Skip to content

Commit

Permalink
Support GitLab OIDC for pipeline bootstrap (#4037)
Browse files Browse the repository at this point in the history
* Support GitLab OIDC for pipeline bootstrap

* Fix incorrect variable mappings

* use constants instead of strings
sidhujus authored Jul 7, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 860a40b commit 74bffa8
Showing 9 changed files with 225 additions and 33 deletions.
48 changes: 41 additions & 7 deletions samcli/commands/pipeline/bootstrap/cli.py
Original file line number Diff line number Diff line change
@@ -10,12 +10,18 @@

from samcli.cli.cli_config_file import configuration_option, TomlProvider
from samcli.cli.main import pass_context, common_options, aws_creds_options, print_cmdline_args
from samcli.commands.pipeline.bootstrap.pipeline_oidc_provider import GitHubOidcProvider, PipelineOidcProvider
from samcli.commands.pipeline.bootstrap.pipeline_oidc_provider import (
GitHubOidcProvider,
GitLabOidcProvider,
PipelineOidcProvider,
)
from samcli.lib.config.samconfig import SamConfig
from samcli.lib.pipeline.bootstrap.stage import (
DEPLOYMENT_BRANCH,
GITHUB_ORG,
GITHUB_REPO,
GITLAB_GROUP,
GITLAB_PROJECT,
OIDC_CLIENT_ID,
OIDC_PROVIDER,
OIDC_PROVIDER_URL,
@@ -24,7 +30,7 @@
from samcli.lib.telemetry.metric import track_command
from samcli.lib.utils.colors import Colored
from samcli.lib.utils.version_checker import check_newer_version
from .guided_context import GITHUB_ACTIONS, IAM, OPEN_ID_CONNECT, GuidedContext
from .guided_context import GITHUB_ACTIONS, GITLAB, IAM, OPEN_ID_CONNECT, GuidedContext
from ..external_links import CONFIG_AWS_CRED_ON_CICD_URL

SHORT_HELP = "Generates the required AWS resources to connect your CI/CD system."
@@ -132,7 +138,17 @@
@click.option(
"--oidc-provider",
help="The name of the CI/CD system that will be used for OIDC permissions",
type=click.Choice([GITHUB_ACTIONS]),
type=click.Choice([GITHUB_ACTIONS, GITLAB]),
required=False,
)
@click.option(
"--gitlab-group",
help="The GitLab group that the repository belongs to. Only used if using GitLab OIDC for permissions",
required=False,
)
@click.option(
"--gitlab-project",
help="The GitLab project name. Only used if using GitLab OIDC for permissions",
required=False,
)
@common_options
@@ -161,6 +177,8 @@ def cli(
github_repo: Optional[str],
deployment_branch: Optional[str],
oidc_provider: Optional[str],
gitlab_group: Optional[str],
gitlab_project: Optional[str],
) -> None:
"""
`sam pipeline bootstrap` command entry point
@@ -186,6 +204,8 @@ def cli(
github_repo=github_repo,
deployment_branch=deployment_branch,
oidc_provider=oidc_provider,
gitlab_group=gitlab_group,
gitlab_project=gitlab_project,
) # pragma: no cover


@@ -210,6 +230,8 @@ def do_cli(
github_repo: Optional[str],
deployment_branch: Optional[str],
oidc_provider: Optional[str],
gitlab_group: Optional[str],
gitlab_project: Optional[str],
standalone: bool = True,
) -> None:
"""
@@ -227,6 +249,8 @@ def do_cli(
github_org = oidc_parameters.get(GITHUB_ORG)
github_repo = oidc_parameters.get(GITHUB_REPO)
deployment_branch = oidc_parameters.get(DEPLOYMENT_BRANCH)
gitlab_group = oidc_parameters.get(GITLAB_GROUP)
gitlab_project = oidc_parameters.get(GITLAB_PROJECT)

