|
2 | 2 | // Licensed under the MIT license. |
3 | 3 | /** |
4 | 4 | * Identity setup guide generator |
5 | | - * Step-by-step instructions for service principal, RBAC, federated credentials, |
6 | | - * pipeline secrets/service connections. Optional az CLI automation per FR-021. |
| 5 | + * Returns the static manual guide content for the selected CI provider. |
7 | 6 | */ |
8 | 7 |
|
9 | 8 | import { |
10 | | - azureDevOpsIdentitySetupCoreTemplate, |
11 | 9 | azureDevOpsIdentityGuideTemplate, |
12 | 10 | githubActionsIdentityGuideTemplate, |
13 | 11 | } from '../templates/generated/embedded-markdown.js'; |
14 | | -import { renderTemplate } from '../lib/render-template.js'; |
15 | 12 |
|
16 | 13 | export interface IdentityGuideService { |
17 | | - generateGitHubActionsGuide( |
18 | | - subscriptionId: string, |
19 | | - resourceGroup: string, |
20 | | - environments: string[] |
21 | | - ): string; |
22 | | - |
23 | | - generateAzureDevOpsGuide( |
24 | | - environments: string[] |
25 | | - ): string; |
| 14 | + generateGitHubActionsGuide(): string; |
| 15 | + generateAzureDevOpsGuide(): string; |
26 | 16 | } |
27 | 17 |
|
28 | 18 | class IdentityGuideServiceImpl implements IdentityGuideService { |
29 | | - generateGitHubActionsGuide( |
30 | | - subscriptionId: string, |
31 | | - resourceGroup: string, |
32 | | - environments: string[] |
33 | | - ): string { |
34 | | - const federatedCredentialsPerEnvironment = environments.map((env) => `az ad app federated-credential create \\ |
35 | | - --id "$APP_ID" \\ |
36 | | - --parameters '{ |
37 | | - "name": "github-env-${env}", |
38 | | - "issuer": "https://token.actions.githubusercontent.com", |
39 | | - "subject": "repo:'"$GITHUB_ORG"'/'"$GITHUB_REPO"':environment:${env}", |
40 | | - "audiences": ["api://AzureADTokenExchange"] |
41 | | - }'`).join('\n\n'); |
42 | | - |
43 | | - const environmentSecrets = environments.map((env) => ` |
44 | | -**For ${env} environment:** |
45 | | -- \`APIM_RESOURCE_GROUP_${env.toUpperCase()}\`: Resource group for ${env} |
46 | | -- \`APIM_SERVICE_NAME_${env.toUpperCase()}\`: APIM service name for ${env} |
47 | | -`).join('\n'); |
48 | | - |
49 | | - return renderTemplate(githubActionsIdentityGuideTemplate, { |
50 | | - SUBSCRIPTION_ID: subscriptionId, |
51 | | - RESOURCE_GROUP: resourceGroup, |
52 | | - FEDERATED_CREDENTIALS_PER_ENV: federatedCredentialsPerEnvironment, |
53 | | - ENVIRONMENT_SECRETS: environmentSecrets, |
54 | | - }); |
| 19 | + generateGitHubActionsGuide(): string { |
| 20 | + return githubActionsIdentityGuideTemplate; |
55 | 21 | } |
56 | 22 |
|
57 | | - generateAzureDevOpsGuide( |
58 | | - environments: string[] |
59 | | - ): string { |
60 | | - const environmentsArrayPowerShell = environments |
61 | | - .map((environment) => `"${environment}"`) |
62 | | - .join(', '); |
63 | | - const environmentsArrayBash = environments |
64 | | - .map((environment) => `"${environment}"`) |
65 | | - .join(' '); |
66 | | - |
67 | | - const coreSteps = renderTemplate(azureDevOpsIdentitySetupCoreTemplate, { |
68 | | - ENVIRONMENTS_ARRAY_POWERSHELL: environmentsArrayPowerShell, |
69 | | - ENVIRONMENTS_ARRAY_BASH: environmentsArrayBash, |
70 | | - }); |
71 | | - |
72 | | - return renderTemplate(azureDevOpsIdentityGuideTemplate, { |
73 | | - AZURE_DEVOPS_CORE_STEPS: coreSteps, |
74 | | - }); |
| 23 | + generateAzureDevOpsGuide(): string { |
| 24 | + return azureDevOpsIdentityGuideTemplate; |
75 | 25 | } |
76 | 26 | } |
77 | 27 |
|
|
0 commit comments