aws-cdk-lib/aws-iam/lib/oidc-provider.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __decorate=exports&&exports.__decorate||function(decorators,target,key,desc){var c=arguments.length,r=c<3?target:desc===null?desc=Object.getOwnPropertyDescriptor(target,key):desc,d;if(typeof Reflect=="object"&&typeof Reflect.decorate=="function")r=Reflect.decorate(decorators,target,key,desc);else for(var i=decorators.length-1;i>=0;i--)(d=decorators[i])&&(r=(c<3?d(r):c>3?d(target,key,r):d(target,key))||r);return c>3&&r&&Object.defineProperty(target,key,r),r},_a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.OpenIdConnectProvider=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},oidc_provider_generated_1=()=>{var tmp=require("../../custom-resource-handlers/dist/aws-iam/oidc-provider.generated");return oidc_provider_generated_1=()=>tmp,tmp},cx_api_1=()=>{var tmp=require("../../cx-api");return cx_api_1=()=>tmp,tmp};const RESOURCE_TYPE="Custom::AWSCDKOpenIdConnectProvider";let OpenIdConnectProvider=class OpenIdConnectProvider2 extends core_1().Resource{static fromOpenIdConnectProviderArn(scope,id,openIdConnectProviderArn){const resourceName=core_1().Arn.extractResourceName(openIdConnectProviderArn,"oidc-provider");class Import extends core_1().Resource{constructor(){super(...arguments),this.openIdConnectProviderArn=openIdConnectProviderArn,this.openIdConnectProviderIssuer=resourceName}}return new Import(scope,id)}constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_OpenIdConnectProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,OpenIdConnectProvider2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const rejectUnauthorized=core_1().FeatureFlags.of(this).isEnabled(cx_api_1().IAM_OIDC_REJECT_UNAUTHORIZED_CONNECTIONS)??!1,provider=this.getOrCreateProvider(),resource=new(core_1()).CustomResource(this,"Resource",{resourceType:RESOURCE_TYPE,serviceToken:provider.serviceToken,properties:{ClientIDList:props.clientIds,ThumbprintList:props.thumbprints,Url:props.url,RejectUnauthorized:rejectUnauthorized,CodeHash:provider.codeHash}});this.openIdConnectProviderArn=core_1().Token.asString(resource.ref),this.openIdConnectProviderIssuer=core_1().Arn.extractResourceName(this.openIdConnectProviderArn,"oidc-provider"),this.openIdConnectProviderthumbprints=core_1().Token.asString(resource.getAtt("Thumbprints"))}getOrCreateProvider(){return oidc_provider_generated_1().OidcProvider.getOrCreateProvider(this,RESOURCE_TYPE,{policyStatements:[{Effect:"Allow",Resource:"*",Action:["iam:CreateOpenIDConnectProvider","iam:DeleteOpenIDConnectProvider","iam:UpdateOpenIDConnectProviderThumbprint","iam:AddClientIDToOpenIDConnectProvider","iam:RemoveClientIDFromOpenIDConnectProvider"]}]})}};exports.OpenIdConnectProvider=OpenIdConnectProvider,_a=JSII_RTTI_SYMBOL_1,OpenIdConnectProvider[_a]={fqn:"aws-cdk-lib.aws_iam.OpenIdConnectProvider",version:"2.202.0"},OpenIdConnectProvider.PROPERTY_INJECTION_ID="aws-cdk-lib.aws-iam.OpenIdConnectProvider",exports.OpenIdConnectProvider=OpenIdConnectProvider=__decorate([prop_injectable_1().propertyInjectable],OpenIdConnectProvider);