From 4567f3db265a41b43b1dd4d2c2e0642c5b67652f Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Fri, 8 Mar 2024 15:30:36 +0000 Subject: [PATCH] Adjusting params for AccountExecution Tests. --- cicd/account_execution/staging/buildspec.yml | 6 +- cicd/cloudformation/testing.yaml | 76 ++++++++++++++------ 2 files changed, 58 insertions(+), 24 deletions(-) diff --git a/cicd/account_execution/staging/buildspec.yml b/cicd/account_execution/staging/buildspec.yml index ade67bf..57251d8 100644 --- a/cicd/account_execution/staging/buildspec.yml +++ b/cicd/account_execution/staging/buildspec.yml @@ -30,7 +30,7 @@ phases: jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Man*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ - '$ARGS.named' > ./deploy/management.json + '$ARGS.named' > ./deploy/cli.json - cat ./deploy/management.json # Update params with the values for this run for the delegated account @@ -38,7 +38,7 @@ phases: jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Del*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ - '$ARGS.named' > ./deploy/delegated.json + '$ARGS.named' > ./deploy/lambda.json - cat ./deploy/delegated.json # Update params with the values for this run for non-delegated account @@ -46,7 +46,7 @@ phases: jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GoogleAdminEmailArn\": \"$SecretGoogleAdminEmail\", \"GoogleCredentialsArn\": \"$SecretGoogleCredentials\", \"SCIMEndpointUrlArn\": \"$SecretSCIMEndpoint\", \"SCIMAccessTokenArn\": \"$SecretSCIMAccessToken\", \"RegionArn\": \"$SecretRegion\", \"IdentityStoreIdArn\": \"$SecretIdentityStoreID\", \"GroupMatch\": \"name:Non*\"}" \ --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ - '$ARGS.named' > ./deploy/nondelegated.json + '$ARGS.named' > ./deploy/codepipeline.json - cat ./deploy/nondelegated.json diff --git a/cicd/cloudformation/testing.yaml b/cicd/cloudformation/testing.yaml index b13b6af..551472f 100644 --- a/cicd/cloudformation/testing.yaml +++ b/cicd/cloudformation/testing.yaml @@ -187,7 +187,7 @@ Resources: S3Bucket: !Ref StagingBucket S3ObjectKey: tests.zip PollForSourceChanges: false - - Name: Deploy + - Name: TestsLambda Actions: - Name: Deploy ActionTypeId: @@ -200,20 +200,18 @@ Resources: Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM StackName: TestAccountExecution RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] - TemplateConfiguration: !If [DeployManagement, 'Tests::deploy/management.json', !If [DeployDelegated, 'Tests::deploy/delegated.json', 'Tests::deploy/nondelegated.json']] + TemplateConfiguration: 'Tests::deploy/lambda.json' TemplatePath: !Sub 'Tests::deploy/stack.yml' InputArtifacts: - Name: Tests RunOrder: 1 - - Name: SmokeTests - Actions: - Name: Lambda ActionTypeId: Category: Test Owner: AWS Version: 1 Provider: CodeBuild - RunOrder: 1 + RunOrder: 2 Configuration: ProjectName: !Ref CodeBuildSmokeLambda PrimarySource: Tests @@ -221,6 +219,24 @@ Resources: - Name: AccountExecutionLambda InputArtifacts: - Name: Tests + - Name: TestsCLI + Actions: + - Name: Deploy + ActionTypeId: + Category: Deploy + Owner: AWS + Version: '1' + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM + StackName: TestAccountExecution + RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] + TemplateConfiguration: 'Tests::deploy/cli.json' + TemplatePath: !Sub 'Tests::deploy/stack.yml' + InputArtifacts: + - Name: Tests + RunOrder: 1 - Name: CLI ActionTypeId: Category: Test @@ -235,22 +251,40 @@ Resources: - Name: SmokeCLI InputArtifacts: - Name: Tests - - !If - - DeployDelegated - - Name: CodePipeline - ActionTypeId: - Category: Invoke - Owner: AWS - Version: 1 - Provider: Lambda - RunOrder: 3 - Configuration: - FunctionName: SSOSyncFunction - OutputArtifacts: - - Name: AccountExecutionCodePipeline - InputArtifacts: - - Name: Tests - - !Ref AWS::NoValue + - !If + - DeployDelegated + - Name: TestsCodePipeline + Actions: + - Name: Deploy + ActionTypeId: + Category: Deploy + Owner: AWS + Version: '1' + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND,CAPABILITY_NAMED_IAM + StackName: TestAccountExecution + RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] + TemplateConfiguration: 'Tests::deploy/codepipeline.json' + TemplatePath: !Sub 'Tests::deploy/stack.yml' + InputArtifacts: + - Name: Tests + RunOrder: 1 + - Name: CodePipeline + ActionTypeId: + Category: Invoke + Owner: AWS + Version: 1 + Provider: Lambda + RunOrder: 2 + Configuration: + FunctionName: SSOSyncFunction + OutputArtifacts: + - Name: AccountExecutionCodePipeline + InputArtifacts: + - Name: Tests + - !Ref AWS::NoValue - Name: CleanUp Actions: - Name: RemoveStack