@@ -19,6 +19,7 @@ exports.handler = async (event, context) => {
1919
2020 const {
2121 GitHubOrg,
22+ RazrooOrgId,
2223 RepositoryName,
2324 OIDCProviderArn,
2425 RoleArn,
@@ -28,21 +29,28 @@ exports.handler = async (event, context) => {
2829 let status = 'SUCCESS' ;
2930 let responseData = { } ;
3031 let reason = '' ;
32+ // Use RazrooOrgId as physical resource ID to track it across updates
33+ let physicalResourceId = event . PhysicalResourceId || `oidc-${ RazrooOrgId } ${ Date . now ( ) } ;
3134
3235 try {
3336 if ( RequestType === 'Create' ) {
3437 console . log ( 'Stack creation - Running custom setup logic' ) ;
3538 console . log ( `GitHub Org: ${ GitHubOrg } ) ;
39+ console . log ( `Razroo Org ID: ${ RazrooOrgId } ) ;
3640 console . log ( `Repository: ${ RepositoryName } ) ;
3741 console . log ( `OIDC Provider ARN: ${ OIDCProviderArn } ) ;
3842 console . log ( `Role ARN: ${ RoleArn } ) ;
3943 console . log ( `Callback URL: ${ CallbackUrl } ) ;
4044
45+ // Store RazrooOrgId in physical resource ID for validation on updates
46+ physicalResourceId = `oidc-${ RazrooOrgId } ;
47+
4148 // Call the Razroo API to automatically configure GitHub Actions variable
4249 if ( CallbackUrl ) {
4350 try {
4451 await callRazrooCallback ( CallbackUrl , {
4552 githubOrg : GitHubOrg ,
53+ razrooOrgId : RazrooOrgId ,
4654 roleArn : RoleArn ,
4755 oidcProviderArn : OIDCProviderArn ,
4856 repositoryName : RepositoryName ,
@@ -60,6 +68,7 @@ exports.handler = async (event, context) => {
6068 responseData = {
6169 Message : 'GitHub OIDC setup completed successfully' ,
6270 GitHubOrg,
71+ RazrooOrgId,
6372 RepositoryName,
6473 Timestamp : new Date ( ) . toISOString ( ) ,
6574 ...responseData
@@ -70,9 +79,18 @@ exports.handler = async (event, context) => {
7079 } else if ( RequestType === 'Update' ) {
7180 console . log ( 'Stack update - Running update logic' ) ;
7281
82+ // Validate that RazrooOrgId hasn't changed
83+ const existingRazrooOrgId = event . PhysicalResourceId ?. replace ( 'oidc-' , '' ) ;
84+ if ( existingRazrooOrgId && existingRazrooOrgId !== RazrooOrgId ) {
85+ throw new Error ( `RazrooOrgId cannot be changed after initial setup. Original: ${ existingRazrooOrgId } ${ RazrooOrgId } ) ;
86+ }
87+
88+ console . log ( `RazrooOrgId validation passed: ${ RazrooOrgId } ) ;
89+
7390 // Handle updates if needed
7491 responseData = {
75- Message : 'GitHub OIDC configuration updated successfully'
92+ Message : 'GitHub OIDC configuration updated successfully' ,
93+ RazrooOrgId
7694 } ;
7795
7896 reason = 'Custom resource update completed successfully' ;
@@ -96,17 +114,17 @@ exports.handler = async (event, context) => {
96114 }
97115
98116 // Send response back to CloudFormation
99- await sendResponse ( event , context , status , responseData , reason ) ;
117+ await sendResponse ( event , context , status , responseData , reason , physicalResourceId ) ;
100118} ;
101119
102120/**
103121 * Send response to CloudFormation
104122 */
105- async function sendResponse ( event , context , status , responseData , reason ) {
123+ async function sendResponse ( event , context , status , responseData , reason , physicalResourceId ) {
106124 const responseBody = JSON . stringify ( {
107125 Status : status ,
108126 Reason : reason || `See CloudWatch Log Stream: ${ context . logStreamName } ,
109- PhysicalResourceId : context . logStreamName ,
127+ PhysicalResourceId : physicalResourceId || context . logStreamName ,
110128 StackId : event . StackId ,
111129 RequestId : event . RequestId ,
112130 LogicalResourceId : event . LogicalResourceId ,
0 commit comments