if interactive:
if standalone:
@@ -261,6 +285,8 @@ def do_cli(
github_org=github_org,
github_repo=github_repo,
deployment_branch=deployment_branch,
gitlab_group=gitlab_group,
gitlab_project=gitlab_project,
)
guided_context.run()
stage_configuration_name = guided_context.stage_configuration_name
@@ -279,6 +305,8 @@ def do_cli(
github_repo = guided_context.github_repo
deployment_branch = guided_context.deployment_branch
oidc_provider = guided_context.oidc_provider
gitlab_project = guided_context.gitlab_project
gitlab_group = guided_context.gitlab_group

subject_claim = None
pipeline_oidc_provider: Optional[PipelineOidcProvider] = None
@@ -287,11 +315,18 @@ def do_cli(
common_oidc_params = {"oidc-provider-url": oidc_provider_url, "oidc-client-id": oidc_client_id}
if oidc_provider == GITHUB_ACTIONS:
github_oidc_params: dict = {
"github-org": github_org,
"github-repo": github_repo,
"deployment-branch": deployment_branch,
GitHubOidcProvider.GITHUB_ORG_PARAMETER_NAME: github_org,
GitHubOidcProvider.GITHUB_REPO_PARAMETER_NAME: github_repo,
GitHubOidcProvider.DEPLOYMENT_BRANCH_PARAMETER_NAME: deployment_branch,
}
pipeline_oidc_provider = GitHubOidcProvider(github_oidc_params, common_oidc_params, GITHUB_ACTIONS)
elif oidc_provider == GITLAB:
gitlab_oidc_params: dict = {
GitLabOidcProvider.GITLAB_PROJECT_PARAMETER_NAME: gitlab_project,
GitLabOidcProvider.GITLAB_GROUP_PARAMETER_NAME: gitlab_group,
GitLabOidcProvider.DEPLOYMENT_BRANCH_PARAMETER_NAME: deployment_branch,
}
pipeline_oidc_provider = GitLabOidcProvider(gitlab_oidc_params, common_oidc_params, GITLAB)
else:
raise click.UsageError("Missing required parameter '--oidc-provider'")
subject_claim = pipeline_oidc_provider.get_subject_claim()
@@ -313,7 +348,6 @@ def do_cli(
oidc_client_id=oidc_client_id,
permissions_provider=permissions_provider,
subject_claim=subject_claim,
oidc_provider_name=oidc_provider,
pipeline_oidc_provider=pipeline_oidc_provider,
)

44 changes: 37 additions & 7 deletions samcli/commands/pipeline/bootstrap/guided_context.py
Original file line number Diff line number Diff line change
@@ -19,16 +19,17 @@
from samcli.lib.utils.profile import list_available_profiles

GITHUB_ACTIONS = "github-actions"
GITLAB = "gitlab"
OPEN_ID_CONNECT = "oidc"
IAM = "iam"


class GuidedContext:

SUPPORTED_OIDC_PROVIDERS = {"1": GITHUB_ACTIONS}
OIDC_PROVIDER_NAME_MAPPINGS = {GITHUB_ACTIONS: "GitHub Actions"}
DEFAULT_OIDC_URLS = {GITHUB_ACTIONS: "https://token.actions.githubusercontent.com"}
DEFAULT_CLIENT_IDS = {GITHUB_ACTIONS: "sts.amazonaws.com"}
SUPPORTED_OIDC_PROVIDERS = {"1": GITHUB_ACTIONS, "2": GITLAB}
OIDC_PROVIDER_NAME_MAPPINGS = {GITHUB_ACTIONS: "GitHub Actions", GITLAB: "GitLab"}
DEFAULT_OIDC_URLS = {GITHUB_ACTIONS: "https://token.actions.githubusercontent.com", GITLAB: "https://gitlab.com"}
DEFAULT_CLIENT_IDS = {GITHUB_ACTIONS: "sts.amazonaws.com", GITLAB: "https://gitlab.com"}

