From 315e85df09db37bc82d3c02ddb623f56ae58eeb6 Mon Sep 17 00:00:00 2001 From: Chris Pates Date: Wed, 25 Oct 2023 19:21:43 +0100 Subject: [PATCH] Squashed commit of the following: commit c1d41c0d12a9f0d461f46b858a4db1e49b9a8434 Author: Chris Pates Date: Wed Oct 25 18:24:20 2023 +0100 Update Makefile commit 09acff4c6300b3ddd73b66442c1662a6876c4c8a Author: Chris Pates Date: Wed Oct 25 16:21:56 2023 +0100 Update buildspec.yml commit 95c1fec3b59c77de3c829fb25f0d3ea7d47b813a Author: Chris Pates Date: Wed Oct 25 16:05:18 2023 +0100 Switching to bootstrap commit 038c4d85f123c96ff9b1c51518f56f5000eb4979 Author: Chris Pates Date: Wed Oct 25 15:26:48 2023 +0100 Adjust for testing commit fce63c48043fea4e2216bed81861f9d3cc7cb37c Author: Chris Pates Date: Wed Oct 25 14:25:32 2023 +0100 updates for the developer pipeline commit 0542ed49f91232daa977dc858ebb4b702f0f2f43 Author: Chris Pates Date: Wed Oct 25 12:30:09 2023 +0100 Update buildspec.yml commit 627c24ce915a2e68ece023601093782b3fb0d75f Author: Chris Pates Date: Wed Oct 25 11:49:56 2023 +0100 Updates to CICD for arm64 commit b3a4c8cb172423f49e4dbf8597fdc10a6ba5a88f Author: Chris Pates Date: Wed Oct 25 11:09:20 2023 +0100 Update buildspec.yml commit 323eaf633a4cc0cce4766c84e56586d448490d19 Author: Chris Pates Date: Wed Oct 25 10:55:37 2023 +0100 Update buildspec.yml commit da30515cc7465d8b98e01b7758419588760f2862 Author: Chris Pates Date: Wed Oct 25 10:46:16 2023 +0100 Update buildspec.yml commit 64a25b241d65941b9fd213a690cd19e3a1293501 Author: Chris Pates Date: Wed Oct 25 09:47:32 2023 +0100 Switching back to amd64 images for codebuild commit 7b87d0fa502851cbbab29563e192607e5cf354e2 Author: Chris Pates Date: Tue Oct 24 20:29:53 2023 +0100 update codebuild image and fix golang version. commit 338b61f5906d9ccb87c955812aad4795bdd331ac Author: Chris Pates Date: Tue Oct 24 17:45:14 2023 +0100 Update buildspec.yml commit 21c941dd53cb5681b733040de1f141375ee924a1 Author: Chris Pates Date: Tue Oct 24 17:41:01 2023 +0100 Update buildspec.yml commit cb9d94b7d84413836921b178b390f5e455497df3 Author: Chris Pates Date: Tue Oct 24 17:39:09 2023 +0100 Update buildspec.yml commit 0dc4087658d0d0a4f437db6d80da066b4cdf5d4c Author: Chris Pates Date: Tue Oct 24 17:31:21 2023 +0100 Update buildspec.yml commit dd0f19c013a5c6cb439a3f5af36b2f9a7a136733 Author: Chris Pates Date: Tue Oct 24 17:27:17 2023 +0100 Update buildspec.yml commit 71ba54362a99592549c52597e3d31fa2c318438d Author: Chris Pates Date: Tue Oct 24 17:20:44 2023 +0100 Update buildspec.yml commit 43af171309cdbf4df50a9afe2e86df89a16ea7eb Author: Chris Pates Date: Tue Oct 24 17:13:25 2023 +0100 updating cicd to arm64 --- .gitignore | 1 + Makefile | 8 +++--- cicd/build/build/buildspec.yml | 5 ++-- cicd/build/build/goreleaser.patch | 23 +++++++++++++---- cicd/build/package/buildspec.yml | 4 ++- cicd/build/package/release.patch | 37 +++++++++++++++++++-------- cicd/build/package/staging.patch | 40 +++++++++++++++++------------- cicd/cloudformation/developer.yaml | 2 +- cicd/staging/build/buildspec.yml | 10 +++++++- template.yaml | 2 +- 10 files changed, 90 insertions(+), 42 deletions(-) diff --git a/.gitignore b/.gitignore index bab55fd4..5264af69 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ ssosync # Noise from os/editors .DS_Store *.swp +*/.DS_Store diff --git a/Makefile b/Makefile index 7ccd9b80..f2011d14 100644 --- a/Makefile +++ b/Makefile @@ -16,14 +16,14 @@ test: go-build: go build -o $(APP_NAME) main.go -build-SSOSyncFunction: - GOOS=linux GOARCH=arm64 go build -o bootstrap main.go - cp ./bootstrap $(ARTIFACTS_DIR)/. - .PHONY: clean clean: rm -f $(OUTPUT) $(PACKAGED_TEMPLATE) +build-SSOSyncFunction: + GOOS=linux GOARCH=arm64 go build -o bootstrap main.go + cp ./bootstrap $(ARTIFACTS_DIR)/. + .PHONY: install install: go get ./... diff --git a/cicd/build/build/buildspec.yml