Merge branch 'master' into bugfix_envVars

awslabs · Mar 8, 2024 · b0c3898 · b0c3898
2 parents 6b8eb79 + 1c30312
commit b0c3898
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 28 deletions.
diff --git a/cicd/account_execution/staging/buildspec.yml b/cicd/account_execution/staging/buildspec.yml
@@ -30,24 +30,24 @@ phases:
         jq -n \
         --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Man*\"}" \
         --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \
-        '$ARGS.named' > ./deploy/management.json
-      - cat ./deploy/management.json
+        '$ARGS.named' > ./deploy/cli.json
+      - cat ./deploy/cli.json
 
       # Update params with the values for this run for the delegated account
       - |
         jq -n \
         --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\",  \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Del*\"}" \
         --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \
-        '$ARGS.named' > ./deploy/delegated.json
-      - cat ./deploy/delegated.json
+        '$ARGS.named' > ./deploy/lambda.json
+      - cat ./deploy/lambda.json
 
       # Update params with the values for this run for non-delegated account
       - |
         jq -n \
         --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Non*\"}" \
         --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \
-        '$ARGS.named' > ./deploy/nondelegated.json
-      - cat ./deploy/nondelegated.json
+        '$ARGS.named' > ./deploy/codepipeline.json
+      - cat ./deploy/codepipeline.json
 
 
 artifacts:

diff --git a/cicd/cloudformation/testing.yaml b/cicd/cloudformation/testing.yaml
@@ -187,7 +187,7 @@ Resources:
                 S3Bucket: !Ref StagingBucket
                 S3ObjectKey: tests.zip
                 PollForSourceChanges: false
-        - Name: Deploy
+        - Name: TestsLambda
           Actions:
             - Name: Deploy
               ActionTypeId:
@@ -200,27 +200,43 @@ Resources:
                 Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM
                 StackName: TestAccountExecution
                 RoleArn: !GetAtt [CloudFormationDeployerRole, Arn]
-                TemplateConfiguration: !If [DeployManagement, 'Tests::deploy/management.json', !If [DeployDelegated, 'Tests::deploy/delegated.json', 'Tests::deploy/nondelegated.json']] 
+                TemplateConfiguration: 'Tests::deploy/lambda.json'
                 TemplatePath: !Sub 'Tests::deploy/stack.yml'
               InputArtifacts:
                 - Name: Tests
               RunOrder: 1
-        - Name: SmokeTests
-          Actions:
             - Name: Lambda
               ActionTypeId:
                 Category: Test
                 Owner: AWS
                 Version: 1
                 Provider: CodeBuild
-              RunOrder: 1
+              RunOrder: 2
               Configuration:
                 ProjectName: !Ref CodeBuildSmokeLambda
                 PrimarySource: Tests
               OutputArtifacts:
                 - Name: AccountExecutionLambda
               InputArtifacts:
                 - Name: Tests
+        - Name: TestsCLI
+          Actions:
+            - Name: Deploy
+              ActionTypeId:
+                Category: Deploy
+                Owner: AWS
+                Version: '1'
+                Provider: CloudFormation
+              Configuration:
+                ActionMode: CREATE_UPDATE
+                Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM
+                StackName: TestAccountExecution
+                RoleArn: !GetAtt [CloudFormationDeployerRole, Arn]
+                TemplateConfiguration: 'Tests::deploy/cli.json'
+                TemplatePath: !Sub 'Tests::deploy/stack.yml'
+              InputArtifacts:
+                - Name: Tests
+              RunOrder: 1
             - Name: CLI
               ActionTypeId:
                 Category: Test
@@ -235,22 +251,40 @@ Resources:
                 - Name: SmokeCLI
               InputArtifacts:
                 - Name: Tests
-            - !If
-               - DeployDelegated
-               - Name: CodePipeline
-                 ActionTypeId:
-                   Category: Invoke
-                   Owner: AWS
-                   Version: 1
-                   Provider: Lambda
-                 RunOrder: 3
-                 Configuration:
-                   FunctionName: SSOSyncFunction
-                 OutputArtifacts:
-                   - Name: AccountExecutionCodePipeline
-                 InputArtifacts:
-                   - Name: Tests
-               - !Ref AWS::NoValue
+        - !If
+            - DeployDelegated
+            - Name: TestsCodePipeline
+              Actions:
+                - Name: Deploy
+                  ActionTypeId:
+                    Category: Deploy
+                    Owner: AWS
+                    Version: '1'
+                    Provider: CloudFormation
+                  Configuration:
+                    ActionMode: CREATE_UPDATE
+                    Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM
+                    StackName: TestAccountExecution
+                    RoleArn: !GetAtt [CloudFormationDeployerRole, Arn]
+                    TemplateConfiguration: 'Tests::deploy/codepipeline.json'
+                    TemplatePath: !Sub 'Tests::deploy/stack.yml'
+                  InputArtifacts:
+                    - Name: Tests
+                  RunOrder: 1
+                - Name: CodePipeline
+                  ActionTypeId:
+                    Category: Invoke
+                    Owner: AWS
+                    Version: 1
+                    Provider: Lambda
+                  RunOrder: 2
+                  Configuration:
+                    FunctionName: SSOSyncFunction
+                  OutputArtifacts:
+                    - Name: AccountExecutionCodePipeline
+                  InputArtifacts:
+                    - Name: Tests
+            - !Ref AWS::NoValue
         - Name: CleanUp
           Actions:
             - Name: RemoveStack
@@ -314,7 +348,7 @@ Resources:
                 OutputFileName: crossaccountapp.json
               InputArtifacts:
                 - Name: Tests
-              OutputArtifact:
+              OutputArtifacts:
                 - Name: Secrets
               RunOrder: 1
             - Name: DeployAppInDelegated