def __init__(
self,
@@ -47,6 +48,8 @@ def __init__(
oidc_provider: Optional[str] = None,
github_org: Optional[str] = None,
github_repo: Optional[str] = None,
gitlab_group: Optional[str] = None,
gitlab_project: Optional[str] = None,
deployment_branch: Optional[str] = None,
) -> None:
self.profile = profile
@@ -65,6 +68,8 @@ def __init__(
self.github_repo = github_repo
self.github_org = github_org
self.deployment_branch = deployment_branch
self.gitlab_group = gitlab_group
self.gitlab_project = gitlab_project
self.color = Colored()

def _prompt_account_id(self) -> None:
@@ -207,7 +212,24 @@ def _prompt_subject_claim(self) -> None:
if not self.github_repo:
self._prompt_github_repo()
if not self.deployment_branch:
self._prompt_github_branch()
self._prompt_deployment_branch()
elif self.oidc_provider == GITLAB:
if not self.gitlab_group:
self._prompt_gitlab_group()
if not self.gitlab_project:
self._prompt_gitlab_project()
if not self.deployment_branch:
self._prompt_deployment_branch()

def _prompt_gitlab_group(self) -> None:
self.gitlab_group = click.prompt(
"Enter the GitLab group that the code repository belongs to."
" If there is no group enter your username instead",
type=click.STRING,
)

def _prompt_gitlab_project(self) -> None:
self.gitlab_project = click.prompt("Enter GitLab project name", type=click.STRING)

def _prompt_github_org(self) -> None:
self.github_org = click.prompt(
@@ -219,7 +241,7 @@ def _prompt_github_org(self) -> None:
def _prompt_github_repo(self) -> None:
self.github_repo = click.prompt("Enter GitHub repository name", type=click.STRING)

def _prompt_github_branch(self) -> None:
def _prompt_deployment_branch(self) -> None:
self.deployment_branch = click.prompt(
"Enter the name of the branch that deployments will occur from", type=click.STRING, default="main"
)
@@ -251,7 +273,15 @@ def _get_user_inputs(self) -> List[Tuple[str, Callable[[], None]]]:
[
(f"GitHub organization: {self.github_org}", self._prompt_github_org),
(f"GitHub repository: {self.github_repo}", self._prompt_github_repo),
(f"Deployment branch: {self.deployment_branch}", self._prompt_github_branch),
(f"Deployment branch: {self.deployment_branch}", self._prompt_deployment_branch),
]
)
elif self.oidc_provider == GITLAB:
inputs.extend(
[
(f"GitLab group: {self.gitlab_group}", self._prompt_gitlab_group),
(f"GitLab project: {self.gitlab_project}", self._prompt_gitlab_project),
(f"Deployment branch: {self.deployment_branch}", self._prompt_deployment_branch),
]
)
else:
30 changes: 30 additions & 0 deletions samcli/commands/pipeline/bootstrap/pipeline_oidc_provider.py
Original file line number Diff line number Diff line change
@@ -70,3 +70,33 @@ def get_subject_claim(self) -> str:
repo = self.oidc_parameters["github-repo"]
branch = self.oidc_parameters["deployment-branch"]
return f"repo:{org}/{repo}:ref:refs/heads/{branch}"


class GitLabOidcProvider(PipelineOidcProvider):

