From 7411e5ff72637f100c636885421b88f90428b2b2 Mon Sep 17 00:00:00 2001
From: Lorenz Vanthillo <lorenz.vanthillo@outlook.com>
Date: Tue, 4 Jul 2023 16:14:52 +0200
Subject: [PATCH] Update deploy scripts to add custom tags to CF stacks and
 underlying resources.

---
 deployment/deploy.sh  | 51 ++++++++++++++++++++++++++++++------
 deployment/destroy.sh | 61 +++++++++++++++++++++++++++++++++++++------
 2 files changed, 96 insertions(+), 16 deletions(-)

diff --git a/deployment/deploy.sh b/deployment/deploy.sh
index 00c62b08..45ee4ae2 100755
--- a/deployment/deploy.sh
+++ b/deployment/deploy.sh
@@ -24,15 +24,50 @@ cd ..
 aws codecommit create-repository --repository-name team-idc-app --repository-description "Temporary Elevated Access Management (TEAM) Application"
 git remote remove origin
 git remote add origin codecommit::$REGION://team-idc-app
+
+# Part below will update tag keys and values in amplify/backend/tags.json
+IFS=' ' read -ra TAG_ARRAY <<< "$TAGS"
+
+output="["
+for tag in "${TAG_ARRAY[@]}"; do
+  IFS='=' read -ra pair <<< "$tag"
+  key="${pair[0]}"
+  value="${pair[1]}"
+  output+="\n  {\n    \"Key\": \"$key\",\n    \"Value\": \"$value\"\n  },"
+done
+
+output="${output%,}\n]"
+echo "$output" > ./amplify/backend/tags.json
+
+if git diff-index --quiet HEAD -- "./amplify/backend/tags.json"; then
+  echo "No changes to amplify/backend/tags.json."
+else
+  git add ./amplify/backend/tags.json
+  git commit -m "Update tags."
+fi
+
 git push origin main
 
 cd ./deployment
 
-aws cloudformation deploy --region $REGION --template-file template.yml \
---stack-name TEAM-IDC-APP \
---parameter-overrides \
-  Source=$EMAIL_SOURCE \
-  Login=$IDC_LOGIN_URL \
-  teamAdminGroup="$TEAM_ADMIN_GROUP" \
-  teamAuditGroup="$TEAM_AUDITOR_GROUP" \
---no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+if [[ ! -z "$TAGS" ]];
+then
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+  --tags "$TAGS" \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+else
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+fi
\ No newline at end of file
diff --git a/deployment/destroy.sh b/deployment/destroy.sh
index 37230c33..aade66d5 100755
--- a/deployment/destroy.sh
+++ b/deployment/destroy.sh
@@ -1,27 +1,72 @@
 # Copyright 2023 Amazon Web Services, Inc
-#
+# 
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-#
+# 
 #     http://www.apache.org/licenses/LICENSE-2.0
-#
+# 
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 #!/usr/bin/env bash
+set -xe
 
 . "./parameters.sh"
 
 export AWS_PROFILE=$TEAM_ACCOUNT_PROFILE
 
-appId=`aws amplify list-apps --output json | jq -r '.apps[] | select(.name=="TEAM-IDC-APP") | .appId' `
-stackName=`aws amplify get-backend-environment --app-id $appId --environment-name main --output json | jq -r '.backendEnvironment | .stackName'`
+git remote remove origin
+git remote add origin codecommit::$REGION://team-idc-app
+git remote add team https://github.com/aws-samples/iam-identity-center-team.git
+git pull team main
+
+# Part below will update tag keys and values in amplify/backend/tags.json
+IFS=' ' read -ra TAG_ARRAY <<< "$TAGS"
+
+output="["
+for tag in "${TAG_ARRAY[@]}"; do
+  IFS='=' read -ra pair <<< "$tag"
+  key="${pair[0]}"
+  value="${pair[1]}"
+  output+="\n  {\n    \"Key\": \"$key\",\n    \"Value\": \"$value\"\n  },"
+done
+
+output="${output%,}\n]"
+echo "$output" > ../amplify/backend/tags.json
 
-aws cloudformation delete-stack --stack-name $stackName
+if [[ ! -z "$TAGS" ]];
+then
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+  --tags "$TAGS" \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+else
+  echo "update normal"
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+fi
 
-aws cloudformation delete-stack --stack-name TEAM-IDC-APP
+if git diff-index --quiet HEAD -- "../amplify/backend/tags.json"; then
+  echo "No changes to amplify/backend/tags.json."
+else
+  git add ../amplify/backend/tags.json
+  git commit -m "Update tags."
+fi
 
-aws codecommit delete-repository --repository-name team-idc-app
\ No newline at end of file
+git push origin main
+git remote remove team
\ No newline at end of file