diff --git a/.eslintrc.js b/.eslintrc.js index 1f733ff..70c308e 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -3,10 +3,7 @@ module.exports = { node: true, }, ignorePatterns: ["**/*.js", "cdk.out"], - extends: [ - "eslint:recommended", - "plugin:@typescript-eslint/recommended" - ], + extends: ["eslint:recommended", "plugin:@typescript-eslint/recommended"], parser: "@typescript-eslint/parser", parserOptions: { ecmaVersion: 12, diff --git a/bin/aws-sso-extensions-for-enterprise.ts b/bin/aws-sso-extensions-for-enterprise.ts index 7e0c972..893c5ec 100644 --- a/bin/aws-sso-extensions-for-enterprise.ts +++ b/bin/aws-sso-extensions-for-enterprise.ts @@ -15,7 +15,7 @@ const app = new App(); function ensureString( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, - propName: string + propName: string, ): string { if (!object[`${propName}`] || object[`${propName}`].trim().length === 0) throw new Error(propName + " does not exist or is empty"); @@ -26,7 +26,7 @@ function ensureValidString( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, propName: string, - validList: Array + validList: Array, ): string { if ( !object[`${propName}`] || @@ -35,13 +35,13 @@ function ensureValidString( ) throw new Error( propName + - " does not exist or is empty or is of not the correct data type" + " does not exist or is empty or is of not the correct data type", ); const value = ("" + object[`${propName}`]).toUpperCase(); if (!validList.includes(value)) { throw new Error( - `${propName} is not one of the valid values - ${validList.toString()}` + `${propName} is not one of the valid values - ${validList.toString()}`, ); } @@ -51,11 +51,11 @@ function ensureValidString( function ensureNumber( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, - propName: string + propName: string, ): number { if (!object[`${propName}`] || typeof object[`${propName}`] !== "number") throw new Error( - propName + " does not exist or is empty or is not a number data type" + propName + " does not exist or is empty or is not a number data type", ); return object[`${propName}`]; @@ -64,11 +64,11 @@ function ensureNumber( function ensureBoolean( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, - propName: string + propName: string, ): boolean { if (typeof object[`${propName}`] !== "boolean") throw new Error( - propName + " does not exist or is of not the correct data type" + propName + " does not exist or is of not the correct data type", ); return object[`${propName}`]; @@ -78,7 +78,7 @@ function ensureDependentPropIsPresentForSourceRepo( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, repoTypePropName: string, - propName: string + propName: string, ): string { const repoType = ensureString(object, repoTypePropName); let propValue = ""; @@ -107,9 +107,20 @@ function ensureDependentPropIsPresentForSourceRepo( default: return ""; } + } else if (repoType.toLowerCase() === "s3") { + switch (propName.toLowerCase()) { + case "sourcebucketname": + propValue = ensureString(object, propName); + break; + case "sourceobjectkey": + propValue = ensureString(object, propName); + break; + default: + return ""; + } } else { throw new Error( - `Repo type ${repoType} is not one of valid values - ["codecommit","codestar"]` + `Repo type ${repoType} is not one of valid values - ["codecommit","codestar","s3"]`, ); } /** Making the linter happy */ @@ -120,12 +131,12 @@ function getConfig() { const env = app.node.tryGetContext("config"); if (!env) throw new Error( - "Context variable missing on CDK command. Pass in as `-c config=XXX`" + "Context variable missing on CDK command. Pass in as `-c config=XXX`", ); /* eslint-disable @typescript-eslint/no-explicit-any */ const unparsedEnv: any = yaml.load( - readFileSync(resolve("./config/" + env + ".yaml"), "utf8") + readFileSync(resolve("./config/" + env + ".yaml"), "utf8"), ); const buildConfig: BuildConfig = { @@ -136,63 +147,74 @@ function getConfig() { PipelineSettings: { BootstrapQualifier: ensureString( unparsedEnv["PipelineSettings"], - "BootstrapQualifier" + "BootstrapQualifier", ), DeploymentAccountId: ensureString( unparsedEnv["PipelineSettings"], - "DeploymentAccountId" + "DeploymentAccountId", ), DeploymentAccountRegion: ensureString( unparsedEnv["PipelineSettings"], - "DeploymentAccountRegion" + "DeploymentAccountRegion", ), TargetAccountId: ensureString( unparsedEnv["PipelineSettings"], - "TargetAccountId" + "TargetAccountId", ), TargetAccountRegion: ensureString( unparsedEnv["PipelineSettings"], - "TargetAccountRegion" + "TargetAccountRegion", ), SSOServiceAccountId: ensureString( unparsedEnv["PipelineSettings"], - "SSOServiceAccountId" + "SSOServiceAccountId", ), SSOServiceAccountRegion: ensureString( unparsedEnv["PipelineSettings"], - "SSOServiceAccountRegion" + "SSOServiceAccountRegion", ), OrgMainAccountId: ensureString( unparsedEnv["PipelineSettings"], - "OrgMainAccountId" + "OrgMainAccountId", ), RepoType: ensureValidString(unparsedEnv["PipelineSettings"], "RepoType", [ "CODECOMMIT", "CODESTAR", + "S3", ]), RepoArn: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "RepoArn" + "RepoArn", ), RepoBranchName: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "RepoBranchName" + "RepoBranchName", ), RepoName: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "RepoName" + "RepoName", ), CodeStarConnectionArn: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "CodeStarConnectionArn" + "CodeStarConnectionArn", + ), + SourceBucketName: ensureDependentPropIsPresentForSourceRepo( + unparsedEnv["PipelineSettings"], + "RepoType", + "SourceBucketName", + ), + SourceObjectKey: ensureDependentPropIsPresentForSourceRepo( + unparsedEnv["PipelineSettings"], + "RepoType", + "SourceObjectKey", ), SynthCommand: ensureString( unparsedEnv["PipelineSettings"], - "SynthCommand" + "SynthCommand", ), }, @@ -200,47 +222,47 @@ function getConfig() { LinksProvisioningMode: ensureValidString( unparsedEnv["Parameters"], "LinksProvisioningMode", - ["API", "S3"] + ["API", "S3"], ), PermissionSetProvisioningMode: ensureValidString( unparsedEnv["Parameters"], "PermissionSetProvisioningMode", - ["API", "S3"] + ["API", "S3"], ), LinkCallerRoleArn: ensureString( unparsedEnv["Parameters"], - "LinkCallerRoleArn" + "LinkCallerRoleArn", ), PermissionSetCallerRoleArn: ensureString( unparsedEnv["Parameters"], - "PermissionSetCallerRoleArn" + "PermissionSetCallerRoleArn", ), NotificationEmail: ensureString( unparsedEnv["Parameters"], - "NotificationEmail" + "NotificationEmail", ), AccountAssignmentVisibilityTimeoutHours: ensureNumber( unparsedEnv["Parameters"], - "AccountAssignmentVisibilityTimeoutHours" + "AccountAssignmentVisibilityTimeoutHours", ), IsAdUsed: ensureBoolean(unparsedEnv["Parameters"], "IsAdUsed"), DomainName: ensureString(unparsedEnv["Parameters"], "DomainName"), ImportCurrentSSOConfiguration: ensureBoolean( unparsedEnv["Parameters"], - "ImportCurrentSSOConfiguration" + "ImportCurrentSSOConfiguration", ), UpgradeFromVersionLessThanV303: ensureBoolean( unparsedEnv["Parameters"], - "UpgradeFromVersionLessThanV303" + "UpgradeFromVersionLessThanV303", ), SupportNestedOU: ensureBoolean( unparsedEnv["Parameters"], - "SupportNestedOU" + "SupportNestedOU", ), FunctionLogMode: ensureValidString( unparsedEnv["Parameters"], "FunctionLogMode", - ["INFO", "WARN", "DEBUG", "EXCEPTION"] + ["INFO", "WARN", "DEBUG", "EXCEPTION"], ), }, }; @@ -251,7 +273,7 @@ function getConfig() { function getRegionSwitchConfig() { /* eslint-disable @typescript-eslint/no-explicit-any */ const unparsedEnv: any = yaml.load( - readFileSync(resolve("./config/" + "region-switch" + ".yaml"), "utf8") + readFileSync(resolve("./config/" + "region-switch" + ".yaml"), "utf8"), ); const buildConfig: RegionSwitchBuildConfig = { @@ -259,11 +281,11 @@ function getRegionSwitchConfig() { BootstrapQualifier: ensureString(unparsedEnv, "BootstrapQualifier"), SSOServiceAccountRegion: ensureString( unparsedEnv, - "SSOServiceAccountRegion" + "SSOServiceAccountRegion", ), SSOServiceTargetAccountRegion: ensureString( unparsedEnv, - "SSOServiceTargetAccountRegion" + "SSOServiceTargetAccountRegion", ), }; @@ -274,7 +296,7 @@ async function DeploySSOForEnterprise() { const env: string = app.node.tryGetContext("config"); if (!env) throw new Error( - "Context variable missing on CDK command. Pass in as `-c config=XXX`" + "Context variable missing on CDK command. Pass in as `-c config=XXX`", ); if (env.toUpperCase() === "REGION-SWITCH-DISCOVER") { @@ -292,7 +314,7 @@ async function DeploySSOForEnterprise() { qualifier: buildConfig.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); } else if (env.toUpperCase() === "REGION-SWITCH-DEPLOY") { const buildConfig: RegionSwitchBuildConfig = getRegionSwitchConfig(); @@ -309,7 +331,7 @@ async function DeploySSOForEnterprise() { qualifier: buildConfig.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); } else { const buildConfig: BuildConfig = getConfig(); @@ -329,13 +351,13 @@ async function DeploySSOForEnterprise() { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); Tags.of(AwsSsoExtensionsForEnterpriseStack).add("App", buildConfig.App); Tags.of(AwsSsoExtensionsForEnterpriseStack).add( "Environment", - buildConfig.Environment + buildConfig.Environment, ); } } diff --git a/config/env.yaml b/config/env.yaml index 65ce888..0f981a7 100644 --- a/config/env.yaml +++ b/config/env.yaml @@ -1,7 +1,7 @@ --- App: "aws-sso-extensions-for-enterprise" Environment: "env" -Version: "3.1.8" +Version: "3.1.9" PipelineSettings: BootstrapQualifier: "" # For example: 'ssoutility' @@ -12,9 +12,13 @@ PipelineSettings: OrgMainAccountId: "" SSOServiceAccountId: "" SSOServiceAccountRegion: "" - RepoType: "CodeCommit" - RepoArn: "arn:aws:codecommit:::aws-sso-extensions-for-enterprise" - RepoBranchName: "master" # Verify that this is the branch name used by your CodeCommit repository + RepoType: "CODECOMMIT" # Allowed values - ["S3", "CODECOMMIT", "CODESTAR"] + RepoArn: "arn:aws:codecommit:::aws-sso-extensions-for-enterprise" # Only required if RepoType is "CODECOMMIT" + RepoName: "aws-samples/aws-iam-identity-center-extensions" # Only required if RepoType is "CODESTAR". Ensure this is the fully qualified repository name like "aws-samples/aws-iam-identity-center-extensions". + CodeStarConnectionArn: "arn:aws:codeconnections:us-east-1:686255979076:connection/12c162f9-8c00-4bcb-9aeb-6d42b072760b" # Only required if RepoType is "CODESTAR" + RepoBranchName: "main" # Verify that this is the branch name used by your repository if RepoType is "CODESTAR" or "CODECOMMIT" + SourceBucketName: "" # Ensure this bucket exists in the deployment account. Required if RepoType is "S3" + SourceObjectKey: "" # Ensure the source code is uploaded to this location in the bucket. Required if RepoType is "S3". SynthCommand: "yarn cdk-synth-env" Parameters: diff --git a/lib/build/buildConfig.ts b/lib/build/buildConfig.ts index 60c0a16..24f93fc 100644 --- a/lib/build/buildConfig.ts +++ b/lib/build/buildConfig.ts @@ -33,6 +33,8 @@ export interface PipelineSettings { */ readonly RepoName: string /** AWS CodeStar repo name - only checked when RepoType is set to codestar */; readonly CodeStarConnectionArn: string /** AWS CodeStar connection ARN - only checked when RepoType is set to codestar */; + readonly SourceBucketName: string /** S3 bucket name - only checked when RepoType is set to s3 */; + readonly SourceObjectKey: string /** S3 object key - only checked when RepoType is set to s3 */; readonly SynthCommand: string /** CDK synthesise command */; } diff --git a/lib/constructs/access-manager.ts b/lib/constructs/access-manager.ts index cfa1c15..f84e0bc 100644 --- a/lib/constructs/access-manager.ts +++ b/lib/constructs/access-manager.ts @@ -26,7 +26,7 @@ export class AccessManager extends Construct { constructor( scope: Construct, id: string, - accessManagerProps: AccessManagerProps + accessManagerProps: AccessManagerProps, ) { super(scope, id); @@ -35,22 +35,22 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/linkManager.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.linkManagerHandler + accessManagerProps.LinkProcessor.linkManagerHandler, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantConsumeMessages( - accessManagerProps.LinkProcessor.linkManagerHandler + accessManagerProps.LinkProcessor.linkManagerHandler, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.linkManagerHandler + accessManagerProps.LinkProcessor.linkManagerHandler, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.LinkProcessor.linkManagerHandler + accessManagerProps.LinkProcessor.linkManagerHandler, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.linkManagerHandler + accessManagerProps.LinkProcessor.linkManagerHandler, ); accessManagerProps.FetchCrossStackValues.provisionedLinksTable.grantReadWriteData( - accessManagerProps.LinkProcessor.linkManagerHandler + accessManagerProps.LinkProcessor.linkManagerHandler, ); accessManagerProps.LinkProcessor.linkManagerHandler.addToRolePolicy( new PolicyStatement({ @@ -59,7 +59,7 @@ export class AccessManager extends Construct { .linkManagerHandlerSSOAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); accessManagerProps.LinkProcessor.linkManagerHandler.addToRolePolicy( new PolicyStatement({ @@ -67,7 +67,7 @@ export class AccessManager extends Construct { accessManagerProps.FetchCrossStackValues.waiterHandlerSSOAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); /** @@ -75,22 +75,22 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/permissionSetTopicProcessor.ts */ accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); accessManagerProps.PermissionSetProcessor.permissionSetSyncTopic.grantPublish( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); accessManagerProps.FetchCrossStackValues.permissionSetTable.grantReadWriteData( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); accessManagerProps.FetchCrossStackValues.permissionSetArnTable.grantReadWriteData( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor.addToRolePolicy( new PolicyStatement({ @@ -99,7 +99,7 @@ export class AccessManager extends Construct { .permissionSetHandlerSSOAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor.addToRolePolicy( new PolicyStatement({ @@ -107,16 +107,16 @@ export class AccessManager extends Construct { accessManagerProps.FetchCrossStackValues.waiterHandlerSSOAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); accessManagerProps.PermissionSetProcessor.managedPolicyQueueProcessor.addToRolePolicy( new PolicyStatement({ resources: [accessManagerProps.FetchCrossStackValues.ssoMpRoleArn], actions: ["sts:AssumeRole"], - }) + }), ); accessManagerProps.PermissionSetProcessor.managedPolicyQueue.grantSendMessages( - accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor + accessManagerProps.PermissionSetProcessor.permissionSetTopicProcessor, ); /** @@ -125,25 +125,25 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/groupsCud.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantSendMessages( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.FetchCrossStackValues.linksTable.grantReadWriteData( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.FetchCrossStackValues.permissionSetArnTable.grantReadData( - accessManagerProps.SSOGroupProcessor.ssoGroupHandler + accessManagerProps.SSOGroupProcessor.ssoGroupHandler, ); accessManagerProps.SSOGroupProcessor.ssoGroupHandler.addToRolePolicy( new PolicyStatement({ @@ -152,7 +152,7 @@ export class AccessManager extends Construct { accessManagerProps.FetchCrossStackValues.listInstancesSSOAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); /** @@ -161,25 +161,25 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/usersCud.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantSendMessages( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.FetchCrossStackValues.linksTable.grantReadWriteData( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.FetchCrossStackValues.permissionSetArnTable.grantReadData( - accessManagerProps.SSOGroupProcessor.ssoUserHandler + accessManagerProps.SSOGroupProcessor.ssoUserHandler, ); accessManagerProps.SSOGroupProcessor.ssoUserHandler.addToRolePolicy( new PolicyStatement({ @@ -190,7 +190,7 @@ export class AccessManager extends Construct { .listGroupsIdentityStoreAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); /** @@ -198,25 +198,25 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/linkTopicProcessor.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantSendMessages( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.FetchCrossStackValues.linksTable.grantReadData( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.FetchCrossStackValues.permissionSetArnTable.grantReadData( - accessManagerProps.LinkProcessor.linkTopicProcessor + accessManagerProps.LinkProcessor.linkTopicProcessor, ); accessManagerProps.LinkProcessor.linkTopicProcessor.addToRolePolicy( new PolicyStatement({ @@ -227,7 +227,7 @@ export class AccessManager extends Construct { accessManagerProps.FetchCrossStackValues.orgListSMRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); /** @@ -236,28 +236,28 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/orgEvents.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantSendMessages( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.linksTable.grantReadData( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.permissionSetArnTable.grantReadData( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.FetchCrossStackValues.provisionedLinksTable.grantReadData( - accessManagerProps.OrgEvents.orgEventsHandler + accessManagerProps.OrgEvents.orgEventsHandler, ); accessManagerProps.OrgEvents.orgEventsHandler.addToRolePolicy( @@ -269,7 +269,7 @@ export class AccessManager extends Construct { accessManagerProps.FetchCrossStackValues.orgListParentsRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); /** @@ -277,22 +277,22 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/permissionSetSync.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler + accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantSendMessages( - accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler + accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler + accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler + accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler, ); accessManagerProps.FetchCrossStackValues.ddbTablesKey.grantEncryptDecrypt( - accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler + accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler, ); accessManagerProps.FetchCrossStackValues.linksTable.grantReadData( - accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler + accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler, ); accessManagerProps.PermissionSetProcessor.permissionSetSyncHandler.addToRolePolicy( @@ -304,7 +304,7 @@ export class AccessManager extends Construct { accessManagerProps.FetchCrossStackValues.orgListSMRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); /** @@ -313,16 +313,16 @@ export class AccessManager extends Construct { * lib/lambda-functions/application-handlers/processTargetAccountSMListener.ts */ accessManagerProps.FetchCrossStackValues.queuesKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler + accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler, ); accessManagerProps.FetchCrossStackValues.linkManagerQueue.grantSendMessages( - accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler + accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler, ); accessManagerProps.FetchCrossStackValues.snsTopicsKey.grantEncryptDecrypt( - accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler + accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler, ); accessManagerProps.FetchCrossStackValues.errorNotificationsTopic.grantPublish( - accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler + accessManagerProps.LinkProcessor.processTargetAccountSMListenerHandler, ); } } diff --git a/lib/constructs/cross-account-role.ts b/lib/constructs/cross-account-role.ts index c33208c..108c788 100644 --- a/lib/constructs/cross-account-role.ts +++ b/lib/constructs/cross-account-role.ts @@ -25,7 +25,7 @@ export class CrossAccountRole extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - crossAccountRoleProps: CrossAccountRoleProps + crossAccountRoleProps: CrossAccountRoleProps, ) { super(scope, id); @@ -38,7 +38,7 @@ export class CrossAccountRole extends Construct { name(buildConfig, `${crossAccountRoleProps.roleNameKey}-role`), { assumedBy: new AccountPrincipal(crossAccountRoleProps.assumeAccountID), - } + }, ); /** @@ -59,7 +59,7 @@ export class CrossAccountRole extends Construct { ParamNameKey: `${crossAccountRoleProps.roleNameKey}-roleArn`, ParamValue: this.role.roleArn, ReaderAccountId: crossAccountRoleProps.assumeAccountID, - } + }, ); } } diff --git a/lib/constructs/fetch-cross-stack-values.ts b/lib/constructs/fetch-cross-stack-values.ts index f07da04..1f2a71b 100644 --- a/lib/constructs/fetch-cross-stack-values.ts +++ b/lib/constructs/fetch-cross-stack-values.ts @@ -56,8 +56,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedErrorNotificationsTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "errorNotificationsTopicArn") - ) + name(buildConfig, "errorNotificationsTopicArn"), + ), ); this.ssoGroupEventNotificationsTopic = Topic.fromTopicArn( @@ -65,8 +65,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedssoGroupEventNotificationsTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ssoGroupEventNotificationsTopicArn") - ) + name(buildConfig, "ssoGroupEventNotificationsTopicArn"), + ), ); this.ssoUserEventNotificationsTopic = Topic.fromTopicArn( @@ -74,8 +74,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedssoUserEventNotificationsTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ssoUserEventsNotificationsTopicArn") - ) + name(buildConfig, "ssoUserEventsNotificationsTopicArn"), + ), ); this.orgEventsNotificationsTopic = Topic.fromTopicArn( @@ -83,8 +83,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedOrgEventNotificationsTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "importedOrgEventsNotificationsTopicArn") - ) + name(buildConfig, "importedOrgEventsNotificationsTopicArn"), + ), ); this.processTargetAccountSMTopic = Topic.fromTopicArn( @@ -92,8 +92,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedprocessTargetAccountSMTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "importedProcessTargetAccountSMTopicArn") - ) + name(buildConfig, "importedProcessTargetAccountSMTopicArn"), + ), ); this.linkProcessorTopic = Topic.fromTopicArn( @@ -101,8 +101,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedLinkProcessorTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "linkProcessorTopicArn") - ) + name(buildConfig, "linkProcessorTopicArn"), + ), ); this.permissionSetProcessorTopic = Topic.fromTopicArn( @@ -110,8 +110,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedPermissionSetProcessorTopic"), StringParameter.valueForStringParameter( this, - name(buildConfig, "permissionSetProcessorTopicArn") - ) + name(buildConfig, "permissionSetProcessorTopicArn"), + ), ); this.linkManagerQueue = Queue.fromQueueArn( @@ -119,8 +119,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedLinkManagerQueue"), StringParameter.valueForStringParameter( this, - name(buildConfig, "linkQueueArn") - ) + name(buildConfig, "linkQueueArn"), + ), ); this.nodeJsLayer = lambda.LayerVersion.fromLayerVersionArn( @@ -128,8 +128,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedNodeJsLayerVersion"), StringParameter.valueForStringParameter( this, - name(buildConfig, "nodeJsLayerVersionArn") - ).toString() + name(buildConfig, "nodeJsLayerVersionArn"), + ).toString(), ); this.linksTable = Table.fromTableAttributes( @@ -138,7 +138,7 @@ export class FetchCrossStackValues extends Construct { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "linksTableArn") + name(buildConfig, "linksTableArn"), ), globalIndexes: [ "awsEntityData", @@ -146,7 +146,7 @@ export class FetchCrossStackValues extends Construct { "permissionSetName", "principalType", ], - } + }, ); this.provisionedLinksTable = Table.fromTableAttributes( @@ -155,10 +155,10 @@ export class FetchCrossStackValues extends Construct { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "provisionedLinksTableArn") + name(buildConfig, "provisionedLinksTableArn"), ), globalIndexes: ["tagKeyLookUp"], - } + }, ); this.permissionSetTable = Table.fromTableAttributes( @@ -167,9 +167,9 @@ export class FetchCrossStackValues extends Construct { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "permissionSetTableArn") + name(buildConfig, "permissionSetTableArn"), ), - } + }, ); this.permissionSetArnTable = Table.fromTableArn( @@ -177,8 +177,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedPermissionSetArnTable"), StringParameter.valueForStringParameter( this, - name(buildConfig, "permissionSetArnTableArn") - ) + name(buildConfig, "permissionSetArnTableArn"), + ), ); this.snsTopicsKey = Key.fromKeyArn( @@ -186,16 +186,16 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedSnsTopicsKey"), StringParameter.valueForStringParameter( this, - name(buildConfig, "snsTopicsKeyArn") - ) + name(buildConfig, "snsTopicsKeyArn"), + ), ); this.ddbTablesKey = Key.fromKeyArn( this, name(buildConfig, "importedDdbTablesKey"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ddbTablesKeyArn") - ) + name(buildConfig, "ddbTablesKeyArn"), + ), ); this.queuesKey = Key.fromKeyArn( @@ -203,8 +203,8 @@ export class FetchCrossStackValues extends Construct { name(buildConfig, "importedQueuesKey"), StringParameter.valueForStringParameter( this, - name(buildConfig, "queuesKeyArn") - ) + name(buildConfig, "queuesKeyArn"), + ), ); this.permissionSetHandlerSSOAPIRoleArn = new SSMParamReader( @@ -215,7 +215,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "permissionSetHandler-ssoapi-roleArn", - } + }, ).paramValue; this.linkManagerHandlerSSOAPIRoleArn = new SSMParamReader( @@ -226,7 +226,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "linkManagerHandler-ssoapi-roleArn", - } + }, ).paramValue; this.listInstancesSSOAPIRoleArn = new SSMParamReader( @@ -237,7 +237,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "listInstances-ssoapi-roleArn", - } + }, ).paramValue; this.listGroupsIdentityStoreAPIRoleArn = new SSMParamReader( @@ -248,7 +248,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "listPrincipals-identitystoreapi-roleArn", - } + }, ).paramValue; this.orgListSMRoleArn = new SSMParamReader( @@ -259,7 +259,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.OrgMainAccountId, ParamRegion: "us-east-1", // Organizations discovery can only be done in us-east-1, hence the step functions and related roles are declared in that region ParamNameKey: "orgListSM-orgapi-roleArn", - } + }, ).paramValue; this.orgListParentsRoleArn = new SSMParamReader( @@ -273,12 +273,12 @@ export class FetchCrossStackValues extends Construct { * Organizations discovery can only be done in us-east-1, hence the step * functions and related roles are declared in that region */ ParamNameKey: "orgListParents-orgapi-roleArn", - } + }, ).paramValue; this.waiterHandlerSSOAPIRoleArn = StringParameter.valueForStringParameter( this, - name(buildConfig, "waiterHandlerSSOAPIRoleArn") + name(buildConfig, "waiterHandlerSSOAPIRoleArn"), ); this.iteratorArn = new SSMParamReader( @@ -289,7 +289,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "iteratorArn", - } + }, ).paramValue; this.customerManagedPolicyProcessOpArn = new SSMParamReader( @@ -300,7 +300,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "customerManagedPolicyProcessOpArn", - } + }, ).paramValue; this.managedPolicyProcessOpArn = new SSMParamReader( @@ -311,7 +311,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "managedPolicyProcessOpArn", - } + }, ).paramValue; this.ssoMpRoleArn = new SSMParamReader( @@ -322,7 +322,7 @@ export class FetchCrossStackValues extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "ssoMp-ssoapi-roleArn", - } + }, ).paramValue; } } diff --git a/lib/constructs/import-artefacts.ts b/lib/constructs/import-artefacts.ts index a468afb..7b964c8 100644 --- a/lib/constructs/import-artefacts.ts +++ b/lib/constructs/import-artefacts.ts @@ -41,8 +41,8 @@ export class ImportArtefacts extends Construct { name(buildConfig, "importedNodeJsLayerVersion"), StringParameter.valueForStringParameter( this, - name(buildConfig, "nodeJsLayerVersionArn") - ).toString() + name(buildConfig, "nodeJsLayerVersionArn"), + ).toString(), ); this.importedddbTablesKey = Key.fromKeyArn( @@ -50,8 +50,8 @@ export class ImportArtefacts extends Construct { name(buildConfig, "importedDdbTablesKey"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ddbTablesKeyArn") - ) + name(buildConfig, "ddbTablesKeyArn"), + ), ); this.currentConfigSMInvokeRoleArn = new SSMParamReader( @@ -62,7 +62,7 @@ export class ImportArtefacts extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "ssoList-ssoapi-roleArn", - } + }, ).paramValue; this.currentConfigSMDescribeRoleArn = new SSMParamReader( @@ -73,7 +73,7 @@ export class ImportArtefacts extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "smDescribe-ssoapi-roleArn", - } + }, ).paramValue; this.importedPermissionSetHandlerSSOAPIRoleArn = new SSMParamReader( @@ -84,7 +84,7 @@ export class ImportArtefacts extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "permissionSetHandler-ssoapi-roleArn", - } + }, ).paramValue; this.importCmpAndPbFunctionArn = new SSMParamReader( @@ -95,7 +95,7 @@ export class ImportArtefacts extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "importCmpAndPbArn", - } + }, ).paramValue; this.accountAssignmentImportTopic = Topic.fromTopicArn( @@ -109,8 +109,8 @@ export class ImportArtefacts extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "accountAssignmentImportTopicArn", - } - ).paramValue + }, + ).paramValue, ); this.permissionSetImportTopic = Topic.fromTopicArn( @@ -124,8 +124,8 @@ export class ImportArtefacts extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "permissionSetImportTopicArn", - } - ).paramValue + }, + ).paramValue, ); this.importedSsoArtefactsBucket = Bucket.fromBucketName( @@ -133,8 +133,8 @@ export class ImportArtefacts extends Construct { name(buildConfig, "importedSsoArtefactsBucket"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ssoArtefactsBucketName") - ) + name(buildConfig, "ssoArtefactsBucketName"), + ), ); this.importedPsTable = Table.fromTableAttributes( @@ -143,17 +143,17 @@ export class ImportArtefacts extends Construct { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "permissionSetTableArn") + name(buildConfig, "permissionSetTableArn"), ), - } + }, ); this.importedPsArnTable = Table.fromTableArn( this, name(buildConfig, "importedPsArnTable"), StringParameter.valueForStringParameter( this, - name(buildConfig, "permissionSetArnTableArn") - ) + name(buildConfig, "permissionSetArnTableArn"), + ), ); this.importedLinksTable = Table.fromTableAttributes( this, @@ -161,7 +161,7 @@ export class ImportArtefacts extends Construct { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "linksTableArn") + name(buildConfig, "linksTableArn"), ), globalIndexes: [ "awsEntityData", @@ -169,7 +169,7 @@ export class ImportArtefacts extends Construct { "permissionSetName", "principalType", ], - } + }, ); this.importedProvisionedLinksTable = Table.fromTableAttributes( this, @@ -177,10 +177,10 @@ export class ImportArtefacts extends Construct { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "provisionedLinksTableArn") + name(buildConfig, "provisionedLinksTableArn"), ), globalIndexes: ["tagKeyLookUp"], - } + }, ); } } diff --git a/lib/constructs/independent-utlity.ts b/lib/constructs/independent-utlity.ts index 8e2c009..4dd5313 100644 --- a/lib/constructs/independent-utlity.ts +++ b/lib/constructs/independent-utlity.ts @@ -74,7 +74,7 @@ export class IndependentUtility extends Construct { { displayName: name(buildConfig, "errorNotificationsTopic"), masterKey: this.snsTopicsKey, - } + }, ); const logsBucket = new Bucket( @@ -84,7 +84,7 @@ export class IndependentUtility extends Construct { encryption: BucketEncryption.KMS, encryptionKey: this.logsKey, blockPublicAccess: BlockPublicAccess.BLOCK_ALL, - } + }, ); this.ssoArtefactsBucket = new Bucket( @@ -98,13 +98,13 @@ export class IndependentUtility extends Construct { serverAccessLogsBucket: logsBucket, serverAccessLogsPrefix: name( buildConfig, - "aws-sso-extensions-for-enterprise" + "aws-sso-extensions-for-enterprise", ), - } + }, ); this.errorNotificationsTopic.addSubscription( - new EmailSubscription(buildConfig.Parameters.NotificationEmail) + new EmailSubscription(buildConfig.Parameters.NotificationEmail), ); this.waiterHandlerSSOAPIRoleArn = new SSMParamReader( @@ -115,7 +115,7 @@ export class IndependentUtility extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "waiterHandler-ssoapi-roleArn", - } + }, ).paramValue; this.linkManagerDLQ = new Queue(this, name(buildConfig, "linkManagerDLQ"), { @@ -134,7 +134,7 @@ export class IndependentUtility extends Construct { encryption: QueueEncryption.KMS, encryptionMasterKey: this.queuesKey, visibilityTimeout: Duration.hours( - buildConfig.Parameters.AccountAssignmentVisibilityTimeoutHours + buildConfig.Parameters.AccountAssignmentVisibilityTimeoutHours, ), contentBasedDeduplication: true, queueName: name(buildConfig, "linkManagerQueue.fifo"), @@ -143,7 +143,7 @@ export class IndependentUtility extends Construct { maxReceiveCount: 2, }, retentionPeriod: Duration.days(1), - } + }, ); new StringParameter(this, name(buildConfig, "errorNotificationsTopicArn"), { diff --git a/lib/constructs/lambda-layers.ts b/lib/constructs/lambda-layers.ts index 9c987e7..b0199a7 100644 --- a/lib/constructs/lambda-layers.ts +++ b/lib/constructs/lambda-layers.ts @@ -23,11 +23,11 @@ export class LambdaLayers extends Construct { name(buildConfig, "nodeJsLayer"), { code: Code.fromAsset( - join(__dirname, "../", "lambda-layers", "nodejs-layer") + join(__dirname, "../", "lambda-layers", "nodejs-layer"), ), compatibleRuntimes: [Runtime.NODEJS_20_X], compatibleArchitectures: [Architecture.ARM_64], - } + }, ); new StringParameter(this, name(buildConfig, "nodeJsLayerVersionArn"), { diff --git a/lib/constructs/lambda-proxy-api.ts b/lib/constructs/lambda-proxy-api.ts index a488903..ec87262 100644 --- a/lib/constructs/lambda-proxy-api.ts +++ b/lib/constructs/lambda-proxy-api.ts @@ -37,7 +37,7 @@ export class LambdaProxyAPI extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - lambdaProxyAPIProps: LambdaProxyAPIProps + lambdaProxyAPIProps: LambdaProxyAPIProps, ) { super(scope, id); @@ -46,7 +46,7 @@ export class LambdaProxyAPI extends Construct { name(buildConfig, `${lambdaProxyAPIProps.apiNameKey}-logGroup`), { retention: RetentionDays.ONE_MONTH, - } + }, ); this.lambdaProxyAPI = new LambdaRestApi( @@ -58,11 +58,11 @@ export class LambdaProxyAPI extends Construct { proxy: false, deployOptions: { accessLogDestination: new LogGroupLogDestination( - this.lambdaProxyAPILogGroup + this.lambdaProxyAPILogGroup, ), accessLogFormat: AccessLogFormat.jsonWithStandardFields(), }, - } + }, ); new CfnOutput( @@ -71,24 +71,24 @@ export class LambdaProxyAPI extends Construct { { exportName: name( buildConfig, - `${lambdaProxyAPIProps.apiNameKey}-endpointURL` + `${lambdaProxyAPIProps.apiNameKey}-endpointURL`, ), value: this.lambdaProxyAPI.url, - } + }, ); const lambdaproxyAPIResource = this.lambdaProxyAPI.root.addResource( - lambdaProxyAPIProps.apiResourceName + lambdaProxyAPIProps.apiResourceName, ); this.lambdaProxyAPIRole = Role.fromRoleArn( this, name(buildConfig, "importedPermissionSetRole"), - lambdaProxyAPIProps.apiCallerRoleArn + lambdaProxyAPIProps.apiCallerRoleArn, ); const lambdaProxyAPIIntegration = new LambdaIntegration( - lambdaProxyAPIProps.proxyfunction + lambdaProxyAPIProps.proxyfunction, ); const lambdaProxyAPIMethod = lambdaproxyAPIResource.addMethod( @@ -96,7 +96,7 @@ export class LambdaProxyAPI extends Construct { lambdaProxyAPIIntegration, { authorizationType: AuthorizationType.IAM, - } + }, ); this.lambdaProxyAPIRole.addToPrincipalPolicy( @@ -104,7 +104,7 @@ export class LambdaProxyAPI extends Construct { actions: ["execute-api:Invoke"], effect: Effect.ALLOW, resources: [lambdaProxyAPIMethod.methodArn], - }) + }), ); } } diff --git a/lib/constructs/link-crud.ts b/lib/constructs/link-crud.ts index 27c0137..b7fd5bb 100644 --- a/lib/constructs/link-crud.ts +++ b/lib/constructs/link-crud.ts @@ -47,7 +47,7 @@ export class LinkCRUD extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - linkCRUDProps: LinkCRUDProps + linkCRUDProps: LinkCRUDProps, ) { super(scope, id); @@ -57,7 +57,7 @@ export class LinkCRUD extends Construct { { displayName: name(buildConfig, "linkProcessingTopic"), masterKey: linkCRUDProps.snsTopicsKey, - } + }, ); this.provisionedLinksTable = new Table( @@ -74,7 +74,7 @@ export class LinkCRUD extends Construct { encryptionKey: linkCRUDProps.ddbTablesKey, pointInTimeRecovery: true, removalPolicy: RemovalPolicy.DESTROY, - } + }, ); this.provisionedLinksTable.addGlobalSecondaryIndex({ @@ -143,7 +143,7 @@ export class LinkCRUD extends Construct { "lambda-functions", "user-interface-handlers", "src", - "linkApi.ts" + "linkApi.ts", ), bundling: { externalModules: [ @@ -166,7 +166,7 @@ export class LinkCRUD extends Construct { linkProcessingTopicArn: this.linkProcessingTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.linkAPI = new LambdaProxyAPI( @@ -181,7 +181,7 @@ export class LinkCRUD extends Construct { proxyfunction: this.linkAPIHandler, apiEndPointReaderAccountID: buildConfig.PipelineSettings.DeploymentAccountId, - } + }, ).lambdaProxyAPI; } else { this.linkCuHandler = new NodejsFunction( @@ -196,7 +196,7 @@ export class LinkCRUD extends Construct { "lambda-functions", "user-interface-handlers", "src", - "linkCu.ts" + "linkCu.ts", ), bundling: { externalModules: [ @@ -219,7 +219,7 @@ export class LinkCRUD extends Construct { linkProcessingTopicArn: this.linkProcessingTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); linkCRUDProps.ssoArtefactsBucket.addEventNotification( @@ -227,7 +227,7 @@ export class LinkCRUD extends Construct { new LambdaDestination(this.linkCuHandler), { prefix: "links_data/", - } + }, ); this.linkDelHandler = new NodejsFunction( @@ -242,7 +242,7 @@ export class LinkCRUD extends Construct { "lambda-functions", "user-interface-handlers", "src", - "linkDel.ts" + "linkDel.ts", ), bundling: { externalModules: [ @@ -265,7 +265,7 @@ export class LinkCRUD extends Construct { linkProcessingTopicArn: this.linkProcessingTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); linkCRUDProps.ssoArtefactsBucket.addEventNotification( @@ -273,18 +273,18 @@ export class LinkCRUD extends Construct { new LambdaDestination(this.linkDelHandler), { prefix: "links_data/", - } + }, ); const linkCallerRole = Role.fromRoleArn( this, name(buildConfig, "importedLinkCallerRole"), - buildConfig.Parameters.LinkCallerRoleArn + buildConfig.Parameters.LinkCallerRoleArn, ); linkCRUDProps.ssoArtefactsBucket.grantReadWrite(linkCallerRole); linkCRUDProps.ssoArtefactsBucket.encryptionKey?.grantEncryptDecrypt( - linkCallerRole + linkCallerRole, ); new CfnOutput(this, name(buildConfig, "links-data-location"), { diff --git a/lib/constructs/link-processor.ts b/lib/constructs/link-processor.ts index 8afc828..5d40f2a 100644 --- a/lib/constructs/link-processor.ts +++ b/lib/constructs/link-processor.ts @@ -43,7 +43,7 @@ export class LinkProcessor extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - linkprocessProps: LinkProcessProps + linkprocessProps: LinkProcessProps, ) { super(scope, id); @@ -60,7 +60,7 @@ export class LinkProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "linkManager.ts" + "linkManager.ts", ), bundling: { externalModules: [ @@ -88,7 +88,7 @@ export class LinkProcessor extends Construct { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, timeout: Duration.minutes(5), //aggressive timeout to accommodate SSO Admin API's workflow based logic, - } + }, ); this.linkManagerHandler.addEventSource( @@ -100,7 +100,7 @@ export class LinkProcessor extends Construct { */ batchSize: 1, reportBatchItemFailures: true, - }) + }), ); this.processTargetAccountSMListenerHandler = new NodejsFunction( @@ -110,7 +110,7 @@ export class LinkProcessor extends Construct { runtime: Runtime.NODEJS_20_X, functionName: name( buildConfig, - "processTargetAccountSMListenerHandler" + "processTargetAccountSMListenerHandler", ), entry: join( __dirname, @@ -118,7 +118,7 @@ export class LinkProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "processTargetAccountSMListener.ts" + "processTargetAccountSMListener.ts", ), bundling: { externalModules: ["@aws-sdk/client-sns", "@aws-sdk/client-sqs"], @@ -131,11 +131,11 @@ export class LinkProcessor extends Construct { linkprocessProps.errorNotificationsTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.processTargetAccountSMListenerHandler.addEventSource( - new SnsEventSource(linkprocessProps.processTargetAccountSMTopic) + new SnsEventSource(linkprocessProps.processTargetAccountSMTopic), ); this.linkTopicProcessor = new NodejsFunction( @@ -150,7 +150,7 @@ export class LinkProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "linkTopicProcessor.ts" + "linkTopicProcessor.ts", ), bundling: { externalModules: [ @@ -183,11 +183,11 @@ export class LinkProcessor extends Construct { supportNestedOU: String(buildConfig.Parameters.SupportNestedOU), functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.linkTopicProcessor.addEventSource( - new SnsEventSource(linkprocessProps.linkProcessorTopic) + new SnsEventSource(linkprocessProps.linkProcessorTopic), ); } } diff --git a/lib/constructs/observability-artefacts.ts b/lib/constructs/observability-artefacts.ts index aba01c2..afbcf87 100644 --- a/lib/constructs/observability-artefacts.ts +++ b/lib/constructs/observability-artefacts.ts @@ -58,7 +58,7 @@ export class ObservabilityArtefacts extends Construct { queryString: "filter requestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: accountAssignmentAPILogGroupNames, - } + }, ); //Get Related RequestDetails for accountAssignmentAPI flows @@ -68,12 +68,12 @@ export class ObservabilityArtefacts extends Construct { { name: name( buildConfig, - "accountAssignmentAPIFlows-getRelateedRequestDetails" + "accountAssignmentAPIFlows-getRelateedRequestDetails", ), queryString: "filter sourceRequestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: accountAssignmentAPILogGroupNames, - } + }, ); //Get RequestDetails for permissionSetAPI flows @@ -85,7 +85,7 @@ export class ObservabilityArtefacts extends Construct { queryString: "filter requestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: permissionSetAPILogGroupNames, - } + }, ); //Get Related RequestDetails for permissionSetAPI flows @@ -95,12 +95,12 @@ export class ObservabilityArtefacts extends Construct { { name: name( buildConfig, - "permissionSetAPIFlows-getRelateedRequestDetails" + "permissionSetAPIFlows-getRelateedRequestDetails", ), queryString: "filter sourceRequestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: permissionSetAPILogGroupNames, - } + }, ); //Get RequestDetails for SSO group trigger flows @@ -112,7 +112,7 @@ export class ObservabilityArtefacts extends Construct { queryString: "fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp desc | limit 100 | filter ispresent(requestId)", logGroupNames: ssoGroupLogGroupNames, - } + }, ); //Get Related RequestDetails for SSO group trigger flows @@ -122,12 +122,12 @@ export class ObservabilityArtefacts extends Construct { { name: name( buildConfig, - "ssoGroupTriggerFlows-getRelateedRequestDetails" + "ssoGroupTriggerFlows-getRelateedRequestDetails", ), queryString: "filter sourceRequestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: ssoGroupLogGroupNames, - } + }, ); //Get RequestDetails for SSO user trigger flows @@ -139,7 +139,7 @@ export class ObservabilityArtefacts extends Construct { queryString: "fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp desc | limit 100 | filter ispresent(requestId)", logGroupNames: ssoUserLogGroupNames, - } + }, ); //Get Related RequestDetails for SSO user trigger flows @@ -149,12 +149,12 @@ export class ObservabilityArtefacts extends Construct { { name: name( buildConfig, - "ssoUserTriggerFlows-getRelateedRequestDetails" + "ssoUserTriggerFlows-getRelateedRequestDetails", ), queryString: "filter sourceRequestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: ssoUserLogGroupNames, - } + }, ); //Get RequestDetails for permission set sync trigger flow @@ -164,12 +164,12 @@ export class ObservabilityArtefacts extends Construct { { name: name( buildConfig, - "permissionSetSyncTriggerFlows-getRequestDetails" + "permissionSetSyncTriggerFlows-getRequestDetails", ), queryString: "fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp desc | limit 100 | filter ispresent(requestId)", logGroupNames: permissionSetSyncLogGroupNames, - } + }, ); //Get Related RequestDetails for permission set sync trigger flows @@ -177,17 +177,17 @@ export class ObservabilityArtefacts extends Construct { this, name( buildConfig, - "permissionSetSyncTriggerFlows-getRelateedRequestDetails" + "permissionSetSyncTriggerFlows-getRelateedRequestDetails", ), { name: name( buildConfig, - "permissionSetSyncTriggerFlows-getRelateedRequestDetails" + "permissionSetSyncTriggerFlows-getRelateedRequestDetails", ), queryString: "filter sourceRequestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: permissionSetSyncLogGroupNames, - } + }, ); //Get RequestDetails for org events trigger flow @@ -199,7 +199,7 @@ export class ObservabilityArtefacts extends Construct { queryString: "fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp desc | limit 100 | filter ispresent(requestId)", logGroupNames: orgEventsLogGroupNames, - } + }, ); //Get Related RequestDetails for org events trigger flows @@ -209,12 +209,12 @@ export class ObservabilityArtefacts extends Construct { { name: name( buildConfig, - "orgEventsTriggerFlows-getRelateedRequestDetails" + "orgEventsTriggerFlows-getRelateedRequestDetails", ), queryString: "filter sourceRequestId like '' | fields requestId, handler, relatedData, status, statusMessage, relatedData, hasRelatedRequests, sourceRequestId | sort @timestamp asc", logGroupNames: orgEventsLogGroupNames, - } + }, ); } } diff --git a/lib/constructs/org-events.ts b/lib/constructs/org-events.ts index 00a1bb6..e91c15d 100644 --- a/lib/constructs/org-events.ts +++ b/lib/constructs/org-events.ts @@ -30,7 +30,7 @@ export class OrgEvents extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - orgEventsProps: OrgEventsProps + orgEventsProps: OrgEventsProps, ) { super(scope, id); @@ -47,7 +47,7 @@ export class OrgEvents extends Construct { "lambda-functions", "application-handlers", "src", - "orgEvents.ts" + "orgEvents.ts", ), bundling: { externalModules: [ @@ -80,11 +80,11 @@ export class OrgEvents extends Construct { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, timeout: Duration.minutes(5), //aggressive timeout to accommodate for child OU's having many parents - } + }, ); this.orgEventsHandler.addEventSource( - new SnsEventSource(orgEventsProps.orgEventsNotificationTopic) + new SnsEventSource(orgEventsProps.orgEventsNotificationTopic), ); } } diff --git a/lib/constructs/permission-set-crud.ts b/lib/constructs/permission-set-crud.ts index ba08895..d5a3c82 100644 --- a/lib/constructs/permission-set-crud.ts +++ b/lib/constructs/permission-set-crud.ts @@ -47,7 +47,7 @@ export class PermissionSetCRUD extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - PermissionSetCRUDProps: PermissionSetCRUDProps + PermissionSetCRUDProps: PermissionSetCRUDProps, ) { super(scope, id); @@ -57,7 +57,7 @@ export class PermissionSetCRUD extends Construct { { displayName: name(buildConfig, "permissionSetProcessingTopic"), masterKey: PermissionSetCRUDProps.snsTopicsKey, - } + }, ); this.permissionSetTable = new Table( @@ -74,7 +74,7 @@ export class PermissionSetCRUD extends Construct { encryptionKey: PermissionSetCRUDProps.ddbTablesKey, pointInTimeRecovery: true, removalPolicy: RemovalPolicy.DESTROY, - } + }, ); this.permissionSetArnTable = new Table( @@ -91,7 +91,7 @@ export class PermissionSetCRUD extends Construct { encryptionKey: PermissionSetCRUDProps.ddbTablesKey, pointInTimeRecovery: true, removalPolicy: RemovalPolicy.DESTROY, - } + }, ); if ( @@ -111,7 +111,7 @@ export class PermissionSetCRUD extends Construct { "lambda-functions", "user-interface-handlers", "src", - "permissionSetApi.ts" + "permissionSetApi.ts", ), bundling: { minify: true, @@ -137,7 +137,7 @@ export class PermissionSetCRUD extends Construct { this.permissionSetProcessingTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.permissionSetAPI = new LambdaProxyAPI( @@ -152,7 +152,7 @@ export class PermissionSetCRUD extends Construct { proxyfunction: this.permissionSetAPIHandler, apiEndPointReaderAccountID: buildConfig.PipelineSettings.DeploymentAccountId, - } + }, ).lambdaProxyAPI; } else { this.permissionSetCuHandler = new NodejsFunction( @@ -168,7 +168,7 @@ export class PermissionSetCRUD extends Construct { "lambda-functions", "user-interface-handlers", "src", - "permissionSetCu.ts" + "permissionSetCu.ts", ), bundling: { minify: true, @@ -193,7 +193,7 @@ export class PermissionSetCRUD extends Construct { this.permissionSetProcessingTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); PermissionSetCRUDProps.ssoArtefactsBucket.addEventNotification( @@ -202,21 +202,21 @@ export class PermissionSetCRUD extends Construct { { prefix: "permission_sets/", suffix: ".json", - } + }, ); const permissionSetCallerRole = Role.fromRoleArn( this, name(buildConfig, "importedLinkCallerRole"), - buildConfig.Parameters.PermissionSetCallerRoleArn + buildConfig.Parameters.PermissionSetCallerRoleArn, ); PermissionSetCRUDProps.ssoArtefactsBucket.grantReadWrite( - permissionSetCallerRole + permissionSetCallerRole, ); PermissionSetCRUDProps.ssoArtefactsBucket.encryptionKey?.grantEncryptDecrypt( - permissionSetCallerRole + permissionSetCallerRole, ); this.permissionSetDelHandler = new NodejsFunction( @@ -232,7 +232,7 @@ export class PermissionSetCRUD extends Construct { "lambda-functions", "user-interface-handlers", "src", - "permissionSetDel.ts" + "permissionSetDel.ts", ), bundling: { minify: true, @@ -254,7 +254,7 @@ export class PermissionSetCRUD extends Construct { this.permissionSetProcessingTopic.topicArn, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); PermissionSetCRUDProps.ssoArtefactsBucket.addEventNotification( @@ -263,7 +263,7 @@ export class PermissionSetCRUD extends Construct { { prefix: "permission_sets/", suffix: ".json", - } + }, ); new CfnOutput(this, name(buildConfig, "permission-sets-location"), { @@ -283,7 +283,7 @@ export class PermissionSetCRUD extends Construct { { parameterName: name(buildConfig, "permissionSetTableStreamArn"), stringValue: this.permissionSetTable.tableStreamArn?.toString() + "", - } + }, ); new StringParameter(this, name(buildConfig, "permissionSetArnTableArn"), { @@ -297,7 +297,7 @@ export class PermissionSetCRUD extends Construct { { parameterName: name(buildConfig, "permissionSetProcessorTopicArn"), stringValue: this.permissionSetProcessingTopic.topicArn, - } + }, ); } } diff --git a/lib/constructs/permission-set-processor.ts b/lib/constructs/permission-set-processor.ts index 7d8f8ab..ac2ab5f 100644 --- a/lib/constructs/permission-set-processor.ts +++ b/lib/constructs/permission-set-processor.ts @@ -52,7 +52,7 @@ export class PermissionSetProcessor extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - permissionSetProcessorProps: PermissionSetProcessProps + permissionSetProcessorProps: PermissionSetProcessProps, ) { super(scope, id); @@ -62,7 +62,7 @@ export class PermissionSetProcessor extends Construct { { displayName: name(buildConfig, "permissionSetSyncTopic"), masterKey: permissionSetProcessorProps.snsTopicsKey, - } + }, ); this.managedPolicyDLQ = new Queue( @@ -74,7 +74,7 @@ export class PermissionSetProcessor extends Construct { encryptionMasterKey: permissionSetProcessorProps.sqsKey, visibilityTimeout: Duration.hours(1), queueName: name(buildConfig, "managedPolicyDLQ.fifo"), - } + }, ); this.managedPolicyQueue = new Queue( @@ -92,7 +92,7 @@ export class PermissionSetProcessor extends Construct { maxReceiveCount: 2, }, retentionPeriod: Duration.days(1), - } + }, ); this.permissionSetTopicProcessor = new NodejsFunction( @@ -108,7 +108,7 @@ export class PermissionSetProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "permissionSetTopicProcessor.ts" + "permissionSetTopicProcessor.ts", ), bundling: { externalModules: [ @@ -147,13 +147,13 @@ export class PermissionSetProcessor extends Construct { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, timeout: Duration.minutes(11), //aggressive timeout to accommodate SSO Admin API's workflow based logic - } + }, ); this.permissionSetTopicProcessor.addEventSource( new SnsEventSource( - permissionSetProcessorProps.permissionSetProcessorTopic - ) + permissionSetProcessorProps.permissionSetProcessorTopic, + ), ); this.permissionSetSyncHandler = new NodejsFunction( @@ -169,7 +169,7 @@ export class PermissionSetProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "permissionSetSync.ts" + "permissionSetSync.ts", ), bundling: { externalModules: [ @@ -205,11 +205,11 @@ export class PermissionSetProcessor extends Construct { supportNestedOU: String(buildConfig.Parameters.SupportNestedOU), functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.permissionSetSyncHandler.addEventSource( - new SnsEventSource(this.permissionSetSyncTopic) + new SnsEventSource(this.permissionSetSyncTopic), ); this.managedPolicyQueueProcessor = new NodejsFunction( @@ -225,7 +225,7 @@ export class PermissionSetProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "managedPolicyQueueProcessor.ts" + "managedPolicyQueueProcessor.ts", ), bundling: { externalModules: [ @@ -245,14 +245,14 @@ export class PermissionSetProcessor extends Construct { ssoRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.managedPolicyQueueProcessor.addEventSource( new SqsEventSource(this.managedPolicyQueue, { batchSize: 5, reportBatchItemFailures: true, - }) + }), ); } } diff --git a/lib/constructs/preSolution-access-manager.ts b/lib/constructs/preSolution-access-manager.ts index 677e287..baec148 100644 --- a/lib/constructs/preSolution-access-manager.ts +++ b/lib/constructs/preSolution-access-manager.ts @@ -22,7 +22,7 @@ export class PreSolutionAccessManager extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - preSolutionAccessManagerProps: PreSolutionAccessManagerProps + preSolutionAccessManagerProps: PreSolutionAccessManagerProps, ) { super(scope, id); @@ -32,55 +32,55 @@ export class PreSolutionAccessManager extends Construct { // Link - API interface mode preSolutionAccessManagerProps.IndependentUtility.ddbTablesKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler + preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler, ); preSolutionAccessManagerProps.LinkCRUD.linksTable.grantReadWriteData( - preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler + preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler, ); preSolutionAccessManagerProps.IndependentUtility.s3ArtefactsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler + preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler, ); preSolutionAccessManagerProps.IndependentUtility.ssoArtefactsBucket.grantReadWrite( - preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler + preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler, ); preSolutionAccessManagerProps.IndependentUtility.snsTopicsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler + preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler, ); preSolutionAccessManagerProps.LinkCRUD.linkProcessingTopic.grantPublish( - preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler + preSolutionAccessManagerProps.LinkCRUD.linkAPIHandler, ); } else { // Link - S3 interface mode preSolutionAccessManagerProps.IndependentUtility.ddbTablesKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkCuHandler + preSolutionAccessManagerProps.LinkCRUD.linkCuHandler, ); preSolutionAccessManagerProps.LinkCRUD.linksTable.grantReadWriteData( - preSolutionAccessManagerProps.LinkCRUD.linkCuHandler + preSolutionAccessManagerProps.LinkCRUD.linkCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.ddbTablesKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkDelHandler + preSolutionAccessManagerProps.LinkCRUD.linkDelHandler, ); preSolutionAccessManagerProps.LinkCRUD.linksTable.grantReadWriteData( - preSolutionAccessManagerProps.LinkCRUD.linkDelHandler + preSolutionAccessManagerProps.LinkCRUD.linkDelHandler, ); preSolutionAccessManagerProps.IndependentUtility.snsTopicsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkCuHandler + preSolutionAccessManagerProps.LinkCRUD.linkCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.snsTopicsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.LinkCRUD.linkDelHandler + preSolutionAccessManagerProps.LinkCRUD.linkDelHandler, ); preSolutionAccessManagerProps.IndependentUtility.errorNotificationsTopic.grantPublish( - preSolutionAccessManagerProps.LinkCRUD.linkCuHandler + preSolutionAccessManagerProps.LinkCRUD.linkCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.errorNotificationsTopic.grantPublish( - preSolutionAccessManagerProps.LinkCRUD.linkDelHandler + preSolutionAccessManagerProps.LinkCRUD.linkDelHandler, ); preSolutionAccessManagerProps.LinkCRUD.linkProcessingTopic.grantPublish( - preSolutionAccessManagerProps.LinkCRUD.linkCuHandler + preSolutionAccessManagerProps.LinkCRUD.linkCuHandler, ); preSolutionAccessManagerProps.LinkCRUD.linkProcessingTopic.grantPublish( - preSolutionAccessManagerProps.LinkCRUD.linkDelHandler + preSolutionAccessManagerProps.LinkCRUD.linkDelHandler, ); } @@ -91,73 +91,73 @@ export class PreSolutionAccessManager extends Construct { // PermissionSet - API interface mode preSolutionAccessManagerProps.IndependentUtility.ddbTablesKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); preSolutionAccessManagerProps.LinkCRUD.linksTable.grantReadData( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetTable.grantReadWriteData( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); preSolutionAccessManagerProps.IndependentUtility.s3ArtefactsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); preSolutionAccessManagerProps.IndependentUtility.ssoArtefactsBucket.grantReadWrite( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); preSolutionAccessManagerProps.IndependentUtility.snsTopicsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetProcessingTopic.grantPublish( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetAPIHandler, ); } else { // PermissionSet - S3 interface mode preSolutionAccessManagerProps.IndependentUtility.snsTopicsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.errorNotificationsTopic.grantPublish( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetProcessingTopic.grantPublish( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.snsTopicsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.IndependentUtility.errorNotificationsTopic.grantPublish( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetProcessingTopic.grantPublish( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.IndependentUtility.ddbTablesKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.LinkCRUD.linksTable.grantReadData( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetTable.grantReadWriteData( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.ddbTablesKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetTable.grantReadWriteData( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.IndependentUtility.s3ArtefactsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.ssoArtefactsBucket.grantRead( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetCuHandler, ); preSolutionAccessManagerProps.IndependentUtility.s3ArtefactsKey.grantEncryptDecrypt( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); preSolutionAccessManagerProps.IndependentUtility.ssoArtefactsBucket.grantRead( - preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler + preSolutionAccessManagerProps.PermissionSetCRUD.permissionSetDelHandler, ); } } diff --git a/lib/constructs/ssm-param-reader.ts b/lib/constructs/ssm-param-reader.ts index 78703f8..ab70e1e 100644 --- a/lib/constructs/ssm-param-reader.ts +++ b/lib/constructs/ssm-param-reader.ts @@ -29,7 +29,7 @@ export class SSMParamReader extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - ssmParamReaderprops: SSMParamReaderProps + ssmParamReaderprops: SSMParamReaderProps, ) { super(scope, id); @@ -56,7 +56,7 @@ export class SSMParamReader extends Construct { assumedRoleArn: paramReaderRole, }, policy: AwsCustomResourcePolicy.fromStatements([assumeRolePolicy]), - } + }, ); this.paramValue = paramReadResource diff --git a/lib/constructs/ssm-param-writer.ts b/lib/constructs/ssm-param-writer.ts index 732c295..9b35225 100644 --- a/lib/constructs/ssm-param-writer.ts +++ b/lib/constructs/ssm-param-writer.ts @@ -23,7 +23,7 @@ export class SSMParamWriter extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - ssmParamWriterProps: SSMParamWriterProps + ssmParamWriterProps: SSMParamWriterProps, ) { super(scope, id); @@ -33,7 +33,7 @@ export class SSMParamWriter extends Construct { { parameterName: name(buildConfig, ssmParamWriterProps.ParamNameKey), stringValue: ssmParamWriterProps.ParamValue, - } + }, ); this.parameterReaderRole = new Role( @@ -42,10 +42,10 @@ export class SSMParamWriter extends Construct { { roleName: name( buildConfig, - `${ssmParamWriterProps.ParamNameKey}-readerRole` + `${ssmParamWriterProps.ParamNameKey}-readerRole`, ), assumedBy: new AccountPrincipal(ssmParamWriterProps.ReaderAccountId), - } + }, ); this.parameter.grantRead(this.parameterReaderRole); diff --git a/lib/constructs/sso-group-processor.ts b/lib/constructs/sso-group-processor.ts index d5b20fb..a4df7bf 100644 --- a/lib/constructs/sso-group-processor.ts +++ b/lib/constructs/sso-group-processor.ts @@ -34,7 +34,7 @@ export class SSOGroupProcessor extends Construct { scope: Construct, id: string, buildConfig: BuildConfig, - ssoGroupProcessorProps: SSOGroupProcessorProps + ssoGroupProcessorProps: SSOGroupProcessorProps, ) { super(scope, id); @@ -51,7 +51,7 @@ export class SSOGroupProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "groupsCud.ts" + "groupsCud.ts", ), bundling: { externalModules: [ @@ -83,11 +83,13 @@ export class SSOGroupProcessor extends Construct { supportNestedOU: String(buildConfig.Parameters.SupportNestedOU), functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.ssoGroupHandler.addEventSource( - new SnsEventSource(ssoGroupProcessorProps.ssoGroupEventNotificationsTopic) + new SnsEventSource( + ssoGroupProcessorProps.ssoGroupEventNotificationsTopic, + ), ); this.ssoUserHandler = new NodejsFunction( @@ -103,7 +105,7 @@ export class SSOGroupProcessor extends Construct { "lambda-functions", "application-handlers", "src", - "usersCud.ts" + "usersCud.ts", ), bundling: { externalModules: [ @@ -139,11 +141,11 @@ export class SSOGroupProcessor extends Construct { supportNestedOU: String(buildConfig.Parameters.SupportNestedOU), functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); this.ssoUserHandler.addEventSource( - new SnsEventSource(ssoGroupProcessorProps.ssoUserEventNotificationsTopic) + new SnsEventSource(ssoGroupProcessorProps.ssoUserEventNotificationsTopic), ); } } diff --git a/lib/constructs/utility.ts b/lib/constructs/utility.ts index 3ce7661..e5b80c6 100644 --- a/lib/constructs/utility.ts +++ b/lib/constructs/utility.ts @@ -27,8 +27,8 @@ export class Utility extends Construct { ParamAccountId: buildConfig.PipelineSettings.OrgMainAccountId, ParamRegion: "us-east-1", ParamNameKey: "orgEventsNotificationsTopicArn", - } - ).paramValue + }, + ).paramValue, ); this.ssoGroupEventsNotificationsTopic = Topic.fromTopicArn( @@ -42,8 +42,8 @@ export class Utility extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "ssoGroupEventsNotificationTopicArn", - } - ).paramValue + }, + ).paramValue, ); this.ssoUserEventsNotificationsTopic = Topic.fromTopicArn( @@ -57,8 +57,8 @@ export class Utility extends Construct { ParamAccountId: buildConfig.PipelineSettings.SSOServiceAccountId, ParamRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, ParamNameKey: "ssoUserEventsNotificationTopicArn", - } - ).paramValue + }, + ).paramValue, ); this.processTargetAccountSMTopic = Topic.fromTopicArn( @@ -72,8 +72,8 @@ export class Utility extends Construct { ParamAccountId: buildConfig.PipelineSettings.OrgMainAccountId, ParamRegion: "us-east-1", ParamNameKey: "processTargetAccountSMTopicArn", - } - ).paramValue + }, + ).paramValue, ); new StringParameter( @@ -82,10 +82,10 @@ export class Utility extends Construct { { parameterName: name( buildConfig, - "importedProcessTargetAccountSMTopicArn" + "importedProcessTargetAccountSMTopicArn", ), stringValue: this.processTargetAccountSMTopic.topicArn, - } + }, ); new StringParameter( @@ -94,7 +94,7 @@ export class Utility extends Construct { { parameterName: name(buildConfig, "ssoGroupEventNotificationsTopicArn"), stringValue: this.ssoGroupEventsNotificationsTopic.topicArn, - } + }, ); new StringParameter( @@ -103,7 +103,7 @@ export class Utility extends Construct { { parameterName: name(buildConfig, "ssoUserEventsNotificationsTopicArn"), stringValue: this.ssoUserEventsNotificationsTopic.topicArn, - } + }, ); new StringParameter( @@ -112,10 +112,10 @@ export class Utility extends Construct { { parameterName: name( buildConfig, - "importedOrgEventsNotificationsTopicArn" + "importedOrgEventsNotificationsTopicArn", ), stringValue: this.orgEventsNotificationsTopic.topicArn, - } + }, ); } } diff --git a/lib/lambda-functions/application-handlers/src/groupsCud.ts b/lib/lambda-functions/application-handlers/src/groupsCud.ts index 45b83ab..d210fe4 100644 --- a/lib/lambda-functions/application-handlers/src/groupsCud.ts +++ b/lib/lambda-functions/application-handlers/src/groupsCud.ts @@ -1,35 +1,28 @@ /** - * Objective: Implement SSO group events handler for processing groups Trigger - * source: SSO group changes notification topic which in turn receives event - * bridge notifications from SSO account for group changes + * Objective: Implement SSO group events handler for processing groups Trigger. + * Source: SSO group changes notification topic which in turn receives event + * bridge notifications from SSO account for group changes. * - * - Assumes role in SSO account for calling SSO admin API - listInstances - * - Determine if the event type is create or delete + * - Assumes role in SSO account for calling SSO admin API - listInstances. + * - Determine if the event type is create or delete. * - Determine the group name (SSO uses different event schemas for this event - * depending on the identity store) - * - If create/delete - * - * - Determine if there are related links already provisioned by looking up links - * table - * - If there are related links, then - * - * - For each related link - * - Determine if permission set referenced in the link is already provisioned by - * looking up permissionsetArn ddb table - * - * - If permission set is already provisioned, then - * - * - Determine if the link type is account, ou_id, account_tag or root - * - If account, post the link operation details to link manager FIFO queue - * - If ou_id, root, account_tag resolve the actual accounts and post the link - * operation - * details to org - * entities state - * machine in org account - * - If permission set is not provisioned, stop the operation here - * - If there are no related links, then stop the operation here + * depending on the identity store). + * - If create/delete: + * - Determine if there are related links already provisioned by looking up links + * table. + * - If there are related links: + * - For each related link: + * - Determine if permission set referenced in the link is already provisioned by + * looking up permissionsetArn ddb table. + * - If permission set is already provisioned: + * - Determine if the link type is account, ou_id, account_tag or root. + * - If account, post the link operation details to link manager FIFO queue. + * - If ou_id, root, account_tag resolve the actual accounts and post the link + * operation details to org entities state machine in org account. + * - If permission set is not provisioned, stop the operation here. + * - If there are no related links, then stop the operation here. * - Catch all failures in a generic exception block and post the error details to - * error notifications topics + * error notifications topics. */ const { @@ -132,7 +125,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `SSO group event triggered event bridge rule, started processing`, }, - functionLogMode + functionLogMode, ); try { const message = JSON.parse(event.Records[0].Sns.Message); @@ -146,7 +139,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolved SSO instance arn`, }, - functionLogMode + functionLogMode, ); const instanceArn = resolvedInstances.Instances?.