Skip to content

Fix: [AEA-4902] - use a different mock oidc app per environment #272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MatthewPopat-NHS merged 49 commits into from
Jan 14, 2025
Merged

Fix: [AEA-4902] - use a different mock oidc app per environment #272

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
d6f48a4
trigger build
anthony-nhs Dec 19, 2024
467ca0a
use qa in pull request
anthony-nhs Dec 19, 2024
24c0f90
Merge remote-tracking branch 'origin/main' into different_mock_client
anthony-nhs Jan 6, 2025
ab173ea
refactor
anthony-nhs Jan 6, 2025
baeddd5
update makefile
anthony-nhs Jan 6, 2025
9a58d2b
refactor
anthony-nhs Jan 6, 2025
0353884
make tests work
anthony-nhs Jan 6, 2025
dfb64a0
Merge remote-tracking branch 'origin/main' into different_mock_client
anthony-nhs Jan 6, 2025
99796be
more refactor
anthony-nhs Jan 6, 2025
075a705
fix mock
anthony-nhs Jan 6, 2025
15a5b23
more env vars
anthony-nhs Jan 6, 2025
a13b3b0
use correct env variables
anthony-nhs Jan 7, 2025
1320317
make tests work
anthony-nhs Jan 7, 2025
163b51d
add some comments on environment variables
anthony-nhs Jan 7, 2025
ff3351c
update sonar
anthony-nhs Jan 7, 2025
50a31ac
Merge remote-tracking branch 'origin/main' into different_mock_client
anthony-nhs Jan 7, 2025
6408100
better tests
anthony-nhs Jan 7, 2025
59f4f2d
fix all tests
anthony-nhs Jan 7, 2025
8bc7366
remove oidc secret param
anthony-nhs Jan 7, 2025
5f00b5f
set secrets
anthony-nhs Jan 7, 2025
e28cb97
add a dummy secret
anthony-nhs Jan 7, 2025
9da0b9b
use https everywhere
anthony-nhs Jan 7, 2025
7896800
fix use mock
anthony-nhs Jan 7, 2025
afd6950
fix references
anthony-nhs Jan 7, 2025
0c0531f
fix deploying int
anthony-nhs Jan 8, 2025
db35449
fix github pipelines
anthony-nhs Jan 8, 2025
c471d55
Fix incorrect field in TUI
wildjames Jan 8, 2025
5b09753
Fix TUI field on frontend
wildjames Jan 8, 2025
8fa9ab2
use new secrets
anthony-nhs Jan 8, 2025
4d6f093
Merge remote-tracking branch 'refs/remotes/origin/different_mock_clie…
anthony-nhs Jan 8, 2025
5dbff05
add docstrings to functions
anthony-nhs Jan 8, 2025
dd1a1c3
remove unnedded vars for jest tests
anthony-nhs Jan 8, 2025
93534c7
Inputs can be undefined
wildjames Jan 8, 2025
17bb6c0
Merge remote-tracking branch 'origin/main' into different_mock_client
anthony-nhs Jan 9, 2025
737dc93
fix kid
anthony-nhs Jan 9, 2025
e48fa96
Merge remote-tracking branch 'origin/main' into different_mock_client
anthony-nhs Jan 9, 2025
19dcb0b
Merge remote-tracking branch 'origin/main' into different_mock_client
anthony-nhs Jan 10, 2025
2c8806e
add common setup function
anthony-nhs Jan 10, 2025
cb4ae0a
fix tests
anthony-nhs Jan 10, 2025
188993f
Merge branch 'main' into different_mock_client
anthony-nhs Jan 10, 2025
7a9a179
Merge branch 'main' into different_mock_client
anthony-nhs Jan 10, 2025
e17f13d
Merge branch 'main' into different_mock_client
anthony-nhs Jan 10, 2025
e8e5a66
Merge branch 'main' into different_mock_client
anthony-nhs Jan 10, 2025
e9b1c88
Merge branch 'main' into different_mock_client
kris-szlapa Jan 12, 2025
9764896
Merge branch 'main' into different_mock_client
anthony-nhs Jan 14, 2025
fa658bc
Revert role code to role ID
wildjames Jan 14, 2025
8758773
Rename data structure label for role code back to role id
wildjames Jan 14, 2025
