Adds support for the upcoming changes in the "IAM Role Refresh" project which involves splitting the AWS Okta application to one per account instead of one for all account.
This impacts some logic in the STS script since we are now not proxying from the tools account.
The changes in this PR enable to get the STS token for both the previous setup and the new setup.
there are BREAKING CHANGES, the configuration accounts were previously defined as:
The compatibility is maintained by falling back to the config.idpEntryUrl and doing the proxy thing if the account does not have the idpEntryUrl key defined.
Some side changes include:
the getToken function was refactorized to improve readability.
some dependencies versions were upgraded to fix some security vulnerabilities
node version was updated to v8.x.x and Dockerfile refactorized
if the Okta application does not have 2FA enabled, there was a bug that hanged the script
Splitting this PR into chunks:
versions upgrade
fix: if the Okta application does not have 2FA enabled, there was a bug that hanged the script
refactor: the getToken function was refactorized to improve readability.
Adds support for the upcoming changes in the "IAM Role Refresh" project which involves splitting the AWS Okta application to one per account instead of one for all account.
This impacts some logic in the STS script since we are now not proxying from the tools account.
The changes in this PR enable to get the STS token for both the previous setup and the new setup.
there are BREAKING CHANGES, the configuration accounts were previously defined as:
and now, the account items were upgraded to an object, with fields
accountNumber
andidpEntryUrl
.The compatibility is maintained by falling back to the
config.idpEntryUrl
and doing the proxy thing if the account does not have theidpEntryUrl
key defined.Some side changes include:
Splitting this PR into chunks: