diff --git a/cicd/account_execution/staging/buildspec.yml b/cicd/account_execution/staging/buildspec.yml index ade67bf..5d8b154 100644 --- a/cicd/account_execution/staging/buildspec.yml +++ b/cicd/account_execution/staging/buildspec.yml @@ -30,24 +30,24 @@ phases: jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Man*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ - '$ARGS.named' > ./deploy/management.json - - cat ./deploy/management.json + '$ARGS.named' > ./deploy/cli.json + - cat ./deploy/cli.json # Update params with the values for this run for the delegated account - | jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Del*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ - '$ARGS.named' > ./deploy/delegated.json - - cat ./deploy/delegated.json + '$ARGS.named' > ./deploy/lambda.json + - cat ./deploy/lambda.json # Update params with the values for this run for non-delegated account - | jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Non*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ - '$ARGS.named' > ./deploy/nondelegated.json - - cat ./deploy/nondelegated.json + '$ARGS.named' > ./deploy/codepipeline.json + - cat ./deploy/codepipeline.json artifacts: diff --git a/cicd/cloudformation/testing.yaml b/cicd/cloudformation/testing.yaml index b13b6af..02a131a 100644 --- a/cicd/cloudformation/testing.yaml +++ b/cicd/cloudformation/testing.yaml @@ -187,7 +187,7 @@ Resources: S3Bucket: !Ref StagingBucket S3ObjectKey: tests.zip PollForSourceChanges: false - - Name: Deploy + - Name: TestsLambda Actions: - Name: Deploy ActionTypeId: @@ -200,20 +200,18 @@ Resources: Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM StackName: TestAccountExecution RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] - TemplateConfiguration: !If [DeployManagement, 'Tests::deploy/management.json', !If [DeployDelegated, 'Tests::deploy/delegated.json', 'Tests::deploy/nondelegated.json']] + TemplateConfiguration: 'Tests::deploy/lambda.json' TemplatePath: !Sub 'Tests::deploy/stack.yml' InputArtifacts: - Name: Tests RunOrder: 1 - - Name: SmokeTests - Actions: - Name: Lambda ActionTypeId: Category: Test Owner: AWS Version: 1 Provider: CodeBuild - RunOrder: 1 + RunOrder: 2 Configuration: ProjectName: !Ref CodeBuildSmokeLambda PrimarySource: Tests @@ -221,6 +219,24 @@ Resources: - Name: AccountExecutionLambda InputArtifacts: - Name: Tests + - Name: TestsCLI + Actions: + - Name: Deploy + ActionTypeId: + Category: Deploy + Owner: AWS + Version: '1' + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM + StackName: TestAccountExecution + RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] + TemplateConfiguration: 'Tests::deploy/cli.json' + TemplatePath: !Sub 'Tests::deploy/stack.yml' + InputArtifacts: + - Name: Tests + RunOrder: 1 - Name: CLI ActionTypeId: Category: Test @@ -235,22 +251,40 @@ Resources: - Name: SmokeCLI InputArtifacts: - Name: Tests - - !If - - DeployDelegated - - Name: CodePipeline - ActionTypeId: - Category: Invoke - Owner: AWS - Version: 1 - Provider: Lambda - RunOrder: 3 - Configuration: - FunctionName: SSOSyncFunction - OutputArtifacts: - - Name: AccountExecutionCodePipeline - InputArtifacts: - - Name: Tests - - !Ref AWS::NoValue + - !If + - DeployDelegated + - Name: TestsCodePipeline + Actions: + - Name: Deploy + ActionTypeId: + Category: Deploy + Owner: AWS + Version: '1' + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM + StackName: TestAccountExecution + RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] + TemplateConfiguration: 'Tests::deploy/codepipeline.json' + TemplatePath: !Sub 'Tests::deploy/stack.yml' + InputArtifacts: + - Name: Tests + RunOrder: 1 + - Name: CodePipeline + ActionTypeId: + Category: Invoke + Owner: AWS + Version: 1 + Provider: Lambda + RunOrder: 2 + Configuration: + FunctionName: SSOSyncFunction + OutputArtifacts: + - Name: AccountExecutionCodePipeline + InputArtifacts: + - Name: Tests + - !Ref AWS::NoValue - Name: CleanUp Actions: - Name: RemoveStack @@ -314,7 +348,7 @@ Resources: OutputFileName: crossaccountapp.json InputArtifacts: - Name: Tests - OutputArtifact: + OutputArtifacts: - Name: Secrets RunOrder: 1 - Name: DeployAppInDelegated