[0].InstanceArn; const staticSSOPayload: StaticSSOPayload = { @@ -167,7 +160,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined event is CreateGroup`, }, - functionLogMode + functionLogMode, ); groupId = message.detail.responseElements.group.groupId; logger( @@ -179,7 +172,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Set groupID value as read from the event payload`, }, - functionLogMode + functionLogMode, ); /** * To handle SSO generating cloudwatch events with different formats @@ -189,7 +182,7 @@ export const handler = async (event: SNSEvent) => { if ( Object.prototype.hasOwnProperty.call( message.detail.responseElements.group, - "displayName" + "displayName", ) ) { groupName = message.detail.responseElements.group.displayName; @@ -202,12 +195,12 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Event sent displayName value for groupName, using this value - ${groupName}`, }, - functionLogMode + functionLogMode, ); } else if ( Object.prototype.hasOwnProperty.call( message.detail.responseElements.group, - "groupName" + "groupName", ) ) { groupName = message.detail.responseElements.group.groupName; @@ -220,7 +213,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Event sent groupName value for groupName, using this value - ${groupName}`, }, - functionLogMode + functionLogMode, ); } groupNameValue = groupName; @@ -236,7 +229,7 @@ export const handler = async (event: SNSEvent) => { KeyConditionExpression: "#principalName = :principalName", ExpressionAttributeNames: { "#principalName": "principalName" }, ExpressionAttributeValues: { ":principalName": groupName }, - }) + }), ); logger( { @@ -247,7 +240,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Querying if there are any related account assignments for group ${groupName}`, }, - functionLogMode + functionLogMode, ); if (relatedLinks.Items && relatedLinks.Items?.length !== 0) { @@ -260,7 +253,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Determined there are ${relatedLinks.Items.length} no of account assignments for group ${groupName}`, }, - functionLogMode + functionLogMode, ); await Promise.all( relatedLinks.Items?.map(async (Item) => { @@ -272,7 +265,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName: permissionSetName, }, - }) + }), ); if (permissionSetFetch.Item) { const { permissionSetArn } = permissionSetFetch.Item; @@ -285,7 +278,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Determined permission set ${permissionSetName} for the account assignments is provisioned already with permissionSetArn ${permissionSetArn}`, }, - functionLogMode + functionLogMode, ); if (awsEntityType === "account") { @@ -298,7 +291,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Determined entity type is account for this account assignment type`, }, - functionLogMode + functionLogMode, ); await sqsClientObject.send( @@ -317,7 +310,7 @@ export const handler = async (event: SNSEvent) => { sourceRequestId: requestId, }), MessageGroupId: awsEntityData.slice(-1), - }) + }), ); logger( { @@ -328,7 +321,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Sent payload to account assignment queue with account ID ${awsEntityData}, for permissionSetArn ${permissionSetArn} and group ${groupName}`, }, - functionLogMode + functionLogMode, ); } else if ( awsEntityType === "ou_id" || @@ -344,7 +337,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Determined entity type is ${awsEntityType} for this account assignment type`, }, - functionLogMode + functionLogMode, ); const stateMachinePayload: StateMachinePayload = { action: "create", @@ -364,7 +357,7 @@ export const handler = async (event: SNSEvent) => { stateMachinePayload, awsEntityData, processTargetAccountSMArn + "", - sfnClientObject + sfnClientObject, ); logger( { @@ -375,7 +368,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Invoked state machine for procesing group event with entityType ${awsEntityType} for groupID ${groupId} , permissionSetArn ${permissionSetArn} , targetType ${staticSSOPayload.TargetType} and entityData ${awsEntityData} `, }, - functionLogMode + functionLogMode, ); } } else { @@ -389,10 +382,10 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Determined that permissionSet ${permissionSetName} does not yet exist in the solution, so aborting the operation`, }, - functionLogMode + functionLogMode, ); } - }) + }), ); } else { /** No related links for the group being processed */ @@ -405,7 +398,7 @@ export const handler = async (event: SNSEvent) => { relatedData: groupId, statusMessage: `Determined that there are no related account assignments for this group, aborting the operation`, }, - functionLogMode + functionLogMode, ); } } else if (message.detail.eventName === "DeleteGroup") { @@ -417,7 +410,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Aborted, statusMessage: `Determined event is DeleteGroup, no actions being done as the group is deletec directly`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -436,9 +429,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - groupNameValue + groupNameValue, ), - }) + }), ); logger({ handler: handlerName, @@ -449,7 +442,7 @@ export const handler = async (event: SNSEvent) => { requestId, err.name, err.message, - groupNameValue + groupNameValue, ), }); } else { @@ -462,9 +455,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - groupNameValue + groupNameValue, ), - }) + }), ); logger({ handler: handlerName, @@ -475,7 +468,7 @@ export const handler = async (event: SNSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - groupNameValue + groupNameValue, ), }); } diff --git a/lib/lambda-functions/application-handlers/src/linkManager.ts b/lib/lambda-functions/application-handlers/src/linkManager.ts index d43213a..8212e36 100644 --- a/lib/lambda-functions/application-handlers/src/linkManager.ts +++ b/lib/lambda-functions/application-handlers/src/linkManager.ts @@ -120,7 +120,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Started processing account assignment queue operation`, }, - functionLogMode + functionLogMode, ); try { const message = JSON.parse(record.body); @@ -141,7 +141,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `SSO group event triggered event bridge rule, started processing`, }, - functionLogMode + functionLogMode, ); if (ssoParams.TargetId !== payerAccount) { logger( @@ -154,7 +154,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that account ID ${ssoParams.TargetId} is not payerAccount`, }, - functionLogMode + functionLogMode, ); const resolvedInstances: ListInstancesCommandOutput = await ssoAdminClientObject.send(new ListInstancesCommand({})); @@ -169,7 +169,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolve SSO instanceArn: ${instanceArn}`, }, - functionLogMode + functionLogMode, ); if (message.actionType === "create") { @@ -183,7 +183,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Processing create account assignment operation`, }, - functionLogMode + functionLogMode, ); const provisionedLinks: GetCommandOutput = @@ -193,7 +193,7 @@ export const handler = async (event: SQSEvent) => { Key: { parentLink: provisionedLinksKey, }, - }) + }), ); if (provisionedLinks.Item) { logger( @@ -206,14 +206,14 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.Completed, statusMessage: `Provisioned link already exists, not provisioning again`, }, - functionLogMode + functionLogMode, ); } else { const ssoAssignmentOp: CreateAccountAssignmentCommandOutput = await ssoAdminClientObject.send( new CreateAccountAssignmentCommand({ ...ssoParams, - }) + }), ); logger( { @@ -225,7 +225,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Triggered createAccountAssignment operation, requestID from service ${ssoAssignmentOp.AccountAssignmentCreationStatus?.RequestId}`, }, - functionLogMode + functionLogMode, ); logger( { @@ -237,7 +237,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Triggering pre-emptive delay`, }, - functionLogMode + functionLogMode, ); /** Pre-emptively delay to avoid waitPenalty on waiter */ @@ -252,7 +252,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Pre-emptive delay cycle complete, triggering createAccountAssignment waiter`, }, - functionLogMode + functionLogMode, ); await waitUntilAccountAssignmentCreation( { @@ -265,7 +265,7 @@ export const handler = async (event: SQSEvent) => { ssoAssignmentOp.AccountAssignmentCreationStatus?.RequestId, }, requestId, - functionLogMode + "" + functionLogMode + "", ); logger( { @@ -277,7 +277,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `createAccountAssignment waiter returned`, }, - functionLogMode + functionLogMode, ); await ddbClientObject.send( new PutCommand({ @@ -287,7 +287,7 @@ export const handler = async (event: SQSEvent) => { tagKeyLookUp: message.tagKeyLookUp, principalType: ssoParams.PrincipalType, }, - }) + }), ); logger( { @@ -299,7 +299,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.Completed, statusMessage: `createAccountAssignment operation completed`, }, - functionLogMode + functionLogMode, ); } } else if (message.actionType === "delete") { @@ -313,7 +313,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Processing delete account assignment operation`, }, - functionLogMode + functionLogMode, ); const provisionedLinks: GetCommandOutput = @@ -323,7 +323,7 @@ export const handler = async (event: SQSEvent) => { Key: { parentLink: provisionedLinksKey, }, - }) + }), ); if (provisionedLinks.Item) { logger( @@ -336,14 +336,14 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Link currently provisioned, triggering delete account assignment operation`, }, - functionLogMode + functionLogMode, ); const ssoAssignmentOp: DeleteAccountAssignmentCommandOutput = await ssoAdminClientObject.send( new DeleteAccountAssignmentCommand({ ...ssoParams, - }) + }), ); logger( { @@ -355,7 +355,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Triggered deleteAccountAssignment operation, requestID from service ${ssoAssignmentOp.AccountAssignmentDeletionStatus?.RequestId}`, }, - functionLogMode + functionLogMode, ); logger( { @@ -367,7 +367,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Triggering pre-emptive delay`, }, - functionLogMode + functionLogMode, ); /** Pre-emptively delay to avoid waitPenalty on waiter */ await delay(15000); @@ -381,7 +381,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Pre-emptive delay cycle complete, triggering deleteAccountAssignment waiter`, }, - functionLogMode + functionLogMode, ); await waitUntilAccountAssignmentDeletion( { @@ -394,7 +394,7 @@ export const handler = async (event: SQSEvent) => { ssoAssignmentOp.AccountAssignmentDeletionStatus?.RequestId, }, requestId, - functionLogMode + "" + functionLogMode + "", ); logger( { @@ -406,7 +406,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `deleteAccountAssignment waiter returned`, }, - functionLogMode + functionLogMode, ); await ddbClientObject.send( new DeleteCommand({ @@ -414,7 +414,7 @@ export const handler = async (event: SQSEvent) => { Key: { parentLink: provisionedLinksKey, }, - }) + }), ); logger( { @@ -426,7 +426,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.Completed, statusMessage: `deleteAccountAssignment operation completed`, }, - functionLogMode + functionLogMode, ); } else { logger({ @@ -451,7 +451,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.Completed, statusMessage: `Provisioned link does not exist, not triggering a delete`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -469,9 +469,9 @@ export const handler = async (event: SQSEvent) => { handlerName, err.name, err.message, - linksKeyValue + linksKeyValue, ), - }) + }), ); logger({ handler: handlerName, @@ -482,7 +482,7 @@ export const handler = async (event: SQSEvent) => { requestId, err.name, err.message, - linksKeyValue + linksKeyValue, ), }); } else { @@ -495,9 +495,9 @@ export const handler = async (event: SQSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - linksKeyValue + linksKeyValue, ), - }) + }), ); logger({ handler: handlerName, @@ -508,11 +508,11 @@ export const handler = async (event: SQSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - linksKeyValue + linksKeyValue, ), }); } } - }) + }), ); }; diff --git a/lib/lambda-functions/application-handlers/src/linkTopicProcessor.ts b/lib/lambda-functions/application-handlers/src/linkTopicProcessor.ts index 819f644..aead20f 100644 --- a/lib/lambda-functions/application-handlers/src/linkTopicProcessor.ts +++ b/lib/lambda-functions/application-handlers/src/linkTopicProcessor.ts @@ -1,30 +1,25 @@ /** - * Objective: Implement link changes for link processing functionality Trigger - * source: links topic notifications + * Objective: Implement link changes for link processing functionality. Trigger + * source: links topic notifications. * - * - Assumes role in SSO account for calling SSO admin API - listInstances - * - For each record in the stream, - * - * - Look up in permissionSetArn ddb table if the permission set referenced in the - * record exists - * - * - If the permission set arn exists, then - * - * - Look up in AWS IAM Identity Center Identity store if the user/group exists - * - * - If the user/group exists - * - * - Determine if the operation is create/delete - * - Determine if link type is account /ou_id/root/account_tag - * - If link type is account , post the link provisioning/deprovisioning operation to the link manager queue - * - If link type is ou_id, root,account_tag invoke org entities state machine - * - If the user/group does not exist - * - * - Stop processing as we won't be able to proceed without the principal Arn - * - If the permission set does not exist, do nothing as we cannot do link - * provisioning if the permission set is not yet provisioned + * - Assumes role in SSO account for calling SSO admin API - listInstances. + * - For each record in the stream: + * - Look up in permissionSetArn ddb table if the permission set referenced in the + * record exists. + * - If the permission set arn exists: + * - Look up in AWS IAM Identity Center Identity store if the user/group exists. + * - If the user/group exists: + * - Determine if the operation is create/delete. + * - Determine if link type is account /ou_id/root/account_tag. + * - If link type is account, post the link provisioning/deprovisioning operation + * to the link manager queue. + * - If link type is ou_id, root, account_tag, invoke org entities state machine. + * - If the user/group does not exist: + * - Stop processing as we won't be able to proceed without the principal Arn. + * - If the permission set does not exist, do nothing as we cannot do link + * provisioning if the permission set is not yet provisioned. * - Catch all failures in a generic exception block and post the error details to - * error notifications topics + * error notifications topics. */ const { @@ -146,7 +141,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Started account assignment topic processor for action ${action}`, }, - functionLogMode + functionLogMode, ); const resolvedInstances: ListInstancesCommandOutput = await ssoAdminClientObject.send(new ListInstancesCommand({})); @@ -160,7 +155,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Resolved SSO instance arn ${instanceArn}`, }, - functionLogMode + functionLogMode, ); const identityStoreId = @@ -175,7 +170,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Resolved identityStoreID ${identityStoreId}`, }, - functionLogMode + functionLogMode, ); const delimeter = "%"; const linkKeyArray = linkData.split(delimeter); @@ -198,7 +193,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName: permissionsetName, }, - }) + }), ); if (permissionSetRecord.Item) { @@ -212,7 +207,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Determined permission set exists for this account assignment with arn value ${permissionSetArn}`, }, - functionLogMode + functionLogMode, ); let principalNameToLookUp = principalName; @@ -228,13 +223,13 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Lookup principal name computed ${principalNameToLookUp}`, }, - functionLogMode + functionLogMode, ); const principalId = await resolvePrincipal( identityStoreId, identityStoreClientObject, principalType, - principalNameToLookUp + principalNameToLookUp, ); if (principalId !== "0") { @@ -247,7 +242,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Resolved principal ID ${principalId} for principalName ${principalNameToLookUp} from identity store`, }, - functionLogMode + functionLogMode, ); if (entityType === "account") { logger( @@ -259,7 +254,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Determined entitytype is account`, }, - functionLogMode + functionLogMode, ); await sqsClientObject.send( new SendMessageCommand({ @@ -277,7 +272,7 @@ export const handler = async (event: SNSEvent) => { sourceRequestId: requestId, }), MessageGroupId: entityValue.slice(-1), - }) + }), ); logger( { @@ -288,7 +283,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Account assignment ${action} operation is posted to account assignment queue`, }, - functionLogMode + functionLogMode, ); } else if ( entityType === "ou_id" || @@ -313,7 +308,7 @@ export const handler = async (event: SNSEvent) => { stateMachinePayload, entityValue + "", processTargetAccountSMArn + "", - sfnClientObject + sfnClientObject, ); logger( { @@ -324,7 +319,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Account assignment ${action} operation payload triggered process target account state machine for entityType ${entityType}`, }, - functionLogMode + functionLogMode, ); } } else { @@ -337,7 +332,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Account assignment ${action} operation aborted as the principal ${principalNameToLookUp} referenced is not found in identity store`, }, - functionLogMode + functionLogMode, ); } } else { @@ -350,7 +345,7 @@ export const handler = async (event: SNSEvent) => { relatedData: linkData, statusMessage: `Account assignment ${action} operation aborted as the permission set ${permissionsetName} referenced is not yet provisioned`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -371,9 +366,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - linkDataValue + linkDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -384,7 +379,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, err.name, err.message, - linkDataValue + linkDataValue, ), }); } else { @@ -397,9 +392,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -410,7 +405,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), }); } diff --git a/lib/lambda-functions/application-handlers/src/managedPolicyQueueProcessor.ts b/lib/lambda-functions/application-handlers/src/managedPolicyQueueProcessor.ts index 9c093d7..09addd1 100644 --- a/lib/lambda-functions/application-handlers/src/managedPolicyQueueProcessor.ts +++ b/lib/lambda-functions/application-handlers/src/managedPolicyQueueProcessor.ts @@ -67,7 +67,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.InProgress, statusMessage: `Started processing managed policy queue operation`, }, - functionLogMode + functionLogMode, ); try { const message: ManagedPolicyQueueObject = JSON.parse(record.body); @@ -77,7 +77,7 @@ export const handler = async (event: SQSEvent) => { new StartExecutionCommand({ stateMachineArn: message.stateMachineArn, input: JSON.stringify(message.managedPolicyObject), - }) + }), ); logger( { @@ -87,7 +87,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.Completed, statusMessage: `Completed posting managed policy queue operation`, }, - functionLogMode + functionLogMode, ); } else if (message.managedPolicytype === "customer") { /** Customer managed policy operation */ @@ -95,7 +95,7 @@ export const handler = async (event: SQSEvent) => { new StartExecutionCommand({ stateMachineArn: message.stateMachineArn, input: JSON.stringify(message.managedPolicyObject), - }) + }), ); logger( { @@ -105,7 +105,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.Completed, statusMessage: `Completed posting managed policy queue operation`, }, - functionLogMode + functionLogMode, ); } else { logger( @@ -116,7 +116,7 @@ export const handler = async (event: SQSEvent) => { status: requestStatus.FailedWithException, statusMessage: `Managed Policy type ${message.managedPolicytype} is incorrect`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -133,9 +133,9 @@ export const handler = async (event: SQSEvent) => { handlerName, err.name, err.message, - mpName + mpName, ), - }) + }), ); logger({ handler: handlerName, @@ -146,7 +146,7 @@ export const handler = async (event: SQSEvent) => { requestId, err.name, err.message, - mpName + mpName, ), }); } else { @@ -159,9 +159,9 @@ export const handler = async (event: SQSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - mpName + mpName, ), - }) + }), ); logger({ handler: handlerName, @@ -172,11 +172,11 @@ export const handler = async (event: SQSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - mpName + mpName, ), }); } } - }) + }), ); }; diff --git a/lib/lambda-functions/application-handlers/src/orgEvents.ts b/lib/lambda-functions/application-handlers/src/orgEvents.ts index fd87692..b7d1e9c 100644 --- a/lib/lambda-functions/application-handlers/src/orgEvents.ts +++ b/lib/lambda-functions/application-handlers/src/orgEvents.ts @@ -124,7 +124,7 @@ export const tagBasedDeProvisioning = async ( instanceArn: string, passedTagKey: string, targetId: string, - requestId: string + requestId: string, ) => { logger( { @@ -135,7 +135,7 @@ export const tagBasedDeProvisioning = async ( relatedData: passedTagKey, statusMessage: `Validating if tag based de-provisioining is required for tagKey ${passedTagKey} on accountID ${targetId}`, }, - functionLogMode + functionLogMode, ); const tagKeyLookUpValue = `${passedTagKey}^${targetId}`; logger( @@ -147,7 +147,7 @@ export const tagBasedDeProvisioning = async ( relatedData: passedTagKey, statusMessage: `Querying if there are related provisioned links for this tagKeylookupValue ${tagKeyLookUpValue}`, }, - functionLogMode + functionLogMode, ); const relatedProvisionedLinks: QueryCommandOutput = await ddbDocClientObject.send( @@ -159,7 +159,7 @@ export const tagBasedDeProvisioning = async ( ExpressionAttributeValues: { ":tagKeyLookUp": tagKeyLookUpValue, }, - }) + }), ); if ( @@ -175,7 +175,7 @@ export const tagBasedDeProvisioning = async ( relatedData: passedTagKey, statusMessage: `Determined there are ${relatedProvisionedLinks.Items.length} no of related provisioned links for tagKeyLookUpValue ${tagKeyLookUpValue}`, }, - functionLogMode + functionLogMode, ); await Promise.all( @@ -203,7 +203,7 @@ export const tagBasedDeProvisioning = async ( sourceRequestId: requestId, }), MessageGroupId: targetId.slice(-1), - }) + }), ); logger( { @@ -214,9 +214,9 @@ export const tagBasedDeProvisioning = async ( relatedData: targetId, statusMessage: `Triggering a deleteAccountAssignment operation as the tag key ${passedTagKey} that provisioned this access is removed from account ${targetId}`, }, - functionLogMode + functionLogMode, ); - }) + }), ); } else { logger( @@ -228,7 +228,7 @@ export const tagBasedDeProvisioning = async ( relatedData: targetId, statusMessage: `Tag ${passedTagKey} created/updated/deleted is not part of the provisioned account assignments, so ignoring this operation`, }, - functionLogMode + functionLogMode, ); } }; @@ -240,7 +240,7 @@ export const orgEventProvisioning = async ( entityData: string, entityType: string, identityStoreId: string, - requestId: string + requestId: string, ) => { let tagKeyLookupValue = "none"; logger( @@ -252,7 +252,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Initiating org events triggered provisioning for entityType ${entityType} , entityData ${entityData} for accountID ${targetId} and action ${actionType}`, }, - functionLogMode + functionLogMode, ); if (entityType === "account_tag") { @@ -266,7 +266,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Updated tagKeyLookUpValue to ${tagKeyLookupValue} as entityType is account_tag`, }, - functionLogMode + functionLogMode, ); } @@ -277,7 +277,7 @@ export const orgEventProvisioning = async ( KeyConditionExpression: "#awsEntityData = :awsEntityData", ExpressionAttributeNames: { "#awsEntityData": "awsEntityData" }, ExpressionAttributeValues: { ":awsEntityData": entityData }, - }) + }), ); if (relatedLinks.Items && relatedLinks.Items?.length !== 0) { @@ -290,7 +290,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Determined there are ${relatedLinks.Items.length} no of related account assignment operations for entityData ${entityData}`, }, - functionLogMode + functionLogMode, ); await Promise.all( relatedLinks.Items.map(async (Item) => { @@ -302,7 +302,7 @@ export const orgEventProvisioning = async ( Key: { permissionSetName: Item.permissionSetName, }, - }) + }), ); if (permissionSetFetch.Item) { let principalNameToLookUp = principalName; @@ -315,7 +315,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Computed principalNametoLookup as ${principalNameToLookUp}`, }, - functionLogMode + functionLogMode, ); if (adUsed === "true" && domainName !== "") { @@ -329,14 +329,14 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Deployment uses AD for SSO identity store, using domainName ${domainName}, computed principalNametoLookup as ${principalNameToLookUp}`, }, - functionLogMode + functionLogMode, ); } const principalId = await resolvePrincipal( identityStoreId, identityStoreClientObject, principalType, - principalNameToLookUp + principalNameToLookUp, ); if (principalId !== "0") { @@ -349,7 +349,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `For principal ${principalNameToLookUp} , resolved principal ID as ${principalId} from AWS IAM Identity Center Identity store`, }, - functionLogMode + functionLogMode, ); const staticSSOPayload: StaticSSOPayload = { InstanceArn: instanceArn + "", @@ -372,7 +372,7 @@ export const orgEventProvisioning = async ( sourceRequestId: requestId, }), MessageGroupId: targetId.slice(-1), - }) + }), ); logger( @@ -384,7 +384,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Posted ${actionType} operation to account assignments handler for accountID ${targetId} , permissionSetArn ${permissionSetFetch.Item.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); } else { logger( @@ -396,7 +396,7 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Ignoring this org event triggered account assignment operation as related principals are not found`, }, - functionLogMode + functionLogMode, ); } } else { @@ -409,10 +409,10 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Ignoring this org event triggered account assignment operation as related permission sets are not found`, }, - functionLogMode + functionLogMode, ); } - }) + }), ); } else if (entityType === "account_tag") { logger( @@ -424,13 +424,13 @@ export const orgEventProvisioning = async ( relatedData: entityData, statusMessage: `Conducting de-provisioning check for entityData ${entityData} on targetaccountID ${targetId} as an account tag is now updated`, }, - functionLogMode + functionLogMode, ); await tagBasedDeProvisioning( instanceArn, entityData.split("^")[0], targetId, - requestId + requestId, ); } else { // No related links for the org event being processed @@ -450,7 +450,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Initiating org event triggered account assignment operation`, }, - functionLogMode + functionLogMode, ); const resolvedInstances: ListInstancesCommandOutput = @@ -467,7 +467,7 @@ export const handler = async (event: SNSEvent) => { relatedData: identityStoreId, statusMessage: `Resolved identityStoreID ${identityStoreId} for instanceArn ${instanceArn}`, }, - functionLogMode + functionLogMode, ); if (message.detail.eventName === "CreateAccountResult") { @@ -481,7 +481,7 @@ export const handler = async (event: SNSEvent) => { message.detail.serviceEventDetails.createAccountStatus.accountId, statusMessage: `Triggered createAccountResult based provisioning logic for accountID ${message.detail.serviceEventDetails.createAccountStatus.accountId} and scope type as root`, }, - functionLogMode + functionLogMode, ); orgEventDataValue = `createAccount for accountID ${message.detail.serviceEventDetails.createAccountStatus.accountId}`; await orgEventProvisioning( @@ -491,7 +491,7 @@ export const handler = async (event: SNSEvent) => { "all", "root", identityStoreId, - requestId + requestId, ); } else if (message.detail.eventName === "MoveAccount") { /** @@ -513,7 +513,7 @@ export const handler = async (event: SNSEvent) => { relatedData: message.detail.requestParameters.accountId, statusMessage: `Triggered MoveAccount based provisioning logic for accountID ${message.detail.requestParameters.accountId}`, }, - functionLogMode + functionLogMode, ); orgEventDataValue = `moveAccount for account moving from old OU_ID ${message.detail.requestParameters.sourceParentId} to new OU_ID ${message.detail.requestParameters.destinationParentId}`; @@ -530,7 +530,7 @@ export const handler = async (event: SNSEvent) => { relatedData: message.detail.requestParameters.accountId, statusMessage: `Compueted old Parents List`, }, - functionLogMode + functionLogMode, ); logger( { @@ -541,7 +541,7 @@ export const handler = async (event: SNSEvent) => { relatedData: message.detail.requestParameters.accountId, statusMessage: `Compueted new Parents List`, }, - functionLogMode + functionLogMode, ); if (supportNestedOU === "true") { @@ -554,7 +554,7 @@ export const handler = async (event: SNSEvent) => { relatedData: message.detail.requestParameters.accountId, statusMessage: `Nested OU support enabled, traversing through the org tree for delta`, }, - functionLogMode + functionLogMode, ); /** * Orgs API listParents call only returns the parent up to one level up. @@ -574,7 +574,7 @@ export const handler = async (event: SNSEvent) => { relatedData: message.detail.requestParameters.accountId, statusMessage: `Validated that sourceParent is not a root, so traversing all the result OU's from old parent`, }, - functionLogMode + functionLogMode, ); let loop = true; let previousParentId = @@ -583,7 +583,7 @@ export const handler = async (event: SNSEvent) => { const currentParentOutput = await organizationsClientObject.send( new ListParentsCommand({ ChildId: previousParentId, - }) + }), ); if (currentParentOutput.Parents) { @@ -615,7 +615,7 @@ export const handler = async (event: SNSEvent) => { relatedData: message.detail.requestParameters.accountId, statusMessage: `Validated that destinationParent is not a root, so traversing all the result OU's from new parent`, }, - functionLogMode + functionLogMode, ); let loop = true; let previousParentId = @@ -624,7 +624,7 @@ export const handler = async (event: SNSEvent) => { const currentParentOutput = await organizationsClientObject.send( new ListParentsCommand({ ChildId: previousParentId, - }) + }), ); if (currentParentOutput.Parents) { @@ -643,18 +643,18 @@ export const handler = async (event: SNSEvent) => { } /** Remove root parents from both old and new parents list */ oldParentsList = oldParentsList.filter( - (parent) => !parent.match(/r-.*/) + (parent) => !parent.match(/r-.*/), ); newParentsList = newParentsList.filter( - (parent) => !parent.match(/r-.*/) + (parent) => !parent.match(/r-.