UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 2.76 kB
1
2
"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.OpenIdConnectProvider=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},oidc_provider_generated_1=()=>{var tmp=require("../../custom-resource-handlers/dist/aws-iam/oidc-provider.generated");return oidc_provider_generated_1=()=>tmp,tmp},cx_api_1=()=>{var tmp=require("../../cx-api");return cx_api_1=()=>tmp,tmp};const RESOURCE_TYPE="Custom::AWSCDKOpenIdConnectProvider";class OpenIdConnectProvider extends core_1().Resource{static fromOpenIdConnectProviderArn(scope,id,openIdConnectProviderArn){const resourceName=core_1().Arn.extractResourceName(openIdConnectProviderArn,"oidc-provider");class Import extends core_1().Resource{constructor(){super(...arguments),this.openIdConnectProviderArn=openIdConnectProviderArn,this.openIdConnectProviderIssuer=resourceName}}return new Import(scope,id)}constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_OpenIdConnectProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,OpenIdConnectProvider),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const rejectUnauthorized=core_1().FeatureFlags.of(this).isEnabled(cx_api_1().IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS)??!1,provider=this.getOrCreateProvider(),resource=new(core_1()).CustomResource(this,"Resource",{resourceType:RESOURCE_TYPE,serviceToken:provider.serviceToken,properties:{ClientIDList:props.clientIds,ThumbprintList:props.thumbprints,Url:props.url,RejectUnauthorized:rejectUnauthorized,CodeHash:provider.codeHash}});this.openIdConnectProviderArn=core_1().Token.asString(resource.ref),this.openIdConnectProviderIssuer=core_1().Arn.extractResourceName(this.openIdConnectProviderArn,"oidc-provider"),this.openIdConnectProviderthumbprints=core_1().Token.asString(resource.getAtt("Thumbprints"))}getOrCreateProvider(){return oidc_provider_generated_1().OidcProvider.getOrCreateProvider(this,RESOURCE_TYPE,{policyStatements:[{Effect:"Allow",Resource:"*",Action:["iam:CreateOpenIDConnectProvider","iam:DeleteOpenIDConnectProvider","iam:UpdateOpenIDConnectProviderThumbprint","iam:AddClientIDToOpenIDConnectProvider","iam:RemoveClientIDFromOpenIDConnectProvider"]}]})}}exports.OpenIdConnectProvider=OpenIdConnectProvider,_a=JSII_RTTI_SYMBOL_1,OpenIdConnectProvider[_a]={fqn:"aws-cdk-lib.aws_iam.OpenIdConnectProvider",version:"2.185.0"};