Skip to content

Commit 53e78a8

Browse files
anthony-nhsOrkastrated
anthony-nhs
and
Orkastrated
authored
New: [AEA-4497] - deploy cognito (#138)
## Summary - Routine Change ### Details - deploy resources for cognito --------- Co-authored-by: Adam Brown <adam.brown41@nhs.net>
1 parent b096682 commit 53e78a8

File tree

81 files changed

+33579
-12894
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

81 files changed

+33579
-12894
lines changed

.github/workflows/cdk_package_code.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ jobs:
4949
- name: make install
5050
run: |
5151
make install
52+
make compile-node
5253
5354
- name: 'Tar files'
5455
run: |
@@ -67,6 +68,3 @@ jobs:
6768
with:
6869
name: build_artifact
6970
path: artifact.tar
70-
71-
72-

.github/workflows/cdk_release_code.yml

Lines changed: 74 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,12 +21,44 @@ on:
2121
LOG_RETENTION_IN_DAYS:
2222
required: true
2323
type: string
24+
useMockOidc:
25+
type: boolean
26+
default: false
27+
primaryOidcIssuer:
28+
type: string
29+
primaryOidcAuthorizeEndpoint:
30+
type: string
31+
primaryOidcTokenEndpoint:
32+
type: string
33+
primaryOidcUserInfoEndpoint:
34+
type: string
35+
primaryOidcjwksEndpoint:
36+
type: string
37+
mockOidcIssuer:
38+
type: string
39+
mockOidcAuthorizeEndpoint:
40+
type: string
41+
mockOidcTokenEndpoint:
42+
type: string
43+
mockOidcUserInfoEndpoint:
44+
type: string
45+
mockOidcjwksEndpoint:
46+
type: string
47+
useLocalhostCallback:
48+
type: boolean
2449
secrets:
2550
CLOUD_FORMATION_DEPLOY_ROLE:
2651
required: true
2752
CDK_PULL_IMAGE_ROLE:
2853
required: true
29-
54+
primaryOidcClientId:
55+
required: false
56+
primaryOidClientSecret:
57+
required: false
58+
mockOidcClientId:
59+
required: false
60+
mockOidClientSecret:
61+
required: false
3062
jobs:
3163
release_code:
3264
runs-on: ubuntu-latest
@@ -96,6 +128,10 @@ jobs:
96128
cloudfrontDistributionId=$(aws cloudformation list-exports --region eu-west-2 --query "Exports[?Name=='"${{ inputs.SERVICE_NAME }}-stateless-resources:cloudfrontDistribution:Id"'].Value" --output text)
97129
# shellcheck disable=SC2140
98130
cloudfrontCertArn=$(aws cloudformation list-exports --region us-east-1 --query "Exports[?Name=='"${{ inputs.SERVICE_NAME }}-us-certs:cloudfrontCertificate:Arn"'].Value" --output text)
131+
# shellcheck disable=SC2140
132+
shortCloudfrontDomain=$(aws cloudformation list-exports --region us-east-1 --query "Exports[?Name=='"${{ inputs.SERVICE_NAME }}-us-certs:shortCloudfrontDomain:Name"'].Value" --output text)
133+
# shellcheck disable=SC2140
134+
fullCloudfrontDomain=$(aws cloudformation list-exports --region us-east-1 --query "Exports[?Name=='"${{ inputs.SERVICE_NAME }}-us-certs:fullCloudfrontDomain:Name"'].Value" --output text)
99135
jq \
100136
--arg serviceName "${{ inputs.SERVICE_NAME }}" \
101137
--arg VERSION_NUMBER "${{ inputs.VERSION_NUMBER }}" \
@@ -106,6 +142,24 @@ jobs:
106142
--arg allowAutoDeleteObjects "true" \
107143
--arg cloudfrontDistributionId "${cloudfrontDistributionId}" \
108144
--arg cloudfrontCertArn "${cloudfrontCertArn}" \
145+
--arg useMockOidc "${{ inputs.useMockOidc }}" \
146+
--arg primaryOidcClientId "${{ secrets.primaryOidcClientId }}" \
147+
--arg primaryOidClientSecret "${{ secrets.primaryOidClientSecret }}" \
148+
--arg primaryOidcIssuer "${{ inputs.primaryOidcIssuer }}" \
149+
--arg primaryOidcAuthorizeEndpoint "${{ inputs.primaryOidcAuthorizeEndpoint }}" \
150+
--arg primaryOidcTokenEndpoint "${{ inputs.primaryOidcTokenEndpoint }}" \
151+
--arg primaryOidcUserInfoEndpoint "${{ inputs.primaryOidcUserInfoEndpoint }}" \
152+
--arg primaryOidcjwksEndpoint "${{ inputs.primaryOidcjwksEndpoint }}" \
153+
--arg mockOidcClientId "${{ secrets.mockOidcClientId }}" \
154+
--arg mockOidClientSecret "${{ secrets.mockOidClientSecret }}" \
155+
--arg mockOidcIssuer "${{ inputs.mockOidcIssuer }}" \
156+
--arg mockOidcAuthorizeEndpoint "${{ inputs.mockOidcAuthorizeEndpoint }}" \
157+
--arg mockOidcTokenEndpoint "${{ inputs.mockOidcTokenEndpoint }}" \
158+
--arg mockOidcUserInfoEndpoint "${{ inputs.mockOidcUserInfoEndpoint }}" \
159+
--arg mockOidcjwksEndpoint "${{ inputs.mockOidcjwksEndpoint }}" \
160+
--arg shortCloudfrontDomain "${shortCloudfrontDomain}" \
161+
--arg fullCloudfrontDomain "${fullCloudfrontDomain}" \
162+
--arg useLocalhostCallback "${{ inputs.useLocalhostCallback }}" \
109163
'.context += {
110164
"serviceName": $serviceName,
111165
"VERSION_NUMBER": $VERSION_NUMBER,
@@ -115,7 +169,25 @@ jobs:
115169
"epsHostedZoneId": $epsHostedZoneId,
116170
"allowAutoDeleteObjects": $allowAutoDeleteObjects,
117171
"cloudfrontDistributionId": $cloudfrontDistributionId,
118-
"cloudfrontCertArn": $cloudfrontCertArn}' \
172+
"cloudfrontCertArn": $cloudfrontCertArn,
173+
"shortCloudfrontDomain": $shortCloudfrontDomain,
174+
"fullCloudfrontDomain": $fullCloudfrontDomain,
175+
"useMockOidc": $useMockOidc,
176+
"primaryOidcClientId": $primaryOidcClientId,
177+
"primaryOidClientSecret": $primaryOidClientSecret,
178+
"primaryOidcIssuer": $primaryOidcIssuer,
179+
"primaryOidcAuthorizeEndpoint": $primaryOidcAuthorizeEndpoint,
180+
"primaryOidcTokenEndpoint": $primaryOidcTokenEndpoint,
181+
"primaryOidcUserInfoEndpoint": $primaryOidcUserInfoEndpoint,
182+
"primaryOidcjwksEndpoint": $primaryOidcjwksEndpoint,
183+
"mockOidcClientId": $mockOidcClientId,
184+
"mockOidClientSecret": $mockOidClientSecret,
185+
"mockOidcIssuer": $mockOidcIssuer,
186+
"mockOidcAuthorizeEndpoint": $mockOidcAuthorizeEndpoint,
187+
"mockOidcTokenEndpoint": $mockOidcTokenEndpoint,
188+
"mockOidcUserInfoEndpoint": $mockOidcUserInfoEndpoint,
189+
"mockOidcjwksEndpoint": $mockOidcjwksEndpoint,
190+
"useLocalhostCallback": $useLocalhostCallback}' \
119191
.build/cdk.json > .build/cdk.new.json
120192
mv .build/cdk.new.json .build/cdk.json
121193

