Skip to content

Commit 267a33c

Browse files
devsnekdevsnek
authored
get oidc config from console (#9)
1 parent f2dbe70 commit 267a33c

2 files changed

Lines changed: 49 additions & 19 deletions

File tree

main.ts

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,13 @@ const setupAWSCommand = new Command<{ endpoint: string }>()
5454
c.trim().toLowerCase().replaceAll(" ", "-")
5555
)
5656
: [];
57-
58-
await setupAws(options.org, options.app, contextList);
57+
const gottenApp = await withApp(
58+
options.endpoint,
59+
false,
60+
options.org,
61+
options.app,
62+
);
63+
await setupAws(options.endpoint, gottenApp.org, gottenApp.app, contextList);
5964
});
6065

6166
const setupGCPCommand = new Command<{ endpoint: string }>()
@@ -73,8 +78,13 @@ const setupGCPCommand = new Command<{ endpoint: string }>()
7378
c.trim().toLowerCase().replaceAll(" ", "-")
7479
)
7580
: [];
76-
77-
await setupGcp(options.org, options.app, contextList);
81+
const gottenApp = await withApp(
82+
options.endpoint,
83+
false,
84+
options.org,
85+
options.app,
86+
);
87+
await setupGcp(options.endpoint, gottenApp.org, gottenApp.app, contextList);
7888
});
7989

8090
const tunnelLoginCommand = new Command<{ endpoint: string }>()

setup-cloud.ts

Lines changed: 35 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,8 @@
22
import prompt from "npm:prompts@2.4.2";
33

44
import { gray, green, yellow } from "@std/fmt/colors";
5+
import { createTrpcClient } from "./auth.ts";
56

6-
const OIDC_PROVIDER_DOMAIN = Deno.env.get("DENO_DEPLOY_OIDC_DOMAIN") ||
7-
"oidc.deno.com";
87
const AWS_OIDC_AUDIENCE = "sts.amazonaws.com";
98

109
async function runAwsCommand<T>(args: string[]): Promise<T> {
@@ -106,7 +105,12 @@ function log(string: string) {
106105
Deno.stdout.writeSync(new TextEncoder().encode(string));
107106
}
108107

109-
export async function setupAws(org: string, app: string, contexts: string[]) {
108+
export async function setupAws(
109+
deployUrl: string,
110+
org: string,
111+
app: string,
112+
contexts: string[],
113+
) {
110114
// Print out "AWS Setup Wizard for Deno Deploy" in an orange box
111115
console.log(
112116
"%c %c\n%c AWS Setup Wizard for Deno Deploy %c\n%c %c",
@@ -119,6 +123,12 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
119123
);
120124
console.log();
121125

126+
const trpcClient = createTrpcClient(deployUrl);
127+
const { oidcHostname } = await trpcClient.cloudConnections.config.query({
128+
org,
129+
app,
130+
});
131+
122132
// Check if AWS CLI is installed and that the user is authenticated
123133
log(gray(" Checking AWS account configuration..."));
124134
const awsInfo = await runAwsCommand<AwsInfo>([
@@ -131,13 +141,13 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
131141
} with ${yellow(awsInfo.UserId)}\n`,
132142
);
133143

134-
// Check whether the OIDC_PROVIDER_DOMAIN identity provider is already set up
144+
// Check whether the oidcHostname identity provider is already set up
135145
log(gray(" Checking OIDC provider configuration..."));
136146
const providers = await runAwsCommand<
137147
{ OpenIDConnectProviderList: Array<{ Arn: string }> }
138148
>(["iam", "list-open-id-connect-providers"]);
139149
let providerArn = providers.OpenIDConnectProviderList
140-
.find((p) => p.Arn.includes(OIDC_PROVIDER_DOMAIN))?.Arn;
150+
.find((p) => p.Arn.includes(oidcHostname))?.Arn;
141151
let providerHasClientId = false;
142152
if (providerArn) {
143153
// Check that the provider has the correct client ID
@@ -224,7 +234,7 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
224234

