diff --git a/.gitignore b/.gitignore index bab55fd4..5264af69 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ ssosync # Noise from os/editors .DS_Store *.swp +*/.DS_Store diff --git a/Makefile b/Makefile index 7ccd9b80..f2011d14 100644 --- a/Makefile +++ b/Makefile @@ -16,14 +16,14 @@ test: go-build: go build -o $(APP_NAME) main.go -build-SSOSyncFunction: - GOOS=linux GOARCH=arm64 go build -o bootstrap main.go - cp ./bootstrap $(ARTIFACTS_DIR)/. - .PHONY: clean clean: rm -f $(OUTPUT) $(PACKAGED_TEMPLATE) +build-SSOSyncFunction: + GOOS=linux GOARCH=arm64 go build -o bootstrap main.go + cp ./bootstrap $(ARTIFACTS_DIR)/. + .PHONY: install install: go get ./... diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 3dc0b4ac..e7600eac 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -63,8 +63,8 @@ phases: # Tweak the .goreleaser.yml so it uses the vairables from .Env - patch .goreleaser.yml cicd/build/build/goreleaser.patch - # Make main but only for the lambda (linux amd64) - - goreleaser build --snapshot --rm-dist --single-target + # Make main + - goreleaser build --snapshot --clean # Check we've packaged something useful @@ -74,3 +74,4 @@ artifacts: files: - ${APP_NAME} - dist/**/* + diff --git a/cicd/build/build/goreleaser.patch b/cicd/build/build/goreleaser.patch index 95cda888..c2309183 100644 --- a/cicd/build/build/goreleaser.patch +++ b/cicd/build/build/goreleaser.patch @@ -1,8 +1,21 @@ ---- .goreleaser.yml 2022-06-15 08:38:24.000000000 +0100 -+++ .goreleaser-codebuild.yml 2022-06-21 12:33:43.000000000 +0100 -@@ -22,7 +22,7 @@ - - goos: windows - goarch: 386 +--- .goreleaser.yml.default 2023-10-25 11:30:58 ++++ .goreleaser.yml 2023-10-25 11:32:18 +@@ -9,20 +9,11 @@ + - CGO_ENABLED=0 + goos: + - linux +- - darwin +- - windows + goarch: +- - 386 + - amd64 +- - arm + - arm64 +- ignore: +- - goos: darwin +- goarch: 386 +- - goos: windows +- goarch: 386 ldflags: - - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Version}} -X github.com/awslabs/ssosync/cmd.commit={{.Commit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser + - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Env.GitTag}} -X github.com/awslabs/ssosync/cmd.commit={{.Env.GitCommit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser -X github.com/awslabs/ssosync/cmd.goversion={{.Env.GoVersion}} diff --git a/cicd/build/package/buildspec.yml b/cicd/build/package/buildspec.yml index 1d84ec55..15bd40ed 100644 --- a/cicd/build/package/buildspec.yml +++ b/cicd/build/package/buildspec.yml @@ -14,10 +14,12 @@ phases: # Check that the files need to package exist - ls README.md - ls SAR.md - - ls dist/ssosync_linux_amd64_v1/ssosync + - ls dist/ssosync_linux_arm64/ssosync + - ls dist/ssosync_linux_amd64_v1/ssosync # Check that the executable works - ./dist/ssosync_linux_amd64_v1/ssosync --version + - mv dist/ssosync_linux_arm64/ssosync bootstrap build: commands: diff --git a/cicd/build/package/release.patch b/cicd/build/package/release.patch index 71e955a0..cdf2d115 100644 --- a/cicd/build/package/release.patch +++ b/cicd/build/package/release.patch @@ -1,5 +1,5 @@ ---- template.yaml 2022-11-29 16:56:21.000000000 +0000 -+++ release.yaml 2022-11-29 17:11:58.000000000 +0000 +--- template.yaml 2023-10-25 09:44:33 ++++ release.yaml 2023-10-25 16:02:21 @@ -27,7 +27,7 @@ - IncludeGroups @@ -9,29 +9,37 @@ Description: Helping you populate AWS SSO directly with your Google Apps users. Author: Sebastian Doell SpdxLicenseId: Apache-2.0 -@@ -107,7 +107,7 @@ - Ignore these Google Workspace users +@@ -111,7 +111,7 @@ + Default: 'none' IncludeGroups: Type: String - Description: | + Description: | Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) + Default: '*' SyncMethod: - Type: String -@@ -116,9 +116,9 @@ +@@ -121,16 +121,16 @@ AllowedValues: - groups - users_groups -- -- -- + + + +- +- +- Resources: SSOSyncFunction: -@@ -156,8 +156,6 @@ + Type: AWS::Serverless::Function + Properties: + Runtime: provided.al2 +- Handler: dist/ssosync_linux_arm64/ssosync ++ Handler: bootstrap + Architectures: + - arm64 + Timeout: 