.github/workflows/ci.yml

Lines changed: 36 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,10 +102,27 @@ jobs:
102102
TARGET_ENVIRONMENT: dev
103103
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
104104
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
105+
useMockOidc: true
106+
primaryOidcIssuer: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare"
107+
primaryOidcAuthorizeEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/authorize"
108+
primaryOidcTokenEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/access_token"
109+
primaryOidcUserInfoEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/userinfo"
110+
primaryOidcjwksEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/connect/jwk_uri"
111+
mockOidcIssuer: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev"
112+
mockOidcAuthorizeEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/auth"
113+
mockOidcTokenEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/token"
114+
mockOidcUserInfoEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/userinfo"
115+
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/certs"
116+
useLocalhostCallback: true
105117
secrets:
106118
CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
107119
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
108-
120+
primaryOidcClientId: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_ID }}
121+
primaryOidClientSecret: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_SECRET }}
122+
mockOidcClientId: ${{ secrets.PTL_MOCK_CLIENT_ID }}
123+
mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }}
124+
CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }}
125+
109126
create_release_notes:
110127
needs: [tag_release, package_code, get_commit_id, release_dev]
111128
uses: ./.github/workflows/create_release_notes.yml
@@ -130,6 +147,24 @@ jobs:
130147
TARGET_ENVIRONMENT: qa
131148
VERSION_NUMBER: ${{needs.tag_release.outputs.version_tag}}
132149
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
150+
useMockOidc: true
151+
primaryOidcIssuer: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare"
152+
primaryOidcAuthorizeEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/authorize"
153+
primaryOidcTokenEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/access_token"
154+
primaryOidcUserInfoEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/userinfo"
155+
primaryOidcjwksEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/connect/jwk_uri"
156+
mockOidcIssuer: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev"
157+
mockOidcAuthorizeEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/auth"
158+
mockOidcTokenEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/token"
159+
mockOidcUserInfoEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/userinfo"
160+
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/certs"
161+
useLocalhostCallback: false
133162
secrets:
134163
CDK_PULL_IMAGE_ROLE: ${{ secrets.QA_CDK_PULL_IMAGE_ROLE }}
135164
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
165+
primaryOidcClientId: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_ID }}
166+
primaryOidClientSecret: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_SECRET }}
167+
mockOidcClientId: ${{ secrets.PTL_MOCK_CLIENT_ID }}
168+
mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }}
169+
CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }}
170+

