diff --git a/.eslintrc.json b/.eslintrc.json
index a949ea7..8c0c617 100644
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -34,11 +34,7 @@
}
},
"ignorePatterns": [
- "*.js",
- "*.d.ts",
- "node_modules/",
- "*.generated.ts",
- "coverage",
+ "src/generated/*.ts",
"!.projenrc.js"
],
"rules": {
diff --git a/.gitattributes b/.gitattributes
index 5640d72..25d380a 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -21,4 +21,5 @@
/LICENSE linguist-generated
/package-lock.json linguist-generated
/package.json linguist-generated
+/src/generated/iam-role-props.ts linguist-generated
/tsconfig.dev.json linguist-generated
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 0bdbbc9..9843c51 100644
--- a/.gitignore
+++ b/.gitignore
@@ -58,3 +58,4 @@ junit.xml
tsconfig.json
!/API.md
!/.nvmrc
+!/src/generated/iam-role-props.ts
diff --git a/.projen/deps.json b/.projen/deps.json
index 2b50f64..e074564 100644
--- a/.projen/deps.json
+++ b/.projen/deps.json
@@ -1,5 +1,9 @@
{
"dependencies": [
+ {
+ "name": "@mrgrain/jsii-struct-builder",
+ "type": "build"
+ },
{
"name": "@types/github-username-regex",
"type": "build"
diff --git a/.projen/files.json b/.projen/files.json
index 928693f..abcc24e 100644
--- a/.projen/files.json
+++ b/.projen/files.json
@@ -15,6 +15,7 @@
".projen/files.json",
".projen/tasks.json",
"LICENSE",
+ "src/generated/iam-role-props.ts",
"tsconfig.dev.json"
],
"//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"."
diff --git a/.projen/tasks.json b/.projen/tasks.json
index a84e03f..06a5eb0 100644
--- a/.projen/tasks.json
+++ b/.projen/tasks.json
@@ -308,7 +308,7 @@
"exec": "npm install"
},
{
- "exec": "npm update @types/github-username-regex @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk-lib constructs eslint-import-resolver-node eslint-import-resolver-typescript eslint-plugin-import eslint jest-junit jest jsii-diff jsii-docgen jsii-pacmak jsii-rosetta jsii npm-check-updates projen standard-version ts-jest typescript aws-cdk-lib constructs"
+ "exec": "npm update @mrgrain/jsii-struct-builder @types/github-username-regex @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk-lib constructs eslint-import-resolver-node eslint-import-resolver-typescript eslint-plugin-import eslint jest-junit jest jsii-diff jsii-docgen jsii-pacmak jsii-rosetta jsii npm-check-updates projen standard-version ts-jest typescript aws-cdk-lib constructs"
},
{
"exec": "npx projen"
diff --git a/.projenrc.js b/.projenrc.js
index 9f01178..d483297 100644
--- a/.projenrc.js
+++ b/.projenrc.js
@@ -1,3 +1,4 @@
+const { ProjenStruct, Struct } = require('@mrgrain/jsii-struct-builder');
const { awscdk, github, TextFile, javascript } = require('projen');
const nodejsVersion = '16.20.0';
@@ -32,7 +33,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
cdkVersion: '2.89.0',
constructsVersion: '10.0.0',
peerDeps: ['constructs', 'aws-cdk-lib'],
- devDeps: ['@types/github-username-regex', 'constructs'],
+ devDeps: ['@types/github-username-regex', 'constructs', '@mrgrain/jsii-struct-builder'],
bundledDeps: [],
// Gitignore
@@ -51,7 +52,9 @@ const project = new awscdk.AwsCdkConstructLibrary({
},
},
-
+ eslintOptions: {
+ ignorePatterns: ['src/generated/*.ts'], // ignore generated files
+ },
codeCov: true,
});
@@ -59,4 +62,10 @@ new TextFile(project, '.nvmrc', {
lines: [nodejsVersion],
});
+new ProjenStruct(project, { name: 'RoleProps', filePath: 'src/generated/iam-role-props.ts' }).mixin(
+ Struct.fromFqn('aws-cdk-lib.aws_iam.RoleProps')
+ .omit('assumedBy')
+ .withoutDeprecated(),
+);
+
project.synth();
diff --git a/API.md b/API.md
index 87a75dd..7d1aab1 100644
--- a/API.md
+++ b/API.md
@@ -409,12 +409,7 @@ Subject condition filter, appended after `repo:${owner}/${repo}:` string in IAM
### RoleProps
-Properties for defining an IAM Role.
-
-These are copied fron @aws-cdk/aws-iam, but since JSII does not support
-TypeScript > (or Omit), we have to do this stupid thing.
-
-Basically exactly the same as source, but with assumedBy removed.
+RoleProps.
#### Initializer
diff --git a/package-lock.json b/package-lock.json
index 10badb3..a8a9269 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,6 +9,7 @@
"version": "0.0.0",
"license": "Apache-2.0",
"devDependencies": {
+ "@mrgrain/jsii-struct-builder": "^0.5.15",
"@types/github-username-regex": "^1.0.0",
"@types/jest": "^27",
"@types/node": "^16",
@@ -1326,6 +1327,53 @@
"integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
"dev": true
},
+ "node_modules/@mrgrain/jsii-struct-builder": {
+ "version": "0.5.15",
+ "resolved": "https://registry.npmjs.org/@mrgrain/jsii-struct-builder/-/jsii-struct-builder-0.5.15.tgz",
+ "integrity": "sha512-mX8hcAwOlm/Hh10CCOx8tdVF8dZOBLq1N/lBiNclNESqZdgPJ34+G0lptCbGI0F7xCldryqLRaFlLv24bTeOAw==",
+ "dev": true,
+ "dependencies": {
+ "@jsii/spec": "^1.89.0",
+ "@ungap/structured-clone": "~1.0.0"
+ },
+ "peerDependencies": {
+ "projen": "x.x.x"
+ }
+ },
+ "node_modules/@mrgrain/jsii-struct-builder/node_modules/@jsii/spec": {
+ "version": "1.89.0",
+ "resolved": "https://registry.npmjs.org/@jsii/spec/-/spec-1.89.0.tgz",
+ "integrity": "sha512-byzIC5M5FrEaW+GaPGQfPsobfwmEfzHvS7dh5d5fgY4VvvsHBkkhhF/H5xUG+1wQBcdBnqdKyp5CEFm8UEVfqg==",
+ "dev": true,
+ "dependencies": {
+ "ajv": "^8.12.0"
+ },
+ "engines": {
+ "node": ">= 14.17.0"
+ }
+ },
+ "node_modules/@mrgrain/jsii-struct-builder/node_modules/ajv": {
+ "version": "8.12.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+ "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+ "dev": true,
+ "dependencies": {
+ "fast-deep-equal": "^3.1.1",
+ "json-schema-traverse": "^1.0.0",
+ "require-from-string": "^2.0.2",
+ "uri-js": "^4.2.2"
+ },
+ "funding": {
+ "type": "github",
+ "url": "https://github.com/sponsors/epoberezkin"
+ }
+ },
+ "node_modules/@mrgrain/jsii-struct-builder/node_modules/json-schema-traverse": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+ "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
+ "dev": true
+ },
"node_modules/@nodelib/fs.scandir": {
"version": "2.1.5",
"resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -2038,6 +2086,12 @@
"url": "https://opencollective.com/typescript-eslint"
}
},
+ "node_modules/@ungap/structured-clone": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.0.2.tgz",
+ "integrity": "sha512-06PHwE0K24Wi8FBmC8MuMi/+nQ3DTpcXYL3y/IaZz2ScY2GOJXOe8fyMykVXyLOKxpL2Y0frAnJZmm65OxzMLQ==",
+ "dev": true
+ },
"node_modules/@xmldom/xmldom": {
"version": "0.8.10",
"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz",
@@ -13532,6 +13586,45 @@
}
}
},
+ "@mrgrain/jsii-struct-builder": {
+ "version": "0.5.15",
+ "resolved": "https://registry.npmjs.org/@mrgrain/jsii-struct-builder/-/jsii-struct-builder-0.5.15.tgz",
+ "integrity": "sha512-mX8hcAwOlm/Hh10CCOx8tdVF8dZOBLq1N/lBiNclNESqZdgPJ34+G0lptCbGI0F7xCldryqLRaFlLv24bTeOAw==",
+ "dev": true,
+ "requires": {
+ "@jsii/spec": "^1.89.0",
+ "@ungap/structured-clone": "~1.0.0"
+ },
+ "dependencies": {
+ "@jsii/spec": {
+ "version": "1.89.0",
+ "resolved": "https://registry.npmjs.org/@jsii/spec/-/spec-1.89.0.tgz",
+ "integrity": "sha512-byzIC5M5FrEaW+GaPGQfPsobfwmEfzHvS7dh5d5fgY4VvvsHBkkhhF/H5xUG+1wQBcdBnqdKyp5CEFm8UEVfqg==",
+ "dev": true,
+ "requires": {
+ "ajv": "^8.12.0"
+ }
+ },
+ "ajv": {
+ "version": "8.12.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+ "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+ "dev": true,
