Skip to content

Commit

Permalink
Update template.yaml
Browse files Browse the repository at this point in the history
Improving UI feedback for parameters.
  • Loading branch information
ChrisPates committed Oct 31, 2023
1 parent 31f325c commit f55da58
Showing 1 changed file with 36 additions and 14 deletions.
50 changes: 36 additions & 14 deletions template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Metadata:
# Update the semantic version and run sam publish to publish a new version of your app
SemanticVersion: 1.0.0-rc.10
# best practice is to use git tags for each release and link to the version tag as your source code URL
SourceCodeUrl: https://github.com/awslabs/ssosync/tree/1.0.0-rc.10
SourceCodeUrl: https://github.com/awslabs/ssosync/

Parameters:
FunctionName:
Expand Down Expand Up @@ -81,73 +81,85 @@ Parameters:
AllowedValues:
- json
- text
LogRetention:
Type: String
Description: Number of days to retain Logs for, leave empty to retain them indefinitely
Default: ""
AllowedPattern: '(?!.*\s)|/d'
TimeOut:
Type: Number
Description: Timeout for the Lambda function
Default: 300
MinValue: 1
MaxValue: 900


GoogleCredentials:
Type: String
Description: Credentials to log into Google (content of credentials.json)
ConstraintDescription: You should save this information when following this setup https://developers.google.com/admin-sdk/directory/v1/guides/delegation
NoEcho: true
GoogleAdminEmail:
Type: String
Description: Google Admin email
ConstraintDescription: This is a use with admin authority on your Google Directory, you will have used this when following this setup https://developers.google.com/admin-sdk/directory/v1/guides/delegation
NoEcho: true
SCIMEndpointUrl:
Type: String
Description: AWS IAM Identity Center - SCIM Endpoint Url
NoEcho: true
AllowedPattern: "https://scim.(us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-([0-9]{1}).amazonaws.com/(.*)-([a-z0-9]{4})-([a-z0-9]{4})-([a-z0-9]{12})/scim/v2/"
ConstraintDescription: You should save this information when following this setup https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html
NoEcho: true
SCIMEndpointAccessToken:
Type: String
Description: AWS IAM Identity Center - SCIM AccessToken
ConstraintDescription: You should save this information when following this setup https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html
NoEcho: true
Region:
Type: String
Description: AWS Region where AWS IAM Identity Center is enabled
ConstraintDescription: You can find this value on the settings page of the IAM Identity Center console page
AllowedPattern: '(us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-\d'
IdentityStoreID:
Type: String
Description: Identifier of Identity Store in AWS IAM Identity Center
ConstraintDescription: You can find this value on the settings page of the IAM Identity Center console page
NoEcho: true
AllowedPattern: 'd-[1-z0-9]{10}'

GoogleUserMatch:
Type: String
Description: |
Google Workspace user filter query parameter, example: 'name:John* email:admin*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-users
Description: Google Workspace user filter query parameter, example: 'name:John* email:admin*', leave empty if you do not wish to pass this parameter
ConstraintDescription: The parameter needs to be compliant with the Google admin-sdk api, https://developers.google.com/admin-sdk/directory/v1/guides/search-users
Default: ""
AllowedPattern: '(?!.*\s)|(name|Name|NAME)(:([a-zA-Z0-9]{1,64})(\*))|(name|Name|NAME)(=([a-zA-Z0-9 ]{1,64}))|(email|Email|EMAIL)(:([a-zA-Z0-9.-_]{1,64})(\*))|(email|Email|EMAIL)(=([a-zA-Z0-9.-_]{1,64})@([a-zA-Z0-9.-]{5,260}))'
GoogleGroupMatch:
Type: String
Description: |
Google Workspace group filter query parameter, example: 'name:Admin* email:aws-*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
Description: Google Workspace group filter query parameter, example: 'name:Admin* email:aws-*', leave empty if you do not wish to pass this parameter
ConstraintDescription: The parameter needs to be compliant with the Google admin-sdk api, see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
Default: 'name:AWS*'
AllowedPattern: '(?!.*\s)|(name|Name|NAME)(:([a-zA-Z0-9]{1,64})\*)|(name|Name|NAME)(=([a-zA-Z0-9 ]{1,64}))|(email|Email|EMAIL)(:([a-zA-Z0-9.-_]{1,64})\*)|(email|Email|EMAIL)(=([a-zA-Z0-9.-_]{1,64})@([a-zA-Z0-9.-]{5,260}))'
IgnoreGroups:
Type: String
Description: |
Ignore these Google Workspace groups, leave empty if not required
Description: Do NOT sync these Google Workspace groups into IAM Identity Center, leave empty if not required
ConstraintDescription: This should be a comma separated list of group names
Default: ""
AllowedPattern: '(?!.*\s)|([0-9a-zA-Z-= _]*)(,[0-9a-zA-Z-=@. _]*)*'
IgnoreUsers:
Type: String
Description: |
Ignore these Google Workspace users, leave empty if not required
Description: Ignore these Google Workspace users, leave empty if not required
ConstraintDescription: This should be a comma separated list of group names
Default: ""
AllowedPattern: '(?!.*\s)|([0-9a-zA-Z-= _]*)(,[0-9a-zA-Z-=@. _]*)*'
IncludeGroups:
Type: String
Description: |
Include only these Google Workspace groups, leave empty if not required. (Only applicable for SyncMethod user_groups)
Description: Include only these Google Workspace groups, leave empty if not required. (Only applicable for SyncMethod user_groups)
ConstraintDescription: This should be a comma separated list of group names
Default: ""
AllowedPattern: '(?!.*\s)|([0-9a-zA-Z-= _]*)(,[0-9a-zA-Z-=@. _]*)*'
SyncMethod:
Type: String
Description: Sync method to use
Description: Which sync method do you want to use with ssosync?
Default: groups
AllowedValues:
- groups
Expand All @@ -161,7 +173,8 @@ Conditions:
SetIgnoreGroups: !Not [!Equals [!Ref "IgnoreGroups", ""]]
SetIgnoreUsers: !Not [!Equals [!Ref "IgnoreUsers", ""]]
SetIncludeGroups: !Or [!Not [!Equals [!Ref "IncludeGroups", ""]], !Equals [!Ref "SyncMethod", groups]]

NotIndefinite: !Not [!Equals [!Ref "LogRetention", ""]]

Resources:
SSOSyncFunction:
Type: AWS::Serverless::Function
Expand Down Expand Up @@ -231,6 +244,15 @@ Resources:
Enabled: !If [OnSchedule, false, true]
Schedule: !If [OnSchedule, !Ref ScheduleExpression, "rate(15 minutes)"]

# Explicit log group that refers to the Lambda function
LogGroup:
Type: AWS::Logs::LogGroup
Condition: NotIndefinite
Properties:
LogGroupName: !Sub "/aws/lambda/${SSOSyncFunction}"
# Explicit retention time
RetentionInDays: !Ref LogRetention

AWSGoogleCredentialsSecret:
Type: "AWS::SecretsManager::Secret"
Properties:
Expand Down

0 comments on commit f55da58

Please sign in to comment.