Fix permission set schema validation bugs (#70)

* Fix permission set schema validation bugs * Version upgrades * Update env.yaml version no
aws-samples · May 18, 2022 · 1282be9 · 1282be9
1 parent 6dce2af
commit 1282be9
Show file tree

Hide file tree

Showing 11 changed files with 3,609 additions and 3,380 deletions.
diff --git a/config/env.yaml b/config/env.yaml
@@ -1,7 +1,7 @@
 ---
 App: "aws-sso-extensions-for-enterprise"
 Environment: "env"
-Version: "3.1.3"
+Version: "3.1.4"
 
 PipelineSettings:
   BootstrapQualifier: "<your-bootstrap-qualifier>" # For example: 'ssoutility'

diff --git a/lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts b/lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts
@@ -129,6 +129,7 @@ export const handler = async (event: SNSEvent) => {
     let currentSessionDuration = "";
     let sortedManagedPoliciesArnList: Array<string> = [];
     let currentRelayState = "";
+    let currentPermissionSetDescription = permissionSetName;
 
     logger({
       handler: "permissionSetTopicProcessor",
@@ -154,7 +155,9 @@ export const handler = async (event: SNSEvent) => {
           new CreatePermissionSetCommand({
             InstanceArn: instanceArn,
             Name: permissionSetName,
-            Description: permissionSetName,
+            Description: currentItem.description
+              ? currentItem.description
+              : permissionSetName,
             RelayState: currentItem.relayState + "",
             SessionDuration: serializeDurationToISOFormat({
               minutes: parseInt(currentItem.sessionDurationInMinutes + ""),
@@ -327,6 +330,12 @@ export const handler = async (event: SNSEvent) => {
               sortedManagedPoliciesArnList =
                 currentItem.sortedManagedPoliciesArnList;
             }
+            if (
+              currentItem.description &&
+              currentItem.description.length !== 0
+            ) {
+              currentPermissionSetDescription = currentItem.description;
+            }
             permissionSetArn = fetchArn.Item.permissionSetArn;
 
             let k: keyof typeof diffCalculated;
@@ -506,10 +515,14 @@ export const handler = async (event: SNSEvent) => {
                 case "sessionDurationInMinutes-add":
                 case "sessionDurationInMinutes-remove":
                 case "sessionDurationInMinutes-update":
+                case "description-add":
+                case "description-remove":
+                case "description-update":
                 case "relayState-add":
                 case "relayState-remove":
                 case "relayState-update": {
                   updatePermissionSetAttributes = true;
+                  reProvision = true;
                   logger({
                     handler: "permissionSetTopicProcessor",
                     logMode: "info",
@@ -603,6 +616,7 @@ export const handler = async (event: SNSEvent) => {
                 new UpdatePermissionSetCommand({
                   PermissionSetArn: permissionSetArn,
                   InstanceArn: instanceArn,
+                  Description: currentPermissionSetDescription,
                   SessionDuration: serializeDurationToISOFormat({
                     minutes: parseInt(currentSessionDuration),
                   }),

diff --git a/lib/lambda-functions/helpers/src/interfaces.ts b/lib/lambda-functions/helpers/src/interfaces.ts
@@ -12,6 +12,7 @@ export interface Tag {
 }
 export interface CreateUpdatePermissionSetDataProps {
   readonly permissionSetName: string;
+  readonly description?: string;
   readonly sessionDurationInMinutes: string;
   readonly relayState: string;
   readonly tags: Array<Tag>;

diff --git a/lib/lambda-functions/package.json b/lib/lambda-functions/package.json
@@ -7,24 +7,24 @@
   },
   "keywords": [],
   "dependencies": {
-    "@aws-sdk/client-dynamodb": "3.52.0",
-    "@aws-sdk/client-identitystore": "3.52.0",
-    "@aws-sdk/client-s3": "3.52.0",
-    "@aws-sdk/client-sfn": "3.52.0",
-    "@aws-sdk/client-sns": "3.52.0",
-    "@aws-sdk/client-sqs": "3.52.0",
-    "@aws-sdk/client-ssm": "3.52.0",
-    "@aws-sdk/client-sso-admin": "3.52.0",
-    "@aws-sdk/credential-providers": "3.52.0",
-    "@aws-sdk/lib-dynamodb": "3.52.0",
-    "@aws-sdk/util-dynamodb": "3.52.0",
-    "@aws-sdk/util-waiter": "3.52.0",
-    "ajv": "8.10.0",
-    "json-diff": "0.7.1",
-    "uuid": "8.3.2"
+    "@aws-sdk/client-dynamodb": "^3.92.0",
+    "@aws-sdk/client-identitystore": "^3.92.0",
+    "@aws-sdk/client-s3": "^3.92.0",
+    "@aws-sdk/client-sfn": "^3.92.0",
+    "@aws-sdk/client-sns": "^3.92.0",
+    "@aws-sdk/client-sqs": "^3.92.0",
+    "@aws-sdk/client-ssm": "^3.92.0",
+    "@aws-sdk/client-sso-admin": "^3.92.0",
+    "@aws-sdk/credential-providers": "^3.92.0",
+    "@aws-sdk/lib-dynamodb": "^3.92.0",
+    "@aws-sdk/util-dynamodb": "^3.92.0",
+    "@aws-sdk/util-waiter": "^3.78.0",
+    "ajv": "^8.11.0",
+    "json-diff": "^0.7.4",
+    "uuid": "^8.3.2"
   },
   "devDependencies": {
-    "@types/json-diff": "0.7.0",
-    "@types/uuid": "8.3.4"
+    "@types/json-diff": "^0.7.0",
+    "@types/uuid": "^8.3.4"
   }
 }