*/), ); } const parentsToRemove: Array = oldParentsList.filter( - (parent) => !newParentsList.includes(parent) + (parent) => !newParentsList.includes(parent), ); const parentsToAdd: Array = newParentsList.filter( - (parent) => !oldParentsList.includes(parent) + (parent) => !oldParentsList.includes(parent), ); logger( { @@ -664,10 +664,10 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, requestId: requestId, statusMessage: `OrgEvents - account move, list of OU ID's calculated for de-provisioning: ${JSON.stringify( - parentsToRemove + parentsToRemove, )}`, }, - functionLogMode + functionLogMode, ); logger( { @@ -677,10 +677,10 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, requestId: requestId, statusMessage: `OrgEvents - account move, list of OU ID's calculated for provisioning: ${JSON.stringify( - parentsToAdd + parentsToAdd, )}`, }, - functionLogMode + functionLogMode, ); /** * Start processing deletion of any related account assignments for old @@ -696,7 +696,7 @@ export const handler = async (event: SNSEvent) => { requestId: requestId, statusMessage: `Processing delete for any related accountassignment for ou_id ${parent}`, }, - functionLogMode + functionLogMode, ); await orgEventProvisioning( instanceArn, @@ -705,7 +705,7 @@ export const handler = async (event: SNSEvent) => { parent, "ou_id", identityStoreId, - requestId + requestId, ); } /** @@ -722,7 +722,7 @@ export const handler = async (event: SNSEvent) => { requestId: requestId, statusMessage: `Processing add for any related accountassignment for ou_id ${parent}`, }, - functionLogMode + functionLogMode, ); await orgEventProvisioning( instanceArn, @@ -731,7 +731,7 @@ export const handler = async (event: SNSEvent) => { parent, "ou_id", identityStoreId, - requestId + requestId, ); } } else if (message["detail-type"] === "Tag Change on Resource") { @@ -757,7 +757,7 @@ export const handler = async (event: SNSEvent) => { const { tags } = detail; const changedTagKeys = detail["changed-tag-keys"]; orgEventDataValue = `tagChange on resource for changedTagKeys ${JSON.stringify( - changedTagKeys + changedTagKeys, )}`; await Promise.all( changedTagKeys.map(async (changedTagKey: string) => { @@ -772,13 +772,13 @@ export const handler = async (event: SNSEvent) => { requestId: requestId, statusMessage: `Determined tag change is a delta operation`, }, - functionLogMode + functionLogMode, ); await tagBasedDeProvisioning( instanceArn, changedTagKey, resources[0].split("/")[2], - requestId + requestId, ); } else if ( Object.prototype.hasOwnProperty.call(tags, changedTagKey) @@ -793,7 +793,7 @@ export const handler = async (event: SNSEvent) => { requestId: requestId, statusMessage: `Determined tag change is a create/update operation`, }, - functionLogMode + functionLogMode, ); const tagValue = tags[`${changedTagKey}`]; await orgEventProvisioning( @@ -803,10 +803,10 @@ export const handler = async (event: SNSEvent) => { `${changedTagKey}^${tagValue}`, "account_tag", identityStoreId, - requestId + requestId, ); } - }) + }), ); } } catch (err) { @@ -827,9 +827,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - orgEventDataValue + orgEventDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -840,7 +840,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, err.name, err.message, - orgEventDataValue + orgEventDataValue, ), }); } else { @@ -853,9 +853,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - orgEventDataValue + orgEventDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -866,7 +866,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, "Unhandled exception", JSON.stringify(err), - orgEventDataValue + orgEventDataValue, ), }); } diff --git a/lib/lambda-functions/application-handlers/src/permissionSetSync.ts b/lib/lambda-functions/application-handlers/src/permissionSetSync.ts index 89233a1..180d41a 100644 --- a/lib/lambda-functions/application-handlers/src/permissionSetSync.ts +++ b/lib/lambda-functions/application-handlers/src/permissionSetSync.ts @@ -126,7 +126,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Initiating permission set sync check logic`, }, - functionLogMode + functionLogMode, ); try { const message = JSON.parse(event.Records[0].Sns.Message); @@ -140,7 +140,7 @@ export const handler = async (event: SNSEvent) => { ExpressionAttributeValues: { ":permissionSetName": message.permission_set_name, }, - }) + }), ); logger( { @@ -151,7 +151,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Validating if there are related account assignment links for this permission set`, }, - functionLogMode + functionLogMode, ); if (relatedLinks.Items && relatedLinks.Items.length !== 0) { @@ -164,7 +164,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolved that there are ${relatedLinks.Items.length} no of account assignments for this permission set`, }, - functionLogMode + functionLogMode, ); const resolvedInstances: ListInstancesCommandOutput = await ssoAdminClientObject.send(new ListInstancesCommand({})); @@ -180,7 +180,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolved instanceArn as ${instanceArn} and identityStoreId as ${identityStoreId}`, }, - functionLogMode + functionLogMode, ); await Promise.all( @@ -198,13 +198,13 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Compputed principalName as ${principalNameToLookUp} for looking up in identity store`, }, - functionLogMode + functionLogMode, ); const principalId = await resolvePrincipal( identityStoreId, identityStoreClientObject, Item.principalType, - principalNameToLookUp + principalNameToLookUp, ); const staticSSOPayload: StaticSSOPayload = { InstanceArn: instanceArn, @@ -221,7 +221,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolved principalId as ${principalId} for principalName ${principalNameToLookUp}`, }, - functionLogMode + functionLogMode, ); if (Item.awsEntityType === "account") { await sqsClientObject.send( @@ -240,7 +240,7 @@ export const handler = async (event: SNSEvent) => { sourceRequestId: requestId, }), MessageGroupId: Item.awsEntityData.slice(-1), - }) + }), ); logger( { @@ -251,7 +251,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Triggered permission set based account assignment create for accountId ${Item.awsEntityData} tagged to principalID ${principalId}`, }, - functionLogMode + functionLogMode, ); } else if ( Item.awsEntityType === "ou_id" || @@ -276,7 +276,7 @@ export const handler = async (event: SNSEvent) => { stateMachinePayload, Item.awsEntityData, processTargetAccountSMArn + "", - sfnClientObject + sfnClientObject, ); logger( { @@ -287,7 +287,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Triggered state machine for non-account assignment create for entityType ${Item.awsEntityType} with entityData ${Item.awsEntityData}`, }, - functionLogMode + functionLogMode, ); } } else { @@ -300,10 +300,10 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `No related principals found, completing permission set sync operation`, }, - functionLogMode + functionLogMode, ); } - }) + }), ); } else { logger( @@ -315,7 +315,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `No related account assignments found, completing permission set sync operation`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -336,9 +336,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - permissionSetName + permissionSetName, ), - }) + }), ); logger({ handler: handlerName, @@ -349,7 +349,7 @@ export const handler = async (event: SNSEvent) => { requestId, err.name, err.message, - permissionSetName + permissionSetName, ), }); } else { @@ -362,9 +362,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - permissionSetName + permissionSetName, ), - }) + }), ); logger({ handler: handlerName, @@ -375,7 +375,7 @@ export const handler = async (event: SNSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - permissionSetName + permissionSetName, ), }); } diff --git a/lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts b/lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts index 89daa32..722db86 100644 --- a/lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts +++ b/lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts @@ -150,7 +150,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Initiating permission set CRUD logic`, }, - functionLogMode + functionLogMode, ); const resolvedInstances: ListInstancesCommandOutput = await ssoAdminClientObject.send(new ListInstancesCommand({})); @@ -164,7 +164,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolved instanceArn as ${instanceArn}`, }, - functionLogMode + functionLogMode, ); let permissionSetArn = ""; let syncPermissionSet = false; @@ -186,7 +186,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined permission set operation is of type ${message.action}`, }, - functionLogMode + functionLogMode, ); const fetchPermissionSet: GetCommandOutput = await ddbDocClientObject.send( @@ -195,7 +195,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName, }, - }) + }), ); if (fetchPermissionSet.Item) { logger( @@ -207,7 +207,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that permission set exists`, }, - functionLogMode + functionLogMode, ); const currentItem = fetchPermissionSet.Item; if (message.action === "create") { @@ -218,7 +218,7 @@ export const handler = async (event: SNSEvent) => { Description: currentItem.description ? currentItem.description : permissionSetName, - }) + }), ); logger( { @@ -229,7 +229,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Triggered create operation for permissionSet in AWS IAM Identity Center`, }, - functionLogMode + functionLogMode, ); permissionSetArn = @@ -243,7 +243,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `createPermissionSet operation returned permissionSetArn as ${permissionSetArn}`, }, - functionLogMode + functionLogMode, ); /** * Update relayState and sessionDuration if they match length greater @@ -269,7 +269,7 @@ export const handler = async (event: SNSEvent) => { SessionDuration: serializeDurationToISOFormat({ minutes: parseInt(currentItem.sessionDurationInMinutes), }), - }) + }), ); logger( { @@ -280,7 +280,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Updated relayState and sessionDuration for permissionSet create operation`, }, - functionLogMode + functionLogMode, ); } else if ( currentItem.relayState && @@ -291,7 +291,7 @@ export const handler = async (event: SNSEvent) => { InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, RelayState: currentItem.relayState, - }) + }), ); logger( { @@ -302,7 +302,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Updated relayState for permissionSet create operation`, }, - functionLogMode + functionLogMode, ); } else if ( currentItem.sessionDurationInMinutes && @@ -315,7 +315,7 @@ export const handler = async (event: SNSEvent) => { SessionDuration: serializeDurationToISOFormat({ minutes: parseInt(currentItem.sessionDurationInMinutes), }), - }) + }), ); logger( { @@ -326,7 +326,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Updated sessionDuration for permissionSet create operation`, }, - functionLogMode + functionLogMode, ); } } @@ -341,7 +341,7 @@ export const handler = async (event: SNSEvent) => { ExpressionAttributeValues: { ":arnvalue": createOp.PermissionSet?.PermissionSetArn?.toString(), }, - }) + }), ); logger( { @@ -352,7 +352,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Updated solution persistence with arn value for permission set create operation`, }, - functionLogMode + functionLogMode, ); if (currentItem.tags.length !== 0) { await ssoAdminClientObject.send( @@ -360,7 +360,7 @@ export const handler = async (event: SNSEvent) => { InstanceArn: instanceArn, ResourceArn: createOp.PermissionSet?.PermissionSetArn?.toString(), Tags: currentItem.tags, - }) + }), ); logger( { @@ -371,7 +371,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Updated tags for permissionSet create operation`, }, - functionLogMode + functionLogMode, ); } if ( @@ -397,7 +397,7 @@ export const handler = async (event: SNSEvent) => { QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify(managedPolicyPayload), MessageGroupId: `${permissionSetName}-aws`, - }) + }), ); logger( @@ -409,7 +409,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Managed policies attached for permissionSet create operation`, }, - functionLogMode + functionLogMode, ); } if ( @@ -436,7 +436,7 @@ export const handler = async (event: SNSEvent) => { QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify(customerManagedPolicyPayload), MessageGroupId: `${permissionSetName}-customer`, - }) + }), ); logger( @@ -448,7 +448,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Customer managed policies attached for permissionSet create operation`, }, - functionLogMode + functionLogMode, ); } @@ -460,7 +460,7 @@ export const handler = async (event: SNSEvent) => { InlinePolicy: JSON.stringify(currentItem.inlinePolicyDocument), PermissionSetArn: createOp.PermissionSet?.PermissionSetArn?.toString(), - }) + }), ); logger( { @@ -471,7 +471,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Inline policy created for permission set create operation`, }, - functionLogMode + functionLogMode, ); } } @@ -484,7 +484,7 @@ export const handler = async (event: SNSEvent) => { PermissionSetArn: createOp.PermissionSet?.PermissionSetArn?.toString(), PermissionsBoundary: { ...currentItem.permissionsBoundary }, - }) + }), ); logger( { @@ -495,7 +495,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Permissions Boundary attached for permission set create operation`, }, - functionLogMode + functionLogMode, ); } } @@ -510,7 +510,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `permissionSet create operation completed`, }, - functionLogMode + functionLogMode, ); } else if (message.action === "update") { const oldItem = message.oldPermissionSetData; @@ -553,7 +553,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `calculating delta for permissionSet update operation`, }, - functionLogMode + functionLogMode, ); const diffCalculated = diff(oldItem, currentItem); @@ -568,7 +568,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `No delta determined for permissionSet update operation, completing update operation`, }, - functionLogMode + functionLogMode, ); } else { const fetchArn: GetCommandOutput = await ddbDocClientObject.send( @@ -577,7 +577,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName, }, - }) + }), ); if (fetchArn.Item) { logger( @@ -589,7 +589,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `objectArn found, progressing with delta for permission Set update operation`, }, - functionLogMode + functionLogMode, ); if ( currentItem.sessionDurationInMinutes && @@ -639,7 +639,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determining delta for switchKey ${switchKey} as part of permissionSet update operation`, }, - functionLogMode + functionLogMode, ); switch (switchKey) { @@ -664,7 +664,7 @@ export const handler = async (event: SNSEvent) => { QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify(managedPolicyPayload), MessageGroupId: `${permissionSetName}-aws`, - }) + }), ); reProvision = true; logger( @@ -676,7 +676,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `added managed policies for permission Set update operation`, }, - functionLogMode + functionLogMode, ); break; @@ -702,7 +702,7 @@ export const handler = async (event: SNSEvent) => { QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify(managedPolicyPayload), MessageGroupId: `${permissionSetName}-aws`, - }) + }), ); reProvision = true; logger( @@ -714,7 +714,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed managed policies for permission Set update operation`, }, - functionLogMode + functionLogMode, ); break; @@ -740,14 +740,14 @@ export const handler = async (event: SNSEvent) => { changeArray.map(async (changeItem) => { if (changeItem.toString().split(",")[0] === "+") { changeSettoAdd.push( - changeItem.toString().split(",")[1] + changeItem.toString().split(",")[1], ); } else if (changeItem.toString().split(",")[0] === "-") { changeSettoRemove.push( - changeItem.toString().split(",")[1] + changeItem.toString().split(",")[1], ); } - }) + }), ); if (changeSettoRemove.length > 0) { const managedPolicyPayload: ManagedPolicyQueueObject = { @@ -768,7 +768,7 @@ export const handler = async (event: SNSEvent) => { QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify(managedPolicyPayload), MessageGroupId: `${permissionSetName}-aws`, - }) + }), ); reProvision = true; @@ -781,7 +781,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed managed policies from changeSet calculated for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } if (changeSettoAdd.length > 0) { @@ -803,7 +803,7 @@ export const handler = async (event: SNSEvent) => { QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify(managedPolicyPayload), MessageGroupId: `${permissionSetName}-aws`, - }) + }), ); logger( { @@ -814,7 +814,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `added managed policies from changeSet calculated for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; @@ -842,10 +842,10 @@ export const handler = async (event: SNSEvent) => { new SendMessageCommand({ QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify( - customerManagedPolicyPayload + customerManagedPolicyPayload, ), MessageGroupId: `${permissionSetName}-customer`, - }) + }), ); logger( { @@ -856,7 +856,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `added customer managed policies from changeSet calculated for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; @@ -874,15 +874,19 @@ export const handler = async (event: SNSEvent) => { oldCustomerManagedPolicies.filter((cmp1) => newCustomerManagedPolicies.every( (cmp2) => - !(cmp2.Name.toLowerCase() === cmp1.Name.toLowerCase()) - ) + !( + cmp2.Name.toLowerCase() === cmp1.Name.toLowerCase() + ), + ), ); const changeSettoAdd: Array = newCustomerManagedPolicies.filter((cmp1) => oldCustomerManagedPolicies.every( (cmp2) => - !(cmp2.Name.toLowerCase() === cmp1.Name.toLowerCase()) - ) + !( + cmp2.Name.toLowerCase() === cmp1.Name.toLowerCase() + ), + ), ); if (changeSettoRemove.length > 0) { const customerManagedPolicyPayload: ManagedPolicyQueueObject = @@ -903,10 +907,10 @@ export const handler = async (event: SNSEvent) => { new SendMessageCommand({ QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify( - customerManagedPolicyPayload + customerManagedPolicyPayload, ), MessageGroupId: `${permissionSetName}-customer`, - }) + }), ); logger( { @@ -917,7 +921,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed old customer managed policies from changeSet calculated for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; } @@ -941,10 +945,10 @@ export const handler = async (event: SNSEvent) => { new SendMessageCommand({ QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify( - customerManagedPolicyPayload + customerManagedPolicyPayload, ), MessageGroupId: `${permissionSetName}-customer`, - }) + }), ); logger( { @@ -955,7 +959,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `added customer managed policies from changeSet calculated for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; } @@ -983,10 +987,10 @@ export const handler = async (event: SNSEvent) => { new SendMessageCommand({ QueueUrl: managedPolicyQueueUrl, MessageBody: JSON.stringify( - customerManagedPolicyPayload + customerManagedPolicyPayload, ), MessageGroupId: `${permissionSetName}-customer`, - }) + }), ); logger( { @@ -997,7 +1001,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed old customer managed policies from changeSet calculated for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; } @@ -1015,7 +1019,7 @@ export const handler = async (event: SNSEvent) => { PermissionsBoundary: { ...currentItem.permissionsBoundary, }, - }) + }), ); logger( { @@ -1026,7 +1030,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `created/updated permission set boundary for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; } @@ -1037,7 +1041,7 @@ export const handler = async (event: SNSEvent) => { new DeletePermissionsBoundaryFromPermissionSetCommand({ InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, - }) + }), ); logger( { @@ -1048,7 +1052,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed permission set boundary for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; break; @@ -1063,9 +1067,9 @@ export const handler = async (event: SNSEvent) => { InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, InlinePolicy: JSON.stringify( - currentItem.inlinePolicyDocument + currentItem.inlinePolicyDocument, ), - }) + }), ); logger( { @@ -1076,7 +1080,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `created/updated inline policy document for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; @@ -1088,7 +1092,7 @@ export const handler = async (event: SNSEvent) => { new DeleteInlinePolicyFromPermissionSetCommand({ InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, - }) + }), ); logger( { @@ -1099,7 +1103,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed inlinePolicy document for permission Set update operation`, }, - functionLogMode + functionLogMode, ); reProvision = true; @@ -1125,7 +1129,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `set flag for updating permission set attributes as part of permission Set update operation`, }, - functionLogMode + functionLogMode, ); break; @@ -1136,7 +1140,7 @@ export const handler = async (event: SNSEvent) => { InstanceArn: instanceArn, ResourceArn: permissionSetArn, Tags: currentItem.tags, - }) + }), ); logger( { @@ -1147,7 +1151,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `added tags for permission Set update operation`, }, - functionLogMode + functionLogMode, ); break; @@ -1164,14 +1168,14 @@ export const handler = async (event: SNSEvent) => { await Promise.all( oldItem.tags.map(async (tag: Tag) => { tagKeysToRemove.push(tag.Key?.toString() + ""); - }) + }), ); await ssoAdminClientObject.send( new UntagResourceCommand({ InstanceArn: instanceArn, ResourceArn: permissionSetArn, TagKeys: tagKeysToRemove, - }) + }), ); logger( { @@ -1182,7 +1186,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `removed old tags for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } if (switchKey === "tags-update" && currentItem.tags) { @@ -1191,7 +1195,7 @@ export const handler = async (event: SNSEvent) => { InstanceArn: instanceArn, ResourceArn: permissionSetArn, Tags: currentItem.tags, - }) + }), ); logger( { @@ -1202,7 +1206,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `added new tags for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } break; @@ -1217,7 +1221,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.FailedWithException, statusMessage: `unknown switch key found for permissionSet update operation ${switchKey}`, }, - functionLogMode + functionLogMode, ); } } @@ -1230,7 +1234,7 @@ export const handler = async (event: SNSEvent) => { PermissionSetArn: permissionSetArn, InstanceArn: instanceArn, Description: currentPermissionSetDescription, - }) + }), ); logger( { @@ -1241,7 +1245,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `updated permission set attributes for permission Set update operation`, }, - functionLogMode + functionLogMode, ); /** @@ -1263,7 +1267,7 @@ export const handler = async (event: SNSEvent) => { SessionDuration: serializeDurationToISOFormat({ minutes: parseInt(currentSessionDuration), }), - }) + }), ); logger( { @@ -1274,7 +1278,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `updated relayState and currentSessionDuration for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } else if (relayStatePresent) { await ssoAdminClientObject.send( @@ -1282,7 +1286,7 @@ export const handler = async (event: SNSEvent) => { PermissionSetArn: permissionSetArn, InstanceArn: instanceArn, RelayState: currentRelayState, - }) + }), ); logger( { @@ -1293,7 +1297,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `updated relayState for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } else if (sessionDurationPresent) { await ssoAdminClientObject.send( @@ -1303,7 +1307,7 @@ export const handler = async (event: SNSEvent) => { SessionDuration: serializeDurationToISOFormat({ minutes: parseInt(currentSessionDuration), }), - }) + }), ); logger( { @@ -1314,7 +1318,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `updated sessionDuration for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } } @@ -1332,7 +1336,7 @@ export const handler = async (event: SNSEvent) => { new ListAccountsForProvisionedPermissionSetCommand({ InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, - }) + }), ); if (fetchAccountsList.AccountIds?.length !== 0) { const reProvisionOp = await ssoAdminClientObject.send( @@ -1340,7 +1344,7 @@ export const handler = async (event: SNSEvent) => { InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, TargetType: "ALL_PROVISIONED_ACCOUNTS", - }) + }), ); logger( { @@ -1351,7 +1355,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `triggered re-provisioning for permission Set update operation`, }, - functionLogMode + functionLogMode, ); await waitUntilPermissionSetProvisioned( @@ -1364,7 +1368,7 @@ export const handler = async (event: SNSEvent) => { ProvisionPermissionSetRequestId: reProvisionOp.PermissionSetProvisioningStatus?.RequestId, }, - permissionSetName + permissionSetName, ); logger( { @@ -1375,7 +1379,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `re-provisioning operation completed for permission Set update operation`, }, - functionLogMode + functionLogMode, ); } } @@ -1393,7 +1397,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `permission Set update operation completed`, }, - functionLogMode + functionLogMode, ); } } else if (message.action === "delete") { @@ -1406,7 +1410,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `permission Set delete operation started`, }, - functionLogMode + functionLogMode, ); const fetchArn = await ddbDocClientObject.send( new GetCommand({ @@ -1414,7 +1418,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName, }, - }) + }), ); if (fetchArn.Item) { permissionSetArn = fetchArn.Item.permissionSetArn; @@ -1422,7 +1426,7 @@ export const handler = async (event: SNSEvent) => { new DeletePermissionSetCommand({ InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, - }) + }), ); await ddbDocClientObject.send( new DeleteCommand({ @@ -1430,7 +1434,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName, }, - }) + }), ); await ddbDocClientObject.send( new DeleteCommand({ @@ -1438,7 +1442,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName, }, - }) + }), ); logger( { @@ -1449,7 +1453,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `permission Set delete operation completed`, }, - functionLogMode + functionLogMode, ); } logger( @@ -1461,7 +1465,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Aborted, statusMessage: `permission Set delete operation ignored as no reference found`, }, - functionLogMode + functionLogMode, ); } @@ -1473,7 +1477,7 @@ export const handler = async (event: SNSEvent) => { permission_set_name: permissionSetName, permission_set_arn: permissionSetArn, }), - }) + }), ); } } else { @@ -1486,7 +1490,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `permission Set ${message.action} operation completed - no reference found for current Item`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -1504,9 +1508,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - permissionSetNameValue + permissionSetNameValue, ), - }) + }), ); logger({ handler: handlerName, @@ -1517,7 +1521,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, err.name, err.message, - permissionSetNameValue + permissionSetNameValue, ), }); } else { @@ -1530,9 +1534,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - permissionSetNameValue + permissionSetNameValue, ), - }) + }), ); logger({ handler: handlerName, @@ -1543,7 +1547,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, "Unhandled exception", JSON.stringify(err), - permissionSetNameValue + permissionSetNameValue, ), }); } diff --git a/lib/lambda-functions/application-handlers/src/processTargetAccountSMListener.ts b/lib/lambda-functions/application-handlers/src/processTargetAccountSMListener.ts index 6f97c7f..07a5981 100644 --- a/lib/lambda-functions/application-handlers/src/processTargetAccountSMListener.ts +++ b/lib/lambda-functions/application-handlers/src/processTargetAccountSMListener.ts @@ -65,7 +65,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Processing SQS payload post for account assignment operation - ${message.action}`, }, - functionLogMode + functionLogMode, ); await sqsClientObject.send( @@ -86,7 +86,7 @@ export const handler = async (event: SNSEvent) => { sourceRequestId: message.sourceRequestId, }), MessageGroupId: targetId.slice(-1), - }) + }), ); logger( { @@ -97,7 +97,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Posted account assignment operation - ${message.action} for targetId ${targetId} and permissionSetArn ${message.permissionSetArn} and principalId ${message.principalId} and principalType ${message.principalType}`, }, - functionLogMode + functionLogMode, ); } catch (err) { if ( @@ -113,9 +113,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - targetIdValue + targetIdValue, ), - }) + }), ); logger({ handler: handlerName, @@ -126,7 +126,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, err.name, err.message, - targetIdValue + targetIdValue, ), }); } else { @@ -139,9 +139,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - targetIdValue + targetIdValue, ), - }) + }), ); logger({ handler: handlerName, @@ -152,7 +152,7 @@ export const handler = async (event: SNSEvent) => { requestIdValue, "Unhandled exception", JSON.stringify(err), - targetIdValue + targetIdValue, ), }); } diff --git a/lib/lambda-functions/application-handlers/src/usersCud.ts b/lib/lambda-functions/application-handlers/src/usersCud.ts index 4211fb8..2e6a87a 100644 --- a/lib/lambda-functions/application-handlers/src/usersCud.ts +++ b/lib/lambda-functions/application-handlers/src/usersCud.ts @@ -132,7 +132,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Processing user CRUD triggered operaiton ${eventDetailValue}`, }, - functionLogMode + functionLogMode, ); const resolvedInstances: ListInstancesCommandOutput = @@ -148,7 +148,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Resolved instanceArn as ${instanceArn} and identityStoreId as ${identityStoreId}`, }, - functionLogMode + functionLogMode, ); const staticSSOPayload: StaticSSOPayload = { @@ -175,7 +175,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined ${message.detail.eventName} operation is triggered for user ${userId}`, }, - functionLogMode + functionLogMode, ); const describeUserResult: DescribeUserCommandOutput = @@ -183,7 +183,7 @@ export const handler = async (event: SNSEvent) => { new DescribeUserCommand({ IdentityStoreId: identityStoreId, UserId: userId, - }) + }), ); if (describeUserResult) { userName = describeUserResult.UserName + ""; @@ -196,7 +196,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined ${message.detail.eventName} operation is triggered for user ${userId} with userName ${userName}`, }, - functionLogMode + functionLogMode, ); } @@ -211,7 +211,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Triggering logic for ${message.detail.eventName} operation with user ${userId} and user name ${userName}`, }, - functionLogMode + functionLogMode, ); const relatedLinks: QueryCommandOutput = await ddbDocClientObject.send( @@ -223,7 +223,7 @@ export const handler = async (event: SNSEvent) => { KeyConditionExpression: "#principalName = :principalName", ExpressionAttributeNames: { "#principalName": "principalName" }, ExpressionAttributeValues: { ":principalName": userName }, - }) + }), ); if (relatedLinks.Items && relatedLinks.Items?.length !