Skip to content

Commit

Permalink
Merge pull request #27 from NASA-IMPACT/dev
Browse files Browse the repository at this point in the history 
fix: export names of client secrets must be unique, add aws_region to client secrets in secrets manager
  • Loading branch information
@anayeaye
anayeaye authored Mar 7, 2024
2 parents b6b2c72 + 00e6b2c commit d3429ec
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 9 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/cicd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
run: |
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
echo "env_name=staging" >> $GITHUB_OUTPUT
echo "secret_name=veda-auth-uah-env" >> $GITHUB_OUTPUT
echo "secret_name=veda-auth-staging-env" >> $GITHUB_OUTPUT
elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then
echo "env_name=dev" >> $GITHUB_OUTPUT
echo "secret_name=veda-auth-dev-env" >> $GITHUB_OUTPUT
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
run: |
if [ "${{ github.base_ref }}" == "main" ]; then
echo "env_name=staging" >> $GITHUB_OUTPUT
echo "secret_name=veda-auth-uah-env" >> $GITHUB_OUTPUT
echo "secret_name=veda-auth-staging-env" >> $GITHUB_OUTPUT
elif [ "${{ github.base_ref }}" == "dev" ]; then
echo "env_name=dev" >> $GITHUB_OUTPUT
echo "secret_name=veda-auth-dev-env" >> $GITHUB_OUTPUT
Expand Down
4 changes: 2 additions & 2 deletions app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@
# In this case, we want this client to be able to only register new STAC ingestions in
# the STAC ingestion registry service.
stack.add_service_client(
"veda-workflows",
"workflows-client",
scopes=[
stac_registry_scopes["stac:register"],
],
Expand All @@ -98,7 +98,7 @@
)

# Programmatic Clients
client = stack.add_programmatic_client(f"{app_settings.app_name}-{app_settings.stage}-veda-sdk")
client = stack.add_programmatic_client("programmatic-client")
CfnOutput(
stack,
"client_id",
Expand Down
15 changes: 10 additions & 5 deletions infra/stack.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def __init__(
)
else:
auth_provider_client = self.add_programmatic_client(
f"{stack_name}-identity-provider",
"identity-provider",
name="Identity Pool Authentication Provider",
)
if app_settings.data_managers_role_arn:
Expand Down Expand Up @@ -320,20 +320,23 @@ def add_programmatic_client(
user_pool_client_name=name or service_id,
# disable_o_auth=True,
)

region = Stack.of(self).region
self._create_secret(
service_id,
{
"flow": "user_password",
"cognito_domain": self.domain.base_url(),
"client_id": client.user_pool_client_id,
"userpool_id": self.userpool.user_pool_id,
"aws_region": region,
},
)
stack_name = Stack.of(self).stack_name
CfnOutput(
self,
f"cognito-sdk-{service_id}-secret",
export_name=f"{stack_name}-cognito-sdk-secret",
f"{service_id}-secret-id",
export_name=f"{stack_name}-{service_id}-secret-id",
value=f"{stack_name}/{service_id}",
)

Expand All @@ -360,6 +363,7 @@ def add_service_client(
disable_o_auth=False,
)

region = Stack.of(self).region
self._create_secret(
service_id,
{
Expand All @@ -369,14 +373,15 @@ def add_service_client(
"client_secret": self._get_client_secret(client),
"userpool_id": self.userpool.user_pool_id,
"scope": " ".join(scope.scope_name for scope in scopes),
"aws_region": region,
},
)

stack_name = Stack.of(self).stack_name
CfnOutput(
self,
f"cognito-app-{service_id}-secret",
export_name=f"{stack_name}-cognito-app-secret",
f"{service_id}-secret-id",
export_name=f"{stack_name}-{service_id}-secret-id",
value=f"{stack_name}/{service_id}",
)

Expand Down

0 comments on commit d3429ec

Please sign in to comment.