         external_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
-        inline_policies: typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]] = None,
-        managed_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]] = None,
-        max_session_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        inline_policies: typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]] = None,
+        managed_policies: typing.Optional[typing.Sequence["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]] = None,
+        max_session_duration: typing.Optional["_aws_cdk_ceddda9d.Duration"] = None,
         path: typing.Optional[builtins.str] = None,
-        permissions_boundary: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy] = None,
+        permissions_boundary: typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"] = None,
         role_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining an IAM Role.
 
-        These are copied fron @aws-cdk/aws-iam, but since JSII does not support
-        TypeScript <Partial<iam.RoleProps>> (or Omit), we have to do this stupid thing.
-
-        Basically exactly the same as source, but with assumedBy removed.
+        These are copied fron
 
         :param description: A description of the role. It can be up to 1000 characters long. Default: - No description.
         :param external_ids: List of IDs that the role assumer needs to provide one of when assuming this role. If the configured and provided external IDs do not match, the AssumeRole operation will fail. Default: No external ID required
@@ -461,6 +468,13 @@ class RoleProps:
         :param path: The path associated with this role. For information about IAM paths, see Friendly Names and Paths in IAM User Guide. Default: /
         :param permissions_boundary: AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. Default: - No permissions boundary.
         :param role_name: A name for the IAM role. For valid values, see the RoleName parameter for the CreateRole action in the IAM API Reference. IMPORTANT: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
+
+        :aws-cdk:
+
+        /aws-iam, but since JSII does not support
+        TypeScript <Partial<iam.RoleProps>> (or Omit), we have to do this stupid thing.
+
+        Basically exactly the same as source, but with assumedBy removed.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0cd6a3e7d7cf1f8d6e476e7c7fb421f2328a8b971f11011b0003bb9de6651e83)
@@ -516,7 +530,7 @@ class RoleProps:
     @builtins.property
     def inline_policies(
         self,
-    ) -> typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]]:
+    ) -> typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]]:
         '''A list of named policies to inline into this role.
 
         These policies will be
@@ -527,12 +541,12 @@ class RoleProps:
         :default: - No policy is inlined in the Role resource.
         '''
         result = self._values.get("inline_policies")
-        return typing.cast(typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]], result)
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]], result)
 
     @builtins.property
     def managed_policies(
         self,
-    ) -> typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]]:
+    ) -> typing.Optional[typing.List["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]]:
         '''A list of managed policies associated with this role.
 
         You can add managed policies later using
@@ -541,10 +555,10 @@ class RoleProps:
         :default: - No managed policies.
         '''
         result = self._values.get("managed_policies")
-        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]], result)
+        return typing.cast(typing.Optional[typing.List["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]], result)
 
     @builtins.property
-    def max_session_duration(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+    def max_session_duration(self) -> typing.Optional["_aws_cdk_ceddda9d.Duration"]:
         '''The maximum session duration that you want to set for the specified role.
 
         This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.
@@ -565,7 +579,7 @@ class RoleProps:
         :link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
         '''
         result = self._values.get("max_session_duration")
-        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
+        return typing.cast(typing.Optional["_aws_cdk_ceddda9d.Duration"], result)
 
     @builtins.property
     def path(self) -> typing.Optional[builtins.str]:
@@ -582,7 +596,7 @@ class RoleProps:
     @builtins.property
     def permissions_boundary(
         self,
-    ) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]:
+    ) -> typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]:
         '''AWS supports permissions boundaries for IAM entities (users or roles).
 
         A permissions boundary is an advanced feature for using a managed policy
@@ -596,7 +610,7 @@ class RoleProps:
         :link: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
         '''
         result = self._values.get("permissions_boundary")
-        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy], result)
+        return typing.cast(typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"], result)
 
     @builtins.property
     def role_name(self) -> typing.Optional[builtins.str]:
@@ -647,7 +661,11 @@ class GithubActionsIdentityProvider(
     :stability: experimental
     '''
 
-    def __init__(self, scope: _constructs_77d1e7e8.Construct, id: builtins.str) -> None:
+    def __init__(
+        self,
+        scope: "_constructs_77d1e7e8.Construct",
+        id: builtins.str,
+    ) -> None:
         '''(experimental) Define a new Github OpenID Connect Identity PRovider for AWS IAM.
 
         There can be only one (per AWS Account).
@@ -671,9 +689,9 @@ class GithubActionsIdentityProvider(
     @builtins.classmethod
     def from_account(
         cls,
-        scope: _constructs_77d1e7e8.Construct,
+        scope: "_constructs_77d1e7e8.Construct",
         id: builtins.str,
-    ) -> IGithubActionsIdentityProvider:
+    ) -> "IGithubActionsIdentityProvider":
         '''(experimental) Retrieve a reference to existing Github OIDC provider in your AWS account.
 
