From ea3b56d3f86676eec487dc1b65aba2c387f22594 Mon Sep 17 00:00:00 2001 From: John Stainsby Date: Fri, 13 Sep 2024 09:55:51 +0100 Subject: [PATCH] fix: DBTP-1338 - Run copilot env deploy in env pipelines (#224) --- environment-pipelines/buildspec-apply.yml | 21 ++++ .../buildspec-install-build-tools.yml | 8 ++ environment-pipelines/buildspec-trigger.yml | 4 +- environment-pipelines/iam.tf | 107 ++++++++++++++---- environment-pipelines/locals.tf | 24 ++-- environment-pipelines/tests/unit.tftest.hcl | 82 ++++++++++++-- 6 files changed, 205 insertions(+), 41 deletions(-) diff --git a/environment-pipelines/buildspec-apply.yml b/environment-pipelines/buildspec-apply.yml index 2090c4a9..42161418 100644 --- a/environment-pipelines/buildspec-apply.yml +++ b/environment-pipelines/buildspec-apply.yml @@ -17,6 +17,27 @@ phases: - echo -e "\nWorking on environment ${ENVIRONMENT}" - cd "terraform/environments/${ENVIRONMENT}" - terraform apply plan.tfplan + - echo -e "\nGenerating manifests and deploying AWS Copilot environment resources" + - cd "${CODEBUILD_SRC_DIR}" + - platform-helper environment generate --name "${ENVIRONMENT}" + - | + if [[ "${AWS_PROFILE_FOR_COPILOT}" == *"prod"* ]] + then + echo -e "\nAssuming role to deploy AWS Copilot environment resources in prod account" + assumed_role=$(aws sts assume-role --role-arn "${TRIGGERING_ACCOUNT_CODEBUILD_ROLE}" --role-session-name "trigger-copilot-env-deploy-$(date +%s)") + NON_PROD_AWS_ACCESS_KEY_ID=$(echo $assumed_role | jq -r .Credentials.AccessKeyId) + NON_PROD_AWS_SECRET_ACCESS_KEY=$(echo $assumed_role | jq -r .Credentials.SecretAccessKey) + NON_PROD_AWS_SESSION_TOKEN=$(echo $assumed_role | jq -r .Credentials.SessionToken) + export PROFILE_NAME="${TRIGGERING_ACCOUNT_AWS_PROFILE}" + aws configure set aws_access_key_id "${NON_PROD_AWS_ACCESS_KEY_ID}" --profile "${PROFILE_NAME}" + aws configure set aws_secret_access_key "${NON_PROD_AWS_SECRET_ACCESS_KEY}" --profile "${PROFILE_NAME}" + aws configure set aws_session_token "${NON_PROD_AWS_SESSION_TOKEN}" --profile "${PROFILE_NAME}" + aws configure set region "eu-west-2" --profile "${PROFILE_NAME}" + aws configure set output "json" --profile "${PROFILE_NAME}" + export AWS_PROFILE="${PROFILE_NAME}" + fi + - copilot env init --name "${ENVIRONMENT}" --profile "${AWS_PROFILE_FOR_COPILOT}" --default-config + - copilot env deploy --name "${ENVIRONMENT}" post_build: commands: - | diff --git a/environment-pipelines/buildspec-install-build-tools.yml b/environment-pipelines/buildspec-install-build-tools.yml index fff8d181..9d1451a8 100644 --- a/environment-pipelines/buildspec-install-build-tools.yml +++ b/environment-pipelines/buildspec-install-build-tools.yml @@ -13,6 +13,12 @@ phases: commands: - set -e - echo "Deploying ${APPLICATION} environments" + - | + if [ ! -f .copilot-version ]; then + echo "Cannot find .copilot-version file" + exit 1 + fi + - COPILOT_VERSION=`cat .copilot-version` - cd "${CODEBUILD_SRC_DIR}" - echo "Installing latest version of platform-helper to get required version for the project." - pip install dbt-platform-helper @@ -66,6 +72,8 @@ phases: - unzip terraform_install.zip - chmod +x terraform - rm terraform_install.zip + - curl -s -qL -o copilot https://ecs-cli-v2-release.s3.amazonaws.com/copilot-linux-v${COPILOT_VERSION} + - chmod +x copilot - platform-helper notify add-comment "${SLACK_CHANNEL_ID}" "${SLACK_TOKEN}" "${SLACK_REF}" "Starting install phase" - VERSION_OUTPUT+="\n$(terraform --version)" - VERSION_OUTPUT+="\n$(platform-helper --version)" diff --git a/environment-pipelines/buildspec-trigger.yml b/environment-pipelines/buildspec-trigger.yml index 3ce1b92a..e39b77ee 100644 --- a/environment-pipelines/buildspec-trigger.yml +++ b/environment-pipelines/buildspec-trigger.yml @@ -32,11 +32,11 @@ phases: - MESSAGE="Triggering ${TRIGGERED_PIPELINE_NAME} pipeline" - echo "${MESSAGE}" - platform-helper notify add-comment "${SLACK_CHANNEL_ID}" "${SLACK_TOKEN}" "${SLACK_REF}" "${MESSAGE}" - - - aws codepipeline start-pipeline-execution --name "${TRIGGERED_PIPELINE_NAME}" --profile "${PROFILE_NAME}" --variables "name=SLACK_THREAD_ID,value=${SLACK_REF}" + - aws codepipeline start-pipeline-execution --name "${TRIGGERED_PIPELINE_NAME}" --profile "${PROFILE_NAME}" --variables name=SLACK_THREAD_ID,value=${SLACK_REF} post_build: commands: + - export ACCOUNT_NAME="${TRIGGERED_PIPELINE_AWS_PROFILE}" - | if [ "${CODEBUILD_BUILD_SUCCEEDING}" == "1" ] then diff --git a/environment-pipelines/iam.tf b/environment-pipelines/iam.tf index 84a5ba19..219076e2 100644 --- a/environment-pipelines/iam.tf +++ b/environment-pipelines/iam.tf @@ -80,6 +80,20 @@ data "aws_iam_policy_document" "assume_codebuild_role" { actions = ["sts:AssumeRole"] } + + dynamic "statement" { + for_each = toset(local.triggers_another_pipeline ? [""] : []) + content { + effect = "Allow" + + principals { + type = "AWS" + identifiers = [local.triggered_pipeline_codebuild_role] + } + + actions = ["sts:AssumeRole"] + } + } } data "aws_iam_policy_document" "write_environment_pipeline_codebuild_logs" { @@ -716,6 +730,18 @@ data "aws_iam_policy_document" "copilot_assume_role" { ] } } + + dynamic "statement" { + for_each = toset(local.triggers_another_pipeline ? local.triggered_pipeline_environments : []) + content { + actions = [ + "sts:AssumeRole" + ] + resources = [ + "arn:aws:iam::${local.triggered_account_id}:role/${var.application}-${statement.value.name}-EnvManagerRole" + ] + } + } } data "aws_iam_policy_document" "cloudformation" { @@ -731,6 +757,8 @@ data "aws_iam_policy_document" "cloudformation" { "cloudformation:DescribeChangeSet", "cloudformation:CreateChangeSet", "cloudformation:ExecuteChangeSet", + "cloudformation:DescribeStackEvents", + "cloudformation:DeleteStack" ] resources = [ "arn:aws:cloudformation:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stack/${var.application}-*", @@ -748,26 +776,31 @@ resource "aws_iam_policy" "cloudformation" { } data "aws_iam_policy_document" "iam" { - statement { - actions = [ - "iam:AttachRolePolicy", - "iam:DetachRolePolicy", - "iam:CreatePolicy", - "iam:DeletePolicy", - "iam:CreateRole", - "iam:DeleteRole", - "iam:TagRole", - "iam:PutRolePolicy", - "iam:GetRole", - "iam:ListRolePolicies", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfilesForRole", - "iam:DeleteRolePolicy", - ] - resources = [ - "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/*-${var.application}-*-conduitEcsTask", - ] + dynamic "statement" { + for_each = local.environment_config + content { + actions = [ + "iam:AttachRolePolicy", + "iam:DetachRolePolicy", + "iam:CreatePolicy", + "iam:DeletePolicy", + "iam:CreateRole", + "iam:DeleteRole", + "iam:TagRole", + "iam:PutRolePolicy", + "iam:GetRole", + "iam:ListRolePolicies", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:DeleteRolePolicy", + ] + resources = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/*-${var.application}-*-conduitEcsTask", + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.application}-${statement.value.name}-CFNExecutionRole", + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.application}-${statement.value.name}-EnvManagerRole" + ] + } } } @@ -962,6 +995,40 @@ data "aws_iam_policy_document" "trigger_pipeline" { } } +resource "aws_iam_role_policy" "assume_role_for_copilot_env_commands" { + for_each = toset(local.triggered_by_another_pipeline ? [""] : []) + name = "${var.application}-${var.pipeline_name}-assume-role-for-copilot-env-commands" + role = aws_iam_role.environment_pipeline_codebuild.name + policy = data.aws_iam_policy_document.assume_role_for_copilot_env_commands_policy_document[""].json +} + +data "aws_iam_policy_document" "assume_role_for_copilot_env_commands_policy_document" { + for_each = toset(local.triggered_by_another_pipeline ? [""] : []) + statement { + actions = [ + "sts:AssumeRole" + ] + resources = local.triggering_pipeline_role_arns + } + + statement { + actions = [ + "kms:*", + ] + resources = [ + "arn:aws:kms:${data.aws_region.current.name}:${local.triggering_account_id}:key/*" + ] + } + + statement { + actions = [ + "s3:*", + ] + resources = [ + "arn:aws:s3:::stackset-${var.application}-*-pipelinebuiltartifactbuc-*" + ] + } +} #------NON-PROD-SOURCE-ACCOUNT------ diff --git a/environment-pipelines/locals.tf b/environment-pipelines/locals.tf index ade790d3..34fba59f 100644 --- a/environment-pipelines/locals.tf +++ b/environment-pipelines/locals.tf @@ -21,16 +21,23 @@ locals { account_map = { for account in local.extracted_account_names_and_ids : account["name"] => account["id"] } # Convert the env config into a list and add env name and vpc / requires_approval from the environments config. - environment_config = [for name, env in var.environments : merge(lookup(local.base_env_config, name, {}), env, { "name" = name })] - triggers_another_pipeline = var.pipeline_to_trigger != null + environment_config = [for name, env in var.environments : merge(lookup(local.base_env_config, name, {}), env, { "name" = name })] - triggered_pipeline_account_name = local.triggers_another_pipeline ? var.all_pipelines[var.pipeline_to_trigger].account : null - triggered_account_id = local.triggers_another_pipeline ? local.account_map[local.triggered_pipeline_account_name] : null + triggers_another_pipeline = var.pipeline_to_trigger != null + triggered_pipeline_account_name = local.triggers_another_pipeline ? var.all_pipelines[var.pipeline_to_trigger].account : null + triggered_account_id = local.triggers_another_pipeline ? local.account_map[local.triggered_pipeline_account_name] : null + triggered_pipeline_codebuild_role = local.triggers_another_pipeline ? "arn:aws:iam::${local.triggered_account_id}:role/${var.application}-${var.pipeline_to_trigger}-environment-pipeline-codebuild" : null + triggered_pipeline_environments = local.triggers_another_pipeline ? [for name, config in var.all_pipelines[var.pipeline_to_trigger].environments : { "name" = name }] : null list_of_triggering_pipelines = [for pipeline, config in var.all_pipelines : merge(config, { name = pipeline }) if lookup(config, "pipeline_to_trigger", null) == var.pipeline_name] set_of_triggering_pipeline_names = toset([for pipeline in local.list_of_triggering_pipelines : pipeline.name]) + triggering_pipeline_role_arns = [for name in local.set_of_triggering_pipeline_names : "arn:aws:iam::${local.account_map[var.all_pipelines[name].account]}:role/${var.application}-${name}-environment-pipeline-codebuild"] - triggering_pipeline_role_arns = [for name in local.set_of_triggering_pipeline_names : "arn:aws:iam::${local.account_map[var.all_pipelines[name].account]}:role/${var.application}-${name}-environment-pipeline-codebuild"] + triggered_by_another_pipeline = length([for config in var.all_pipelines : true if lookup(config, "pipeline_to_trigger", null) == var.pipeline_name]) > 0 + triggering_pipeline_account_name = local.triggered_by_another_pipeline ? one(local.list_of_triggering_pipelines).account : null + triggering_account_id = local.triggered_by_another_pipeline ? local.account_map[local.triggering_pipeline_account_name] : null + triggering_pipeline_name = local.triggered_by_another_pipeline ? one(local.list_of_triggering_pipelines).name : null + triggering_pipeline_codebuild_role = local.triggered_by_another_pipeline ? "arn:aws:iam::${local.triggering_account_id}:role/${var.application}-${local.triggering_pipeline_name}-environment-pipeline-codebuild" : null initial_stages = [for env in local.environment_config : [ @@ -49,7 +56,6 @@ locals { { name : "APPLICATION", value : var.application }, { name : "ENVIRONMENT", value : env.name }, { name : "PIPELINE_NAME", value : var.pipeline_name }, - { name : "COPILOT_PROFILE", value : env.accounts.deploy.name }, { name : "SLACK_CHANNEL_ID", value : var.slack_channel, type : "PARAMETER_STORE" }, { name : "SLACK_REF", value : "#{slack.SLACK_REF}" }, { name : "NEEDS_APPROVAL", value : lookup(env, "requires_approval", false) ? "yes" : "no" }, @@ -84,10 +90,12 @@ locals { PrimarySource : "${env.name}_terraform_plan" EnvironmentVariables : jsonencode([ { name : "ENVIRONMENT", value : env.name }, + { name : "AWS_PROFILE_FOR_COPILOT", value : env.accounts.deploy.name }, { name : "SLACK_CHANNEL_ID", value : var.slack_channel, type : "PARAMETER_STORE" }, { name : "SLACK_REF", value : "#{slack.SLACK_REF}" }, - { name : "VPC", value : local.base_env_config[env.name].vpc }, { name : "SLACK_THREAD_ID", value : "#{variables.SLACK_THREAD_ID}" }, + local.triggered_by_another_pipeline ? { name : "TRIGGERING_ACCOUNT_CODEBUILD_ROLE", value : local.triggering_pipeline_codebuild_role } : null, + local.triggered_by_another_pipeline ? { name : "TRIGGERING_ACCOUNT_AWS_PROFILE", value : local.triggering_pipeline_account_name } : null, ]) }, namespace : null @@ -98,7 +106,6 @@ locals { triggered_pipeline_account_role = local.triggers_another_pipeline ? "arn:aws:iam::${local.triggered_account_id}:role/${var.application}-${var.pipeline_to_trigger}-trigger-pipeline-from-${var.pipeline_name}" : null target_pipeline = local.triggers_another_pipeline ? "${var.application}-${var.pipeline_to_trigger}-environment-pipeline" : null - all_stages = flatten( concat(local.initial_stages, local.triggers_another_pipeline ? [ { @@ -116,7 +123,6 @@ locals { { name : "SLACK_THREAD_ID", value : "#{variables.SLACK_THREAD_ID}" }, { name : "SLACK_CHANNEL_ID", value : var.slack_channel, type : "PARAMETER_STORE" }, { name : "SLACK_REF", value : "#{slack.SLACK_REF}" }, - { name : "ACCOUNT_NAME", value : local.triggered_pipeline_account_name }, ]) }, namespace : null diff --git a/environment-pipelines/tests/unit.tftest.hcl b/environment-pipelines/tests/unit.tftest.hcl index 1baf058c..85e28fef 100644 --- a/environment-pipelines/tests/unit.tftest.hcl +++ b/environment-pipelines/tests/unit.tftest.hcl @@ -189,6 +189,13 @@ override_data { } } +override_data { + target = data.aws_iam_policy_document.assume_role_for_copilot_env_commands_policy_document + values = { + json = "{\"Sid\": \"AssumeRoleCopilotCommands\"}" + } +} + variables { application = "my-app" repository = "my-repository" @@ -207,7 +214,7 @@ variables { trigger_on_push = true pipeline_to_trigger = "triggered-pipeline" environments = { - environment1 = "" + dev = "" } } @@ -217,7 +224,7 @@ variables { slack_channel = "" trigger_on_push = false environments = { - environment2 = "" + prod = "" } } } @@ -242,11 +249,11 @@ variables { accounts = { deploy = { name = "prod" - id = "000123456789" + id = "123456789000" } dns = { name = "live" - id = "000987654321" + id = "987654321000" } } requires_approval = true @@ -893,7 +900,7 @@ run "test_triggering_pipelines" { } assert { - condition = aws_codepipeline.environment_pipeline.stage[7].action[0].configuration.EnvironmentVariables == "[{\"name\":\"TRIGGERED_ACCOUNT_ROLE_ARN\",\"value\":\"arn:aws:iam::000123456789:role/my-app-triggered-pipeline-trigger-pipeline-from-my-pipeline\"},{\"name\":\"TRIGGERED_PIPELINE_NAME\",\"value\":\"my-app-triggered-pipeline-environment-pipeline\"},{\"name\":\"TRIGGERED_PIPELINE_AWS_PROFILE\",\"value\":\"prod\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"ACCOUNT_NAME\",\"value\":\"prod\"}]" + condition = aws_codepipeline.environment_pipeline.stage[7].action[0].configuration.EnvironmentVariables == "[{\"name\":\"TRIGGERED_ACCOUNT_ROLE_ARN\",\"value\":\"arn:aws:iam::123456789000:role/my-app-triggered-pipeline-trigger-pipeline-from-my-pipeline\"},{\"name\":\"TRIGGERED_PIPELINE_NAME\",\"value\":\"my-app-triggered-pipeline-environment-pipeline\"},{\"name\":\"TRIGGERED_PIPELINE_AWS_PROFILE\",\"value\":\"prod\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"}]" error_message = "Configuration Env Vars incorrect" } @@ -913,9 +920,19 @@ run "test_triggering_pipelines" { } assert { - condition = local.triggered_pipeline_account_role == "arn:aws:iam::000123456789:role/my-app-triggered-pipeline-trigger-pipeline-from-my-pipeline" + condition = local.triggered_pipeline_account_role == "arn:aws:iam::123456789000:role/my-app-triggered-pipeline-trigger-pipeline-from-my-pipeline" error_message = "Triggered pipeline account role is incorrect" } + + assert { + condition = local.triggered_pipeline_codebuild_role == "arn:aws:iam::123456789000:role/my-app-triggered-pipeline-environment-pipeline-codebuild" + error_message = "" + } + + assert { + condition = local.triggered_pipeline_environments[0].name == "prod" + error_message = "" + } } run "test_triggered_pipelines" { @@ -930,6 +947,26 @@ run "test_triggered_pipelines" { error_message = "" } + assert { + condition = local.triggered_by_another_pipeline == true + error_message = "" + } + + assert { + condition = local.triggering_pipeline_account_name == "sandbox" + error_message = "" + } + + assert { + condition = local.triggering_account_id == "000123456789" + error_message = "" + } + + assert { + condition = local.triggering_pipeline_codebuild_role == "arn:aws:iam::000123456789:role/my-app-my-pipeline-environment-pipeline-codebuild" + error_message = "" + } + assert { condition = aws_iam_role.trigger_pipeline["my-pipeline"].name == "my-app-triggered-pipeline-trigger-pipeline-from-my-pipeline" error_message = "" @@ -971,6 +1008,31 @@ run "test_triggered_pipelines" { condition = local.triggering_pipeline_role_arns == ["arn:aws:iam::000123456789:role/my-app-my-pipeline-environment-pipeline-codebuild"] error_message = "ARN for triggering role is incorrect" } + + assert { + condition = aws_iam_role_policy.assume_role_for_copilot_env_commands[""].name == "my-app-triggered-pipeline-assume-role-for-copilot-env-commands" + error_message = "Should be: 'my-app-triggered-pipeline-assume-role-for-copilot-env-commands" + } + + assert { + condition = aws_iam_role_policy.assume_role_for_copilot_env_commands[""].role == "my-app-triggered-pipeline-environment-pipeline-codebuild" + error_message = "Should be: 'my-app-triggered-pipeline-environment-pipeline-codebuild" + } + + assert { + condition = aws_iam_role_policy.assume_role_for_copilot_env_commands[""].policy == "{\"Sid\": \"AssumeRoleCopilotCommands\"}" + error_message = "Should be: 'AssumeRoleCopilotCommands'" + } + + assert { + condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"AWS_PROFILE_FOR_COPILOT\",\"value\":\"sandbox\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"},{\"name\":\"TRIGGERING_ACCOUNT_CODEBUILD_ROLE\",\"value\":\"arn:aws:iam::000123456789:role/my-app-my-pipeline-environment-pipeline-codebuild\"},{\"name\":\"TRIGGERING_ACCOUNT_AWS_PROFILE\",\"value\":\"sandbox\"}]" + error_message = "Configuration Env Vars incorrect" + } + + assert { + condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"AWS_PROFILE_FOR_COPILOT\",\"value\":\"prod\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"},{\"name\":\"TRIGGERING_ACCOUNT_CODEBUILD_ROLE\",\"value\":\"arn:aws:iam::000123456789:role/my-app-my-pipeline-environment-pipeline-codebuild\"},{\"name\":\"TRIGGERING_ACCOUNT_AWS_PROFILE\",\"value\":\"sandbox\"}]" + error_message = "Configuration Env Vars incorrect" + } } run "test_artifact_store" { @@ -1049,7 +1111,7 @@ run "test_stages" { error_message = "Configuration PrimarySource incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[2].action[0].configuration.EnvironmentVariables == "[{\"name\":\"APPLICATION\",\"value\":\"my-app\"},{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"PIPELINE_NAME\",\"value\":\"my-pipeline\"},{\"name\":\"COPILOT_PROFILE\",\"value\":\"sandbox\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"NEEDS_APPROVAL\",\"value\":\"no\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"}]" + condition = aws_codepipeline.environment_pipeline.stage[2].action[0].configuration.EnvironmentVariables == "[{\"name\":\"APPLICATION\",\"value\":\"my-app\"},{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"PIPELINE_NAME\",\"value\":\"my-pipeline\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"NEEDS_APPROVAL\",\"value\":\"no\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"}]" error_message = "Configuration Env Vars incorrect" } assert { @@ -1103,7 +1165,7 @@ run "test_stages" { error_message = "Configuration PrimarySource incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"VPC\",\"value\":\"platform-sandbox-dev\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"}]" + condition = aws_codepipeline.environment_pipeline.stage[3].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"dev\"},{\"name\":\"AWS_PROFILE_FOR_COPILOT\",\"value\":\"sandbox\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"},null,null]" error_message = "Configuration Env Vars incorrect" } @@ -1157,7 +1219,7 @@ run "test_stages" { error_message = "Configuration PrimarySource incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[4].action[0].configuration.EnvironmentVariables == "[{\"name\":\"APPLICATION\",\"value\":\"my-app\"},{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"PIPELINE_NAME\",\"value\":\"my-pipeline\"},{\"name\":\"COPILOT_PROFILE\",\"value\":\"prod\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"NEEDS_APPROVAL\",\"value\":\"yes\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"}]" + condition = aws_codepipeline.environment_pipeline.stage[4].action[0].configuration.EnvironmentVariables == "[{\"name\":\"APPLICATION\",\"value\":\"my-app\"},{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"PIPELINE_NAME\",\"value\":\"my-pipeline\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"NEEDS_APPROVAL\",\"value\":\"yes\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"}]" error_message = "Configuration Env Vars incorrect" } assert { @@ -1253,7 +1315,7 @@ run "test_stages" { error_message = "Configuration PrimarySource incorrect" } assert { - condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"VPC\",\"value\":\"platform-sandbox-prod\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"}]" + condition = aws_codepipeline.environment_pipeline.stage[6].action[0].configuration.EnvironmentVariables == "[{\"name\":\"ENVIRONMENT\",\"value\":\"prod\"},{\"name\":\"AWS_PROFILE_FOR_COPILOT\",\"value\":\"prod\"},{\"name\":\"SLACK_CHANNEL_ID\",\"type\":\"PARAMETER_STORE\",\"value\":\"/codebuild/slack_pipeline_notifications_channel\"},{\"name\":\"SLACK_REF\",\"value\":\"#{slack.SLACK_REF}\"},{\"name\":\"SLACK_THREAD_ID\",\"value\":\"#{variables.SLACK_THREAD_ID}\"},null,null]" error_message = "Configuration Env Vars incorrect" } }