95ac7de
fix package lock
wildjames Jan 14, 2025
783a3c1
Fix package lock
wildjames Jan 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 8 additions & 12 deletions .github/workflows/cdk_release_code.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,9 @@ on:
type: boolean
useCustomCognitoDomain:
type: boolean
APIGEE_TOKEN_ENDPOINT:
APIGEE_CIS2_TOKEN_ENDPOINT:
type: string
APIGEE_MOCK_TOKEN_ENDPOINT:
type: string
APIGEE_PRESCRIPTIONS_ENDPOINT:
type: string
Expand All @@ -65,12 +67,8 @@ on:
required: true
primaryOidcClientId:
required: false
primaryOidClientSecret:
required: false
mockOidcClientId:
required: false
mockOidClientSecret:
required: false
APIGEE_API_KEY:
required: false
jobs:
Expand Down Expand Up @@ -157,16 +155,14 @@ jobs:
--argjson allowAutoDeleteObjects "true" \
--arg cloudfrontDistributionId "${cloudfrontDistributionId}" \
--arg cloudfrontCertArn "${cloudfrontCertArn}" \
--arg useMockOidc "${{ inputs.useMockOidc }}" \
--argjson useMockOidc "${{ inputs.useMockOidc }}" \
--arg primaryOidcClientId "${{ secrets.primaryOidcClientId }}" \
--arg primaryOidClientSecret "${{ secrets.primaryOidClientSecret }}" \
--arg primaryOidcIssuer "${{ inputs.primaryOidcIssuer }}" \
--arg primaryOidcAuthorizeEndpoint "${{ inputs.primaryOidcAuthorizeEndpoint }}" \
--arg primaryOidcTokenEndpoint "${{ inputs.primaryOidcTokenEndpoint }}" \
--arg primaryOidcUserInfoEndpoint "${{ inputs.primaryOidcUserInfoEndpoint }}" \
--arg primaryOidcjwksEndpoint "${{ inputs.primaryOidcjwksEndpoint }}" \
--arg mockOidcClientId "${{ secrets.mockOidcClientId }}" \
--arg mockOidClientSecret "${{ secrets.mockOidClientSecret }}" \
--arg mockOidcIssuer "${{ inputs.mockOidcIssuer }}" \
--arg mockOidcAuthorizeEndpoint "${{ inputs.mockOidcAuthorizeEndpoint }}" \
--arg mockOidcTokenEndpoint "${{ inputs.mockOidcTokenEndpoint }}" \
Expand All @@ -176,7 +172,8 @@ jobs:
--arg fullCloudfrontDomain "${fullCloudfrontDomain}" \
--argjson useCustomCognitoDomain "${{ inputs.useCustomCognitoDomain }}" \
--argjson useLocalhostCallback "${{ inputs.useLocalhostCallback }}" \
--arg apigeeTokenEndpoint "${{ inputs.APIGEE_TOKEN_ENDPOINT }}" \
--arg apigeeCIS2TokenEndpoint "${{ inputs.APIGEE_CIS2_TOKEN_ENDPOINT }}" \
--arg apigeeMockTokenEndpoint "${{ inputs.APIGEE_MOCK_TOKEN_ENDPOINT }}" \
--arg apigeePrescriptionsEndpoint "${{ inputs.APIGEE_PRESCRIPTIONS_ENDPOINT }}" \
--arg apigeeApiKey "${{ secrets.APIGEE_API_KEY }}" \
--arg jwtKid "${{ inputs.JWT_KID }}" \
Expand All @@ -196,22 +193,21 @@ jobs:
"fullCloudfrontDomain": $fullCloudfrontDomain,
"useMockOidc": $useMockOidc,
"primaryOidcClientId": $primaryOidcClientId,
"primaryOidClientSecret": $primaryOidClientSecret,
"primaryOidcIssuer": $primaryOidcIssuer,
"primaryOidcAuthorizeEndpoint": $primaryOidcAuthorizeEndpoint,
"primaryOidcTokenEndpoint": $primaryOidcTokenEndpoint,
"primaryOidcUserInfoEndpoint": $primaryOidcUserInfoEndpoint,
"primaryOidcjwksEndpoint": $primaryOidcjwksEndpoint,
"mockOidcClientId": $mockOidcClientId,
"mockOidClientSecret": $mockOidClientSecret,
"mockOidcIssuer": $mockOidcIssuer,
"mockOidcAuthorizeEndpoint": $mockOidcAuthorizeEndpoint,
"mockOidcTokenEndpoint": $mockOidcTokenEndpoint,
"mockOidcUserInfoEndpoint": $mockOidcUserInfoEndpoint,
"mockOidcjwksEndpoint": $mockOidcjwksEndpoint,