         An AWS account can only have single Github OIDC provider configured into it,
@@ -695,7 +713,7 @@ class GithubActionsIdentityProvider(
             type_hints = typing.get_type_hints(_typecheckingstub__6dd498a1f69430076a6a88f7090fd13f298542f0b556d9beb15d29ce4a23d9ce)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-        return typing.cast(IGithubActionsIdentityProvider, jsii.sinvoke(cls, "fromAccount", [scope, id]))
+        return typing.cast("IGithubActionsIdentityProvider", jsii.sinvoke(cls, "fromAccount", [scope, id]))
 
     @jsii.python.classproperty
     @jsii.member(jsii_name="issuer")
@@ -729,16 +747,16 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         self,
         *,
         owner: builtins.str,
-        provider: IGithubActionsIdentityProvider,
+        provider: "IGithubActionsIdentityProvider",
         repo: builtins.str,
         filter: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         external_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
-        inline_policies: typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]] = None,
-        managed_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]] = None,
-        max_session_duration: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        inline_policies: typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]] = None,
+        managed_policies: typing.Optional[typing.Sequence["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]] = None,
+        max_session_duration: typing.Optional["_aws_cdk_ceddda9d.Duration"] = None,
         path: typing.Optional[builtins.str] = None,
-        permissions_boundary: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy] = None,
+        permissions_boundary: typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"] = None,
         role_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''(experimental) Props that define the IAM Role that can be assumed by Github Actions workflow via Github OpenID Connect Identity Provider.
@@ -824,7 +842,7 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         return typing.cast(builtins.str, result)
 
     @builtins.property
-    def provider(self) -> IGithubActionsIdentityProvider:
+    def provider(self) -> "IGithubActionsIdentityProvider":
         '''(experimental) Reference to Github OpenID Connect Provider configured in AWS IAM.
 
         Either pass an construct defined by ``new GithubActionsIdentityProvider``
@@ -835,7 +853,7 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         '''
         result = self._values.get("provider")
         assert result is not None, "Required property 'provider' is missing"
-        return typing.cast(IGithubActionsIdentityProvider, result)
+        return typing.cast("IGithubActionsIdentityProvider", result)
 
     @builtins.property
     def repo(self) -> builtins.str:
@@ -900,7 +918,7 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
     @builtins.property
     def inline_policies(
         self,
-    ) -> typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]]:
+    ) -> typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]]:
         '''A list of named policies to inline into this role.
 
         These policies will be
@@ -911,12 +929,12 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         :default: - No policy is inlined in the Role resource.
         '''
         result = self._values.get("inline_policies")
-        return typing.cast(typing.Optional[typing.Mapping[builtins.str, _aws_cdk_aws_iam_ceddda9d.PolicyDocument]], result)
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, "_aws_cdk_aws_iam_ceddda9d.PolicyDocument"]], result)
 
     @builtins.property
     def managed_policies(
         self,
-    ) -> typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]]:
+    ) -> typing.Optional[typing.List["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]]:
         '''A list of managed policies associated with this role.
 
         You can add managed policies later using
@@ -925,10 +943,10 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         :default: - No managed policies.
         '''
         result = self._values.get("managed_policies")
-        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]], result)
+        return typing.cast(typing.Optional[typing.List["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]], result)
 
     @builtins.property
-    def max_session_duration(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+    def max_session_duration(self) -> typing.Optional["_aws_cdk_ceddda9d.Duration"]:
         '''The maximum session duration that you want to set for the specified role.
 
         This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.
@@ -949,7 +967,7 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         :link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
         '''
         result = self._values.get("max_session_duration")
-        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
+        return typing.cast(typing.Optional["_aws_cdk_ceddda9d.Duration"], result)
 
     @builtins.property
     def path(self) -> typing.Optional[builtins.str]:
@@ -966,7 +984,7 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
     @builtins.property
     def permissions_boundary(
         self,
-    ) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy]:
+    ) -> typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"]:
         '''AWS supports permissions boundaries for IAM entities (users or roles).
 