225235
if (!providerArn) {
226236
console.log(
227-
` %c+ create%c an OIDC provider for %chttps://${OIDC_PROVIDER_DOMAIN}`,
237+
` %c+ create%c an OIDC provider for %chttps://${oidcHostname}`,
228238
"color: green;",
229239
"color: gray;",
230240
"color: blue;",
@@ -297,12 +307,12 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
297307
"iam",
298308
"create-open-id-connect-provider",
299309
"--url",
300-
`https://${OIDC_PROVIDER_DOMAIN}`,
310+
`https://${oidcHostname}`,
301311
"--client-id-list",
302312
"sts.amazonaws.com",
303313
]).then((res) => res.OpenIDConnectProviderArn);
304314
console.log(
305-
`\r%c✔ Created%c OIDC provider for %chttps://${OIDC_PROVIDER_DOMAIN}%c with ARN: %c${providerArn}%c`,
315+
`\r%c✔ Created%c OIDC provider for %chttps://${oidcHostname}%c with ARN: %c${providerArn}%c`,
306316
"color: green;",
307317
"color: reset;",
308318
"color: blue;",
@@ -341,8 +351,7 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
341351
Action: "sts:AssumeRoleWithWebIdentity",
342352
Condition: {
343353
StringEquals: {
344-
[`${OIDC_PROVIDER_DOMAIN}:sub`]:
345-
`deployment:${org}/${app}/${context}`,
354+
[`${oidcHostname}:sub`]: `deployment:${org}/${app}/${context}`,
346355
},
347356
},
348357
}))
@@ -354,7 +363,7 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
354363
Action: "sts:AssumeRoleWithWebIdentity",
355364
Condition: {
356365
StringLike: {
357-
[`${OIDC_PROVIDER_DOMAIN}:sub`]: `deployment:${org}/${app}/*`,
366+
[`${oidcHostname}:sub`]: `deployment:${org}/${app}/*`,
358367
},
359368
},
360369
}];
@@ -401,7 +410,12 @@ export async function setupAws(org: string, app: string, contexts: string[]) {
401410
);
402411
}
403412

404-
export async function setupGcp(org: string, app: string, contexts: string[]) {
413+
export async function setupGcp(
414+
deployUrl: string,
415+
org: string,
416+
app: string,
417+
contexts: string[],
418+
) {
405419
// Print out "GCP Setup Wizard for Deno Deploy" in a blue box
406420
console.log(
407421
"%c %c\n%c GCP Setup Wizard for Deno Deploy %c\n%c %c",
@@ -414,6 +428,12 @@ export async function setupGcp(org: string, app: string, contexts: string[]) {
414428
);
415429
console.log();
416430

431+
const trpcClient = createTrpcClient(deployUrl);
432+
const { oidcHostname } = await trpcClient.cloudConnections.config.query({
433+
org,
434+
app,
435+
});
436+
417437
// Check if gcloud CLI is installed and that the user is authenticated
418438
log(gray(" Checking GCP account configuration..."));
419439
const accountList = await runGcloudCommand<
@@ -518,7 +538,7 @@ export async function setupGcp(org: string, app: string, contexts: string[]) {
518538
console.log(`\r${green("✔ APIs")} are enabled `);
519539
}
520540

521-
const gcpWorkloadIdentityId = OIDC_PROVIDER_DOMAIN.replace(/\./g, "-");
541+
const gcpWorkloadIdentityId = oidcHostname.replace(/\./g, "-");
522542

523543
// Check if the Workload Identity Pool already exists
524544
log(gray(" Checking workload identity pool..."));
@@ -645,7 +665,7 @@ export async function setupGcp(org: string, app: string, contexts: string[]) {
645665

646666
if (!workloadIdentityProviderExists) {
647667
console.log(
648-
` %c+ create%c workload identity provider %c${gcpWorkloadIdentityId}%c for %chttps://${OIDC_PROVIDER_DOMAIN}`,
668+
` %c+ create%c workload identity provider %c${gcpWorkloadIdentityId}%c for %chttps://${oidcHostname}`,
649669
"color: green;",
650670
"color: gray;",
651671
"color: blue;",
@@ -737,7 +757,7 @@ export async function setupGcp(org: string, app: string, contexts: string[]) {
737757
gcpWorkloadIdentityId,
738758
"--workload-identity-pool=" + gcpWorkloadIdentityId,
739759
"--location=global",
740-
"--issuer-uri=https://" + OIDC_PROVIDER_DOMAIN,
760+
"--issuer-uri=https://" + oidcHostname,
741761
'--attribute-mapping=google.subject=assertion.sub,attribute.org_id=assertion.org_id,attribute.org_slug=assertion.org_slug,attribute.app_id=assertion.app_id,attribute.app_slug=assertion.app_slug,attribute.full_slug=assertion.org_slug+"/"+assertion.app_slug,attribute.context_id=assertion.context_id,attribute.context_name=assertion.context_name',
742762
"--no-user-output-enabled",
743763
]);

0 commit comments

Comments
 (0)