== 0) { @@ -236,7 +236,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined there are ${relatedLinks.Items.length} no of related links that are associated with this eventDetailValue`, }, - functionLogMode + functionLogMode, ); await Promise.all( relatedLinks.Items?.map(async (Item) => { @@ -248,7 +248,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName: permissionSetName, }, - }) + }), ); if (permissionSetFetch.Item) { const { permissionSetArn } = permissionSetFetch.Item; @@ -269,7 +269,7 @@ export const handler = async (event: SNSEvent) => { sourceRequestId: requestId, }), MessageGroupId: awsEntityData.slice(-1), - }) + }), ); logger( { @@ -280,7 +280,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Sent create type payload to account assignment processing queue`, }, - functionLogMode + functionLogMode, ); } else if ( awsEntityType === "ou_id" || @@ -305,7 +305,7 @@ export const handler = async (event: SNSEvent) => { stateMachinePayload, awsEntityData, processTargetAccountSMArn + "", - sfnClientObject + sfnClientObject, ); logger( { @@ -316,7 +316,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Sent create type payload to targetAccount state machine for resolving target account assignments`, }, - functionLogMode + functionLogMode, ); } } else { @@ -330,10 +330,10 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Permission set ${permissionSetName} referenced in the assoicated link does not exist, so completing the operation`, }, - functionLogMode + functionLogMode, ); } - }) + }), ); } else { // No related links for the user being processed @@ -346,7 +346,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `No related links found, so completing the operation`, }, - functionLogMode + functionLogMode, ); } } else if (message.detail.eventName === "DeleteUser") { @@ -359,7 +359,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `DeleteUser operation - no actions being done as the user is deleted directly`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -380,9 +380,9 @@ export const handler = async (event: SNSEvent) => { handlerName, err.name, err.message, - eventDetailValue + eventDetailValue, ), - }) + }), ); logger({ handler: handlerName, @@ -393,7 +393,7 @@ export const handler = async (event: SNSEvent) => { requestId, err.name, err.message, - eventDetailValue + eventDetailValue, ), }); } else { @@ -406,9 +406,9 @@ export const handler = async (event: SNSEvent) => { handlerName, "Unhandled exception", JSON.stringify(err), - eventDetailValue + eventDetailValue, ), - }) + }), ); logger({ handler: handlerName, @@ -419,7 +419,7 @@ export const handler = async (event: SNSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - eventDetailValue + eventDetailValue, ), }); } diff --git a/lib/lambda-functions/current-config-handlers/src/import-account-assignments.ts b/lib/lambda-functions/current-config-handlers/src/import-account-assignments.ts index 0332b13..d7dd124 100644 --- a/lib/lambda-functions/current-config-handlers/src/import-account-assignments.ts +++ b/lib/lambda-functions/current-config-handlers/src/import-account-assignments.ts @@ -60,7 +60,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Started processing account assignment import operation`, }, - functionLogMode + functionLogMode, ); try { @@ -82,7 +82,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Parsed SNS payload `, }, - functionLogMode + functionLogMode, ); if (message.triggerSource === "CloudFormation") { logger( @@ -95,7 +95,7 @@ export const handler = async (event: SNSEvent) => { sourceRequestId: sourceRequestIdValue, statusMessage: `Determined operation is for config import`, }, - functionLogMode + functionLogMode, ); const provisionedLinks: GetCommandOutput = await ddbDocClientObject.send( new GetCommand({ @@ -103,7 +103,7 @@ export const handler = async (event: SNSEvent) => { Key: { parentLink: provisionedLinksKey, }, - }) + }), ); if (provisionedLinks.Item) { logger( @@ -116,7 +116,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Account assignment already exists, not importing again`, }, - functionLogMode + functionLogMode, ); } else { logger( @@ -129,7 +129,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that the account assignment does not exist yet, updating the solution persistence`, }, - functionLogMode + functionLogMode, ); const linkParams: LinkData = { awsEntityId: `account%${message.linkPayload.awsEntityData}%${message.linkPayload.permissionSetName}%${message.entityName}%${message.entityType}%ssofile`, @@ -144,7 +144,7 @@ export const handler = async (event: SNSEvent) => { Bucket: artefactsBucketName, Key: `links_data/${linkParams.awsEntityId}`, ServerSideEncryption: "AES256", - }) + }), ); await ddbDocClientObject.send( new PutCommand({ @@ -152,7 +152,7 @@ export const handler = async (event: SNSEvent) => { Item: { ...linkParams, }, - }) + }), ); await ddbClientObject.send( new PutCommand({ @@ -162,7 +162,7 @@ export const handler = async (event: SNSEvent) => { tagKeyLookUp: "none", principalType: message.entityType, }, - }) + }), ); logger( { @@ -174,7 +174,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Account assignment did not exist, so updated S3 and both provisioned links and links tables in DDB`, }, - functionLogMode + functionLogMode, ); } } else { @@ -188,7 +188,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Aborted, statusMessage: `Account assignment operation aborted as the operation type is unknown`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -205,7 +205,7 @@ export const handler = async (event: SNSEvent) => { requestId, err.name, err.message, - linkKeyValue + linkKeyValue, ), }); } else { @@ -218,7 +218,7 @@ export const handler = async (event: SNSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - linkKeyValue + linkKeyValue, ), }); } diff --git a/lib/lambda-functions/current-config-handlers/src/import-customermanagedpolicies-permissionsboundary.ts b/lib/lambda-functions/current-config-handlers/src/import-customermanagedpolicies-permissionsboundary.ts index b417040..1e581d7 100644 --- a/lib/lambda-functions/current-config-handlers/src/import-customermanagedpolicies-permissionsboundary.ts +++ b/lib/lambda-functions/current-config-handlers/src/import-customermanagedpolicies-permissionsboundary.ts @@ -37,7 +37,7 @@ export const handler = async (event: DescribeCmpAndPb) => { status: requestStatus.InProgress, statusMessage: `AWS IAM Identity Center customer managed policy import started for permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); try { if (event.objectToDescribe === "customerManagedPolicy") { @@ -46,7 +46,7 @@ export const handler = async (event: DescribeCmpAndPb) => { InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, MaxResults: 10, - }) + }), ); logger({ handler: handlerName, @@ -63,7 +63,7 @@ export const handler = async (event: DescribeCmpAndPb) => { new GetPermissionsBoundaryForPermissionSetCommand({ InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); logger({ handler: handlerName, @@ -116,7 +116,7 @@ export const handler = async (event: DescribeCmpAndPb) => { "", error.name, error.message, - permissionSetName + permissionSetName, ), }); return { @@ -133,7 +133,7 @@ export const handler = async (event: DescribeCmpAndPb) => { "", "Unhandled exception", JSON.stringify(error), - permissionSetName + permissionSetName, ), }); return { diff --git a/lib/lambda-functions/current-config-handlers/src/import-permission-sets.ts b/lib/lambda-functions/current-config-handlers/src/import-permission-sets.ts index e63fe5d..f320834 100644 --- a/lib/lambda-functions/current-config-handlers/src/import-permission-sets.ts +++ b/lib/lambda-functions/current-config-handlers/src/import-permission-sets.ts @@ -87,7 +87,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Permission set import operation in progress`, }, - functionLogMode + functionLogMode, ); /** Construct permission set object from the SNS message payload */ const permissionSetObject = {}; @@ -114,7 +114,7 @@ export const handler = async (event: SNSEvent) => { if ( Object.prototype.hasOwnProperty.call( message.describePermissionSet.PermissionSet, - "RelayState" + "RelayState", ) ) { Object.assign(permissionSetObject, { @@ -130,7 +130,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that the imported permission set has relayState set as ${message.describePermissionSet.PermissionSet.RelayState}`, }, - functionLogMode + functionLogMode, ); } @@ -138,12 +138,12 @@ export const handler = async (event: SNSEvent) => { if ( Object.prototype.hasOwnProperty.call( message.describePermissionSet.PermissionSet, - "SessionDuration" + "SessionDuration", ) ) { Object.assign(permissionSetObject, { sessionDurationInMinutes: getMinutesFromISODurationString( - message.describePermissionSet.PermissionSet.SessionDuration + message.describePermissionSet.PermissionSet.SessionDuration, ), }); logger( @@ -155,10 +155,10 @@ export const handler = async (event: SNSEvent) => { relatedData: permissionSetNameValue, status: requestStatus.InProgress, statusMessage: `Determined that the imported permission set has sessionDuration set as ${getMinutesFromISODurationString( - message.describePermissionSet.PermissionSet.SessionDuration + message.describePermissionSet.PermissionSet.SessionDuration, )} minutes`, }, - functionLogMode + functionLogMode, ); } // Managed policies is an optional attribute @@ -172,8 +172,8 @@ export const handler = async (event: SNSEvent) => { message.listManagedPoliciesInPermissionSet.AttachedManagedPolicies.map( async (managedPolicy: Record) => { computedManagedPoliciesArnList.push(managedPolicy.Arn); - } - ) + }, + ), ); Object.assign(permissionSetObject, { managedPoliciesArnList: [...computedManagedPoliciesArnList].sort(), @@ -188,14 +188,14 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that the imported permission set has managed policies set`, }, - functionLogMode + functionLogMode, ); } // Inline policy is an optional attribute if (message.getInlinePolicyForPermissionSet.InlinePolicy.length > 0) { Object.assign(permissionSetObject, { inlinePolicyDocument: JSON.parse( - message.getInlinePolicyForPermissionSet.InlinePolicy + message.getInlinePolicyForPermissionSet.InlinePolicy, ), }); logger( @@ -208,7 +208,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that the imported permission set has inline policy set`, }, - functionLogMode + functionLogMode, ); } @@ -216,7 +216,7 @@ export const handler = async (event: SNSEvent) => { if ( message.fetchPermissionsBoundary.Payload.result.PermissionsBoundary && Object.keys( - message.fetchPermissionsBoundary.Payload.result.PermissionsBoundary + message.fetchPermissionsBoundary.Payload.result.PermissionsBoundary, ).length !== 0 ) { Object.assign(permissionSetObject, { @@ -250,7 +250,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that the operation type is current config import`, }, - functionLogMode + functionLogMode, ); const fetchPermissionSet: GetCommandOutput = await ddbDocClientObject.send( @@ -259,7 +259,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName: permissionSetName, }, - }) + }), ); const fetchArn: GetCommandOutput = await ddbDocClientObject.send( new GetCommand({ @@ -267,7 +267,7 @@ export const handler = async (event: SNSEvent) => { Key: { permissionSetName, }, - }) + }), ); if (fetchPermissionSet.Item && fetchArn.Item) { logger( @@ -280,7 +280,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Validated that permission set already exists, now determining delta`, }, - functionLogMode + functionLogMode, ); const sortedFetchItemManagedPolicies = @@ -290,7 +290,7 @@ export const handler = async (event: SNSEvent) => { const diffCalculated = diff( fetchPermissionSet.Item, - permissionSetObject + permissionSetObject, ); if (diffCalculated === undefined) { logger( @@ -303,7 +303,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `No delta found, completing import operation`, }, - functionLogMode + functionLogMode, ); } else { const resolvedInstances: ListInstancesCommandOutput = @@ -315,7 +315,7 @@ export const handler = async (event: SNSEvent) => { Item: { ...permissionSetObject, }, - }) + }), ); await s3clientObject.send( new PutObjectCommand({ @@ -323,7 +323,7 @@ export const handler = async (event: SNSEvent) => { Key: `permission_sets/${permissionSetName}.json`, Body: JSON.stringify(permissionSetObject), ServerSideEncryption: "AES256", - }) + }), ); logger( { @@ -335,13 +335,13 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Delta found, updated solution persistence with new permission set object value`, }, - functionLogMode + functionLogMode, ); const fetchAccountsList = await ssoAdminClientObject.send( new ListAccountsForProvisionedPermissionSetCommand({ InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, - }) + }), ); if (fetchAccountsList.AccountIds?.length !== 0) { logger( @@ -354,14 +354,14 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.InProgress, statusMessage: `Determined that accounts are already assigned the permission set, triggering a resync`, }, - functionLogMode + functionLogMode, ); await ssoAdminClientObject.send( new ProvisionPermissionSetCommand({ InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, TargetType: "ALL_PROVISIONED_ACCOUNTS", - }) + }), ); } logger( @@ -374,7 +374,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Delta handling complete, import permission set operation complete`, }, - functionLogMode + functionLogMode, ); } } else { @@ -384,7 +384,7 @@ export const handler = async (event: SNSEvent) => { Key: `permission_sets/${permissionSetName}.json`, Body: JSON.stringify(permissionSetObject), ServerSideEncryption: "AES256", - }) + }), ); await ddbDocClientObject.send( new PutCommand({ @@ -392,7 +392,7 @@ export const handler = async (event: SNSEvent) => { Item: { ...permissionSetObject, }, - }) + }), ); await ddbDocClientObject.send( new UpdateCommand({ @@ -404,7 +404,7 @@ export const handler = async (event: SNSEvent) => { ExpressionAttributeValues: { ":arnvalue": permissionSetArn, }, - }) + }), ); logger( { @@ -416,7 +416,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Completed, statusMessage: `Updated solution persistence, import permission set operation complete`, }, - functionLogMode + functionLogMode, ); } } else { @@ -430,7 +430,7 @@ export const handler = async (event: SNSEvent) => { status: requestStatus.Aborted, statusMessage: `Unknown operation type, aborting import permission set operation`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -448,7 +448,7 @@ export const handler = async (event: SNSEvent) => { requestId, err.name, err.message, - permissionSetNameValue + permissionSetNameValue, ), }); } else { @@ -461,7 +461,7 @@ export const handler = async (event: SNSEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - permissionSetNameValue + permissionSetNameValue, ), }); } diff --git a/lib/lambda-functions/current-config-handlers/src/trigger-parentSM.ts b/lib/lambda-functions/current-config-handlers/src/trigger-parentSM.ts index d703248..a17188f 100644 --- a/lib/lambda-functions/current-config-handlers/src/trigger-parentSM.ts +++ b/lib/lambda-functions/current-config-handlers/src/trigger-parentSM.ts @@ -68,7 +68,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { waitSeconds: 2, pageSize: 5, }), - }) + }), ); logger({ handler: "parentInvokeSM", @@ -95,7 +95,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { requestId, err.name, err.message, - "" + "", ), }); return { @@ -105,7 +105,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { requestId, err.name, err.message, - "" + "", ), }; } else { @@ -118,7 +118,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - "" + "", ), }); return { @@ -128,7 +128,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { requestId, "Unhandled exception", JSON.stringify(err), - "" + "", ), }; } diff --git a/lib/lambda-functions/current-config-handlers/src/update-custom-resource.ts b/lib/lambda-functions/current-config-handlers/src/update-custom-resource.ts index b8555d7..06c1e4e 100644 --- a/lib/lambda-functions/current-config-handlers/src/update-custom-resource.ts +++ b/lib/lambda-functions/current-config-handlers/src/update-custom-resource.ts @@ -43,7 +43,7 @@ export const handler = async (event: any) => { const stateMachineExecutionResult = await sfnClientObject.send( new DescribeExecutionCommand({ executionArn: stateMachineExecutionArn, - }) + }), ); switch (stateMachineExecutionResult.status) { @@ -125,7 +125,7 @@ export const handler = async (event: any) => { requestId, err.name, err.message, - "" + "", ), }); throw err; @@ -139,7 +139,7 @@ export const handler = async (event: any) => { requestId, "Unhandled exception", JSON.stringify(err), - "" + "", ), }); throw err; diff --git a/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentCreation.ts b/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentCreation.ts index 3f32cc4..79f7cd4 100644 --- a/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentCreation.ts +++ b/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentCreation.ts @@ -20,13 +20,13 @@ import { logger } from "../../helpers/src/utilities"; const checkState = async ( client: SSOAdminClient, - input: DescribeAccountAssignmentCreationStatusCommandInput + input: DescribeAccountAssignmentCreationStatusCommandInput, ): Promise => { let reason; try { const result: DescribeAccountAssignmentCreationStatusCommandOutput = await client.send( - new DescribeAccountAssignmentCreationStatusCommand(input) + new DescribeAccountAssignmentCreationStatusCommand(input), ); reason = result; if ( @@ -51,7 +51,7 @@ export const waitUntilAccountAssignmentCreation = async ( params: WaiterConfiguration, input: DescribeAccountAssignmentCreationStatusCommandInput, requestId: string, - functionLogMode: string + functionLogMode: string, ): Promise => { logger( { @@ -62,7 +62,7 @@ export const waitUntilAccountAssignmentCreation = async ( status: requestStatus.InProgress, statusMessage: `Setting service defaults`, }, - functionLogMode + functionLogMode, ); const serviceDefaults = { minDelay: 60, maxDelay: 120 }; logger( @@ -74,12 +74,12 @@ export const waitUntilAccountAssignmentCreation = async ( status: requestStatus.InProgress, statusMessage: `Invoking waiter for createAccountAssignment operation`, }, - functionLogMode + functionLogMode, ); const result = await createWaiter( { ...serviceDefaults, ...params }, input, - checkState + checkState, ); logger( { @@ -90,7 +90,7 @@ export const waitUntilAccountAssignmentCreation = async ( status: requestStatus.InProgress, statusMessage: `Waiter completed with result: ${JSON.stringify(result)}`, }, - functionLogMode + functionLogMode, ); return checkExceptions(result); }; diff --git a/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentDeletion.ts b/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentDeletion.ts index 7095773..7168d08 100644 --- a/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentDeletion.ts +++ b/lib/lambda-functions/custom-waiters/src/waitUntilAccountAssignmentDeletion.ts @@ -19,13 +19,13 @@ import { logger } from "../../helpers/src/utilities"; const checkState = async ( client: SSOAdminClient, - input: DescribeAccountAssignmentDeletionStatusCommandInput + input: DescribeAccountAssignmentDeletionStatusCommandInput, ): Promise => { let reason; try { const result: DescribeAccountAssignmentDeletionStatusCommandOutput = await client.send( - new DescribeAccountAssignmentDeletionStatusCommand(input) + new DescribeAccountAssignmentDeletionStatusCommand(input), ); reason = result; if ( @@ -50,7 +50,7 @@ export const waitUntilAccountAssignmentDeletion = async ( params: WaiterConfiguration, input: DescribeAccountAssignmentDeletionStatusCommandInput, requestId: string, - functionLogMode: string + functionLogMode: string, ): Promise => { logger( { @@ -61,7 +61,7 @@ export const waitUntilAccountAssignmentDeletion = async ( status: requestStatus.InProgress, statusMessage: `Setting service defaults`, }, - functionLogMode + functionLogMode, ); const serviceDefaults = { minDelay: 60, maxDelay: 120 }; logger( @@ -73,12 +73,12 @@ export const waitUntilAccountAssignmentDeletion = async ( status: requestStatus.InProgress, statusMessage: `Invoking waiter for deleteAccountAssignment operation`, }, - functionLogMode + functionLogMode, ); const result = await createWaiter( { ...serviceDefaults, ...params }, input, - checkState + checkState, ); logger( { @@ -89,7 +89,7 @@ export const waitUntilAccountAssignmentDeletion = async ( status: requestStatus.InProgress, statusMessage: `Waiter completed with result: ${JSON.stringify(result)}`, }, - functionLogMode + functionLogMode, ); return checkExceptions(result); }; diff --git a/lib/lambda-functions/custom-waiters/src/waitUntilPermissionSetProvisioned.ts b/lib/lambda-functions/custom-waiters/src/waitUntilPermissionSetProvisioned.ts index 6fe9846..8610dce 100644 --- a/lib/lambda-functions/custom-waiters/src/waitUntilPermissionSetProvisioned.ts +++ b/lib/lambda-functions/custom-waiters/src/waitUntilPermissionSetProvisioned.ts @@ -18,13 +18,13 @@ import { logger } from "../../helpers/src/utilities"; const checkState = async ( client: SSOAdminClient, - input: DescribePermissionSetProvisioningStatusCommandInput + input: DescribePermissionSetProvisioningStatusCommandInput, ): Promise => { let reason; try { const result: DescribePermissionSetProvisioningStatusCommandOutput = await client.send( - new DescribePermissionSetProvisioningStatusCommand(input) + new DescribePermissionSetProvisioningStatusCommand(input), ); reason = result; if ( @@ -43,7 +43,7 @@ const checkState = async ( export const waitUntilPermissionSetProvisioned = async ( params: WaiterConfiguration, input: DescribePermissionSetProvisioningStatusCommandInput, - requestId: string + requestId: string, ): Promise => { logger({ handler: "permissionSetProvisioningWaiter", @@ -57,7 +57,7 @@ export const waitUntilPermissionSetProvisioned = async ( const result = await createWaiter( { ...serviceDefaults, ...params }, input, - checkState + checkState, ); logger({ handler: "permissionSetProvisioningWaiter", diff --git a/lib/lambda-functions/helpers/src/isoDurationUtility.ts b/lib/lambda-functions/helpers/src/isoDurationUtility.ts index 3f1f361..dafbd06 100644 --- a/lib/lambda-functions/helpers/src/isoDurationUtility.ts +++ b/lib/lambda-functions/helpers/src/isoDurationUtility.ts @@ -39,7 +39,7 @@ const durationRegex = new RegExp( r("minutes", "M"), r("seconds", "S"), ")?", // end optional time - ].join("") + ].join(""), ); function parseNum(stringValue: string): number | undefined { @@ -84,7 +84,7 @@ export function parseISODurationString(durationStr: string): Duration { const s = ( number: number | undefined, - component: string + component: string, ): string | undefined => { if (!number) { return undefined; diff --git a/lib/lambda-functions/helpers/src/payload-validator.ts b/lib/lambda-functions/helpers/src/payload-validator.ts index 0789836..54684a8 100644 --- a/lib/lambda-functions/helpers/src/payload-validator.ts +++ b/lib/lambda-functions/helpers/src/payload-validator.ts @@ -8,7 +8,7 @@ export class JSONParserError extends Error { export const imperativeParseJSON = ( data: object | string | null, - validate: ValidateFunction + validate: ValidateFunction, ): T => { if (!data) { throw new JSONParserError([{ errorCode: "null_json" }]); @@ -27,6 +27,6 @@ export const imperativeParseJSON = ( validate.errors!.map(({ instancePath, params }) => ({ errorCode: `pattern-error`, message: `Failure on property ${instancePath} . Schema for property should match pattern ${params.pattern}`, - })) + })), ); }; diff --git a/lib/lambda-functions/helpers/src/utilities.ts b/lib/lambda-functions/helpers/src/utilities.ts index a62ef0f..e5f4667 100644 --- a/lib/lambda-functions/helpers/src/utilities.ts +++ b/lib/lambda-functions/helpers/src/utilities.ts @@ -15,7 +15,7 @@ export const removeEmpty = (obj: { [x: string]: any }) => { (obj[`${k}`] && typeof obj[`${k}`] === "object" && removeEmpty(obj[`${k}`])) || - (!obj[`${k}`] && obj[`${k}`] !== undefined && delete obj[`${k}`]) + (!obj[`${k}`] && obj[`${k}`] !== undefined && delete obj[`${k}`]), ); return obj; }; @@ -33,7 +33,7 @@ export const invokeStepFunction = async ( payload: StateMachinePayload, entityValue: string, stateMachineArn: string, - sfnClient: SFNClient + sfnClient: SFNClient, ) => { let computedOUId = ""; let computedTagKey = ""; @@ -56,7 +56,7 @@ export const invokeStepFunction = async ( ou_id: computedOUId, resourceTypeFilters: "organizations:account", }), - }) + }), ); }; @@ -132,7 +132,7 @@ export const constructExceptionMessage = ( handler: string, name: string, message: string, - relatedData: string + relatedData: string, ) => { return JSON.stringify( JSON.parse( @@ -145,11 +145,11 @@ export const constructExceptionMessage = ( relatedData: relatedData, }, null, - 2 - ) + 2, + ), ), null, - 2 + 2, ); }; @@ -157,7 +157,7 @@ export const constructExceptionMessageforLogger = ( requestId: string, name: string, message: string, - relatedData: string + relatedData: string, ) => { return `For requestID: ${requestId} , exception with exception name -> ${name} occurred. Exception message is -> ${message} . Related data for the exception -> ${relatedData}`; }; @@ -172,7 +172,7 @@ export const resolvePrincipal = async ( identityStoreId: string, identityStoreClientObject: IdentitystoreClient, principalType: string, - principalName: string + principalName: string, ): Promise => { if (principalType === "GROUP") { const listGroupsResult: ListGroupsCommandOutput = @@ -185,7 +185,7 @@ export const resolvePrincipal = async ( AttributeValue: principalName, }, ], - }) + }), ); if (listGroupsResult.Groups?.length !== 0) { return listGroupsResult.Groups?.[0].GroupId + ""; @@ -203,7 +203,7 @@ export const resolvePrincipal = async ( AttributeValue: principalName, }, ], - }) + }), ); if (listUsersResult.Users?.length !== 0) { return listUsersResult.Users?.[0].UserId + ""; diff --git a/lib/lambda-functions/managed-policy-handlers/src/processCustomerManagedPolicy.ts b/lib/lambda-functions/managed-policy-handlers/src/processCustomerManagedPolicy.ts index 16ad39f..0ccf48b 100644 --- a/lib/lambda-functions/managed-policy-handlers/src/processCustomerManagedPolicy.ts +++ b/lib/lambda-functions/managed-policy-handlers/src/processCustomerManagedPolicy.ts @@ -42,7 +42,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `AWS IAM Identity Center customer managed policy processing started for operation ${event.operation} and customerManagedPolicyName ${event.customerManagedPolicy.Name} and permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); try { customerManagedPolicyName = event.customerManagedPolicy.Name; @@ -52,7 +52,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { CustomerManagedPolicyReference: event.customerManagedPolicy, InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); logger( { @@ -61,7 +61,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully attached AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -72,7 +72,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { CustomerManagedPolicyReference: event.customerManagedPolicy, InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); logger( { @@ -81,7 +81,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully detached AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -92,7 +92,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { new ListCustomerManagedPolicyReferencesInPermissionSetCommand({ InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); switch (event.parentOperation) { case "attach": @@ -103,7 +103,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { currentCustomerManagedPoliciesList.CustomerManagedPolicyReferences.filter( (customerManagedPolicy) => customerManagedPolicy.Name?.toLowerCase() === - event.customerManagedPolicy.Name.toLowerCase() + event.customerManagedPolicy.Name.toLowerCase(), ); if (matchedCustomerManagedPolicies.length >= 1) { logger( @@ -113,7 +113,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully validated that AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} is attached to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -126,7 +126,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Can not validate that AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} is attached to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "false", @@ -147,7 +147,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { currentCustomerManagedPoliciesList.CustomerManagedPolicyReferences.filter( (customerManagedPolicy) => customerManagedPolicy.Name?.toLowerCase() === - event.customerManagedPolicy.Name.toLowerCase() + event.customerManagedPolicy.Name.toLowerCase(), ); if (matchedCustomerManagedPolicies.length === 0) { logger( @@ -157,7 +157,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully validated that AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} is detached from permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -170,7 +170,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Can not validate that AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} is detached from permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "false", @@ -185,7 +185,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully validated that AWS IAM Identity Center customer managed policy ${event.customerManagedPolicy.Name} is detached from permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -205,7 +205,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `For customer managed policy ${event.customerManagedPolicy.Name} , invalid operation type specified - ${event.operation}`, }, - functionLogMode + functionLogMode, ); return { status: "false", @@ -223,7 +223,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { "", error.name, error.message, - customerManagedPolicyName + customerManagedPolicyName, ), }); return { @@ -239,7 +239,7 @@ export const handler = async (event: CustomerManagedPolicyObjectOp) => { "", "Unhandled exception", JSON.stringify(error), - customerManagedPolicyName + customerManagedPolicyName, ), }); return { diff --git a/lib/lambda-functions/managed-policy-handlers/src/processManagedPolicy.ts b/lib/lambda-functions/managed-policy-handlers/src/processManagedPolicy.ts index 3fdb5a9..0459a02 100644 --- a/lib/lambda-functions/managed-policy-handlers/src/processManagedPolicy.ts +++ b/lib/lambda-functions/managed-policy-handlers/src/processManagedPolicy.ts @@ -42,7 +42,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `AWS IAM Identity Center managed policy processing started for operation ${event.operation} and managedPolicyArn ${event.managedPolicyArn} and permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); try { managedPolicyArn = event.managedPolicyArn; @@ -52,7 +52,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { ManagedPolicyArn: event.managedPolicyArn, InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); logger( { @@ -61,7 +61,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully attached AWS IAM Identity Center managed policy ARN ${event.managedPolicyArn} to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -72,7 +72,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { ManagedPolicyArn: event.managedPolicyArn, InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); logger( { @@ -81,7 +81,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully detached AWS IAM Identity Center managed policy arn ${event.managedPolicyArn} to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -91,7 +91,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { new ListManagedPoliciesInPermissionSetCommand({ InstanceArn: event.instanceArn, PermissionSetArn: event.permissionSetArn, - }) + }), ); switch (event.parentOperation) { case "attach": @@ -100,7 +100,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { currentManagedPoliciesList.AttachedManagedPolicies.filter( (managedPolicy) => managedPolicy.Arn?.toLowerCase() === - event.managedPolicyArn.toLowerCase() + event.managedPolicyArn.toLowerCase(), ); if (matchedManagedPolicies.length >= 1) { logger( @@ -110,7 +110,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully validated that AWS IAM Identity Center managed policy arn ${event.managedPolicyArn} is attached to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -123,7 +123,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Can not validate that AWS IAM Identity Center managed policy arn ${event.managedPolicyArn} is attached to permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "false", @@ -142,7 +142,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { currentManagedPoliciesList.AttachedManagedPolicies.filter( (managedPolicy) => managedPolicy.Arn?.toLowerCase() === - event.managedPolicyArn.toLowerCase() + event.managedPolicyArn.toLowerCase(), ); if (matchedManagedPolicies.length === 0) { logger( @@ -152,7 +152,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully validated that AWS IAM Identity Center managed policy arn ${event.managedPolicyArn} is detached from permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -165,7 +165,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Can not validate that AWS IAM Identity Center managed policy arn ${event.managedPolicyArn} is detached from permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "false", @@ -180,7 +180,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `Successfully validated that AWS IAM Identity Center managed policy arn ${event.managedPolicyArn} is detached from permissionSetArn ${event.permissionSetArn}`, }, - functionLogMode + functionLogMode, ); return { status: "true", @@ -200,7 +200,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { status: requestStatus.InProgress, statusMessage: `For managed policy arn ${event.managedPolicyArn} , invalid operation type specified - ${event.operation}`, }, - functionLogMode + functionLogMode, ); return { status: "false", @@ -218,7 +218,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { "", error.name, error.message, - managedPolicyArn + managedPolicyArn, ), }); return { @@ -234,7 +234,7 @@ export const handler = async (event: ManagedPolicyObjectOp) => { "", "Unhandled exception", JSON.stringify(error), - managedPolicyArn + managedPolicyArn, ), }); return { diff --git a/lib/lambda-functions/package.json b/lib/lambda-functions/package.json index 0b47b60..13a3886 100644 --- a/lib/lambda-functions/package.json +++ b/lib/lambda-functions/package.json @@ -1,6 +1,6 @@ { "name": "aws-sso-extensions-for-enterprise-layer", - "version": "3.1.8", + "version": "3.1.9", "description": "AWS SSO Permissions Utility Layer", "scripts": { "test": "echo \"Error: no test specified\" && exit 1" diff --git a/lib/lambda-functions/region-switch/src/rs-create-permission-sets.ts b/lib/lambda-functions/region-switch/src/rs-create-permission-sets.ts index fb5af58..41c3905 100644 --- a/lib/lambda-functions/region-switch/src/rs-create-permission-sets.ts +++ b/lib/lambda-functions/region-switch/src/rs-create-permission-sets.ts @@ -79,7 +79,7 @@ export const handler = async (event: any) => { SessionDuration: serializeDurationToISOFormat({ minutes: parseInt(permissionSetObject.sessionDurationInMinutes + ""), }), - }) + }), ); /** * Fetch permission set ARN as this is generated run time by the service and @@ -98,7 +98,7 @@ export const handler = async (event: any) => { InstanceArn: instanceArn, ResourceArn: permissionSetArn, Tags: permissionSetObject.tags, - }) + }), ); } if (permissionSetObject.managedPoliciesArnList.length !