.github/workflows/deploy_website_content.yml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,10 +60,30 @@ jobs:
6060
cd .build
6161
make react-build
6262
63+
- name: build auth_demo react app (temp step for testing)
64+
run: |
65+
REACT_APP_hostedLoginDomain=$(aws cloudformation list-exports --region us-east-1 --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-us-certs:fullCognitoDomain:Name'].Value" --output text)
66+
REACT_APP_userPoolClientId=$(aws cloudformation list-exports --region eu-west-2 --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-stateful-resources:userPoolClient:userPoolClientId'].Value" --output text)
67+
REACT_APP_userPoolId=$(aws cloudformation list-exports --region eu-west-2 --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-stateful-resources:userPool:Id'].Value" --output text)
68+
fullCloudfrontDomain=$(aws cloudformation list-exports --region us-east-1 --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-us-certs:fullCloudfrontDomain:Name'].Value" --output text)
69+
REACT_APP_redirectSignIn="https://${fullCloudfrontDomain}/auth_demo/"
70+
71+
export REACT_APP_hostedLoginDomain
72+
export REACT_APP_userPoolClientId
73+
export REACT_APP_userPoolId
74+
export REACT_APP_redirectSignIn
75+
cd .build
76+
make auth_demo_build
77+
6378
- name: deploy website
6479
run: |
6580
staticBucketName=$(aws cloudformation list-exports --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-stateful-resources:StaticContentBucket:Name'].Value" --output text)
6681
aws s3 cp ".build/packages/staticContent/404.html" "s3://${staticBucketName}/404.html"
6782
aws s3 cp ".build/packages/staticContent/500.html" "s3://${staticBucketName}/500.html"
6883
aws s3 cp ".build/packages/staticContent/jwks/dev/jwks.json" "s3://${staticBucketName}/jwks.json"
6984
aws s3 cp --recursive ".build/packages/cpt-ui/out/" "s3://${staticBucketName}/${{ inputs.VERSION_NUMBER }}/"
85+
86+
- name: deploy auth_demo website (temp for testing)
87+
run: |
88+
staticBucketName=$(aws cloudformation list-exports --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-stateful-resources:StaticContentBucket:Name'].Value" --output text)
89+
aws s3 cp --recursive ".build/packages/auth_demo/build/" "s3://${staticBucketName}/auth_demo/"

.github/workflows/pull_request.yml

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,23 @@ jobs:
6767
TARGET_ENVIRONMENT: dev-pr
6868
VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
6969
COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
70+
useMockOidc: true
71+
primaryOidcIssuer: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare"
72+
primaryOidcAuthorizeEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/authorize"
73+
primaryOidcTokenEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/access_token"
74+
primaryOidcUserInfoEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/userinfo"
75+
primaryOidcjwksEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/connect/jwk_uri"
76+
mockOidcIssuer: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev"
77+
mockOidcAuthorizeEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/auth"
78+
mockOidcTokenEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/token"
79+
mockOidcUserInfoEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/userinfo"
80+
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/certs"
81+
useLocalhostCallback: true
7082
secrets:
7183
CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
7284
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
73-
85+
primaryOidcClientId: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_ID }}
86+
primaryOidClientSecret: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_SECRET }}
87+
mockOidcClientId: ${{ secrets.PTL_MOCK_CLIENT_ID }}
88+
mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }}
89+
CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }}

0 commit comments

Comments
 (0)