"useCustomCognitoDomain": $useCustomCognitoDomain,
"useLocalhostCallback": $useLocalhostCallback,
"apigeeTokenEndpoint": $apigeeTokenEndpoint,
"apigeeCIS2TokenEndpoint": $apigeeCIS2TokenEndpoint,
"apigeeMockTokenEndpoint": $apigeeMockTokenEndpoint,
"apigeePrescriptionsEndpoint": $apigeePrescriptionsEndpoint,
"apigeeApiKey": $apigeeApiKey,
"jwtKid": $jwtKid,
Expand Down
36 changes: 17 additions & 19 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,19 +115,18 @@ jobs:
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/certs"
useLocalhostCallback: true
useCustomCognitoDomain: true
APIGEE_TOKEN_ENDPOINT: "https://internal-dev.api.service.nhs.uk/oauth2/token"
APIGEE_CIS2_TOKEN_ENDPOINT: "https://internal-dev.api.service.nhs.uk/oauth2/token"
APIGEE_MOCK_TOKEN_ENDPOINT: "https://internal-dev.api.service.nhs.uk/oauth2-mock/token"
APIGEE_PRESCRIPTIONS_ENDPOINT: "https://internal-dev.api.service.nhs.uk/clinical-prescription-tracker/"
JWT_KID: "eps-cpt-ui-test"
JWT_KID: "eps-cpt-ui-dev"
ROLE_ID: "555254242106"
LOG_LEVEL: "DEBUG"
secrets:
CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
primaryOidcClientId: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_ID }}
primaryOidClientSecret: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_SECRET }}
mockOidcClientId: ${{ secrets.PTL_MOCK_CLIENT_ID }}
mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }}
CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }}
primaryOidcClientId: ${{ secrets.DEV_CIS2_OIDC_CLIENT_ID }}
mockOidcClientId: ${{ secrets.DEV_MOCK_CLIENT_ID }}
CIS2_PRIVATE_KEY: ${{ secrets.DEV_JWT_PRIVATE_KEY }}
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
APIGEE_API_KEY: ${{ secrets.APIGEE_DEV_API_KEY }}

Expand Down Expand Up @@ -161,25 +160,24 @@ jobs:
primaryOidcTokenEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/access_token"
primaryOidcUserInfoEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/userinfo"
primaryOidcjwksEndpoint: "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/connect/jwk_uri"
mockOidcIssuer: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev"
mockOidcAuthorizeEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/auth"
mockOidcTokenEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/token"
mockOidcUserInfoEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/userinfo"
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/certs"
mockOidcIssuer: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-qa"
mockOidcAuthorizeEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-qa/protocol/openid-connect/auth"
mockOidcTokenEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-qa/protocol/openid-connect/token"
mockOidcUserInfoEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-qa/protocol/openid-connect/userinfo"
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-qa/protocol/openid-connect/certs"
useLocalhostCallback: false
useCustomCognitoDomain: true
APIGEE_TOKEN_ENDPOINT: "https://internal-qa.api.service.nhs.uk/oauth2/token"
APIGEE_CIS2_TOKEN_ENDPOINT: "https://internal-qa.api.service.nhs.uk/oauth2-int/token"
APIGEE_MOCK_TOKEN_ENDPOINT: "https://internal-qa.api.service.nhs.uk/oauth2-mock/token"
APIGEE_PRESCRIPTIONS_ENDPOINT: "https://internal-qa.api.service.nhs.uk/clinical-prescription-tracker/"
