fix: export names of client secrets must be unique, add aws_region to client secrets in secrets manager #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 task
slesaad
reviewed
Mar 6, 2024
| @@ -369,14 +373,15 @@ def add_service_client( | |||
| "client_secret": self._get_client_secret(client), | |||
| "userpool_id": self.userpool.user_pool_id, | |||
| "scope": " ".join(scope.scope_name for scope in scopes), | |||
| "aws_region": region, | |||
smohiudd
approved these changes
Mar 6, 2024
|
Note The client id of the dev stack did change (the user pool and users were persisted). I manually tested the dev ingest api by updating the client id in the console and, after testing, I updated the client id in the The dev auth stack has not been redeployed for over a year and the client id change may not be related to this change BUT to be safe I have opened another PR to make sure we don't impact the veda-auth-stack-uah client ID which would have multiple downstream impacts. This PR will create a new veda-auth-staging stack so that we don't have to worry about cycling possible client id changes to veda-stac-ingestor. |
smohiudd
approved these changes
Mar 7, 2024
fix(ci): use dedicated staging environment config in ci
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
The Outputs section contains duplicate Export namesby making client secret id export names unique (and more specific). New export names are:{stack_name}-workflows-client-secret-idfor the service client secret used by airflow{stack_name}-programmatic-client-secret-idfor the use password token generating client used for endpoints that grant tokens (ingest-api, maybe workflows-api in future){stack_name}-identity-provider-secret-idfor the optional data managers group (not used in higher environments)aws_regionto each stored client secretveda-auth-stack-stagingHow tested
Testing under way in dev stack. I will confirm
aws_regionis included and correct in secrets manager secrets for clientsManual administrative steps needed after merge to main
VEDA_CLIENT_IDwith the programmatic client id generated for the new veda-auth-stack-stagingveda-stac-ingestor-*andveda-auth-stack-uah). Step one in planning how we will sunset these.