GITLAB_PROJECT_PARAMETER_NAME = "gitlab-project"
GITLAB_GROUP_PARAMETER_NAME = "gitlab-group"
DEPLOYMENT_BRANCH_PARAMETER_NAME = "deployment-branch"

def __init__(self, subject_claim_parameters: dict, oidc_parameters: dict, oidc_provider_name: str) -> None:
all_oidc_parameters = {**oidc_parameters, **subject_claim_parameters}
all_oidc_parameter_names = [
self.GITLAB_PROJECT_PARAMETER_NAME,
self.GITLAB_GROUP_PARAMETER_NAME,
self.DEPLOYMENT_BRANCH_PARAMETER_NAME,
]
super().__init__(all_oidc_parameters, all_oidc_parameter_names, oidc_provider_name)

def get_subject_claim(self) -> str:
"""
Returns the subject claim that will be used to establish trust between the OIDC provider and AWS.
To read more about OIDC claims see the following: https://openid.net/specs/openid-connect-core-1_0.html#Claims
https://docs.gitlab.com/ee/ci/cloud_services/aws/#configure-a-role-and-trust
To learn more about configuring a role to work with GitLab OIDC through claims see the following
https://docs.gitlab.com/ee/ci/cloud_services/index.html#configure-a-conditional-role-with-oidc-claims
-------
"""
group = self.oidc_parameters["gitlab-group"]
project = self.oidc_parameters["gitlab-project"]
branch = self.oidc_parameters["deployment-branch"]
return f"project_path:{group}/{project}:ref_type:branch:ref:{branch}"
2 changes: 2 additions & 0 deletions samcli/commands/pipeline/init/interactive_init_flow.py
Original file line number Diff line number Diff line change
@@ -182,6 +182,8 @@ def _prompt_run_bootstrap_within_pipeline_init(
github_repo=None,
deployment_branch=None,
oidc_provider=None,
gitlab_group=None,
gitlab_project=None,
)
return True
else:
10 changes: 2 additions & 8 deletions samcli/lib/pipeline/bootstrap/stage.py
Original file line number Diff line number Diff line change
@@ -36,6 +36,8 @@
OIDC_PROVIDER = "oidc_provider"
GITHUB_ORG = "github_org"
GITHUB_REPO = "github_repo"
GITLAB_GROUP = "gitlab_group"
GITLAB_PROJECT = "gitlab_project"
DEPLOYMENT_BRANCH = "deployment_branch"
REGION = "region"

@@ -112,20 +114,12 @@ def __init__(
oidc_provider_url: Optional[str] = None,
oidc_client_id: Optional[str] = None,
subject_claim: Optional[str] = None,
oidc_provider_name: Optional[str] = None,
github_org: Optional[str] = None,
github_repo: Optional[str] = None,
deployment_branch: Optional[str] = None,
pipeline_oidc_provider: Optional[PipelineOidcProvider] = None,
) -> None:
self.name: str = name
self.create_new_oidc_provider = False
self.subject_claim = subject_claim
self.use_oidc_provider = permissions_provider == OPEN_ID_CONNECT
self.oidc_provider_name = oidc_provider_name
self.github_org = github_org
self.github_repo = github_repo
self.deployment_branch = deployment_branch
self.pipeline_oidc_provider = pipeline_oidc_provider
self.aws_profile: Optional[str] = aws_profile
self.aws_region: Optional[str] = aws_region
2 changes: 1 addition & 1 deletion samcli/lib/pipeline/bootstrap/stage_resources.yaml
Original file line number Diff line number Diff line change
@@ -159,7 +159,7 @@ Resources:
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"ForAllValues:StringEquals": {
"ForAllValues:StringLike": {
"${Url}:aud": "${OidcClientId}",
"${Url}:sub": "${SubjectClaim}"
}
51 changes: 50 additions & 1 deletion tests/unit/commands/pipeline/bootstrap/test_cli.py
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@
)
from samcli.commands.pipeline.bootstrap.cli import cli as bootstrap_cmd
from samcli.commands.pipeline.bootstrap.cli import do_cli as bootstrap_cli
from samcli.commands.pipeline.bootstrap.guided_context import GITHUB_ACTIONS
from samcli.commands.pipeline.bootstrap.guided_context import GITHUB_ACTIONS, GITLAB