+ "requires": {
+ "fast-deep-equal": "^3.1.1",
+ "json-schema-traverse": "^1.0.0",
+ "require-from-string": "^2.0.2",
+ "uri-js": "^4.2.2"
+ }
+ },
+ "json-schema-traverse": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+ "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
+ "dev": true
+ }
+ }
+ },
"@nodelib/fs.scandir": {
"version": "2.1.5",
"resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -14071,6 +14164,12 @@
"eslint-visitor-keys": "^3.3.0"
}
},
+ "@ungap/structured-clone": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.0.2.tgz",
+ "integrity": "sha512-06PHwE0K24Wi8FBmC8MuMi/+nQ3DTpcXYL3y/IaZz2ScY2GOJXOe8fyMykVXyLOKxpL2Y0frAnJZmm65OxzMLQ==",
+ "dev": true
+ },
"@xmldom/xmldom": {
"version": "0.8.10",
"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz",
diff --git a/package.json b/package.json
index ee3db6c..2a2426f 100644
--- a/package.json
+++ b/package.json
@@ -37,6 +37,7 @@
"organization": false
},
"devDependencies": {
+ "@mrgrain/jsii-struct-builder": "^0.5.15",
"@types/github-username-regex": "^1.0.0",
"@types/jest": "^27",
"@types/node": "^16",
diff --git a/src/iam-role-props.ts b/src/generated/iam-role-props.ts
similarity index 83%
rename from src/iam-role-props.ts
rename to src/generated/iam-role-props.ts
index 1c9602f..d4d9cf9 100644
--- a/src/iam-role-props.ts
+++ b/src/generated/iam-role-props.ts
@@ -1,100 +1,49 @@
-import { Duration } from 'aws-cdk-lib';
-import {
- IManagedPolicy,
- PolicyDocument,
-} from 'aws-cdk-lib/aws-iam';
-
+// ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen".
+import { aws_iam, Duration } from 'aws-cdk-lib';
/**
- * Properties for defining an IAM Role.
- * These are copied fron @aws-cdk/aws-iam, but since JSII does not support
- * TypeScript > (or Omit), we have to do this stupid thing.
- *
- * Basically exactly the same as source, but with assumedBy removed.
- *
- * @stability stable
+ * RoleProps
*/
export interface RoleProps {
/**
- * List of IDs that the role assumer needs to provide one of when assuming this role.
- *
- * If the configured and provided external IDs do not match, the
- * AssumeRole operation will fail.
- *
- * @default No external ID required
- * @stability stable
- */
- readonly externalIds?: string[];
- /**
- * A list of managed policies associated with this role.
- *
- * You can add managed policies later using
- * `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
- *
- * @default - No managed policies.
- * @stability stable
- */
- readonly managedPolicies?: IManagedPolicy[];
- /**
- * A list of named policies to inline into this role.
- *
- * These policies will be
- * created with the role, whereas those added by ``addToPolicy`` are added
- * using a separate CloudFormation resource (allowing a way around circular
- * dependencies that could otherwise be introduced).
- *
- * @default - No policy is inlined in the Role resource.
- * @stability stable
- */
- readonly inlinePolicies?: {
- [name: string]: PolicyDocument;
- };
- /**
- * The path associated with this role.
+ * A name for the IAM role.
+ * For valid values, see the RoleName parameter for
+ * the CreateRole action in the IAM API Reference.
*
- * For information about IAM paths, see
- * Friendly Names and Paths in IAM User Guide.
+ * IMPORTANT: If you specify a name, you cannot perform updates that require
+ * replacement of this resource. You can perform updates that require no or
+ * some interruption. If you must replace the resource, specify a new name.
