diff --git a/lib/descope-auth.ts b/lib/descope-auth.ts index ccfe250..3c24c76 100644 --- a/lib/descope-auth.ts +++ b/lib/descope-auth.ts @@ -195,35 +195,44 @@ export class DescopeAuth extends Construct implements sbt.IAuth { index: "index.py", handler: "handler", timeout: Duration.seconds(60), - layers: [descopeHelperLayer], + layers: lambdaFunctionsLayers, environment: environmentVariables, } ); clientSecretSSMMgmtKey.grantRead(this.createMachineClientFunction); - // Define the custom resource provider - const provider = new Provider(this, "Provider", { - onEventHandler: this.createMachineClientFunction, - }); - - // Create the custom resource - const customResource = new CustomResource( + // // Define the custom resource provider + // const provider = new Provider(this, "Provider", { + // onEventHandler: this.createMachineClientFunction, + // }); + + // // Create the custom resource + // const customResource = new CustomResource( + // this, + // "machineClientCustomResource", + // { + // serviceToken: provider.serviceToken, + // properties: { + // name: "SBT Access Key", + // description: "Auto-generated Access Key for SBT", + // }, + // } + // ); + + const machineClientResource = this.createMachineClient( this, - "machineClientCustomResource", + "MachineClient", { - serviceToken: provider.serviceToken, - properties: { - name: "SBT Access Key", - description: "Auto-generated Access Key for SBT", - }, + name: "SBT Access Key", + description: "Auto-generated Access Key for SBT", } ); - this.machineClientId = customResource.getAttString("ClientId"); + this.machineClientId = machineClientResource.getAttString("clientId"); new cdk.CfnOutput(this, "machineClientId", { value: this.machineClientId }); this.machineClientSecret = cdk.SecretValue.resourceAttribute( - customResource.getAttString("ClientSecret") + machineClientResource.getAttString("clientSecret") ); // Ensure the domain is valid or fallback to a generated default domain @@ -302,6 +311,19 @@ export class DescopeAuth extends Construct implements sbt.IAuth { } ); } + createMachineClient( + scope: Construct, + id: string, + props: CreateMachineClientProps + ): cdk.CustomResource { + return new CustomResource(scope, `createClientCustomResource-${id}*`, { + serviceToken: this.createMachineClientFunction.functionArn, + properties: { + Name: props.name ? props.name : id, + ...(props.description && { Description: props.description }), + }, + }); + } createAdminUser(scope: Construct, id: string, props: CreateAdminUserProps) { new CustomResource(scope, `createAdminUserCustomResource-v2-${id}`, { serviceToken: this.createAdminUserFunction.functionArn, diff --git a/resources/functions/create-client/index.py b/resources/functions/create-client/index.py index 5f1f828..891bedb 100644 --- a/resources/functions/create-client/index.py +++ b/resources/functions/create-client/index.py @@ -12,7 +12,7 @@ # Retrieve Descope project credentials from environment variables or configuration project_id = os.environ.get("DescopeProjectId") -descope_mgmt_key = os.environ.get("ManagementSSMKeyName") +descope_mgmt_key_name = os.environ.get("ManagementSSMKeyName") @helper.create @@ -26,7 +26,7 @@ def create_client(event, _): """ # Initialize the Descope client - descope = get_descope_handler(project_id, descope_mgmt_key) + descope = get_descope_handler(project_id, descope_mgmt_key_name) request = event.get("ResourceProperties", {}) name = request.get("name") description = request.get("description") @@ -57,8 +57,8 @@ def create_client(event, _): # Return data to CloudFormation helper.Data.update( { - "ClientId": client_id, - "ClientSecret": client_secret, # Returning both client ID and secret + "clientId": client_id, + "clientSecret": client_secret, # Returning both client ID and secret } ) except Exception as e: