Skip to content

Commit

Permalink
Fix for empty managed policies;Fix for lambda layer resource conflict (
Browse files Browse the repository at this point in the history 
…#109)
  • Loading branch information
@leelalagudu
leelalagudu authored Jan 6, 2023
1 parent b2deecf commit f369ece
Show file tree
Hide file tree
Showing 11 changed files with 2,548 additions and 2,643 deletions.
2 changes: 1 addition & 1 deletion config/env.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
App: "aws-sso-extensions-for-enterprise"
Environment: "env"
Version: "3.1.7"
Version: "3.1.8"

PipelineSettings:
BootstrapQualifier: "<your-bootstrap-qualifier>" # For example: 'ssoutility'
Expand Down
18 changes: 9 additions & 9 deletions lib/lambda-functions/application-handlers/src/groupsCud.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,16 @@
* - Determine if permission set referenced in the link is already provisioned by
* looking up permissionsetArn ddb table
*
* - If permission set is already provisioned, then
* - If permission set is already provisioned, then
*
* - Determine if the link type is account, ou_id, account_tag or root
* - If account, post the link operation details to link manager FIFO queue
* - If ou_id, root, account_tag resolve the actual accounts and post the link
* operation
* details to org
* entities state
* machine in org account
* - If permission set is not provisioned, stop the operation here
* - Determine if the link type is account, ou_id, account_tag or root
* - If account, post the link operation details to link manager FIFO queue
* - If ou_id, root, account_tag resolve the actual accounts and post the link
* operation
* details to org
* entities state
* machine in org account
* - If permission set is not provisioned, stop the operation here
* - If there are no related links, then stop the operation here
* - Catch all failures in a generic exception block and post the error details to
* error notifications topics
Expand Down
16 changes: 8 additions & 8 deletions lib/lambda-functions/application-handlers/src/linkTopicProcessor.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,17 @@
*
* - If the permission set arn exists, then
*
* - Look up in AWS IAM Identity Center Identity store if the user/group exists
* - Look up in AWS IAM Identity Center Identity store if the user/group exists
*
* - If the user/group exists
* - If the user/group exists
*
* - Determine if the operation is create/delete
* - Determine if link type is account /ou_id/root/account_tag
* - If link type is account , post the link provisioning/deprovisioning operation to the link manager queue
* - If link type is ou_id, root,account_tag invoke org entities state machine
* - If the user/group does not exist
* - Determine if the operation is create/delete
* - Determine if link type is account /ou_id/root/account_tag
* - If link type is account , post the link provisioning/deprovisioning operation to the link manager queue
* - If link type is ou_id, root,account_tag invoke org entities state machine
* - If the user/group does not exist
*
* - Stop processing as we won't be able to proceed without the principal Arn
* - Stop processing as we won't be able to proceed without the principal Arn
* - If the permission set does not exist, do nothing as we cannot do link
* provisioning if the permission set is not yet provisioned
* - Catch all failures in a generic exception block and post the error details to
Expand Down
34 changes: 24 additions & 10 deletions lib/lambda-functions/application-handlers/src/permissionSetTopicProcessor.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -519,16 +519,30 @@ export const handler = async (event: SNSEvent) => {
* Sort managed policies before delta calculation and prepare the
* permission sorted objects to compare using the sorted lists
*/
const sortedOldItemManagedPoliciesArnList: Array<string> =
oldItem.managedPoliciesArnList.sort();
const sortedCurrentItemManagedPoliciesArnList: Array<string> =
currentItem.managedPoliciesArnList.sort();
delete oldItem["managedPoliciesArnList"];
delete currentItem["managedPoliciesArnList"];
oldItem["sortedManagedPoliciesArnList"] =
sortedOldItemManagedPoliciesArnList;
currentItem["sortedManagedPoliciesArnList"] =
sortedCurrentItemManagedPoliciesArnList;
let sortedOldItemManagedPoliciesArnList: Array<string> = [];
let sortedCurrentItemManagedPoliciesArnList: Array<string> = [];

if (
oldItem.managedPoliciesArnList &&
oldItem.managedPoliciesArnList.length > 0
) {
sortedOldItemManagedPoliciesArnList =
oldItem.managedPoliciesArnList.sort();
delete oldItem["managedPoliciesArnList"];
oldItem["sortedManagedPoliciesArnList"] =
sortedOldItemManagedPoliciesArnList;
}

if (
currentItem.managedPoliciesArnList &&
currentItem.managedPoliciesArnList.length > 0
) {
sortedCurrentItemManagedPoliciesArnList =
currentItem.managedPoliciesArnList.sort();
delete currentItem["managedPoliciesArnList"];
currentItem["sortedManagedPoliciesArnList"] =
sortedCurrentItemManagedPoliciesArnList;
}

logger(
{
Expand Down
32 changes: 16 additions & 16 deletions lib/lambda-functions/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
{
"name": "aws-sso-extensions-for-enterprise-layer",
"version": "3.1.7",
"version": "3.1.8",
"description": "AWS SSO Permissions Utility Layer",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"dependencies": {
"@aws-sdk/client-dynamodb": "^3.159.0",
"@aws-sdk/client-identitystore": "^3.159.0",
"@aws-sdk/client-organizations": "^3.159.0",
"@aws-sdk/client-s3": "^3.159.0",
"@aws-sdk/client-sfn": "^3.159.0",
"@aws-sdk/client-sns": "^3.159.0",
"@aws-sdk/client-sqs": "^3.159.0",
"@aws-sdk/client-ssm": "^3.159.0",
"@aws-sdk/client-sso-admin": "^3.159.0",
"@aws-sdk/credential-providers": "^3.159.0",
"@aws-sdk/lib-dynamodb": "^3.159.0",
"@aws-sdk/util-dynamodb": "^3.159.0",
"@aws-sdk/util-waiter": "^3.159.0",
"@aws-sdk/client-dynamodb": "^3.172.0",
"@aws-sdk/client-identitystore": "^3.171.0",
"@aws-sdk/client-organizations": "^3.171.0",
"@aws-sdk/client-s3": "^3.171.0",
"@aws-sdk/client-sfn": "^3.171.0",
"@aws-sdk/client-sns": "^3.171.0",
"@aws-sdk/client-sqs": "^3.171.0",
"@aws-sdk/client-ssm": "^3.171.0",
"@aws-sdk/client-sso-admin": "^3.171.0",
"@aws-sdk/credential-providers": "^3.171.0",
"@aws-sdk/lib-dynamodb": "^3.172.0",
"@aws-sdk/util-dynamodb": "^3.172.0",
"@aws-sdk/util-waiter": "^3.171.0",
"ajv": "^8.11.0",
"json-diff": "^0.9.0",
"uuid": "^8.3.2"
"uuid": "^9.0.0"
},
"devDependencies": {
"@types/json-diff": "^0.7.0",
"@types/json-diff": "^0.9.0",
"@types/uuid": "^8.3.4"
}
}
Loading

0 comments on commit f369ece

Please sign in to comment.