From c00ad05a81b13a82fd9ef555efa96ec043b6f6e1 Mon Sep 17 00:00:00 2001
From: Chris Pates <crpates@amazon.co.uk>
Date: Fri, 2 Dec 2022 12:29:01 +0000
Subject: [PATCH] adding additional cli params to smoke test

---
 cicd/cloudformation/developer.yaml | 19 +++++++++++++++----
 cicd/tests/smoke/cli/buildspec.yml |  4 +++-
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/cicd/cloudformation/developer.yaml b/cicd/cloudformation/developer.yaml
index 8c32f487..d66b1318 100644
--- a/cicd/cloudformation/developer.yaml
+++ b/cicd/cloudformation/developer.yaml
@@ -229,9 +229,9 @@ Resources:
               InputArtifacts:
                 - Name: Built
                 - Name: Source
-        - Name: Test
+        - Name: Prep
           Actions:
-            - Name: Staging
+            - Name: Publish
               Namespace: RC
               ActionTypeId:
                 Category: Build
@@ -760,11 +760,22 @@ Resources:
               -  'lambda:invokeFunction'
               Effect: Allow
               Resource: '*'
+            - Action:
+                - "identitystore:DeleteUser"
+                - "identitystore:CreateGroup"
+                - "identitystore:CreateGroupMembership"
+                - "identitystore:ListGroups"
+                - "identitystore:ListUsers"
+                - "identitystore:ListGroupMemberships"
+                - "identitystore:IsMemberInGroups"
+                - "identitystore:GetGroupMembershipId"
+                - "identitystore:DeleteGroupMembership"
+              Effect: Allow
+              Resource: '*'
             - Action:
                 - "secretsmanager:Get*"
-              Resource:
-                - "*"
               Effect: Allow
+              Resource: '*'
 
   CloudFormationDeployerRole:
     Type: AWS::IAM::Role
diff --git a/cicd/tests/smoke/cli/buildspec.yml b/cicd/tests/smoke/cli/buildspec.yml
index 8a3153da..2aaec28f 100644
--- a/cicd/tests/smoke/cli/buildspec.yml
+++ b/cicd/tests/smoke/cli/buildspec.yml
@@ -5,6 +5,8 @@ env:
     GoogleAdminEmail: TestGoogleAdminEmail
     SCIMEndpointUrl: TestSCIMEndpointUrl
     SCIMAccessToken: TestSCIMAccessToken
+    IdentityStoreID: TestIdentityStoreId
+    Region: TestRegion
     
 phases:
   pre_build: 
@@ -18,4 +20,4 @@ phases:
       - aws secretsmanager  get-secret-value --secret-id=TestGoogleCredentials --query SecretString --output text | jq '.' > credentials.json
       - cat credentials.json
 
-      - ./ssosync -t "${SCIMAccessToken}" -e "${SCIMEndpointUrl}" -u "${GoogleAdminEmail}" -s "groups" -g "name:AWS*" 
+      - ./ssosync -t "${SCIMAccessToken}" -e "${SCIMEndpointUrl}" -u "${GoogleAdminEmail}" -i "${IdentityStoreID}" -r "${Region}" -s "groups" -g "name:AWS*"