ANY_REGION = "ANY_REGION"
ANY_PROFILE = "ANY_PROFILE"
@@ -31,8 +31,13 @@
ANY_GITHUB_ORG = "ANY_GITHUB_ORG"
ANY_GITHUB_REPO = "ANY_GITHUB_REPO"
ANY_DEPLOYMENT_BRANCH = "ANY_DEPLOYMENT_BRANCH"
ANY_GITLAB_PROJECT = "ANY_GITLAB_PROJECT"
ANY_GITLAB_GROUP = "ANY_GITLAB_GROUP"
ANY_SUBJECT_CLAIM = "ANY_SUBJECT_CLAIM"
ANY_BUILT_SUBJECT_CLAIM = "repo:ANY_GITHUB_ORG/ANY_GITHUB_REPO:ref:refs/heads/ANY_DEPLOYMENT_BRANCH"
ANY_BUILT_GITLAB_SUBJECT_CLAIM = (
"project_path:ANY_GITLAB_GROUP/ANY_GITLAB_PROJECT:ref_type:branch:ref" ":ANY_DEPLOYMENT_BRANCH"
)
PIPELINE_BOOTSTRAP_COMMAND_NAMES = ["pipeline", "bootstrap"]


@@ -58,6 +63,8 @@ def setUp(self) -> None:
"oidc_provider": ANY_OIDC_PROVIDER,
"github_org": ANY_GITHUB_ORG,
"github_repo": ANY_GITHUB_REPO,
"gitlab_project": ANY_GITLAB_PROJECT,
"gitlab_group": ANY_GITLAB_GROUP,
"deployment_branch": ANY_DEPLOYMENT_BRANCH,
}

@@ -91,6 +98,8 @@ def test_bootstrap_command_default_argument_values(self, do_cli_mock):
github_repo=None,
deployment_branch=None,
oidc_provider=None,
gitlab_group=None,
gitlab_project=None,
)

@patch("samcli.commands.pipeline.bootstrap.cli.do_cli")
@@ -233,6 +242,46 @@ def test_bootstrapping_oidc_interactive_flow(
cmd_names=PIPELINE_BOOTSTRAP_COMMAND_NAMES,
)

@patch("samcli.commands.pipeline.bootstrap.pipeline_oidc_provider")
@patch("samcli.commands.pipeline.bootstrap.cli._get_bootstrap_command_names")
@patch("samcli.commands.pipeline.bootstrap.cli.Stage")
@patch("samcli.commands.pipeline.bootstrap.cli.GuidedContext")
def test_bootstrapping_oidc_interactive_flow_gitlab(
self,
guided_context_mock,
environment_mock,
get_command_names_mock,
pipeline_provider_mock,
):
# setup
gc_instance = Mock()
gc_instance.oidc_provider = GITLAB
gc_instance.gitlab_project = ANY_GITLAB_PROJECT
gc_instance.gitlab_group = ANY_GITLAB_GROUP
gc_instance.deployment_branch = ANY_DEPLOYMENT_BRANCH
gc_instance.oidc_provider_url = ANY_OIDC_PROVIDER_URL
gc_instance.oidc_client_id = ANY_OIDC_CLIENT_ID
gc_instance.permissions_provider = "oidc"
guided_context_mock.return_value = gc_instance
environment_instance = Mock()
environment_mock.return_value = environment_instance
self.cli_context["interactive"] = True
self.cli_context["permissions_provider"] = "oidc"
get_command_names_mock.return_value = PIPELINE_BOOTSTRAP_COMMAND_NAMES

# trigger
bootstrap_cli(**self.cli_context)

# verify
gc_instance.run.assert_called_once()
environment_instance.bootstrap.assert_called_once_with(confirm_changeset=True)
environment_instance.print_resources_summary.assert_called_once()
environment_instance.save_config_safe.assert_called_once_with(
config_dir=PIPELINE_CONFIG_DIR,
filename=PIPELINE_CONFIG_FILENAME,
cmd_names=PIPELINE_BOOTSTRAP_COMMAND_NAMES,
)