         A permissions boundary is an advanced feature for using a managed policy
@@ -980,7 +998,7 @@ class GithubActionsRoleProps(GithubConfiguration, RoleProps):
         :link: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
         '''
         result = self._values.get("permissions_boundary")
-        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.IManagedPolicy], result)
+        return typing.cast(typing.Optional["_aws_cdk_aws_iam_ceddda9d.IManagedPolicy"], result)
 
     @builtins.property
     def role_name(self) -> typing.Optional[builtins.str]:
@@ -1103,3 +1121,6 @@ def _typecheckingstub__a5294e97cf23a4f3be3a6e45b1c5188fe6f334ee6f6a820488832aecb
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [IGithubActionsIdentityProvider]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])

aws_cdk_github_oidc-3.0.0/src/aws_cdk_github_oidc/_jsii/__init__.py

@@ -0,0 +1,45 @@
+from pkgutil import extend_path
+__path__ = extend_path(__path__, __name__)
+
+import abc
+import builtins
+import datetime
+import enum
+import typing
+
+import jsii
+import publication
+import typing_extensions
+
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
+
+import aws_cdk._jsii
+import constructs._jsii
+
+__jsii_assembly__ = jsii.JSIIAssembly.load(
+    "aws-cdk-github-oidc",
+    "3.0.0",
+    __name__[0:-6],
+    "aws-cdk-github-oidc@3.0.0.jsii.tgz",
+)
+
+__all__ = [
+    "__jsii_assembly__",
+]
+
+publication.publish()

{aws-cdk-github-oidc-2.4.0 → aws_cdk_github_oidc-3.0.0/src/aws_cdk_github_oidc.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-github-oidc
-Version: 2.4.0
+Version: 3.0.0
 Summary: CDK constructs to use OpenID Connect for authenticating your Github Action workflow with AWS IAM
 Home-page: https://github.com/aripalo/aws-cdk-github-oidc.git
 Author: Ari Palo<opensource@aripalo.com>
@@ -10,17 +10,20 @@ Classifier: Intended Audience :: Developers
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: JavaScript
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Typing :: Typed
 Classifier: Development Status :: 4 - Beta
 Classifier: License :: OSI Approved
-Requires-Python: ~=3.7
+Requires-Python: ~=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
+Requires-Dist: aws-cdk-lib<3.0.0,>=2.220.0
+Requires-Dist: constructs<11.0.0,>=10.3.0
+Requires-Dist: jsii<2.0.0,>=1.127.0
+Requires-Dist: publication>=0.0.3
+Requires-Dist: typeguard==2.13.3
 
 # AWS CDK Github OpenID Connect
 
@@ -168,11 +171,3 @@ jobs:
 ```
 
 <br/>
-
-### Development Status
-
-These constructs are fresh out from the oven, since [Github just announced](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) the OpenID Connect feature as generally available. I've been playing around with the feature for some time, but the construct itself haven't yet been widely used.
-
-These constructs will stay in `v0.x.x` for a while, to allow easier bug fixing & breaking changes *if absolutely needed*. Once bugs are fixed (if any), the constructs will be published with `v1` major version and will be marked as stable.
-
-Currently only TypeScript, Python and Go versions provided, but before going to stable, I'll probably others (supported by JSII) depending on the amount of work required - so no promises!

{aws-cdk-github-oidc-2.4.0 → aws_cdk_github_oidc-3.0.0}/src/aws_cdk_github_oidc.egg-info/SOURCES.txt

@@ -11,4 +11,4 @@ src/aws_cdk_github_oidc.egg-info/dependency_links.txt
 src/aws_cdk_github_oidc.egg-info/requires.txt
 src/aws_cdk_github_oidc.egg-info/top_level.txt
 src/aws_cdk_github_oidc/_jsii/__init__.py
-src/aws_cdk_github_oidc/_jsii/aws-cdk-github-oidc@2.4.0.jsii.tgz
+src/aws_cdk_github_oidc/_jsii/aws-cdk-github-oidc@3.0.0.jsii.tgz

aws_cdk_github_oidc-3.0.0/src/aws_cdk_github_oidc.egg-info/requires.txt

@@ -0,0 +1,5 @@
+aws-cdk-lib<3.0.0,>=2.220.0
+constructs<11.0.0,>=10.3.0
+jsii<2.0.0,>=1.127.0
+publication>=0.0.3
+typeguard==2.13.3

aws-cdk-github-oidc-2.4.0/src/aws_cdk_github_oidc/_jsii/__init__.py

@@ -1,27 +0,0 @@
-import abc
-import builtins
-import datetime
-import enum
-import typing
-
-import jsii
-import publication
-import typing_extensions
-
-from typeguard import check_type
-
-import aws_cdk._jsii
-import constructs._jsii
-
-__jsii_assembly__ = jsii.JSIIAssembly.load(
-    "aws-cdk-github-oidc",
-    "2.4.0",
-    __name__[0:-6],
-    "aws-cdk-github-oidc@2.4.0.jsii.tgz",
-)
-
-__all__ = [
-    "__jsii_assembly__",
-]
-
-publication.publish()

aws-cdk-github-oidc-2.4.0/src/aws_cdk_github_oidc.egg-info/requires.txt

@@ -1,5 +0,0 @@
-aws-cdk-lib<3.0.0,>=2.89.0
-constructs<11.0.0,>=10.0.0
-jsii<2.0.0,>=1.86.1
-publication>=0.0.3
-typeguard~=2.13.3