JWT_KID: "eps-cpt-ui-test"
JWT_KID: "eps-cpt-ui-qa"
ROLE_ID: "555254242106"
LOG_LEVEL: "DEBUG"
secrets:
CDK_PULL_IMAGE_ROLE: ${{ secrets.QA_CDK_PULL_IMAGE_ROLE }}
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
primaryOidcClientId: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_ID }}
primaryOidClientSecret: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_SECRET }}
mockOidcClientId: ${{ secrets.PTL_MOCK_CLIENT_ID }}
mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }}
CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }}
primaryOidcClientId: ${{ secrets.QA_CIS2_OIDC_CLIENT_ID }}
mockOidcClientId: ${{ secrets.QA_MOCK_CLIENT_ID }}
CIS2_PRIVATE_KEY: ${{ secrets.QA_JWT_PRIVATE_KEY }}
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
APIGEE_API_KEY: ${{ secrets.APIGEE_QA_API_KEY }}
2 changes: 1 addition & 1 deletion .github/workflows/deploy_website_content.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ jobs:
staticBucketName=$(aws cloudformation list-exports --query "Exports[?Name=='${{ inputs.SERVICE_NAME }}-stateful-resources:StaticContentBucket:Name'].Value" --output text)
aws s3 cp ".build/packages/staticContent/404.html" "s3://${staticBucketName}/404.html"
aws s3 cp ".build/packages/staticContent/500.html" "s3://${staticBucketName}/500.html"
aws s3 cp ".build/packages/staticContent/jwks/dev/jwks.json" "s3://${staticBucketName}/jwks.json"
aws s3 cp ".build/packages/staticContent/jwks/${{ inputs.TARGET_ENVIRONMENT }}/jwks.json" "s3://${staticBucketName}/jwks.json"
aws s3 cp --recursive ".build/packages/cpt-ui/out/" "s3://${staticBucketName}/${{ inputs.VERSION_NUMBER }}/"

- name: deploy auth_demo website (temp for testing)
Expand Down
13 changes: 8 additions & 5 deletions .github/workflows/pull_request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,19 +80,22 @@ jobs:
mockOidcjwksEndpoint: "https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-internal-dev/protocol/openid-connect/certs"
useLocalhostCallback: true
useCustomCognitoDomain: false
APIGEE_TOKEN_ENDPOINT: "https://internal-dev.api.service.nhs.uk/oauth2/token"
APIGEE_CIS2_TOKEN_ENDPOINT: "https://internal-dev.api.service.nhs.uk/oauth2/token"
APIGEE_MOCK_TOKEN_ENDPOINT: "https://internal-dev.api.service.nhs.uk/oauth2-mock/token"
APIGEE_PRESCRIPTIONS_ENDPOINT: "https://internal-dev.api.service.nhs.uk/clinical-prescription-tracker/"
JWT_KID: "eps-cpt-ui-test"
# this needs uncommenting and above line deleted once it is merged
# JWT_KID: "eps-cpt-ui-dev"
ROLE_ID: "555254242106"
LOG_LEVEL: "DEBUG"
secrets:
CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
primaryOidcClientId: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_ID }}
primaryOidClientSecret: ${{ secrets.PTL_PRIMARY_OIDC_CLIENT_SECRET }}
mockOidcClientId: ${{ secrets.PTL_MOCK_CLIENT_ID }}
mockOidClientSecret: ${{ secrets.PTL_MOCK_CLIENT_SECRET }}
primaryOidcClientId: ${{ secrets.DEV_CIS2_OIDC_CLIENT_ID }}
mockOidcClientId: ${{ secrets.DEV_MOCK_CLIENT_ID }}
CIS2_PRIVATE_KEY: ${{ secrets.PTL_CIS2_PRIVATE_KEY }}
# this needs uncommenting and above line deleted once it is merged
# CIS2_PRIVATE_KEY: ${{ secrets.DEV_JWT_PRIVATE_KEY }}
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
APIGEE_API_KEY: ${{ secrets.APIGEE_DEV_API_KEY }}

Expand Down
Loading