This repository has been archived by the owner on Sep 18, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathMakefile
91 lines (84 loc) · 4.12 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
FEDERATED_AWS_RP_STACK_NAME := FederatedAWSRP
FEDERATED_AWS_RP_CODE_STORAGE_S3_PREFIX := federated-aws-rp
PROD_LAMBDA_CODE_STORAGE_S3_BUCKET_NAME := public.us-east-1.iam.mozilla.com
DEV_LAMBDA_CODE_STORAGE_S3_BUCKET_NAME := public.us-east-1.security.allizom.org
PROD_ACCOUNT_ID := 320464205386
DEV_ACCOUNT_ID := 656532927350
PROD_DOMAIN_NAME := aws.sso.mozilla.com
DEV_DOMAIN_NAME := aws.security.allizom.org
PROD_DOMAIN_ZONE := sso.mozilla.com.
DEV_DOMAIN_ZONE := security.allizom.org.
PROD_CERT_ARN := arn:aws:acm:us-east-1:320464205386:certificate/29d28c00-40d2-4361-a6ef-f8b1441b171f
DEV_CERT_ARN := arn:aws:acm:us-east-1:656532927350:certificate/8f78c838-67e8-426b-8132-61165bf2cd7b
PROD_ID_TOKEN_FOR_ROLE_URL := https://roles-and-aliases.security.mozilla.org/
DEV_ID_TOKEN_FOR_ROLE_URL := https://roles-and-aliases.security.allizom.org/
PROD_CLIENT_ID := N7lULzWtfVUDGymwDs0yDEq6ZcwmFazj
PROD_DISCOVERY_URL := https://auth.mozilla.auth0.com/.well-known/openid-configuration
DEV_CLIENT_ID := xRFzU2bj7Lrbo3875aXwyxIArdkq1AOT
DEV_DISCOVERY_URL := https://auth-dev.mozilla.auth0.com/.well-known/openid-configuration
.PHONE: deploy-aws-federated-rp-dev
deploy-aws-federated-rp-dev:
./deploy.sh \
$(DEV_ACCOUNT_ID) \
federated-aws-rp.yaml \
$(DEV_LAMBDA_CODE_STORAGE_S3_BUCKET_NAME) \
$(FEDERATED_AWS_RP_STACK_NAME) \
$(FEDERATED_AWS_RP_CODE_STORAGE_S3_PREFIX) \
"ClientId=$(DEV_CLIENT_ID) \
DiscoveryUrl=$(DEV_DISCOVERY_URL) \
CustomDomainName=$(DEV_DOMAIN_NAME) \
DomainNameZone=$(DEV_DOMAIN_ZONE) \
CertificateArn=$(DEV_CERT_ARN) \
IdTokenForRolesUrl=$(DEV_ID_TOKEN_FOR_ROLE_URL)" \
AwsFederatedRpUrl
.PHONE: deploy-aws-federated-rp-dev-to-prod
deploy-aws-federated-rp-dev-to-prod:
./deploy.sh \
$(DEV_ACCOUNT_ID) \
federated-aws-rp.yaml \
$(DEV_LAMBDA_CODE_STORAGE_S3_BUCKET_NAME) \
$(FEDERATED_AWS_RP_STACK_NAME) \
$(FEDERATED_AWS_RP_CODE_STORAGE_S3_PREFIX) \
"ClientId=$(PROD_CLIENT_ID) \
DiscoveryUrl=$(PROD_DISCOVERY_URL) \
CustomDomainName=$(DEV_DOMAIN_NAME) \
DomainNameZone=$(DEV_DOMAIN_ZONE) \
CertificateArn=$(DEV_CERT_ARN) \
IdTokenForRolesUrl=$(PROD_ID_TOKEN_FOR_ROLE_URL)" \
AwsFederatedRpUrl
.PHONE: deploy-aws-federated-rp
deploy-aws-federated-rp:
./deploy.sh \
$(PROD_ACCOUNT_ID) \
federated-aws-rp.yaml \
$(PROD_LAMBDA_CODE_STORAGE_S3_BUCKET_NAME) \
$(FEDERATED_AWS_RP_STACK_NAME) \
$(FEDERATED_AWS_RP_CODE_STORAGE_S3_PREFIX) \
"ClientId=$(PROD_CLIENT_ID) \
DiscoveryUrl=$(PROD_DISCOVERY_URL) \
CustomDomainName=$(PROD_DOMAIN_NAME) \
DomainNameZone=$(PROD_DOMAIN_ZONE) \
CertificateArn=$(PROD_CERT_ARN) \
IdTokenForRolesUrl=$(PROD_ID_TOKEN_FOR_ROLE_URL)" \
AwsFederatedRpUrl
.PHONE: test-aws-federated-rp
test-aws-federated-rp:
URL=`aws cloudformation describe-stacks --stack-name $(FEDERATED_AWS_RP_STACK_NAME) --query "Stacks[0].Outputs[?OutputKey=='AliasesEndpointUrl'].OutputValue" --output text` && \
curl $$URL
.PHONE: get-log-group-dev
get-log-group-dev:
@test "`aws sts get-caller-identity --query Account --output text`" != "$(DEV_ACCOUNT_ID)" -o \
"`python -c 'import boto3; print(boto3.Session().region_name)'`" != "us-east-1" && \
echo "Wrong account or region" || \
aws cloudformation describe-stacks --stack-name $(FEDERATED_AWS_RP_STACK_NAME) --query "Stacks[0].Outputs[?OutputKey=='LogGroup'].OutputValue" --output text
.PHONE: get-log-group
get-log-group:
@test "`aws sts get-caller-identity --query Account --output text`" != "$(PROD_ACCOUNT_ID)" -o \
"`python -c 'import boto3; print(boto3.Session().region_name)'`" != "us-east-1" && \
echo "Wrong account or region" || \
aws cloudformation describe-stacks --stack-name $(FEDERATED_AWS_RP_STACK_NAME) --query "Stacks[0].Outputs[?OutputKey=='LogGroup'].OutputValue" --output text
# TODO : Deal with the fact that this API isn't "deployed" when you first create the CloudFormation stack
# options : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-deployment.html
# https://docs.aws.amazon.com/cli/latest/reference/apigateway/create-deployment.html
# web UI
# http://www.awslessons.com/2017/aws-api-gateway-missing-authentication-token/