Add CodeArtifact Package Origin Controls

[blakepettersson]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In July Package Origin Controls was introduced in CodeArtifact in order to protect against "dependency confusion" attacks.

I couldn't find any resources related to this feature in the AWS Provider which is why I'm submitting this feature request here.

New or Affected Resource(s)

• aws_codeartifact_package_origin_configuration ?

Potential Terraform Configuration

resource "aws_codeartifact_package_origin_configuration" "my-package" {
  domain     = aws_codeartifact_domain.npm.domain
  repository = aws_codeartifact_repository.test.repository
  format     = "npm"
  package    = "my-package"
  restrictions {
    publish = "ALLOW" # or "BLOCK"
    upstream = "BLOCK" # or "ALLOW"
  }
}

References

• Package Origin Controls
• Package Origin Control Toolkit

[bschaatsbergen]

API docs: https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PutPackageOriginConfiguration.html

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[seanturner026]

Guess I'll post here once but I don't think it makes sense to close an issue for an un-implemented feature just because there's no movement?

[justinretzolk]

Hey @seanturner026 👋 I hear you, and our stale workflow is something that I plan on revisiting soon to touch it up a bit. For what it's worth, since you (or any non-maintainer) commented, it'll be another two years before the stale bot in its current implementation returns.