== 0) { @@ -113,7 +113,7 @@ export const handler = async (event: any) => { InstanceArn: instanceArn, PermissionSetArn: permissionSetArn, ManagedPolicyArn: managedPolicyArn, - }) + }), ); } } @@ -123,10 +123,10 @@ export const handler = async (event: any) => { new PutInlinePolicyToPermissionSetCommand({ InstanceArn: instanceArn, InlinePolicy: JSON.stringify( - permissionSetObject.inlinePolicyDocument + permissionSetObject.inlinePolicyDocument, ), PermissionSetArn: permissionSetArn, - }) + }), ); } } @@ -151,7 +151,7 @@ export const handler = async (event: any) => { logMode: logModes.Exception, status: requestStatus.FailedWithException, statusMessage: `Permission set create operation failed with exception: ${JSON.stringify( - err + err, )} for eventDetail: ${JSON.stringify(event)}`, }); /** diff --git a/lib/lambda-functions/region-switch/src/rs-import-account-assignments.ts b/lib/lambda-functions/region-switch/src/rs-import-account-assignments.ts index 4dfef6e..e889f7b 100644 --- a/lib/lambda-functions/region-switch/src/rs-import-account-assignments.ts +++ b/lib/lambda-functions/region-switch/src/rs-import-account-assignments.ts @@ -62,7 +62,7 @@ export const handler = async (event: SNSEvent) => { Item: { ...linkParams, }, - }) + }), ); logger({ handler: "rs-accountAssignmentImporter", @@ -79,7 +79,7 @@ export const handler = async (event: SNSEvent) => { logMode: logModes.Exception, status: requestStatus.FailedWithException, statusMessage: `Account assignment import operation failed with exception: ${JSON.stringify( - err + err, )} for eventDetail: ${JSON.stringify(event)}`, }); } diff --git a/lib/lambda-functions/region-switch/src/rs-import-permission-sets.ts b/lib/lambda-functions/region-switch/src/rs-import-permission-sets.ts index 7dc4912..fee0f43 100644 --- a/lib/lambda-functions/region-switch/src/rs-import-permission-sets.ts +++ b/lib/lambda-functions/region-switch/src/rs-import-permission-sets.ts @@ -58,7 +58,7 @@ export const handler = async (event: SNSEvent) => { if ( Object.prototype.hasOwnProperty.call( message.describePermissionSet.PermissionSet, - "RelayState" + "RelayState", ) ) { computedRelayState = @@ -67,11 +67,11 @@ export const handler = async (event: SNSEvent) => { if ( Object.prototype.hasOwnProperty.call( message.describePermissionSet.PermissionSet, - "SessionDuration" + "SessionDuration", ) ) { computedSessionDurationInMinutes = getMinutesFromISODurationString( - message.describePermissionSet.PermissionSet.SessionDuration + message.describePermissionSet.PermissionSet.SessionDuration, ); } if ( @@ -82,13 +82,13 @@ export const handler = async (event: SNSEvent) => { message.listManagedPoliciesInPermissionSet.AttachedManagedPolicies.map( async (managedPolicy: Record) => { computedManagedPoliciesArnList.push(managedPolicy.Arn); - } - ) + }, + ), ); } if (message.getInlinePolicyForPermissionSet.InlinePolicy.length > 0) { computedInlinePolicy = JSON.parse( - message.getInlinePolicyForPermissionSet.InlinePolicy + message.getInlinePolicyForPermissionSet.InlinePolicy, ); } /** @@ -112,7 +112,7 @@ export const handler = async (event: SNSEvent) => { Item: { ...permissionSetObject, }, - }) + }), ); logger({ @@ -130,7 +130,7 @@ export const handler = async (event: SNSEvent) => { logMode: logModes.Exception, status: requestStatus.FailedWithException, statusMessage: `Permission set import operation failed with exception: ${JSON.stringify( - err + err, )} for eventDetail: ${JSON.stringify(event)}`, }); } diff --git a/lib/lambda-functions/region-switch/src/trigger-deploySM.ts b/lib/lambda-functions/region-switch/src/trigger-deploySM.ts index c788b67..ac794bd 100644 --- a/lib/lambda-functions/region-switch/src/trigger-deploySM.ts +++ b/lib/lambda-functions/region-switch/src/trigger-deploySM.ts @@ -53,7 +53,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { pageSize: 5, eventType: event.RequestType, }), - }) + }), ); logger({ handler: "deploySM", @@ -80,7 +80,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { relatedData: `${deploySMArn}`, status: requestStatus.FailedWithException, statusMessage: `Custom resource creation failed with exception: ${JSON.stringify( - e + e, )}`, }); return { diff --git a/lib/lambda-functions/region-switch/src/trigger-parentSM.ts b/lib/lambda-functions/region-switch/src/trigger-parentSM.ts index aeeb5af..4e874ce 100644 --- a/lib/lambda-functions/region-switch/src/trigger-parentSM.ts +++ b/lib/lambda-functions/region-switch/src/trigger-parentSM.ts @@ -59,7 +59,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { waitSeconds: 2, pageSize: 5, }), - }) + }), ); logger({ handler: "parentInvokeSM", @@ -86,7 +86,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { relatedData: `${importCurrentConfigSMArn}`, status: requestStatus.FailedWithException, statusMessage: `Custom resource creation failed with exception: ${JSON.stringify( - e + e, )}`, }); return { diff --git a/lib/lambda-functions/region-switch/src/update-custom-resource.ts b/lib/lambda-functions/region-switch/src/update-custom-resource.ts index d5defc3..1faa3ca 100644 --- a/lib/lambda-functions/region-switch/src/update-custom-resource.ts +++ b/lib/lambda-functions/region-switch/src/update-custom-resource.ts @@ -38,7 +38,7 @@ export const handler = async (event: any) => { const stateMachineExecutionResult = await sfnClientObject.send( new DescribeExecutionCommand({ executionArn: stateMachineExecutionArn, - }) + }), ); /** * Handle the update back to the custom resource framework based on the @@ -122,13 +122,13 @@ export const handler = async (event: any) => { relatedData: `${stateMachineExecutionArn}`, status: requestStatus.FailedWithException, statusMessage: `Custom resource update - stateMachine with execution arn: ${stateMachineExecutionArn} failed with exception: ${JSON.stringify( - e + e, )}`, }); throw new Error( `Custom resource update - stateMachine with execution arn: ${stateMachineExecutionArn} failed with exception: ${JSON.stringify( - e - )}` + e, + )}`, ); } } diff --git a/lib/lambda-functions/upgrade-to-v303/src/triggerV303SM.ts b/lib/lambda-functions/upgrade-to-v303/src/triggerV303SM.ts index 80c67a7..b3c85e8 100644 --- a/lib/lambda-functions/upgrade-to-v303/src/triggerV303SM.ts +++ b/lib/lambda-functions/upgrade-to-v303/src/triggerV303SM.ts @@ -38,7 +38,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { processLinksFunctionName: processLinksFunctionName, eventType: event.RequestType, }), - }) + }), ); logger({ handler: "upgradeSM", @@ -62,7 +62,7 @@ export const handler = async (event: CloudFormationCustomResourceEvent) => { relatedData: `${upgradeV303SMArn}`, status: requestStatus.FailedWithException, statusMessage: `Custom resource creation failed with exception: ${JSON.stringify( - e + e, )}`, }); return { diff --git a/lib/lambda-functions/upgrade-to-v303/src/update-custom-resource.ts b/lib/lambda-functions/upgrade-to-v303/src/update-custom-resource.ts index 9bf0277..034f4ba 100644 --- a/lib/lambda-functions/upgrade-to-v303/src/update-custom-resource.ts +++ b/lib/lambda-functions/upgrade-to-v303/src/update-custom-resource.ts @@ -28,7 +28,7 @@ export const handler = async (event: any) => { const stateMachineExecutionResult = await sfnClientObject.send( new DescribeExecutionCommand({ executionArn: stateMachineExecutionArn, - }) + }), ); switch (stateMachineExecutionResult.status) { @@ -108,13 +108,13 @@ export const handler = async (event: any) => { relatedData: `${stateMachineExecutionArn}`, status: requestStatus.FailedWithException, statusMessage: `Custom resource update - stateMachine with execution arn: ${stateMachineExecutionArn} failed with exception: ${JSON.stringify( - e + e, )}`, }); throw new Error( `Custom resource update - stateMachine with execution arn: ${stateMachineExecutionArn} failed with exception: ${JSON.stringify( - e - )}` + e, + )}`, ); } } diff --git a/lib/lambda-functions/user-interface-handlers/src/linkApi.ts b/lib/lambda-functions/user-interface-handlers/src/linkApi.ts index e4c9c0e..7affa3b 100644 --- a/lib/lambda-functions/user-interface-handlers/src/linkApi.ts +++ b/lib/lambda-functions/user-interface-handlers/src/linkApi.ts @@ -66,17 +66,17 @@ const snsClientObject = new SNSClient({ region: AWS_REGION, maxAttempts: 2 }); const ajv = new Ajv({ allErrors: true }); const schemaDefinition = JSON.parse( readFileSync( - join("/opt", "nodejs", "payload-schema-definitions", "Link-API.json") + join("/opt", "nodejs", "payload-schema-definitions", "Link-API.json"), ) .valueOf() - .toString() + .toString(), ); const validate = ajv.compile(schemaDefinition); const handlerName = AWS_LAMBDA_FUNCTION_NAME + ""; let linkDataValue = ""; export const handler = async ( - event: APIGatewayProxyEventV2 + event: APIGatewayProxyEventV2, ): Promise => { const requestId = uuidv4().toString(); logger( @@ -87,7 +87,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Account assignment create/delete operation started`, }, - functionLogMode + functionLogMode, ); if (event.body !== null && event.body !== undefined) { @@ -101,7 +101,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Account assignment payload successfully parsed`, }, - functionLogMode + functionLogMode, ); const delimeter = "%"; const { linkData } = payload; @@ -116,7 +116,7 @@ export const handler = async ( statusMessage: `Account assignment operation is set as create`, relatedData: linkDataValue, }, - functionLogMode + functionLogMode, ); const keyValue = linkData.split(delimeter); @@ -141,7 +141,7 @@ export const handler = async ( hasRelatedRequests: linkParams.awsEntityType === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await s3clientObject.send( @@ -149,7 +149,7 @@ export const handler = async ( Bucket: artefactsBucketName, Key: `links_data/${linkData}`, ServerSideEncryption: "AES256", - }) + }), ); logger( { @@ -162,7 +162,7 @@ export const handler = async ( hasRelatedRequests: linkParams.awsEntityType === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await ddbDocClientObject.send( @@ -171,7 +171,7 @@ export const handler = async ( Item: { ...linkParams, }, - }) + }), ); logger( { @@ -184,7 +184,7 @@ export const handler = async ( hasRelatedRequests: linkParams.awsEntityType === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await snsClientObject.send( new PublishCommand({ @@ -194,7 +194,7 @@ export const handler = async ( action: "create", requestId: requestId, }), - }) + }), ); logger( { @@ -207,7 +207,7 @@ export const handler = async ( hasRelatedRequests: linkParams.awsEntityType === "account" ? false : true, }, - functionLogMode + functionLogMode, ); return { statusCode: 200, @@ -228,13 +228,13 @@ export const handler = async ( hasRelatedRequests: linkData.split(delimeter)[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await s3clientObject.send( new DeleteObjectCommand({ Bucket: artefactsBucketName, Key: `links_data/${linkData}`, - }) + }), ); logger( { @@ -247,7 +247,7 @@ export const handler = async ( hasRelatedRequests: linkData.split(delimeter)[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await ddbDocClientObject.send( new DeleteCommand({ @@ -255,7 +255,7 @@ export const handler = async ( Key: { awsEntityId: linkData, }, - }) + }), ); logger( { @@ -268,7 +268,7 @@ export const handler = async ( hasRelatedRequests: linkData.split(delimeter)[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await snsClientObject.send( new PublishCommand({ @@ -278,7 +278,7 @@ export const handler = async ( action: "delete", requestId: requestId, }), - }) + }), ); logger( { @@ -291,7 +291,7 @@ export const handler = async ( hasRelatedRequests: linkData.split(delimeter)[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); return { statusCode: 200, @@ -312,7 +312,7 @@ export const handler = async ( hasRelatedRequests: linkData.split(delimeter)[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); return { statusCode: 400, @@ -332,7 +332,7 @@ export const handler = async ( requestId, "Schema validation exception", `Provided account does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), }); return { @@ -342,7 +342,7 @@ export const handler = async ( requestId, "Schema validation exception", `Provided account does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), requestId: requestId, }), @@ -361,7 +361,7 @@ export const handler = async ( requestId, err.name, err.message, - linkDataValue + linkDataValue, ), }); return { @@ -371,7 +371,7 @@ export const handler = async ( requestId, err.name, err.message, - linkDataValue + linkDataValue, ), requestId: requestId, }), @@ -386,7 +386,7 @@ export const handler = async ( requestId, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), }); return { @@ -396,7 +396,7 @@ export const handler = async ( requestId, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), requestId: requestId, }), @@ -413,7 +413,7 @@ export const handler = async ( requestId, "Invalid message body exception", "Message body provided is invalid", - linkDataValue + linkDataValue, ), }); return { @@ -423,7 +423,7 @@ export const handler = async ( requestId, "Invalid message body exception", "Message body provided is invalid", - linkDataValue + linkDataValue, ), requestId: requestId, }), diff --git a/lib/lambda-functions/user-interface-handlers/src/linkCu.ts b/lib/lambda-functions/user-interface-handlers/src/linkCu.ts index f4d0e3f..a9ea0d9 100644 --- a/lib/lambda-functions/user-interface-handlers/src/linkCu.ts +++ b/lib/lambda-functions/user-interface-handlers/src/linkCu.ts @@ -57,10 +57,10 @@ const snsClientObject = new SNSClient({ region: AWS_REGION, maxAttempts: 2 }); const ajv = new Ajv({ allErrors: true }); const schemaDefinition = JSON.parse( readFileSync( - join("/opt", "nodejs", "payload-schema-definitions", "Link-S3.json") + join("/opt", "nodejs", "payload-schema-definitions", "Link-S3.json"), ) .valueOf() - .toString() + .toString(), ); const validate = ajv.compile(schemaDefinition); const handlerName = AWS_LAMBDA_FUNCTION_NAME + ""; @@ -80,16 +80,16 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Account assignment create/update operation started`, }, - functionLogMode + functionLogMode, ); try { const fileName = decodeURIComponent( - record.s3.object.key.replace(/\+/g, " ").split("/")[1] + record.s3.object.key.replace(/\+/g, " ").split("/")[1], ); const payload: LinkS3Payload = imperativeParseJSON( { linkData: fileName }, - validate + validate, ); logger( { @@ -99,7 +99,7 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Account assignment payload successfully parsed`, }, - functionLogMode + functionLogMode, ); const { linkData } = payload; linkDataValue = linkData; @@ -119,7 +119,7 @@ export const handler = async (event: S3Event) => { Item: { ...upsertData, }, - }) + }), ); logger( { @@ -132,7 +132,7 @@ export const handler = async (event: S3Event) => { hasRelatedRequests: upsertData.awsEntityType === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await snsClientObject.send( new PublishCommand({ @@ -142,7 +142,7 @@ export const handler = async (event: S3Event) => { action: "create", requestId: requestId, }), - }) + }), ); logger( { @@ -155,7 +155,7 @@ export const handler = async (event: S3Event) => { hasRelatedRequests: upsertData.awsEntityType === "account" ? false : true, }, - functionLogMode + functionLogMode, ); } catch (err) { if (err instanceof JSONParserError) { @@ -168,9 +168,9 @@ export const handler = async (event: S3Event) => { handlerName, "Schema validation exception", `Provided account assignment ${linkDataValue} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), - }) + }), ); logger({ handler: handlerName, @@ -181,7 +181,7 @@ export const handler = async (event: S3Event) => { requestId, "Schema validation exception", `Provided account assignment ${linkDataValue} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), }); } else if ( @@ -197,9 +197,9 @@ export const handler = async (event: S3Event) => { handlerName, err.name, err.message, - linkDataValue + linkDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -210,7 +210,7 @@ export const handler = async (event: S3Event) => { requestId, err.name, err.message, - linkDataValue + linkDataValue, ), }); } else { @@ -223,9 +223,9 @@ export const handler = async (event: S3Event) => { handlerName, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -236,11 +236,11 @@ export const handler = async (event: S3Event) => { requestId, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), }); } } - }) + }), ); }; diff --git a/lib/lambda-functions/user-interface-handlers/src/linkDel.ts b/lib/lambda-functions/user-interface-handlers/src/linkDel.ts index b4e5408..e298e31 100644 --- a/lib/lambda-functions/user-interface-handlers/src/linkDel.ts +++ b/lib/lambda-functions/user-interface-handlers/src/linkDel.ts @@ -55,10 +55,10 @@ const snsClientObject = new SNSClient({ region: AWS_REGION, maxAttempts: 2 }); const ajv = new Ajv({ allErrors: true }); const schemaDefinition = JSON.parse( readFileSync( - join("/opt", "nodejs", "payload-schema-definitions", "Link-S3.json") + join("/opt", "nodejs", "payload-schema-definitions", "Link-S3.json"), ) .valueOf() - .toString() + .toString(), ); const validate = ajv.compile(schemaDefinition); @@ -79,16 +79,16 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Account assignment delete operation started`, }, - functionLogMode + functionLogMode, ); try { const fileName = decodeURIComponent( - record.s3.object.key.replace(/\+/g, " ").split("/")[1] + record.s3.object.key.replace(/\+/g, " ").split("/")[1], ); const payload: LinkS3Payload = imperativeParseJSON( { linkData: fileName }, - validate + validate, ); logger( { @@ -98,7 +98,7 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Account assignment payload successfully parsed`, }, - functionLogMode + functionLogMode, ); const { linkData } = payload; linkDataValue = linkData; @@ -108,7 +108,7 @@ export const handler = async (event: S3Event) => { Key: { awsEntityId: linkData, }, - }) + }), ); logger( { @@ -121,7 +121,7 @@ export const handler = async (event: S3Event) => { hasRelatedRequests: linkData.split("%")[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); await snsClientObject.send( new PublishCommand({ @@ -131,7 +131,7 @@ export const handler = async (event: S3Event) => { action: "delete", requestId: requestId, }), - }) + }), ); logger( { @@ -144,7 +144,7 @@ export const handler = async (event: S3Event) => { hasRelatedRequests: linkData.split("%")[0] === "account" ? false : true, }, - functionLogMode + functionLogMode, ); } catch (err) { if (err instanceof JSONParserError) { @@ -157,9 +157,9 @@ export const handler = async (event: S3Event) => { handlerName, "Schema validation exception", `Provided account assignment ${linkDataValue} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), - }) + }), ); logger({ handler: handlerName, @@ -170,7 +170,7 @@ export const handler = async (event: S3Event) => { requestId, "Schema validation exception", `Provided account assignment ${linkDataValue} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), }); } else if ( @@ -186,9 +186,9 @@ export const handler = async (event: S3Event) => { handlerName, err.name, err.message, - linkDataValue + linkDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -199,7 +199,7 @@ export const handler = async (event: S3Event) => { requestId, err.name, err.message, - linkDataValue + linkDataValue, ), }); } else { @@ -212,9 +212,9 @@ export const handler = async (event: S3Event) => { handlerName, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), - }) + }), ); logger({ handler: handlerName, @@ -225,11 +225,11 @@ export const handler = async (event: S3Event) => { requestId, "Unhandled exception", JSON.stringify(err), - linkDataValue + linkDataValue, ), }); } } - }) + }), ); }; diff --git a/lib/lambda-functions/user-interface-handlers/src/permissionSetApi.ts b/lib/lambda-functions/user-interface-handlers/src/permissionSetApi.ts index b2801bf..b856a18 100644 --- a/lib/lambda-functions/user-interface-handlers/src/permissionSetApi.ts +++ b/lib/lambda-functions/user-interface-handlers/src/permissionSetApi.ts @@ -77,11 +77,11 @@ const createUpdateSchemaDefinition = JSON.parse( "/opt", "nodejs", "payload-schema-definitions", - "PermissionSet-createUpdateAPI.json" - ) + "PermissionSet-createUpdateAPI.json", + ), ) .valueOf() - .toString() + .toString(), ); const createUpdateValidate = ajv.compile(createUpdateSchemaDefinition); const deleteSchemaDefinition = JSON.parse( @@ -90,11 +90,11 @@ const deleteSchemaDefinition = JSON.parse( "/opt", "nodejs", "payload-schema-definitions", - "PermissionSet-DeleteAPI.json" - ) + "PermissionSet-DeleteAPI.json", + ), ) .valueOf() - .toString() + .toString(), ); const deleteValidate = ajv.compile(deleteSchemaDefinition); @@ -102,7 +102,7 @@ const handlerName = AWS_LAMBDA_FUNCTION_NAME + ""; let permissionSetName = ""; export const handler = async ( - event: APIGatewayProxyEventV2 + event: APIGatewayProxyEventV2, ): Promise => { const requestId = uuidv4().toString(); logger( @@ -113,7 +113,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Permission Set create/update/delete operation started`, }, - functionLogMode + functionLogMode, ); if (event.body !== null && event.body !== undefined) { try { @@ -126,7 +126,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Permission set parsed successfully from message body`, }, - functionLogMode + functionLogMode, ); logger( { @@ -136,12 +136,12 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Determined permission set operation is determined to be ${body.action}`, }, - functionLogMode + functionLogMode, ); if (body.action === "create" || body.action === "update") { const payload: CreateUpdatePermissionSetPayload = imperativeParseJSON( event.body, - createUpdateValidate + createUpdateValidate, ); logger( { @@ -151,7 +151,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Permission Set validated successfully against the schema definition for create/update operation`, }, - functionLogMode + functionLogMode, ); permissionSetName = payload.permissionSetData.permissionSetName; await s3clientObject.send( @@ -160,7 +160,7 @@ export const handler = async ( Key: `permission_sets/${permissionSetName}.json`, Body: JSON.stringify(payload.permissionSetData), ServerSideEncryption: "AES256", - }) + }), ); logger( { @@ -171,7 +171,7 @@ export const handler = async ( statusMessage: `Permission Set upsert to S3 successful`, relatedData: permissionSetName, }, - functionLogMode + functionLogMode, ); const fetchPermissionSet: GetCommandOutput = await ddbDocClientObject.send( @@ -180,7 +180,7 @@ export const handler = async ( Key: { permissionSetName: permissionSetName, }, - }) + }), ); logger( { @@ -191,7 +191,7 @@ export const handler = async ( statusMessage: `Did a fetch on solution persistence to determine if we already know about this permission set`, relatedData: permissionSetName, }, - functionLogMode + functionLogMode, ); await ddbDocClientObject.send( new PutCommand({ @@ -199,7 +199,7 @@ export const handler = async ( Item: { ...payload.permissionSetData, }, - }) + }), ); logger( { @@ -210,7 +210,7 @@ export const handler = async ( statusMessage: `Permission Set upsert to Dynamo DB successful`, relatedData: permissionSetName, }, - functionLogMode + functionLogMode, ); if (fetchPermissionSet.Item) { await snsClientObject.send( @@ -222,7 +222,7 @@ export const handler = async ( permissionSetName: permissionSetName, oldPermissionSetData: fetchPermissionSet.Item, }), - }) + }), ); logger( { @@ -233,7 +233,7 @@ export const handler = async ( statusMessage: `Determined operation is update, posted the payload with upload action to permissionSetProcessorTopic`, relatedData: permissionSetName, }, - functionLogMode + functionLogMode, ); } else { await snsClientObject.send( @@ -244,7 +244,7 @@ export const handler = async ( action: "create", permissionSetName: permissionSetName, }), - }) + }), ); logger( { @@ -255,7 +255,7 @@ export const handler = async ( statusMessage: `Determined operation is create, posted the payload with create action to permissionSetProcessorTopic`, relatedData: permissionSetName, }, - functionLogMode + functionLogMode, ); } @@ -268,7 +268,7 @@ export const handler = async ( statusMessage: `Completed processing of permission set payload at the interface level`, relatedData: permissionSetName, }, - functionLogMode + functionLogMode, ); return { statusCode: 200, @@ -280,7 +280,7 @@ export const handler = async ( } else if (body.action === "delete") { const payload: DeletePermissionSetPayload = imperativeParseJSON( event.body, - deleteValidate + deleteValidate, ); logger( { @@ -290,7 +290,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Permission Set validated successfully against the schema definition for delete operation`, }, - functionLogMode + functionLogMode, ); permissionSetName = payload.permissionSetData.permissionSetName; const relatedLinks: QueryCommandOutput = await ddbDocClientObject.send( @@ -306,7 +306,7 @@ export const handler = async ( ExpressionAttributeValues: { ":permissionSetName": payload.permissionSetData.permissionSetName, }, - }) + }), ); logger( { @@ -317,7 +317,7 @@ export const handler = async ( relatedData: permissionSetName, statusMessage: `Queried if there are any related account assignments`, }, - functionLogMode + functionLogMode, ); if (relatedLinks.Items?.length !== 0) { @@ -330,7 +330,7 @@ export const handler = async ( relatedData: permissionSetName, statusMessage: `Permission set delete operation is aborted as there are existing account assignments referencing this permission set`, }, - functionLogMode + functionLogMode, ); return { statusCode: 400, @@ -349,13 +349,13 @@ export const handler = async ( relatedData: permissionSetName, statusMessage: `Determined there are no account assignments referencing this permission set`, }, - functionLogMode + functionLogMode, ); await s3clientObject.send( new DeleteObjectCommand({ Bucket: artefactsBucketName, Key: `permission_sets/${payload.permissionSetData.permissionSetName}.json`, - }) + }), ); logger( { @@ -366,7 +366,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Processed delete in S3`, }, - functionLogMode + functionLogMode, ); await snsClientObject.send( new PublishCommand({ @@ -376,7 +376,7 @@ export const handler = async ( action: payload.action, permissionSetName: payload.permissionSetData.permissionSetName, }), - }) + }), ); logger( { @@ -387,7 +387,7 @@ export const handler = async ( status: requestStatus.InProgress, statusMessage: `Sent delete payload to permissionSet processing topic`, }, - functionLogMode + functionLogMode, ); return { statusCode: 200, @@ -407,7 +407,7 @@ export const handler = async ( status: requestStatus.FailedWithException, statusMessage: `Permission Set operation failed due to invalid action - ${body.action}`, }, - functionLogMode + functionLogMode, ); return { statusCode: 400, @@ -428,7 +428,7 @@ export const handler = async ( requestId, "Schema validation exception", `Provided permission set ${permissionSetName} payload does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), }); return { @@ -438,7 +438,7 @@ export const handler = async ( requestId, "Schema validation exception", `Provided permission set ${permissionSetName} payload does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), requestId: requestId, }), @@ -457,7 +457,7 @@ export const handler = async ( requestId, err.name, err.message, - permissionSetName + permissionSetName, ), }); return { @@ -467,7 +467,7 @@ export const handler = async ( requestId, err.name, err.message, - permissionSetName + permissionSetName, ), requestId: requestId, }), @@ -482,7 +482,7 @@ export const handler = async ( requestId, "Unhandled exception", JSON.stringify(err), - permissionSetName + permissionSetName, ), }); return { @@ -493,7 +493,7 @@ export const handler = async ( requestId, "Unhandled exception", JSON.stringify(err), - permissionSetName + permissionSetName, ), }), }; @@ -509,7 +509,7 @@ export const handler = async ( requestId, "Invalid message body exception", "Message body provided is invalid", - permissionSetName + permissionSetName, ), }); return { @@ -520,7 +520,7 @@ export const handler = async ( requestId, "Invalid message body exception", "Message body provided is invalid", - permissionSetName + permissionSetName, ), }), }; diff --git a/lib/lambda-functions/user-interface-handlers/src/permissionSetCu.ts b/lib/lambda-functions/user-interface-handlers/src/permissionSetCu.ts index 624d897..020ae0c 100644 --- a/lib/lambda-functions/user-interface-handlers/src/permissionSetCu.ts +++ b/lib/lambda-functions/user-interface-handlers/src/permissionSetCu.ts @@ -74,11 +74,11 @@ const createUpdateSchemaDefinition = JSON.parse( "/opt", "nodejs", "payload-schema-definitions", - "PermissionSet-createUpdateS3.json" - ) + "PermissionSet-createUpdateS3.json", + ), ) .valueOf() - .toString() + .toString(), ); const createUpdateValidate = ajv.compile(createUpdateSchemaDefinition); const handlerName = AWS_LAMBDA_FUNCTION_NAME + ""; @@ -98,14 +98,14 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Permission Set create/update operation started`, }, - functionLogMode + functionLogMode, ); try { const originalText: GetObjectCommandOutput = await s3clientObject.send( new GetObjectCommand({ Bucket: record.s3.bucket.name, Key: record.s3.object.key.replace(/\+/g, " "), - }) + }), ); logger( { @@ -115,11 +115,11 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Fetched S3 file content from permission_sets location - ${record.s3.bucket.name}/${record.s3.object.key}`, }, - functionLogMode + functionLogMode, ); permissionSetFileName = record.s3.object.key.replace(/\+/g, " "); const jsonData = JSON.parse( - await streamToString(originalText.Body as Readable) + await streamToString(originalText.Body as Readable), ); logger( { @@ -129,11 +129,11 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Parsed file content successfuly`, }, - functionLogMode + functionLogMode, ); const payload: CreateUpdatePermissionSetPayload = imperativeParseJSON( jsonData, - createUpdateValidate + createUpdateValidate, ); logger( { @@ -143,7 +143,7 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Completed imperative parsing to handle any malformed/null JSON values`, }, - functionLogMode + functionLogMode, ); const upsertData = removeEmpty(payload); logger( @@ -155,7 +155,7 @@ export const handler = async (event: S3Event) => { relatedData: upsertData.permissionSetName, statusMessage: `Removed empty values from permission set JSON`, }, - functionLogMode + functionLogMode, ); /** @@ -169,7 +169,7 @@ export const handler = async (event: S3Event) => { Key: { permissionSetName: upsertData.permissionSetName, }, - }) + }), ); logger( { @@ -180,7 +180,7 @@ export const handler = async (event: S3Event) => { relatedData: upsertData.permissionSetName, statusMessage: `Checked if the permission set already exists in the solution to determine create/update operation`, }, - functionLogMode + functionLogMode, ); await ddbDocClientObject.send( new PutCommand({ @@ -188,7 +188,7 @@ export const handler = async (event: S3Event) => { Item: { ...upsertData, }, - }) + }), ); logger( { @@ -199,7 +199,7 @@ export const handler = async (event: S3Event) => { relatedData: upsertData.permissionSetName, statusMessage: `Processed upsert operation successfully`, }, - functionLogMode + functionLogMode, ); if (fetchPermissionSet.Item) { await snsClientObject.send( @@ -211,7 +211,7 @@ export const handler = async (event: S3Event) => { permissionSetName: upsertData.permissionSetName, oldPermissionSetData: fetchPermissionSet.Item, }), - }) + }), ); logger( { @@ -222,7 +222,7 @@ export const handler = async (event: S3Event) => { relatedData: upsertData.permissionSetName, statusMessage: `Determined the operation is update type, posting to permissionSetProcessor topic`, }, - functionLogMode + functionLogMode, ); } else { await snsClientObject.send( @@ -233,7 +233,7 @@ export const handler = async (event: S3Event) => { action: "create", permissionSetName: upsertData.permissionSetName, }), - }) + }), ); logger( { @@ -244,7 +244,7 @@ export const handler = async (event: S3Event) => { relatedData: upsertData.permissionSetName, statusMessage: `Determined the operation is create type, posting to permissionSetProcessor topic`, }, - functionLogMode + functionLogMode, ); } } catch (err) { @@ -258,9 +258,9 @@ export const handler = async (event: S3Event) => { handlerName, "Schema validation exception", `Provided permission set ${permissionSetFileName} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), - }) + }), ); logger({ handler: handlerName, @@ -271,7 +271,7 @@ export const handler = async (event: S3Event) => { requestId, "Schema validation exception", `Provided permission set ${permissionSetFileName} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), }); } else if ( @@ -288,9 +288,9 @@ export const handler = async (event: S3Event) => { handlerName, err.name, err.message, - permissionSetFileName + permissionSetFileName, ), - }) + }), ); logger({ handler: handlerName, @@ -301,7 +301,7 @@ export const handler = async (event: S3Event) => { requestId, err.name, err.message, - permissionSetFileName + permissionSetFileName, ), }); } else { @@ -314,9 +314,9 @@ export const handler = async (event: S3Event) => { handlerName, "Unhandled exception", JSON.stringify(err), - permissionSetFileName + permissionSetFileName, ), - }) + }), ); logger({ handler: handlerName, @@ -327,11 +327,11 @@ export const handler = async (event: S3Event) => { requestId, "Unhandled exception", JSON.stringify(err), - permissionSetFileName + permissionSetFileName, ), }); } } - }) + }), ); }; diff --git a/lib/lambda-functions/user-interface-handlers/src/permissionSetDel.ts b/lib/lambda-functions/user-interface-handlers/src/permissionSetDel.ts index 89d34dc..efa6772 100644 --- a/lib/lambda-functions/user-interface-handlers/src/permissionSetDel.ts +++ b/lib/lambda-functions/user-interface-handlers/src/permissionSetDel.ts @@ -62,7 +62,7 @@ export const handler = async (event: S3Event) => { status: requestStatus.InProgress, statusMessage: `Permission Set delete operation started`, }, - functionLogMode + functionLogMode, ); const keyValue = record.s3.object.key .replace(/\+/g, " ") @@ -78,7 +78,7 @@ export const handler = async (event: S3Event) => { relatedData: keyValue, statusMessage: `Split file name with path for fetching permission set name`, }, - functionLogMode + functionLogMode, ); const relatedLinks = await ddbDocClientObject.send( new QueryCommand({ @@ -89,7 +89,7 @@ export const handler = async (event: S3Event) => { "#permissionSetName": "permissionSetName", }, ExpressionAttributeValues: { ":permissionSetName": keyValue }, - }) + }), ); logger( { @@ -100,7 +100,7 @@ export const handler = async (event: S3Event) => { relatedData: keyValue, statusMessage: `Queried if there are any related account assignments using this permission set`, }, - functionLogMode + functionLogMode, ); if (relatedLinks.Items?.length !