*
- * @default /
+ * If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
+ * acknowledge your template's capabilities. For more information, see
+ * Acknowledging IAM Resources in AWS CloudFormation Templates.
+ * @default - AWS CloudFormation generates a unique physical ID and uses that ID
+for the role name.
* @stability stable
*/
- readonly path?: string;
+ readonly roleName?: string;
/**
* AWS supports permissions boundaries for IAM entities (users or roles).
- *
* A permissions boundary is an advanced feature for using a managed policy
* to set the maximum permissions that an identity-based policy can grant to
* an IAM entity. An entity's permissions boundary allows it to perform only
* the actions that are allowed by both its identity-based policies and its
* permissions boundaries.
- *
* @default - No permissions boundary.
* @stability stable
* @link https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
*/
- readonly permissionsBoundary?: IManagedPolicy;
+ readonly permissionsBoundary?: aws_iam.IManagedPolicy;
/**
- * A name for the IAM role.
- *
- * For valid values, see the RoleName parameter for
- * the CreateRole action in the IAM API Reference.
- *
- * IMPORTANT: If you specify a name, you cannot perform updates that require
- * replacement of this resource. You can perform updates that require no or
- * some interruption. If you must replace the resource, specify a new name.
- *
- * If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
- * acknowledge your template's capabilities. For more information, see
- * Acknowledging IAM Resources in AWS CloudFormation Templates.
- *
- * @default - AWS CloudFormation generates a unique physical ID and uses that ID
- * for the role name.
+ * The path associated with this role.
+ * For information about IAM paths, see
+ * Friendly Names and Paths in IAM User Guide.
+ * @default /
* @stability stable
*/
- readonly roleName?: string;
+ readonly path?: string;
/**
* The maximum session duration that you want to set for the specified role.
- *
* This setting can have a value from 1 hour (3600sec) to 12 (43200sec) hours.
*
* Anyone who assumes the role from the AWS CLI or API can use the
@@ -107,17 +56,40 @@ export interface RoleProps {
* security credentials are valid for one hour by default. This applies when
* you use the AssumeRole* API operations or the assume-role* CLI operations
* but does not apply when you use those operations to create a console URL.
- *
* @default Duration.hours(1)
* @stability stable
* @link https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
*/
readonly maxSessionDuration?: Duration;
+ /**
+ * A list of managed policies associated with this role.
+ * You can add managed policies later using
+ * `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
+ * @default - No managed policies.
+ * @stability stable
+ */
+ readonly managedPolicies?: Array;
+ /**
+ * A list of named policies to inline into this role.
+ * These policies will be
+ * created with the role, whereas those added by ``addToPolicy`` are added
+ * using a separate CloudFormation resource (allowing a way around circular
+ * dependencies that could otherwise be introduced).
+ * @default - No policy is inlined in the Role resource.
+ * @stability stable
+ */
+ readonly inlinePolicies?: Record;
+ /**
+ * List of IDs that the role assumer needs to provide one of when assuming this role.
+ * If the configured and provided external IDs do not match, the
+ * AssumeRole operation will fail.
+ * @default No external ID required
+ * @stability stable
+ */
+ readonly externalIds?: Array;
/**
* A description of the role.
- *
* It can be up to 1000 characters long.
- *
* @default - No description.
* @stability stable
*/
diff --git a/src/index.ts b/src/index.ts
index 6d3d597..e687ef6 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,3 +1,3 @@
export { GithubActionsIdentityProvider, IGithubActionsIdentityProvider } from './provider';
export { GithubActionsRole, GithubActionsRoleProps, GithubConfiguration } from './role';
-export { RoleProps } from './iam-role-props';
+export { RoleProps } from './generated/iam-role-props';
diff --git a/src/role.ts b/src/role.ts
index da7eea4..a1b6d44 100644
--- a/src/role.ts
+++ b/src/role.ts
@@ -1,7 +1,7 @@
import * as cdk from 'aws-cdk-lib';
import * as iam from 'aws-cdk-lib/aws-iam';
import { Construct } from 'constructs';
-import { RoleProps } from './iam-role-props';
+import { RoleProps } from './generated/iam-role-props';
import githubUsernameRegex from './owner-regexp';
import { GithubActionsIdentityProvider, IGithubActionsIdentityProvider } from './provider';