b/cicd/build/build/buildspec.yml index 3dc0b4ac..e7600eac 100644 --- a/cicd/build/build/buildspec.yml +++ b/cicd/build/build/buildspec.yml @@ -63,8 +63,8 @@ phases: # Tweak the .goreleaser.yml so it uses the vairables from .Env - patch .goreleaser.yml cicd/build/build/goreleaser.patch - # Make main but only for the lambda (linux amd64) - - goreleaser build --snapshot --rm-dist --single-target + # Make main + - goreleaser build --snapshot --clean # Check we've packaged something useful @@ -74,3 +74,4 @@ artifacts: files: - ${APP_NAME} - dist/**/* + diff --git a/cicd/build/build/goreleaser.patch b/cicd/build/build/goreleaser.patch index 95cda888..c2309183 100644 --- a/cicd/build/build/goreleaser.patch +++ b/cicd/build/build/goreleaser.patch @@ -1,8 +1,21 @@ ---- .goreleaser.yml 2022-06-15 08:38:24.000000000 +0100 -+++ .goreleaser-codebuild.yml 2022-06-21 12:33:43.000000000 +0100 -@@ -22,7 +22,7 @@ - - goos: windows - goarch: 386 +--- .goreleaser.yml.default 2023-10-25 11:30:58 ++++ .goreleaser.yml 2023-10-25 11:32:18 +@@ -9,20 +9,11 @@ + - CGO_ENABLED=0 + goos: + - linux +- - darwin +- - windows + goarch: +- - 386 + - amd64 +- - arm + - arm64 +- ignore: +- - goos: darwin +- goarch: 386 +- - goos: windows +- goarch: 386 ldflags: - - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Version}} -X github.com/awslabs/ssosync/cmd.commit={{.Commit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser + - -s -w -X github.com/awslabs/ssosync/cmd.version={{.Env.GitTag}} -X github.com/awslabs/ssosync/cmd.commit={{.Env.GitCommit}} -X github.com/awslabs/ssosync/cmd.date={{.Date}} -X github.com/awslabs/ssosync/cmd.builtBy=goreleaser -X github.com/awslabs/ssosync/cmd.goversion={{.Env.GoVersion}} diff --git a/cicd/build/package/buildspec.yml b/cicd/build/package/buildspec.yml index 1d84ec55..15bd40ed 100644 --- a/cicd/build/package/buildspec.yml +++ b/cicd/build/package/buildspec.yml @@ -14,10 +14,12 @@ phases: # Check that the files need to package exist - ls README.md - ls SAR.md - - ls dist/ssosync_linux_amd64_v1/ssosync + - ls dist/ssosync_linux_arm64/ssosync + - ls dist/ssosync_linux_amd64_v1/ssosync # Check that the executable works - ./dist/ssosync_linux_amd64_v1/ssosync --version + - mv dist/ssosync_linux_arm64/ssosync bootstrap build: commands: diff --git a/cicd/build/package/release.patch b/cicd/build/package/release.patch index 71e955a0..cdf2d115 100644 --- a/cicd/build/package/release.patch +++ b/cicd/build/package/release.patch @@ -1,5 +1,5 @@ ---- template.yaml 2022-11-29 16:56:21.000000000 +0000 -+++ release.yaml 2022-11-29 17:11:58.000000000 +0000 +--- template.yaml 2023-10-25 09:44:33 ++++ release.yaml 2023-10-25 16:02:21 @@ -27,7 +27,7 @@ - IncludeGroups @@ -9,29 +9,37 @@ Description: Helping you populate AWS SSO directly with your Google Apps users. Author: Sebastian Doell SpdxLicenseId: Apache-2.0 -@@ -107,7 +107,7 @@ - Ignore these Google Workspace users +@@ -111,7 +111,7 @@ + Default: 'none' IncludeGroups: Type: String - Description: | + Description: | Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) + Default: '*' SyncMethod: - Type: String -@@ -116,9 +116,9 @@ +@@ -121,16 +121,16 @@ AllowedValues: - groups - users_groups -- -- -- + + + +- +- +- Resources: SSOSyncFunction: -@@ -156,8 +156,6 @@ + Type: AWS::Serverless::Function + Properties: + Runtime: provided.al2 +- Handler: dist/ssosync_linux_arm64/ssosync ++ Handler: bootstrap + Architectures: + - arm64 + Timeout: 300 +@@ -163,8 +163,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret - !Ref AWSIdentityStoreIDSecret @@ -40,3 +48,12 @@ - Sid: IdentityStoreAccesPolicy Effect: Allow Action: +@@ -187,8 +185,6 @@ + Properties: + Enabled: true + Schedule: !Ref ScheduleExpression +- Metadata: +- BuildMethod: makefile + + AWSGoogleCredentialsSecret: + Type: "AWS::SecretsManager::Secret" diff --git