== 0) { await snsClientObject.send( @@ -112,9 +112,9 @@ export const handler = async (event: S3Event) => { handlerName, "Constraint violation exception", "There are related account assignments for this permission set, and cannot be deleted without deleting the account assignments first", - keyValue + keyValue, ), - }) + }), ); logger({ handler: handlerName, @@ -126,7 +126,7 @@ export const handler = async (event: S3Event) => { handlerName, "Constraint violation exception", "There are related account assignments for this permission set, and cannot be deleted without deleting the account assignments first", - keyValue + keyValue, ), }); } else { @@ -139,7 +139,7 @@ export const handler = async (event: S3Event) => { relatedData: keyValue, statusMessage: `No related account assignments found, posting payload to permissionSetProecsstingTopic`, }, - functionLogMode + functionLogMode, ); await snsClientObject.send( new PublishCommand({ @@ -149,7 +149,7 @@ export const handler = async (event: S3Event) => { action: "delete", permissionSetName: keyValue, }), - }) + }), ); } } catch (err) { @@ -163,9 +163,9 @@ export const handler = async (event: S3Event) => { handlerName, "Schema validation exception", `Provided permission set ${permissionSetFileName} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), - }) + }), ); logger({ @@ -176,7 +176,7 @@ export const handler = async (event: S3Event) => { handlerName, "Schema validation exception", `Provided permission set ${permissionSetFileName} S3 file does not pass the schema validation`, - JSON.stringify(err.errors) + JSON.stringify(err.errors), ), }); } else if ( @@ -192,9 +192,9 @@ export const handler = async (event: S3Event) => { handlerName, err.name, err.message, - permissionSetFileName + permissionSetFileName, ), - }) + }), ); logger({ handler: handlerName, @@ -205,7 +205,7 @@ export const handler = async (event: S3Event) => { handlerName, err.name, err.message, - permissionSetFileName + permissionSetFileName, ), }); } else { @@ -218,9 +218,9 @@ export const handler = async (event: S3Event) => { handlerName, "Unhandled exception", JSON.stringify(err), - permissionSetFileName + permissionSetFileName, ), - }) + }), ); logger({ handler: handlerName, @@ -230,11 +230,11 @@ export const handler = async (event: S3Event) => { handlerName, "Unhandled exception", JSON.stringify(err), - permissionSetFileName + permissionSetFileName, ), }); } } - }) + }), ); }; diff --git a/lib/lambda-layers/nodejs-layer/nodejs/package.json b/lib/lambda-layers/nodejs-layer/nodejs/package.json index 0b47b60..13a3886 100644 --- a/lib/lambda-layers/nodejs-layer/nodejs/package.json +++ b/lib/lambda-layers/nodejs-layer/nodejs/package.json @@ -1,6 +1,6 @@ { "name": "aws-sso-extensions-for-enterprise-layer", - "version": "3.1.8", + "version": "3.1.9", "description": "AWS SSO Permissions Utility Layer", "scripts": { "test": "echo \"Error: no test specified\" && exit 1" diff --git a/lib/stacks/pipeline/aws-sso-extensions-for-enterprise.ts b/lib/stacks/pipeline/aws-sso-extensions-for-enterprise.ts index 43d6280..7a99ee0 100644 --- a/lib/stacks/pipeline/aws-sso-extensions-for-enterprise.ts +++ b/lib/stacks/pipeline/aws-sso-extensions-for-enterprise.ts @@ -8,6 +8,8 @@ import { IFileSetProducer, ShellStep, } from "aws-cdk-lib/pipelines"; +import { S3Trigger } from "aws-cdk-lib/aws-codepipeline-actions"; +import { Bucket } from "aws-cdk-lib/aws-s3"; import { Construct } from "constructs"; import { BuildConfig } from "../../build/buildConfig"; import { @@ -25,7 +27,7 @@ export class AwsSsoExtensionsForEnterprise extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -40,9 +42,9 @@ export class AwsSsoExtensionsForEnterprise extends Stack { Repository.fromRepositoryArn( this, fullname(buildConfig, "importedCodeCommitRepo"), - buildConfig.PipelineSettings.RepoArn + buildConfig.PipelineSettings.RepoArn, ), - buildConfig.PipelineSettings.RepoBranchName + buildConfig.PipelineSettings.RepoBranchName, ); } else if ( buildConfig.PipelineSettings.RepoType.toLowerCase() === "codestar" @@ -52,8 +54,22 @@ export class AwsSsoExtensionsForEnterprise extends Stack { buildConfig.PipelineSettings.RepoBranchName, { connectionArn: buildConfig.PipelineSettings.CodeStarConnectionArn, - } + }, + ); + } else if (buildConfig.PipelineSettings.RepoType.toLowerCase() === "s3") { + const sourceBucketName = + buildConfig.PipelineSettings.SourceBucketName || ""; + const sourceBucketKey = + buildConfig.PipelineSettings.SourceObjectKey || ""; + + const sourceBucket = Bucket.fromBucketName( + this, + fullname(buildConfig, "importedSourceBucket"), + sourceBucketName, ); + inputSource = CodePipelineSource.s3(sourceBucket, sourceBucketKey, { + trigger: S3Trigger.NONE, + }); } const pipeline = new CodePipeline(this, fullname(buildConfig, "pipeline"), { pipelineName: fullname(buildConfig, "pipeline"), @@ -83,7 +99,7 @@ export class AwsSsoExtensionsForEnterprise extends Stack { region: "us-east-1", }, }, - buildConfig + buildConfig, ); Tags.of(deployOrgArtefacts).add("App", buildConfig.App); @@ -100,7 +116,7 @@ export class AwsSsoExtensionsForEnterprise extends Stack { region: buildConfig.PipelineSettings.SSOServiceAccountRegion, }, }, - buildConfig + buildConfig, ); Tags.of(deploySSOArtefacts).add("App", buildConfig.App); @@ -117,13 +133,13 @@ export class AwsSsoExtensionsForEnterprise extends Stack { region: buildConfig.PipelineSettings.TargetAccountRegion, }, }, - buildConfig + buildConfig, ); Tags.of(deploySolutionArtefacts).add("App", buildConfig.App); Tags.of(deploySolutionArtefacts).add( "Environment", - buildConfig.Environment + buildConfig.Environment, ); pipeline.addStage(deploySolutionArtefacts); diff --git a/lib/stacks/pipeline/pipeline-stages.ts b/lib/stacks/pipeline/pipeline-stages.ts index bc3b541..55d0848 100644 --- a/lib/stacks/pipeline/pipeline-stages.ts +++ b/lib/stacks/pipeline/pipeline-stages.ts @@ -22,7 +22,7 @@ export class OrgArtefactsDeploymentStage extends Stage { scope: Construct, id: string, props: StageProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -35,7 +35,7 @@ export class OrgArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); } } @@ -45,7 +45,7 @@ export class SSOArtefactsDeploymentStage extends Stage { scope: Construct, id: string, props: StageProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -58,7 +58,7 @@ export class SSOArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); new SSOApiRoles( @@ -70,7 +70,7 @@ export class SSOArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); new ManagedPolicies( @@ -82,7 +82,7 @@ export class SSOArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); if (buildConfig.Parameters.ImportCurrentSSOConfiguration) { @@ -95,7 +95,7 @@ export class SSOArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); } } @@ -106,7 +106,7 @@ export class SolutionArtefactsDeploymentStage extends Stage { scope: Construct, id: string, props: StageProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -119,7 +119,7 @@ export class SolutionArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); const solutionartefactsStack = new SolutionArtefacts( @@ -131,7 +131,7 @@ export class SolutionArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); solutionartefactsStack.node.addDependency(preSolutionArtefactsStack); @@ -146,7 +146,7 @@ export class SolutionArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); ssoImportArtefactsPart2Stack.node.addDependency(solutionartefactsStack); @@ -162,7 +162,7 @@ export class SolutionArtefactsDeploymentStage extends Stage { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); upgradeToV303Stack.node.addDependency(solutionartefactsStack); } diff --git a/lib/stacks/pipelineStageStacks/managed-policies.ts b/lib/stacks/pipelineStageStacks/managed-policies.ts index e7593f4..2ad5d31 100644 --- a/lib/stacks/pipelineStageStacks/managed-policies.ts +++ b/lib/stacks/pipelineStageStacks/managed-policies.ts @@ -27,7 +27,7 @@ export class ManagedPolicies extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -37,11 +37,11 @@ export class ManagedPolicies extends Stack { name(buildConfig, "nodeJsLayerforManagedPolicies"), { code: Code.fromAsset( - join(__dirname, "../../", "lambda-layers", "nodejs-layer") + join(__dirname, "../../", "lambda-layers", "nodejs-layer"), ), compatibleRuntimes: [Runtime.NODEJS_20_X], compatibleArchitectures: [Architecture.ARM_64], - } + }, ); /** @@ -62,12 +62,12 @@ export class ManagedPolicies extends Stack { "lambda-functions", "managed-policy-handlers", "src", - "describeOpIterator.ts" + "describeOpIterator.ts", ), bundling: { minify: true, }, - } + }, ); /** Export function ARN as cross-account/region parameter */ @@ -96,7 +96,7 @@ export class ManagedPolicies extends Stack { "lambda-functions", "managed-policy-handlers", "src", - "processCustomerManagedPolicy.ts" + "processCustomerManagedPolicy.ts", ), bundling: { externalModules: ["@aws-sdk/client-sso-admin"], @@ -105,7 +105,7 @@ export class ManagedPolicies extends Stack { environment: { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); /** @@ -121,7 +121,7 @@ export class ManagedPolicies extends Stack { "sso:ListCustomerManagedPolicyReferencesInPermissionSet", ], resources: ["*"], - }) + }), ); /** Export function ARN as cross-account/region parameter */ @@ -133,7 +133,7 @@ export class ManagedPolicies extends Stack { ParamNameKey: "customerManagedPolicyProcessOpArn", ParamValue: processCustomerManagedPolicyHandler.functionArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); /** Cloud watch log group for directing all state machine logging */ @@ -142,7 +142,7 @@ export class ManagedPolicies extends Stack { name(buildConfig, "customerManagedPolicySMLogGroup"), { retention: RetentionDays.ONE_MONTH, - } + }, ); /** @@ -156,12 +156,12 @@ export class ManagedPolicies extends Stack { { roleName: name(buildConfig, "customerManagedPolicySMRole"), assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); /** Grant the IAM role permissions to invoke the lambda functions */ processCustomerManagedPolicyHandler.grantInvoke( - customerManagedPolicySMRole + customerManagedPolicySMRole, ); describeOpIterator.grantInvoke(customerManagedPolicySMRole); customerManagedPolicySMRole.addToPrincipalPolicy( @@ -177,7 +177,7 @@ export class ManagedPolicies extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); /** Define state machine that would handle customer managed policy operations */ @@ -199,7 +199,7 @@ export class ManagedPolicies extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); customerManagedPolicySM.node.addDependency(customerManagedPolicySMRole); @@ -220,7 +220,7 @@ export class ManagedPolicies extends Stack { "lambda-functions", "managed-policy-handlers", "src", - "processManagedPolicy.ts" + "processManagedPolicy.ts", ), bundling: { externalModules: ["@aws-sdk/client-sso-admin"], @@ -229,7 +229,7 @@ export class ManagedPolicies extends Stack { environment: { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); /** Grant lambda permissions to attach/detach/describe managed policies */ @@ -242,7 +242,7 @@ export class ManagedPolicies extends Stack { "sso:ListManagedPoliciesInPermissionSet", ], resources: ["*"], - }) + }), ); /** Export function ARN as cross-account/region parameter */ @@ -254,7 +254,7 @@ export class ManagedPolicies extends Stack { ParamNameKey: "managedPolicyProcessOpArn", ParamValue: processManagedPolicyHandler.functionArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); /** Cloud watch log group for directing all state machine logging */ @@ -263,7 +263,7 @@ export class ManagedPolicies extends Stack { name(buildConfig, "managedPolicySMLogGroup"), { retention: RetentionDays.ONE_MONTH, - } + }, ); /** @@ -277,7 +277,7 @@ export class ManagedPolicies extends Stack { { roleName: name(buildConfig, "managedPolicySMRole"), assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); /** Grant the IAM role permissions to invoke the lambda functions */ @@ -296,7 +296,7 @@ export class ManagedPolicies extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); /** Define state machine that would handle managed policy operations */ @@ -318,7 +318,7 @@ export class ManagedPolicies extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); managedPolicySM.node.addDependency(managedPolicySMRole); diff --git a/lib/stacks/pipelineStageStacks/org-events-processor.ts b/lib/stacks/pipelineStageStacks/org-events-processor.ts index bb4fa03..eab5553 100644 --- a/lib/stacks/pipelineStageStacks/org-events-processor.ts +++ b/lib/stacks/pipelineStageStacks/org-events-processor.ts @@ -26,7 +26,7 @@ export class OrgEventsProcessor extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -36,11 +36,11 @@ export class OrgEventsProcessor extends Stack { { enableKeyRotation: true, alias: name(buildConfig, "orgArtefactsKey"), - } + }, ); orgArtefactsKey.grantEncryptDecrypt( - new ServicePrincipal("events.amazonaws.com") + new ServicePrincipal("events.amazonaws.com"), ); const orgEventsnotificationsTopic = new Topic( @@ -49,7 +49,7 @@ export class OrgEventsProcessor extends Stack { { masterKey: orgArtefactsKey, displayName: name(buildConfig, "orgEventsnotificationsTopic"), - } + }, ); orgEventsnotificationsTopic.addToResourcePolicy( @@ -59,7 +59,7 @@ export class OrgEventsProcessor extends Stack { ], actions: ["SNS:Subscribe", "SNS:Receive"], resources: [orgEventsnotificationsTopic.topicArn], - }) + }), ); new SSMParamWriter( @@ -70,7 +70,7 @@ export class OrgEventsProcessor extends Stack { ParamNameKey: "orgEventsNotificationsTopicArn", ParamValue: orgEventsnotificationsTopic.topicArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); const processTargetAccountSMTopic = new Topic( @@ -79,7 +79,7 @@ export class OrgEventsProcessor extends Stack { { masterKey: orgArtefactsKey, displayName: name(buildConfig, "processTargetAccountSMTopic"), - } + }, ); processTargetAccountSMTopic.addToResourcePolicy( @@ -89,7 +89,7 @@ export class OrgEventsProcessor extends Stack { ], actions: ["SNS:Subscribe", "SNS:Receive"], resources: [processTargetAccountSMTopic.topicArn], - }) + }), ); new SSMParamWriter( @@ -100,7 +100,7 @@ export class OrgEventsProcessor extends Stack { ParamNameKey: "processTargetAccountSMTopicArn", ParamValue: processTargetAccountSMTopic.topicArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); const createAccountTrigger = new Rule( @@ -122,12 +122,12 @@ export class OrgEventsProcessor extends Stack { }, }, ruleName: name(buildConfig, "createAccountTrigger"), - } + }, ); createAccountTrigger.addTarget( new SnsTopic(orgEventsnotificationsTopic, { message: RuleTargetInput, - }) + }), ); const moveAccountTrigger = new Rule( this, @@ -144,12 +144,12 @@ export class OrgEventsProcessor extends Stack { }, }, ruleName: name(buildConfig, "moveAccountTrigger"), - } + }, ); moveAccountTrigger.addTarget( new SnsTopic(orgEventsnotificationsTopic, { message: RuleTargetInput, - }) + }), ); const accountTagChangeTrigger = new Rule( @@ -169,12 +169,12 @@ export class OrgEventsProcessor extends Stack { }, }, ruleName: name(buildConfig, "accountTagChangeTrigger"), - } + }, ); accountTagChangeTrigger.addTarget( new SnsTopic(orgEventsnotificationsTopic, { message: RuleTargetInput, - }) + }), ); const processTargetAccountSMRole = new Role( @@ -183,28 +183,28 @@ export class OrgEventsProcessor extends Stack { { roleName: name(buildConfig, "processTargetAccountSMRole"), assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); processTargetAccountSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["tag:GetResources", "tag:GetTagValues", "tag:GetTagKeys"], resources: ["*"], - }) + }), ); processTargetAccountSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["organizations:Describe*", "organizations:List*"], resources: ["*"], - }) + }), ); processTargetAccountSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["sns:Publish"], resources: [processTargetAccountSMTopic.topicArn], - }) + }), ); /** @@ -217,14 +217,14 @@ export class OrgEventsProcessor extends Stack { resources: [ `arn:aws:states:us-east-1:${buildConfig.PipelineSettings.OrgMainAccountId}:stateMachine:${buildConfig.Environment}-processTargetAccountSM`, ], - }) + }), ); processTargetAccountSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); processTargetAccountSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -232,7 +232,7 @@ export class OrgEventsProcessor extends Stack { resources: [ `arn:aws:events:us-east-1:${buildConfig.PipelineSettings.OrgMainAccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule`, ], - }) + }), ); orgArtefactsKey.grantEncryptDecrypt(processTargetAccountSMRole); @@ -244,7 +244,7 @@ export class OrgEventsProcessor extends Stack { roleArn: processTargetAccountSMRole.roleArn, definitionString: JSON.stringify(processTargetAccountSMJSON), stateMachineName: name(buildConfig, "processTargetAccountSM"), - } + }, ); /** @@ -264,7 +264,7 @@ export class OrgEventsProcessor extends Stack { resources: [processTargetAccountSM.ref], actions: ["states:StartExecution"], }), - } + }, ); new CrossAccountRole( @@ -278,7 +278,7 @@ export class OrgEventsProcessor extends Stack { resources: ["*"], actions: ["organizations:ListParents"], }), - } + }, ); } } diff --git a/lib/stacks/pipelineStageStacks/pre-solution-artefacts.ts b/lib/stacks/pipelineStageStacks/pre-solution-artefacts.ts index ea57b22..a4624dd 100644 --- a/lib/stacks/pipelineStageStacks/pre-solution-artefacts.ts +++ b/lib/stacks/pipelineStageStacks/pre-solution-artefacts.ts @@ -26,20 +26,20 @@ export class PreSolutionArtefacts extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); this.deployLambdaLayers = new LambdaLayers( this, name(buildConfig, "lambdaLayers"), - buildConfig + buildConfig, ); this.deployIndependentUtility = new IndependentUtility( this, name(buildConfig, "independentUtility"), - buildConfig + buildConfig, ); this.deployLinkCRUD = new LinkCRUD( @@ -54,13 +54,13 @@ export class PreSolutionArtefacts extends Stack { ddbTablesKey: this.deployIndependentUtility.ddbTablesKey, logsKey: this.deployIndependentUtility.logsKey, snsTopicsKey: this.deployIndependentUtility.snsTopicsKey, - } + }, ); this.deployUtility = new Utility( this, name(buildConfig, "utility"), - buildConfig + buildConfig, ); this.deployPermissionSetCRUD = new PermissionSetCRUD( @@ -76,7 +76,7 @@ export class PreSolutionArtefacts extends Stack { ddbTablesKey: this.deployIndependentUtility.ddbTablesKey, logsKey: this.deployIndependentUtility.logsKey, snsTopicsKey: this.deployIndependentUtility.snsTopicsKey, - } + }, ); new PreSolutionAccessManager( @@ -88,7 +88,7 @@ export class PreSolutionArtefacts extends Stack { LinkCRUD: this.deployLinkCRUD, PermissionSetCRUD: this.deployPermissionSetCRUD, Utility: this.deployUtility, - } + }, ); } } diff --git a/lib/stacks/pipelineStageStacks/solution-artefacts.ts b/lib/stacks/pipelineStageStacks/solution-artefacts.ts index 2f0f9d3..857d6b3 100644 --- a/lib/stacks/pipelineStageStacks/solution-artefacts.ts +++ b/lib/stacks/pipelineStageStacks/solution-artefacts.ts @@ -22,7 +22,7 @@ export class SolutionArtefacts extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -31,7 +31,7 @@ export class SolutionArtefacts extends Stack { const deployFetchCrossStackValues = new FetchCrossStackValues( this, name(buildConfig, "fetchCrossStackValues"), - buildConfig + buildConfig, ); const deployLinkProcessor = new LinkProcessor( @@ -60,7 +60,7 @@ export class SolutionArtefacts extends Stack { linkManagerQueue: deployFetchCrossStackValues.linkManagerQueue, waiterHandlerSSOAPIRoleArn: deployFetchCrossStackValues.waiterHandlerSSOAPIRoleArn, - } + }, ); const deploySSOGroupProcessor = new SSOGroupProcessor( @@ -86,7 +86,7 @@ export class SolutionArtefacts extends Stack { orgListSMRoleArn: deployFetchCrossStackValues.orgListSMRoleArn, processTargetAccountSMTopic: deployFetchCrossStackValues.processTargetAccountSMTopic, - } + }, ); const deployPermissionSetProcessor = new PermissionSetProcessor( @@ -123,7 +123,7 @@ export class SolutionArtefacts extends Stack { deployFetchCrossStackValues.managedPolicyProcessOpArn, iteratorArn: deployFetchCrossStackValues.iteratorArn, ssoMPRoleArn: deployFetchCrossStackValues.ssoMpRoleArn, - } + }, ); const deployOrgEvents = new OrgEvents( @@ -148,7 +148,7 @@ export class SolutionArtefacts extends Stack { deployFetchCrossStackValues.provisionedLinksTable.tableName, orgListParentsRoleArn: deployFetchCrossStackValues.orgListParentsRoleArn, - } + }, ); new AccessManager(this, name(buildConfig, "accessManager"), { @@ -162,7 +162,7 @@ export class SolutionArtefacts extends Stack { new ObservabilityArtefacts( this, name(buildConfig, "observabilityArtefacts"), - buildConfig + buildConfig, ); } } diff --git a/lib/stacks/pipelineStageStacks/sso-api-roles.ts b/lib/stacks/pipelineStageStacks/sso-api-roles.ts index 1c5bf3f..e28a6c2 100644 --- a/lib/stacks/pipelineStageStacks/sso-api-roles.ts +++ b/lib/stacks/pipelineStageStacks/sso-api-roles.ts @@ -17,7 +17,7 @@ export class SSOApiRoles extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -36,7 +36,7 @@ export class SSOApiRoles extends Stack { "sso:DescribeAccountAssignmentCreationStatus", ], }), - } + }, ); new CrossAccountRole( @@ -70,7 +70,7 @@ export class SSOApiRoles extends Stack { "sso:GetPermissionsBoundaryForPermissionSet", ], }), - } + }, ); new CrossAccountRole( @@ -93,7 +93,7 @@ export class SSOApiRoles extends Stack { "sso:ListInstances", ], }), - } + }, ); new CrossAccountRole( @@ -107,7 +107,7 @@ export class SSOApiRoles extends Stack { resources: ["*"], actions: ["sso:ListInstances"], }), - } + }, ); new CrossAccountRole( @@ -126,7 +126,7 @@ export class SSOApiRoles extends Stack { "identitystore:DescribeUser", ], }), - } + }, ); } } diff --git a/lib/stacks/pipelineStageStacks/sso-events-processor.ts b/lib/stacks/pipelineStageStacks/sso-events-processor.ts index 2365fc6..61b79d7 100644 --- a/lib/stacks/pipelineStageStacks/sso-events-processor.ts +++ b/lib/stacks/pipelineStageStacks/sso-events-processor.ts @@ -22,7 +22,7 @@ export class SSOEventsProcessor extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -32,11 +32,11 @@ export class SSOEventsProcessor extends Stack { { enableKeyRotation: true, alias: name(buildConfig, "ssoArtefactsKey"), - } + }, ); ssoArtefactsKey.grantEncryptDecrypt( - new ServicePrincipal("events.amazonaws.com") + new ServicePrincipal("events.amazonaws.com"), ); const ssoGroupEventsNotificationTopic = new Topic( @@ -45,7 +45,7 @@ export class SSOEventsProcessor extends Stack { { masterKey: ssoArtefactsKey, displayName: name(buildConfig, "ssoGroupEventsNotificationTopic"), - } + }, ); ssoGroupEventsNotificationTopic.addToResourcePolicy( @@ -55,7 +55,7 @@ export class SSOEventsProcessor extends Stack { principals: [ new AccountPrincipal(buildConfig.PipelineSettings.TargetAccountId), ], - }) + }), ); new SSMParamWriter( @@ -66,7 +66,7 @@ export class SSOEventsProcessor extends Stack { ParamNameKey: "ssoGroupEventsNotificationTopicArn", ParamValue: ssoGroupEventsNotificationTopic.topicArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); const ssoGroupHandlerTrigger = new Rule( @@ -84,13 +84,13 @@ export class SSOEventsProcessor extends Stack { }, }, ruleName: name(buildConfig, "ssoGroupHandler"), - } + }, ); ssoGroupHandlerTrigger.addTarget( new SnsTopic(ssoGroupEventsNotificationTopic, { message: RuleTargetInput, - }) + }), ); const ssoUserEventsNotificationTopic = new Topic( @@ -99,7 +99,7 @@ export class SSOEventsProcessor extends Stack { { masterKey: ssoArtefactsKey, displayName: name(buildConfig, "ssoUserEventsNotificationTopic"), - } + }, ); ssoUserEventsNotificationTopic.addToResourcePolicy( @@ -109,7 +109,7 @@ export class SSOEventsProcessor extends Stack { principals: [ new AccountPrincipal(buildConfig.PipelineSettings.TargetAccountId), ], - }) + }), ); new SSMParamWriter( @@ -120,7 +120,7 @@ export class SSOEventsProcessor extends Stack { ParamNameKey: "ssoUserEventsNotificationTopicArn", ParamValue: ssoUserEventsNotificationTopic.topicArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); const ssoUserHandlerTrigger = new Rule( @@ -138,13 +138,13 @@ export class SSOEventsProcessor extends Stack { }, }, ruleName: name(buildConfig, "ssoUserHandler"), - } + }, ); ssoUserHandlerTrigger.addTarget( new SnsTopic(ssoUserEventsNotificationTopic, { message: RuleTargetInput, - }) + }), ); } } diff --git a/lib/stacks/pipelineStageStacks/sso-import-artefacts-part1.ts b/lib/stacks/pipelineStageStacks/sso-import-artefacts-part1.ts index 0cc210c..2d4f035 100644 --- a/lib/stacks/pipelineStageStacks/sso-import-artefacts-part1.ts +++ b/lib/stacks/pipelineStageStacks/sso-import-artefacts-part1.ts @@ -43,7 +43,7 @@ export class SSOImportArtefactsPart1 extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -54,10 +54,10 @@ export class SSOImportArtefactsPart1 extends Stack { { enableKeyRotation: true, alias: name(buildConfig, "ssoArtefactsKeyforImport"), - } + }, ); ssoArtefactsKeyforImport.grantEncryptDecrypt( - new ServicePrincipal("states.amazonaws.com") + new ServicePrincipal("states.amazonaws.com"), ); // Topics that would allow cross account handlers to process import of existing configuration @@ -67,7 +67,7 @@ export class SSOImportArtefactsPart1 extends Stack { { masterKey: ssoArtefactsKeyforImport, displayName: name(buildConfig, "permissionSetImportTopic"), - } + }, ); permissionSetImportTopic.addToResourcePolicy( new PolicyStatement({ @@ -76,7 +76,7 @@ export class SSOImportArtefactsPart1 extends Stack { ], actions: ["SNS:Subscribe", "SNS:Receive"], resources: [permissionSetImportTopic.topicArn], - }) + }), ); new SSMParamWriter( this, @@ -86,7 +86,7 @@ export class SSOImportArtefactsPart1 extends Stack { ParamNameKey: "permissionSetImportTopicArn", ParamValue: permissionSetImportTopic.topicArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); const accountAssignmentImportTopic = new Topic( @@ -95,7 +95,7 @@ export class SSOImportArtefactsPart1 extends Stack { { masterKey: ssoArtefactsKeyforImport, displayName: name(buildConfig, "accountAssignmentImportTopic"), - } + }, ); accountAssignmentImportTopic.addToResourcePolicy( new PolicyStatement({ @@ -104,7 +104,7 @@ export class SSOImportArtefactsPart1 extends Stack { ], actions: ["SNS:Subscribe", "SNS:Receive"], resources: [accountAssignmentImportTopic.topicArn], - }) + }), ); new SSMParamWriter( this, @@ -114,7 +114,7 @@ export class SSOImportArtefactsPart1 extends Stack { ParamNameKey: "accountAssignmentImportTopicArn", ParamValue: accountAssignmentImportTopic.topicArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); /** Log group to attach to all the state machines for capturing logs */ @@ -123,7 +123,7 @@ export class SSOImportArtefactsPart1 extends Stack { name(buildConfig, "importArtefactsSMLogGroup"), { retention: RetentionDays.ONE_MONTH, - } + }, ); /** @@ -136,11 +136,11 @@ export class SSOImportArtefactsPart1 extends Stack { name(buildConfig, "nodeJsLayerForCmpAndPb"), { code: Code.fromAsset( - join(__dirname, "../../../", "lib", "lambda-layers", "nodejs-layer") + join(__dirname, "../../../", "lib", "lambda-layers", "nodejs-layer"), ), compatibleRuntimes: [Runtime.NODEJS_20_X], compatibleArchitectures: [Architecture.ARM_64], - } + }, ); const importCmpAndPb = new NodejsFunction( @@ -158,13 +158,13 @@ export class SSOImportArtefactsPart1 extends Stack { "lambda-functions", "current-config-handlers", "src", - "import-customermanagedpolicies-permissionsboundary.ts" + "import-customermanagedpolicies-permissionsboundary.ts", ), bundling: { externalModules: ["@aws-sdk/client-ssoadmin"], minify: true, }, - } + }, ); /** @@ -178,7 +178,7 @@ export class SSOImportArtefactsPart1 extends Stack { "sso:GetPermissionsBoundaryForPermissionSet", ], resources: ["*"], - }) + }), ); new SSMParamWriter( @@ -189,7 +189,7 @@ export class SSOImportArtefactsPart1 extends Stack { ParamNameKey: "importCmpAndPbArn", ParamValue: importCmpAndPb.functionArn, ReaderAccountId: buildConfig.PipelineSettings.TargetAccountId, - } + }, ); // State Machine 01 - Import Account Assignments @@ -200,23 +200,23 @@ export class SSOImportArtefactsPart1 extends Stack { { roleName: name(buildConfig, "importAccountAssignmentsSMRole"), assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); importAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ resources: ["*"], actions: ["sso:ListAccountAssignments"], - }) + }), ); accountAssignmentImportTopic.grantPublish(importAccountAssignmentsSMRole); ssoArtefactsKeyforImport.grantEncryptDecrypt( - importAccountAssignmentsSMRole + importAccountAssignmentsSMRole, ); importAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); importAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -224,7 +224,7 @@ export class SSOImportArtefactsPart1 extends Stack { resources: [ `arn:aws:events:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule`, ], - }) + }), ); importAccountAssignmentsSMRole.addToPrincipalPolicy( @@ -236,7 +236,7 @@ export class SSOImportArtefactsPart1 extends Stack { "identitystore:DescribeGroup", "identitystore:DescribeUser", ], - }) + }), ); importAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -251,7 +251,7 @@ export class SSOImportArtefactsPart1 extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); const importAccountAssignmentSM = new CfnStateMachine( @@ -272,10 +272,10 @@ export class SSOImportArtefactsPart1 extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); importAccountAssignmentSM.node.addDependency( - importAccountAssignmentsSMRole + importAccountAssignmentsSMRole, ); // State Machine 02 - Import Permission Sets @@ -286,7 +286,7 @@ export class SSOImportArtefactsPart1 extends Stack { { roleName: name(buildConfig, "importPermissionSetSMRole"), assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); importPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -299,7 +299,7 @@ export class SSOImportArtefactsPart1 extends Stack { "sso:ListTagsForResource", "sso:ListAccountsForProvisionedPermissionSet", ], - }) + }), ); importPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -313,19 +313,19 @@ export class SSOImportArtefactsPart1 extends Stack { `arn:aws:dynamodb:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:table/${buildConfig.Environment}-temp-PermissionSets`, `arn:aws:dynamodb:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:table/${buildConfig.Environment}-temp-PermissionSets/index/*`, ], - }) + }), ); importPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:StartExecution"], resources: [importAccountAssignmentSM.ref], - }) + }), ); importPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); importPermissionSetSMRole.addToPrincipalPolicy( @@ -334,7 +334,7 @@ export class SSOImportArtefactsPart1 extends Stack { resources: [ `arn:aws:events:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule`, ], - }) + }), ); importPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -349,7 +349,7 @@ export class SSOImportArtefactsPart1 extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); permissionSetImportTopic.grantPublish(importPermissionSetSMRole); @@ -374,7 +374,7 @@ export class SSOImportArtefactsPart1 extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); importPermissionSetSM.node.addDependency(importPermissionSetSMRole); @@ -386,7 +386,7 @@ export class SSOImportArtefactsPart1 extends Stack { { roleName: name(buildConfig, "importCurrentConfigSMRole"), assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); importCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -399,25 +399,25 @@ export class SSOImportArtefactsPart1 extends Stack { `arn:aws:dynamodb:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:table/${buildConfig.Environment}-temp-PermissionSets`, `arn:aws:dynamodb:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:table/${buildConfig.Environment}-temp-PermissionSets/index/*`, ], - }) + }), ); importCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ resources: ["*"], actions: ["sso:ListInstances"], - }) + }), ); importCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:StartExecution"], resources: [importPermissionSetSM.ref], - }) + }), ); importCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); importCurrentConfigSMRole.addToPrincipalPolicy( @@ -426,7 +426,7 @@ export class SSOImportArtefactsPart1 extends Stack { resources: [ `arn:aws:events:${buildConfig.PipelineSettings.SSOServiceAccountRegion}:${buildConfig.PipelineSettings.SSOServiceAccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule`, ], - }) + }), ); importCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -441,7 +441,7 @@ export class SSOImportArtefactsPart1 extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); const importCurrentConfigSM = new CfnStateMachine( @@ -462,7 +462,7 @@ export class SSOImportArtefactsPart1 extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); importCurrentConfigSM.node.addDependency(importCurrentConfigSMRole); @@ -487,7 +487,7 @@ export class SSOImportArtefactsPart1 extends Stack { resources: ["*"], actions: ["states:DescribeExecution"], }), - } + }, ); /** CloudWatch insights query to debug errors, if any */ @@ -499,7 +499,7 @@ export class SSOImportArtefactsPart1 extends Stack { queryString: "filter @message like 'solutionError' and details.name not like 'Catchall'| sort id asc", logGroupNames: [importArtefactsSMLogGroup.logGroupName], - } + }, ); } } diff --git a/lib/stacks/pipelineStageStacks/sso-import-artefacts-part2.ts b/lib/stacks/pipelineStageStacks/sso-import-artefacts-part2.ts index fad2e1c..fe6cfcb 100644 --- a/lib/stacks/pipelineStageStacks/sso-import-artefacts-part2.ts +++ b/lib/stacks/pipelineStageStacks/sso-import-artefacts-part2.ts @@ -24,14 +24,14 @@ export class SSOImportArtefactsPart2 extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); const