@patch("samcli.commands.pipeline.bootstrap.cli._get_bootstrap_command_names")
@patch("samcli.commands.pipeline.bootstrap.cli._load_saved_pipeline_user_arn")
@patch("samcli.commands.pipeline.bootstrap.cli.Stage")
62 changes: 62 additions & 0 deletions tests/unit/commands/pipeline/bootstrap/test_guided_context.py
Original file line number Diff line number Diff line change
@@ -18,6 +18,8 @@
ANY_OIDC_CLIENT_ID = "ANY_OIDC_CLIENT_ID"
ANY_GITHUB_ORG = "ANY_GITHUB_ORG"
ANY_GITHUB_REPO = "ANY_GITHUB_REPO"
ANY_GITLAB_GROUP = "ANY_GITLAB_GROUP"
ANY_GITLAB_PROJECT = "ANY_GITLAB_PROJECT"
ANY_DEPLOYMENT_BRANCH = "ANY_DEPLOYMENT_BRANCH"


@@ -80,6 +82,38 @@ def test_guided_context_will_not_prompt_for_fields_that_are_already_provided_oid
prompt_account_id_mock.assert_called_once()
click_mock.prompt.assert_called_once()

@patch("samcli.commands.pipeline.bootstrap.guided_context.get_current_account_id")
@patch("samcli.commands.pipeline.bootstrap.guided_context.click")
@patch("samcli.commands.pipeline.bootstrap.guided_context.GuidedContext._prompt_account_id")
def test_guided_context_will_not_prompt_for_fields_that_are_already_provided_oidc_gitlab(
self, prompt_account_id_mock, click_mock, account_id_mock
):
account_id_mock.return_value = "1234567890"
click_mock.confirm.return_value = False
click_mock.prompt = Mock(return_value="0")
gc: GuidedContext = GuidedContext(
stage_configuration_name=ANY_STAGE_CONFIGURATION_NAME,
permissions_provider="oidc",
oidc_provider_url=ANY_OIDC_PROVIDER_URL,
oidc_provider="gitlab",
oidc_client_id=ANY_OIDC_CLIENT_ID,
gitlab_group=ANY_GITLAB_GROUP,
gitlab_project=ANY_GITLAB_PROJECT,
deployment_branch=ANY_DEPLOYMENT_BRANCH,
pipeline_execution_role_arn=ANY_PIPELINE_EXECUTION_ROLE_ARN,
cloudformation_execution_role_arn=ANY_CLOUDFORMATION_EXECUTION_ROLE_ARN,
artifacts_bucket_arn=ANY_ARTIFACTS_BUCKET_ARN,
create_image_repository=True,
image_repository_arn=ANY_IMAGE_REPOSITORY_ARN,
region=ANY_REGION,
)
gc.run()
# there should only two prompt to ask
# 1. which account to use (mocked in _prompt_account_id(), not contributing to count)
# 2. what values customers want to change
prompt_account_id_mock.assert_called_once()
click_mock.prompt.assert_called_once()

@patch("samcli.commands.pipeline.bootstrap.guided_context.get_current_account_id")
@patch("samcli.commands.pipeline.bootstrap.guided_context.click")
@patch("samcli.commands.pipeline.bootstrap.guided_context.GuidedContext._prompt_account_id")
@@ -129,6 +163,34 @@ def test_guided_context_will_prompt_for_fields_that_are_not_provided_oidc(
self.assertTrue(self.did_prompt_text_like("GitHub Repository", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("branch that deployments", click_mock.prompt))