a/cicd/build/package/staging.patch b/cicd/build/package/staging.patch index a0b477ec..fd94a84f 100644 --- a/cicd/build/package/staging.patch +++ b/cicd/build/package/staging.patch @@ -1,5 +1,5 @@ ---- template.yaml 2022-11-29 16:56:21.000000000 +0000 -+++ staging.yaml 2022-11-29 17:10:47.000000000 +0000 +--- template.yaml 2023-10-25 09:44:33 ++++ staging.yaml 2023-10-25 16:02:07 @@ -27,7 +27,7 @@ - IncludeGroups @@ -9,35 +9,38 @@ Description: Helping you populate AWS SSO directly with your Google Apps users. Author: Sebastian Doell SpdxLicenseId: Apache-2.0 -@@ -107,7 +107,7 @@ - Ignore these Google Workspace users +@@ -111,7 +111,7 @@ + Default: 'none' IncludeGroups: Type: String - Description: | + Description: | Include only these Google Workspace groups. (Only applicable for SyncMethod user_groups) + Default: '*' SyncMethod: - Type: String -@@ -116,14 +116,15 @@ +@@ -121,16 +121,17 @@ AllowedValues: - groups - users_groups -- -- -- + + + +- +- +- Resources: SSOSyncFunction: Type: AWS::Serverless::Function Properties: + FunctionName: SSOSyncFunction - Runtime: go1.x - Handler: dist/ssosync_linux_amd64_v1/ssosync + Runtime: provided.al2 +- Handler: dist/ssosync_linux_arm64/ssosync ++ Handler: bootstrap + Architectures: + - arm64 Timeout: 300 -@@ -156,8 +157,6 @@ +@@ -163,8 +164,6 @@ - !Ref AWSSCIMAccessTokenSecret - !Ref AWSRegionSecret - !Ref AWSIdentityStoreIDSecret @@ -46,8 +49,8 @@ - Sid: IdentityStoreAccesPolicy Effect: Allow Action: -@@ -172,13 +171,13 @@ - - "identitystore:DeleteGroupMembership" +@@ -180,16 +179,14 @@ + - "identitystore:DeleteGroup" Resource: - "*" - Events: @@ -57,17 +60,20 @@ - Properties: - Enabled: true - Schedule: !Ref ScheduleExpression -+ +- Metadata: +- BuildMethod: makefile + + - Sid: CodePipelinePolicy + Effect: Allow + Action: + - codepipeline:PutJobSuccessResult + - codepipeline:PutJobFailureResult + Resource: "*" - ++ AWSGoogleCredentialsSecret: Type: "AWS::SecretsManager::Secret" -@@ -215,3 +214,10 @@ + Properties: +@@ -225,3 +222,10 @@ Properties: Name: SSOSyncIdentityStoreID SecretString: !Ref IdentityStoreID diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml index 12decd86..fadc10f6 100644 --- a/cicd/cloudformation/developer.yaml +++ b/cicd/cloudformation/developer.yaml @@ -260,7 +260,7 @@ Resources: Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND StackName: SmokeTest RoleArn: !GetAtt [CloudFormationDeployerRole, Arn] - TemplateConfiguration: !Sub 'Tests::deploy/params.json' + TemplateConfiguration: !Sub 'Tests::deploy/developer.json' TemplatePath: !Sub 'Tests::deploy/stack.yml' InputArtifacts: - Name: Tests diff --git a/cicd/staging/build/buildspec.yml b/cicd/staging/build/buildspec.yml index 8e9815de..f06836e8 100644 --- a/cicd/staging/build/buildspec.yml +++ b/cicd/staging/build/buildspec.yml @@ -49,7 +49,15 @@ phases: - mkdir deploy - cp cicd/staging/build/stack.yml ./deploy/ - # Update params with the values for this run for the management + # Update params with the values for this run for a developer account + - | + jq -n \ + --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:AWS*\"}" \ + --argjson StackPolicy "{\"Statement\":[{\"Effect\": \"Allow\", \"NotAction\": \"Update:Delete\", \"Principal\": \"*\", \"Resource\": \"*\"}]}" \ + '$ARGS.named' > ./deploy/developer.json + - cat ./deploy/developer.json + + # Update params with the values for this run for the management account - | jq -n \ --argjson Parameters "{\"AppArn\": \"$AppArn\", \"AppVersion\": \"$AppVersion\", \"GroupMatch\": \"name:Man*\"}" \ diff --git a/template.yaml b/template.yaml index fe8b55e9..0c2666da 100644 --- a/template.yaml +++ b/template.yaml @@ -130,7 +130,7 @@ Resources: Type: AWS::Serverless::Function Properties: Runtime: provided.al2 - Handler: bootstrap + Handler: dist/ssosync_linux_arm64/ssosync Architectures: - arm64 Timeout: 300