deployImportArtefacts = new ImportArtefacts( this, name(buildConfig, "deployImportArtefacts"), - buildConfig + buildConfig, ); const importAccountAssignmentHandler = new NodejsFunction( @@ -49,7 +49,7 @@ export class SSOImportArtefactsPart2 extends Stack { "lambda-functions", "current-config-handlers", "src", - "import-account-assignments.ts" + "import-account-assignments.ts", ), bundling: { externalModules: [ @@ -68,26 +68,26 @@ export class SSOImportArtefactsPart2 extends Stack { deployImportArtefacts.importedSsoArtefactsBucket.bucketName, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); deployImportArtefacts.importedddbTablesKey.grantEncryptDecrypt( - importAccountAssignmentHandler + importAccountAssignmentHandler, ); deployImportArtefacts.importedLinksTable.grantReadWriteData( - importAccountAssignmentHandler + importAccountAssignmentHandler, ); deployImportArtefacts.importedProvisionedLinksTable.grantReadWriteData( - importAccountAssignmentHandler + importAccountAssignmentHandler, ); deployImportArtefacts.importedSsoArtefactsBucket.grantReadWrite( - importAccountAssignmentHandler + importAccountAssignmentHandler, ); importAccountAssignmentHandler.addEventSource( - new SnsEventSource(deployImportArtefacts.accountAssignmentImportTopic) + new SnsEventSource(deployImportArtefacts.accountAssignmentImportTopic), ); const importPermissionSetHandler = new NodejsFunction( @@ -105,7 +105,7 @@ export class SSOImportArtefactsPart2 extends Stack { "lambda-functions", "current-config-handlers", "src", - "import-permission-sets.ts" + "import-permission-sets.ts", ), bundling: { externalModules: [ @@ -131,26 +131,26 @@ export class SSOImportArtefactsPart2 extends Stack { deployImportArtefacts.importedSsoArtefactsBucket.bucketName, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); deployImportArtefacts.importedddbTablesKey.grantEncryptDecrypt( - importPermissionSetHandler + importPermissionSetHandler, ); deployImportArtefacts.importedPsTable.grantReadWriteData( - importPermissionSetHandler + importPermissionSetHandler, ); deployImportArtefacts.importedPsArnTable.grantReadWriteData( - importPermissionSetHandler + importPermissionSetHandler, ); deployImportArtefacts.importedSsoArtefactsBucket.grantReadWrite( - importPermissionSetHandler + importPermissionSetHandler, ); importPermissionSetHandler.addEventSource( - new SnsEventSource(deployImportArtefacts.permissionSetImportTopic) + new SnsEventSource(deployImportArtefacts.permissionSetImportTopic), ); if (importPermissionSetHandler.role) { @@ -160,7 +160,7 @@ export class SSOImportArtefactsPart2 extends Stack { deployImportArtefacts.importedPermissionSetHandlerSSOAPIRoleArn, ], actions: ["sts:AssumeRole"], - }) + }), ); } @@ -179,7 +179,7 @@ export class SSOImportArtefactsPart2 extends Stack { "lambda-functions", "current-config-handlers", "src", - "update-custom-resource.ts" + "update-custom-resource.ts", ), bundling: { externalModules: [ @@ -195,7 +195,7 @@ export class SSOImportArtefactsPart2 extends Stack { ssoRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); if (updateCustomResourceHandler.role) { @@ -203,7 +203,7 @@ export class SSOImportArtefactsPart2 extends Stack { new PolicyStatement({ resources: [deployImportArtefacts.currentConfigSMDescribeRoleArn], actions: ["sts:AssumeRole"], - }) + }), ); } @@ -227,7 +227,7 @@ export class SSOImportArtefactsPart2 extends Stack { "lambda-functions", "current-config-handlers", "src", - "trigger-parentSM.ts" + "trigger-parentSM.ts", ), bundling: { externalModules: [ @@ -240,7 +240,7 @@ export class SSOImportArtefactsPart2 extends Stack { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, }, - } + }, ); if (parentSMInvokeFunction.role) { @@ -255,7 +255,7 @@ export class SSOImportArtefactsPart2 extends Stack { isCompleteHandler: updateCustomResourceHandler, queryInterval: Duration.seconds(5), totalTimeout: Duration.minutes(120), // to handle scenarios where organisations have a lot of existing account assignments already - } + }, ); const parentSMResource = new CustomResource( @@ -277,7 +277,7 @@ export class SSOImportArtefactsPart2 extends Stack { ssoRegion: buildConfig.PipelineSettings.SSOServiceAccountRegion, functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); parentSMResource.node.addDependency(importAccountAssignmentHandler); diff --git a/lib/stacks/pipelineStageStacks/upgrade-to-v303.ts b/lib/stacks/pipelineStageStacks/upgrade-to-v303.ts index c78b20c..8cb8eff 100644 --- a/lib/stacks/pipelineStageStacks/upgrade-to-v303.ts +++ b/lib/stacks/pipelineStageStacks/upgrade-to-v303.ts @@ -31,7 +31,7 @@ export class UpgradeToV303 extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: BuildConfig + buildConfig: BuildConfig, ) { super(scope, id, props); @@ -40,8 +40,8 @@ export class UpgradeToV303 extends Stack { name(buildConfig, "artefactsBucket"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ssoArtefactsBucketName") - ) + name(buildConfig, "ssoArtefactsBucketName"), + ), ); const tablesKey = Key.fromKeyArn( @@ -49,8 +49,8 @@ export class UpgradeToV303 extends Stack { name(buildConfig, "tablesKey"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ddbTablesKeyArn") - ) + name(buildConfig, "ddbTablesKeyArn"), + ), ); const bucketKey = Key.fromKeyArn( @@ -58,8 +58,8 @@ export class UpgradeToV303 extends Stack { name(buildConfig, "bucketKey"), StringParameter.valueForStringParameter( this, - name(buildConfig, "ssoArtefactsBucketKeyArn") - ) + name(buildConfig, "ssoArtefactsBucketKeyArn"), + ), ); const nodeJsLayer = LayerVersion.fromLayerVersionArn( @@ -67,8 +67,8 @@ export class UpgradeToV303 extends Stack { name(buildConfig, "NodeJsLayerVersion"), StringParameter.valueForStringParameter( this, - name(buildConfig, "nodeJsLayerVersionArn") - ).toString() + name(buildConfig, "nodeJsLayerVersionArn"), + ).toString(), ); const linksTable = Table.fromTableAttributes( @@ -77,7 +77,7 @@ export class UpgradeToV303 extends Stack { { tableArn: StringParameter.valueForStringParameter( this, - name(buildConfig, "linksTableArn") + name(buildConfig, "linksTableArn"), ), globalIndexes: [ "awsEntityData", @@ -85,7 +85,7 @@ export class UpgradeToV303 extends Stack { "permissionSetName", "principalType", ], - } + }, ); const processLinkData = new NodejsFunction( @@ -101,12 +101,12 @@ export class UpgradeToV303 extends Stack { "lambda-functions", "upgrade-to-v303", "src", - "processLinkData.ts" + "processLinkData.ts", ), bundling: { minify: true, }, - } + }, ); /** Log group to attach to upgrade state machine for capturing logs */ @@ -115,7 +115,7 @@ export class UpgradeToV303 extends Stack { name(buildConfig, "upgradeSMLogGroup"), { retention: RetentionDays.ONE_MONTH, - } + }, ); const upgradeSMRole = new Role(this, name(buildConfig, "upgradeSMRole"), { @@ -134,7 +134,7 @@ export class UpgradeToV303 extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); tablesKey.grantEncryptDecrypt(upgradeSMRole); @@ -161,7 +161,7 @@ export class UpgradeToV303 extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); upgradeV303SM.node.addDependency(upgradeSMRole); @@ -181,7 +181,7 @@ export class UpgradeToV303 extends Stack { "lambda-functions", "upgrade-to-v303", "src", - "triggerV303SM.ts" + "triggerV303SM.ts", ), bundling: { externalModules: ["@aws-sdk/client-sfn", "uuid"], @@ -190,14 +190,14 @@ export class UpgradeToV303 extends Stack { environment: { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); triggerUpgradeSM.addToRolePolicy( new PolicyStatement({ resources: [upgradeV303SM.ref], actions: ["states:StartExecution"], - }) + }), ); const updateCustomResource = new NodejsFunction( @@ -215,7 +215,7 @@ export class UpgradeToV303 extends Stack { "lambda-functions", "upgrade-to-v303", "src", - "update-custom-resource.ts" + "update-custom-resource.ts", ), bundling: { externalModules: ["@aws-sdk/client-sfn", "uuid"], @@ -224,14 +224,14 @@ export class UpgradeToV303 extends Stack { environment: { functionLogMode: buildConfig.Parameters.FunctionLogMode, }, - } + }, ); updateCustomResource.addToRolePolicy( new PolicyStatement({ resources: ["*"], actions: ["states:DescribeExecution"], - }) + }), ); const upgradeV303Provider = new Provider( @@ -242,7 +242,7 @@ export class UpgradeToV303 extends Stack { isCompleteHandler: updateCustomResource, queryInterval: Duration.seconds(5), totalTimeout: Duration.minutes(120), - } + }, ); const upgradeV303Resource = new CustomResource( @@ -257,7 +257,7 @@ export class UpgradeToV303 extends Stack { artefactsBucketName: artefactsBucket.bucketName, linksTableName: linksTable.tableName, }, - } + }, ); upgradeV303Resource.node.addDependency(triggerUpgradeSM); diff --git a/lib/stacks/region-switch/aws-sso-extensions-region-switch-deploy.ts b/lib/stacks/region-switch/aws-sso-extensions-region-switch-deploy.ts index 3606ddb..adb7b3f 100644 --- a/lib/stacks/region-switch/aws-sso-extensions-region-switch-deploy.ts +++ b/lib/stacks/region-switch/aws-sso-extensions-region-switch-deploy.ts @@ -30,7 +30,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: RegionSwitchBuildConfig + buildConfig: RegionSwitchBuildConfig, ) { super(scope, id, props); @@ -40,7 +40,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { */ const rsNodeJsLayer = new LayerVersion(this, fullname("rsNodeJsLayer"), { code: Code.fromAsset( - join(__dirname, "../../", "lambda-layers", "nodejs-layer") + join(__dirname, "../../", "lambda-layers", "nodejs-layer"), ), compatibleRuntimes: [Runtime.NODEJS_20_X], compatibleArchitectures: [Architecture.ARM_64], @@ -60,7 +60,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { { tableName: "aws-sso-extensions-region-switch-discover-globalPermissionSetsTable", - } + }, ); const globalAccountAssignmentsTable = Table.fromTableAttributes( this, @@ -69,7 +69,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { tableName: "aws-sso-extensions-region-switch-discover-globalAccountAssignmentsTable", globalIndexes: ["permissionSetName"], - } + }, ); /** @@ -92,7 +92,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { "lambda-functions", "region-switch", "src", - "rs-create-permission-sets.ts" + "rs-create-permission-sets.ts", ), bundling: { externalModules: [ @@ -102,7 +102,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { ], minify: true, }, - } + }, ); rsCreatePermissionSetsHandler.addToRolePolicy( new PolicyStatement({ @@ -115,7 +115,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { "sso:AttachManagedPolicyToPermissionSet", "sso:UpdatePermissionSet", ], - }) + }), ); /** Log group to attach to deploy state machine for capturing logs */ @@ -151,7 +151,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); deploySMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -163,7 +163,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { "identitystore:ListUsers", ], resources: ["*"], - }) + }), ); /** @@ -214,7 +214,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { "lambda-functions", "region-switch", "src", - "update-custom-resource.ts" + "update-custom-resource.ts", ), bundling: { externalModules: ["@aws-sdk/client-sfn"], @@ -224,14 +224,14 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { ssoAccountId: buildConfig.SSOServiceAccountId, ssoRegion: buildConfig.SSOServiceTargetAccountRegion, }, - } + }, ); if (updateCustomResourceHandler.role) { updateCustomResourceHandler.addToRolePolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); } @@ -254,20 +254,20 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { "lambda-functions", "region-switch", "src", - "trigger-deploySM.ts" + "trigger-deploySM.ts", ), bundling: { externalModules: ["@aws-sdk/client-sfn", "uuid"], minify: true, }, - } + }, ); if (parentSMInvokeFunction.role) { parentSMInvokeFunction.role.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:StartExecution"], resources: [deploySM.ref], - }) + }), ); } @@ -283,7 +283,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { isCompleteHandler: updateCustomResourceHandler, queryInterval: Duration.minutes(1), totalTimeout: Duration.minutes(240), // to handle scenarios where organisations have a lot of permission sets and account assignments discovered - } + }, ); /** @@ -303,7 +303,7 @@ export class AwsSsoExtensionsRegionSwitchDeploy extends Stack { globalAccountAssignmentsTable.tableName, CreatePSFunctionName: rsCreatePermissionSetsHandler.functionName, }, - } + }, ); /** * Add dependencies to ensure that the custom resource creation is not diff --git a/lib/stacks/region-switch/aws-sso-extensions-region-switch-discover.ts b/lib/stacks/region-switch/aws-sso-extensions-region-switch-discover.ts index 2a4a11d..88326a6 100644 --- a/lib/stacks/region-switch/aws-sso-extensions-region-switch-discover.ts +++ b/lib/stacks/region-switch/aws-sso-extensions-region-switch-discover.ts @@ -44,7 +44,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { scope: Construct, id: string, props: StackProps | undefined, - buildConfig: RegionSwitchBuildConfig + buildConfig: RegionSwitchBuildConfig, ) { super(scope, id, props); @@ -54,7 +54,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { */ const rsNodeJsLayer = new LayerVersion(this, fullname("rsNodeJsLayer"), { code: Code.fromAsset( - join(__dirname, "../../", "lambda-layers", "nodejs-layer") + join(__dirname, "../../", "lambda-layers", "nodejs-layer"), ), compatibleRuntimes: [Runtime.NODEJS_20_X], compatibleArchitectures: [Architecture.ARM_64], @@ -79,7 +79,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { encryption: TableEncryption.DEFAULT, removalPolicy: RemovalPolicy.DESTROY, replicationRegions: [buildConfig.SSOServiceTargetAccountRegion], - } + }, ); const globalAccountAssignmentsTable = new Table( this, @@ -94,7 +94,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { encryption: TableEncryption.DEFAULT, removalPolicy: RemovalPolicy.DESTROY, replicationRegions: [buildConfig.SSOServiceTargetAccountRegion], - } + }, ); globalAccountAssignmentsTable.addGlobalSecondaryIndex({ indexName: "permissionSetName", @@ -115,14 +115,14 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { fullname("rsPermissionSetImportTopic"), { displayName: fullname("rsPermissionSetImportTopic"), - } + }, ); const rsAccountAssignmentImportTopic = new Topic( this, fullname("rsAccountAssignmentImportTopic"), { displayName: fullname("rsAccountAssignmentImportTopic"), - } + }, ); /** @@ -142,7 +142,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { fullname("discoverSMLogGroup"), { retention: RetentionDays.ONE_MONTH, - } + }, ); /** @@ -157,13 +157,13 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { fullname("rsImportAccountAssignmentsSMRole"), { assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); rsImportAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ resources: ["*"], actions: ["sso:ListAccountAssignments"], - }) + }), ); rsImportAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -174,7 +174,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "identitystore:DescribeGroup", "identitystore:DescribeUser", ], - }) + }), ); rsImportAccountAssignmentsSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -189,10 +189,10 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); rsAccountAssignmentImportTopic.grantPublish( - rsImportAccountAssignmentsSMRole + rsImportAccountAssignmentsSMRole, ); /** @@ -218,10 +218,10 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); rsImportAccountAssignmentSM.node.addDependency( - rsImportAccountAssignmentsSMRole + rsImportAccountAssignmentsSMRole, ); rsImportAccountAssignmentSM.node.addDependency(discoverSMLogGroup); @@ -247,7 +247,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { fullname("rsImportPermissionSetSMRole"), { assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); rsImportPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -260,7 +260,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "sso:ListTagsForResource", "sso:ListAccountsForProvisionedPermissionSet", ], - }) + }), ); rsImportPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -274,19 +274,19 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { `arn:aws:dynamodb:${buildConfig.SSOServiceAccountRegion}:${buildConfig.SSOServiceAccountId}:table/rs-temp-PermissionSets`, `arn:aws:dynamodb:${buildConfig.SSOServiceAccountRegion}:${buildConfig.SSOServiceAccountId}:table/rs-temp-PermissionSets/index/*`, ], - }) + }), ); rsImportPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:StartExecution"], resources: [rsImportAccountAssignmentSM.ref], - }) + }), ); rsImportPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); rsImportPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -294,7 +294,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { resources: [ `arn:aws:events:${buildConfig.SSOServiceAccountRegion}:${buildConfig.SSOServiceAccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule`, ], - }) + }), ); rsImportPermissionSetSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -309,7 +309,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); rsPermissionSetImportTopic.grantPublish(rsImportPermissionSetSMRole); @@ -336,7 +336,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); rsImportPermissionSetSM.node.addDependency(rsImportPermissionSetSMRole); rsImportPermissionSetSM.node.addDependency(discoverSMLogGroup); @@ -361,7 +361,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { fullname("rsImportCurrentConfigSMRole"), { assumedBy: new ServicePrincipal("states.amazonaws.com"), - } + }, ); rsImportCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -374,25 +374,25 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { `arn:aws:dynamodb:${buildConfig.SSOServiceAccountRegion}:${buildConfig.SSOServiceAccountId}:table/rs-temp-PermissionSets`, `arn:aws:dynamodb:${buildConfig.SSOServiceAccountRegion}:${buildConfig.SSOServiceAccountId}:table/rs-temp-PermissionSets/index/*`, ], - }) + }), ); rsImportCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ resources: ["*"], actions: ["sso:ListInstances"], - }) + }), ); rsImportCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:StartExecution"], resources: [rsImportPermissionSetSM.ref], - }) + }), ); rsImportCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); rsImportCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -400,7 +400,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { resources: [ `arn:aws:events:${buildConfig.SSOServiceAccountRegion}:${buildConfig.SSOServiceAccountId}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule`, ], - }) + }), ); rsImportCurrentConfigSMRole.addToPrincipalPolicy( new PolicyStatement({ @@ -415,7 +415,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "logs:DescribeLogGroups", ], resources: ["*"], - }) + }), ); /** @@ -441,7 +441,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { includeExecutionData: true, level: "ALL", }, - } + }, ); rsImportCurrentConfigSM.node.addDependency(rsImportCurrentConfigSMRole); rsImportCurrentConfigSM.node.addDependency(discoverSMLogGroup); @@ -463,7 +463,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "lambda-functions", "region-switch", "src", - "rs-import-permission-sets.ts" + "rs-import-permission-sets.ts", ), bundling: { externalModules: [ @@ -476,7 +476,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { environment: { globalPermissionSetTableName: globalPermissionSetsTable.tableName, }, - } + }, ); /** @@ -486,7 +486,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { */ globalPermissionSetsTable.grantReadWriteData(rsImportPermissionSetsHandler); rsImportPermissionSetsHandler.addEventSource( - new SnsEventSource(rsPermissionSetImportTopic) + new SnsEventSource(rsPermissionSetImportTopic), ); /** @@ -506,7 +506,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "lambda-functions", "region-switch", "src", - "rs-import-account-assignments.ts" + "rs-import-account-assignments.ts", ), bundling: { externalModules: [ @@ -520,7 +520,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { globalAccountAssignmentsTableName: globalAccountAssignmentsTable.tableName, }, - } + }, ); /** * Add permissions so that the account assignment import handler can @@ -528,10 +528,10 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { * event source as the accountt assignment import topic */ globalAccountAssignmentsTable.grantReadWriteData( - rsImportAccountAssignmentsHandler + rsImportAccountAssignmentsHandler, ); rsImportAccountAssignmentsHandler.addEventSource( - new SnsEventSource(rsAccountAssignmentImportTopic) + new SnsEventSource(rsAccountAssignmentImportTopic), ); /** @@ -560,7 +560,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "lambda-functions", "region-switch", "src", - "update-custom-resource.ts" + "update-custom-resource.ts", ), bundling: { externalModules: ["@aws-sdk/client-sfn"], @@ -570,14 +570,14 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { ssoAccountId: buildConfig.SSOServiceAccountId, ssoRegion: buildConfig.SSOServiceAccountRegion, }, - } + }, ); if (updateCustomResourceHandler.role) { updateCustomResourceHandler.addToRolePolicy( new PolicyStatement({ actions: ["states:DescribeExecution", "states:StopExecution"], resources: ["*"], - }) + }), ); } @@ -600,20 +600,20 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { "lambda-functions", "region-switch", "src", - "trigger-parentSM.ts" + "trigger-parentSM.ts", ), bundling: { externalModules: ["@aws-sdk/client-sfn", "uuid"], minify: true, }, - } + }, ); if (parentSMInvokeFunction.role) { parentSMInvokeFunction.role.addToPrincipalPolicy( new PolicyStatement({ actions: ["states:StartExecution"], resources: [rsImportCurrentConfigSM.ref], - }) + }), ); } @@ -629,7 +629,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { isCompleteHandler: updateCustomResourceHandler, queryInterval: Duration.seconds(5), totalTimeout: Duration.minutes(120), // to handle scenarios where organisations have a lot of existing account assignments already - } + }, ); /** @@ -652,7 +652,7 @@ export class AwsSsoExtensionsRegionSwitchDiscover extends Stack { temporaryPermissionSetTableName: `rs-temp-PermissionSets`, ssoRegion: buildConfig.SSOServiceAccountRegion, }, - } + }, ); parentSMResource.node.addDependency(rsImportAccountAssignmentsHandler); diff --git a/package.json b/package.json index 793aae6..86242ec 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aws-sso-extensions-for-enterprise", - "version": "3.1.8", + "version": "3.1.9", "bin": { "aws-sso-extensions-for-enterprise": "bin/aws-sso-extensions-for-enterprise.js" }, @@ -32,7 +32,7 @@ "@types/uuid": "^10.0.0", "@typescript-eslint/eslint-plugin": "^7.18.0", "@typescript-eslint/parser": "^7.18.0", - "aws-cdk": "^2.150.0", + "aws-cdk": "^2.160.0", "esbuild": "^0.23.0", "eslint": "^8.56.0", "eslint-plugin-import": "^2.29.1", @@ -46,7 +46,7 @@ "uuid": "^10.0.0" }, "dependencies": { - "aws-cdk-lib": "^2.150.0", + "aws-cdk-lib": "^2.160.0", "constructs": "^10.3.0", "js-yaml": "^4.1.0", "source-map-support": "^0.5.21" diff --git a/test/aws-sso-extensions-for-enterprise.ts b/test/aws-sso-extensions-for-enterprise.ts index 4d873e9..7ddffbc 100644 --- a/test/aws-sso-extensions-for-enterprise.ts +++ b/test/aws-sso-extensions-for-enterprise.ts @@ -12,7 +12,7 @@ test("Empty Stack", () => { function ensureString( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, - propName: string + propName: string, ): string { if (!object[`${propName}`] || object[`${propName}`].trim().length === 0) throw new Error(propName + " does not exist or is empty"); @@ -24,7 +24,7 @@ test("Empty Stack", () => { /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, repoTypePropName: string, - propName: string + propName: string, ): string { const repoType = ensureString(object, repoTypePropName); let propValue = ""; @@ -53,9 +53,20 @@ test("Empty Stack", () => { default: return ""; } + } else if (repoType.toLowerCase() === "s3") { + switch (propName.toLowerCase()) { + case "sourcebucketname": + propValue = ensureString(object, propName); + break; + case "sourceobjectkey": + propValue = ensureString(object, propName); + break; + default: + return ""; + } } else { throw new Error( - `Repo type ${repoType} is not one of valid values - ["codecommit","codestar"]` + `Repo type ${repoType} is not one of valid values - ["codecommit","codestar","s3"]`, ); } /** Making the linter happy */ @@ -65,7 +76,7 @@ test("Empty Stack", () => { /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, propName: string, - validList: Array + validList: Array, ): string { if ( !object[`${propName}`] || @@ -74,13 +85,13 @@ test("Empty Stack", () => { ) throw new Error( propName + - " does not exist or is empty or is of not the correct data type" + " does not exist or is empty or is of not the correct data type", ); const value = ("" + object[`${propName}`]).toUpperCase(); if (!validList.includes(value)) { throw new Error( - `${propName} is not one of the valid values - ${validList.toString()}` + `${propName} is not one of the valid values - ${validList.toString()}`, ); } @@ -90,11 +101,11 @@ test("Empty Stack", () => { function ensureBoolean( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, - propName: string + propName: string, ): boolean { if (typeof object[`${propName}`] !== "boolean") throw new Error( - propName + " does not exist or is of not the correct data type" + propName + " does not exist or is of not the correct data type", ); return object[`${propName}`]; @@ -103,11 +114,11 @@ test("Empty Stack", () => { function ensureNumber( /* eslint-disable @typescript-eslint/no-explicit-any */ object: { [name: string]: any }, - propName: string + propName: string, ): number { if (!object[`${propName}`] || typeof object[`${propName}`] !== "number") throw new Error( - propName + " does not exist or is empty or is not a number data type" + propName + " does not exist or is empty or is not a number data type", ); return object[`${propName}`]; @@ -117,11 +128,11 @@ test("Empty Stack", () => { const env = app.node.tryGetContext("config"); if (!env) throw new Error( - "Context variable missing on CDK command. Pass in as `-c config=XXX`" + "Context variable missing on CDK command. Pass in as `-c config=XXX`", ); /* eslint-disable @typescript-eslint/no-explicit-any */ const unparsedEnv: any = yaml.load( - readFileSync(resolve("./config/" + env + ".yaml"), "utf8") + readFileSync(resolve("./config/" + env + ".yaml"), "utf8"), ); return { @@ -132,64 +143,74 @@ test("Empty Stack", () => { PipelineSettings: { BootstrapQualifier: ensureString( unparsedEnv["PipelineSettings"], - "BootstrapQualifier" + "BootstrapQualifier", ), DeploymentAccountId: ensureString( unparsedEnv["PipelineSettings"], - "DeploymentAccountId" + "DeploymentAccountId", ), DeploymentAccountRegion: ensureString( unparsedEnv["PipelineSettings"], - "DeploymentAccountRegion" + "DeploymentAccountRegion", ), TargetAccountId: ensureString( unparsedEnv["PipelineSettings"], - "TargetAccountId" + "TargetAccountId", ), TargetAccountRegion: ensureString( unparsedEnv["PipelineSettings"], - "TargetAccountRegion" + "TargetAccountRegion", ), SSOServiceAccountId: ensureString( unparsedEnv["PipelineSettings"], - "SSOServiceAccountId" + "SSOServiceAccountId", ), SSOServiceAccountRegion: ensureString( unparsedEnv["PipelineSettings"], - "SSOServiceAccountRegion" + "SSOServiceAccountRegion", ), OrgMainAccountId: ensureString( unparsedEnv["PipelineSettings"], - "OrgMainAccountId" + "OrgMainAccountId", ), RepoType: ensureValidString( unparsedEnv["PipelineSettings"], "RepoType", - ["CODECOMMIT", "CODESTAR"] + ["CODECOMMIT", "CODESTAR", "S3"], ), RepoArn: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "RepoArn" + "RepoArn", ), RepoBranchName: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "RepoBranchName" + "RepoBranchName", ), RepoName: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "RepoName" + "RepoName", ), CodeStarConnectionArn: ensureDependentPropIsPresentForSourceRepo( unparsedEnv["PipelineSettings"], "RepoType", - "CodeStarConnectionArn" + "CodeStarConnectionArn", + ), + SourceBucketName: ensureDependentPropIsPresentForSourceRepo( + unparsedEnv["PipelineSettings"], + "RepoType", + "SourceBucketName", + ), + SourceObjectKey: ensureDependentPropIsPresentForSourceRepo( + unparsedEnv["PipelineSettings"], + "RepoType", + "SourceObjectKey", ), SynthCommand: ensureString( unparsedEnv["PipelineSettings"], - "SynthCommand" + "SynthCommand", ), }, @@ -197,47 +218,47 @@ test("Empty Stack", () => { LinksProvisioningMode: ensureValidString( unparsedEnv["Parameters"], "LinksProvisioningMode", - ["API", "S3"] + ["API", "S3"], ), PermissionSetProvisioningMode: ensureValidString( unparsedEnv["Parameters"], "PermissionSetProvisioningMode", - ["API", "S3"] + ["API", "S3"], ), LinkCallerRoleArn: ensureString( unparsedEnv["Parameters"], - "LinkCallerRoleArn" + "LinkCallerRoleArn", ), PermissionSetCallerRoleArn: ensureString( unparsedEnv["Parameters"], - "PermissionSetCallerRoleArn" + "PermissionSetCallerRoleArn", ), NotificationEmail: ensureString( unparsedEnv["Parameters"], - "NotificationEmail" + "NotificationEmail", ), AccountAssignmentVisibilityTimeoutHours: ensureNumber( unparsedEnv["Parameters"], - "AccountAssignmentVisibilityTimeoutHours" + "AccountAssignmentVisibilityTimeoutHours", ), IsAdUsed: ensureBoolean(unparsedEnv["Parameters"], "IsAdUsed"), DomainName: ensureString(unparsedEnv["Parameters"], "DomainName"), ImportCurrentSSOConfiguration: ensureBoolean( unparsedEnv["Parameters"], - "ImportCurrentSSOConfiguration" + "ImportCurrentSSOConfiguration", ), UpgradeFromVersionLessThanV303: ensureBoolean( unparsedEnv["Parameters"], - "UpgradeFromVersionLessThanV303" + "UpgradeFromVersionLessThanV303", ), SupportNestedOU: ensureBoolean( unparsedEnv["Parameters"], - "SupportNestedOU" + "SupportNestedOU", ), FunctionLogMode: ensureValidString( unparsedEnv["Parameters"], "FunctionLogMode", - ["INFO", "WARN", "DEBUG", "EXCEPTION"] + ["INFO", "WARN", "DEBUG", "EXCEPTION"], ), }, }; @@ -258,7 +279,7 @@ test("Empty Stack", () => { qualifier: buildConfig.PipelineSettings.BootstrapQualifier, }), }, - buildConfig + buildConfig, ); // THEN // Only does synth check at this time diff --git a/yarn.lock b/yarn.lock index 0b6a5a8..f2edcf0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -27,10 +27,18 @@ resolved "https://registry.yarnpkg.com/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.2.tgz#d8e20b5f5dc20128ea2000dc479ca3c7ddc27248" integrity sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg== -"@aws-cdk/asset-node-proxy-agent-v6@^2.0.3": - version "2.0.3" - resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523" - integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg== +"@aws-cdk/asset-node-proxy-agent-v6@^2.1.0": + version "2.1.0" + resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.1.0.tgz#6d3c7860354d4856a7e75375f2f0ecab313b4989" + integrity sha512-7bY3J8GCVxLupn/kNmpPc5VJz8grx+4RKfnnJiO1LG+uxkZfANZG3RMHhE+qQxxwkyQ9/MfPtTpf748UhR425A== + +"@aws-cdk/cloud-assembly-schema@^38.0.0": + version "38.0.1" + resolved "https://registry.yarnpkg.com/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-38.0.1.tgz#cdf4684ae8778459e039cd44082ea644a3504ca9" + integrity sha512-KvPe+NMWAulfNVwY7jenFhzhuLhLqJ/OPy5jx7wUstbjnYnjRVLpUHPU3yCjXFE0J8cuJVdx95BJ4rOs66Pi9w== + dependencies: + jsonschema "^1.4.1" + semver "^7.6.3" "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.16.7": version "7.16.7" @@ -1637,30 +1645,31 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -aws-cdk-lib@^2.150.0: - version "2.150.0" - resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.150.0.tgz#c5fb37f824e645dc7663f001eda7950bb09ec53d" - integrity sha512-A5dJ6iIAXlkSgUIKhhSd5slEjvDBiREv6/xw8CgrXU+puoFULu5bC0SOQARjTzcsAgAVtxdlaZ7qy7u9It7nHQ== +aws-cdk-lib@^2.160.0: + version "2.160.0" + resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.160.0.tgz#29e8104d2a4d93afd90c250265ea76e1c63baa3f" + integrity sha512-HJvn1lKmyZk1i56j4sgOddRfoDto9L/INgXSWmLzDdnMdMQWRvB/dbPQPrF1voVN26UKmrNdH9Irr0soMD5B1A== dependencies: "@aws-cdk/asset-awscli-v1" "^2.2.202" "@aws-cdk/asset-kubectl-v20" "^2.1.2" - "@aws-cdk/asset-node-proxy-agent-v6" "^2.0.3" + "@aws-cdk/asset-node-proxy-agent-v6" "^2.1.0" + "@aws-cdk/cloud-assembly-schema" "^38.0.0" "@balena/dockerignore" "^1.0.2" case "1.6.3" fs-extra "^11.2.0" - ignore "^5.3.1" + ignore "^5.3.2" jsonschema "^1.4.1" mime-types "^2.1.35" minimatch "^3.1.2" punycode "^2.3.1" - semver "^7.6.2" + semver "^7.6.3" table "^6.8.2" yaml "1.10.2" -aws-cdk@^2.150.0: - version "2.150.0" - resolved "https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.150.0.tgz#364d3b208bf040b18d42d0036cff1ce5cef4021b" - integrity sha512-leo4J70QrJp+SYm/87VuoOVfALsW11F7JpkAGu5TLL/qd2k/CbovZ8k9/3Ov+jCVsvAgdn9DeHL01Sn6hSl6Zg== +aws-cdk@^2.160.0: + version "2.160.0" + resolved "https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.160.0.tgz#5043311e4e576fda53b3ce761d47cbc1004fb309" + integrity sha512-JquccawrU2dp0cS80my65oLLNRUJZflKRKIRSVjQ1A9W4bNns/xhSqaVlL41NAsGSYBWxCzzWHrV3yOFShU87A== optionalDependencies: fsevents "2.3.2" @@ -2882,6 +2891,11 @@ ignore@^5.3.1: resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef" integrity sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw== +ignore@^5.3.2: + version "5.3.2" + resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.2.tgz#3cd40e729f3643fd87cb04e50bf0eb722bc596f5" + integrity sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g== + import-fresh@^3.2.1: version "3.3.0" resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.3.0.tgz#37162c25fcb9ebaa2e6e53d5b4d88ce17d9e0c2b" @@ -4449,7 +4463,7 @@ semver@^6.0.0, semver@^6.3.0, semver@^6.3.1: resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.2: +semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.3: version "7.6.3" resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==