@patch("samcli.commands.pipeline.bootstrap.guided_context.GuidedContext._validate_oidc_provider_url")
@patch("samcli.commands.pipeline.bootstrap.guided_context.get_current_account_id")
@patch("samcli.commands.pipeline.bootstrap.guided_context.click")
@patch("samcli.commands.pipeline.bootstrap.guided_context.GuidedContext._prompt_account_id")
def test_guided_context_will_prompt_for_fields_that_are_not_provided_oidc_gitlab(
self, prompt_account_id_mock, click_mock, account_id_mock, oidc_url_validate_mock
):
account_id_mock.return_value = "1234567890"
click_mock.confirm.return_value = False
click_mock.prompt = Mock(return_value="0")
gc: GuidedContext = GuidedContext(
image_repository_arn=ANY_IMAGE_REPOSITORY_ARN, # Exclude ECR repo, it has its own detailed test below
permissions_provider="oidc",
oidc_provider="gitlab",
)
gc.run()
prompt_account_id_mock.assert_called_once()
self.assertTrue(self.did_prompt_text_like("Stage configuration Name", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("Pipeline execution role", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("CloudFormation execution role", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("Artifact bucket", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("region", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("URL of the OIDC provider", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("OIDC Client ID", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("GitLab Group", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("GitLab Project", click_mock.prompt))
self.assertTrue(self.did_prompt_text_like("branch that deployments", click_mock.prompt))

@patch("samcli.commands.pipeline.bootstrap.guided_context.click")
def test_guided_context_prompts_oidc_url_if_missing_or_invalid(self, click_mock):
gc: GuidedContext = GuidedContext(
9 changes: 0 additions & 9 deletions tests/unit/lib/pipeline/bootstrap/test_environment.py
Original file line number Diff line number Diff line change
@@ -466,9 +466,6 @@ def test_creates_new_oidc_provider_if_needed(
oidc_provider_url=ANY_OIDC_PROVIDER_URL,
oidc_client_id=ANY_OIDC_CLIENT_ID,
subject_claim=ANY_SUBJECT_CLAIM,
github_org=ANY_GITHUB_ORG,
github_repo=ANY_GITHUB_REPO,
deployment_branch=ANY_DEPLOYMENT_BRANCH,
pipeline_execution_role_arn=ANY_PIPELINE_EXECUTION_ROLE_ARN,
cloudformation_execution_role_arn=ANY_CLOUDFORMATION_EXECUTION_ROLE_ARN,
artifacts_bucket_arn=ANY_ARTIFACTS_BUCKET_ARN,
@@ -503,9 +500,6 @@ def test_doesnt_create_new_oidc_provider(self, manage_stack_mock, click_mock, bo
oidc_provider_url=ANY_OIDC_PROVIDER_URL,
oidc_client_id=ANY_OIDC_CLIENT_ID,
subject_claim=ANY_SUBJECT_CLAIM,
github_org=ANY_GITHUB_ORG,
github_repo=ANY_GITHUB_REPO,
deployment_branch=ANY_DEPLOYMENT_BRANCH,
pipeline_execution_role_arn=ANY_PIPELINE_EXECUTION_ROLE_ARN,
cloudformation_execution_role_arn=ANY_CLOUDFORMATION_EXECUTION_ROLE_ARN,
artifacts_bucket_arn=ANY_ARTIFACTS_BUCKET_ARN,
@@ -537,9 +531,6 @@ def test_should_create_new_oidc_provider_returns_true_if_no_url(self, boto3_mock
oidc_provider_url="",
oidc_client_id=ANY_OIDC_CLIENT_ID,
subject_claim=ANY_SUBJECT_CLAIM,
github_org=ANY_GITHUB_ORG,
github_repo=ANY_GITHUB_REPO,
deployment_branch=ANY_DEPLOYMENT_BRANCH,
pipeline_execution_role_arn=ANY_PIPELINE_EXECUTION_ROLE_ARN,
cloudformation_execution_role_arn=ANY_CLOUDFORMATION_EXECUTION_ROLE_ARN,
artifacts_bucket_arn=ANY_ARTIFACTS_BUCKET_ARN,

0 comments on commit 74bffa8

Please sign in to comment.