300 +@@ -163,8 +163,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret - !Ref AWSIdentityStoreIDSecret @@ -40,3 +48,12 @@ - Sid: IdentityStoreAccesPolicy Effect: Allow Action: +@@ -187,8 +185,6 @@ + Properties: + Enabled: true + Schedule: !Ref ScheduleExpression +- Metadata: +- BuildMethod: makefile + + AWSGoogleCredentialsSecret: + Type: "AWS::SecretsManager::Secret" diff --git a/cicd/build/package/staging.patch b/cicd/build/package/staging.patch index a0b477ec..fd94a84f 100644 --- a/cicd/build/package/staging.patch +++ b/cicd/build/package/staging.patch @@ -1,5 +1,5 @@ ---- template.yaml 2022-11-29 16:56:21.000000000 +0000 -+++ staging.yaml 2022-11-29 17:10:47.000000000 +0000 +--- template.yaml 2023-10-25 09:44:33 ++++ staging.yaml 2023-10-25 16:02:07 @@ -27,7 +27,7 @@ - IncludeGroups @@ -9,35 +9,38 @@ Description: Helping you populate AWS SSO directly with your Google Apps users. Author: Sebastian Doell SpdxLicenseId: Apache-2.0 -@@ -107,7 +107,7 @@ - Ignore these Google Workspace users +@@ -111,7 +111,7 @@ + Default: 'none' IncludeGroups: Type: String - Description: | + Description: | Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) + Default: '*' SyncMethod: - Type: String -@@ -116,14 +116,15 @@ +@@ -121,16 +121,17 @@ AllowedValues: - groups - users_groups -- -- -- + + + +- +- +- Resources: SSOSyncFunction: Type: AWS::Serverless::Function Properties: + FunctionName: SSOSyncFunction - Runtime: go1.x - Handler: dist/ssosync_linux_amd64_v1/ssosync + Runtime: provided.al2 +- Handler: dist/ssosync_linux_arm64/ssosync ++ Handler: bootstrap + Architectures: + - arm64 Timeout: 300 -@@ -156,8 +157,6 @@ +@@ -163,8 +164,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret - !Ref AWSIdentityStoreIDSecret @@ -46,8 +49,8 @@ - Sid: IdentityStoreAccesPolicy Effect: Allow Action: -@@ -172,13 +171,13 @@ - - "identitystore:DeleteGroupMembership" +@@ -180,16 +179,14 @@ + - "identitystore:DeleteGroup" Resource: - "*" - Events: @@ -57,17 +60,20 @@ - Properties: - Enabled: true - Schedule: !Ref ScheduleExpression -+ +- Metadata: +- BuildMethod: makefile + + - Sid: CodePipelinePolicy + Effect: Allow + Action: + - codepipeline:PutJobSuccessResult + - codepipeline:PutJobFailureResult + Resource: "*" - ++ AWSGoogleCredentialsSecret: Type: "AWS::SecretsManager::Secret" -@@ -215,3 +214,10 @@ + Properties: +@@ -225,3 +222,10 @@ Properties: Name: SSOSyncIdentityStoreID SecretString: !Ref IdentityStoreID diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml index 12decd86..fadc10f6 100644 --- a/cicd/cloudformation/developer.yaml +++ b/cicd/cloudformation/developer.yaml @@ -260,7 +260,7 @@ Resources: Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND StackName: SmokeTest RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] - TemplateConfiguration: !Sub 'Tests::deploy/params.json' + TemplateConfiguration: !Sub 'Tests::deploy/developer.json' TemplatePath: !Sub 'Tests::deploy/stack.yml' InputArtifacts: - Name: Tests diff --git a/cicd/staging/build/buildspec.yml b/cicd/staging/build/buildspec.yml index 8e9815de..f06836e8 100644 --- a/cicd/staging/build/buildspec.yml +++ b/cicd/staging/build/buildspec.yml @@ -49,7 +49,15 @@ phases: - mkdir deploy - cp cicd/staging/build/stack.yml ./deploy/ - # Update params with the values for this run for the management + # Update params with the values for this run for a developer account + - | + jq -n \ + --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:AWS*\"}" \ + --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ + '$ARGS.named' > ./deploy/developer.json + - cat ./deploy/developer.json + + # Update params with the values for this run for the management account - | jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:Man*\"}" \ diff --git a/template.yaml b/template.yaml index fe8b55e9..0c2666da 100644 --- a/template.yaml +++ b/template.yaml @@ -130,7 +130,7 @@ Resources: Type: AWS::Serverless::Function Properties: Runtime: provided.al2 - Handler: bootstrap + Handler: dist/ssosync_linux_arm64/ssosync Architectures: - arm64 Timeout: 300