Merge pull request #178 from communitiesuk/FSPT-342_disable-test-auth-not-uat

FSPT-342 - Replace JWT auth with basic auth in pre-prod environments

Author: wjrm500

copilot/fsd-form-designer-adapter/manifest.yml

@@ -54,14 +54,14 @@ variables:
   NODE_ENV: production
   CHOKIDAR_USEPOLLING: true
   PREVIEW_URL: "https://application-questions.access-funding.${COPILOT_ENVIRONMENT_NAME}.communities.gov.uk"
-  PUBLISH_URL: "http://fsd-form-runner-adapter:3009"
   AUTH_SERVICE_URL: "https://account.access-funding.${COPILOT_ENVIRONMENT_NAME}.communities.gov.uk"
   SSO_LOGIN_URL: "/sso/login?return_app=form-designer"
   SSO_LOGOUT_URL: "/sessions/sign-out"
   AUTH_COOKIE_NAME: "fsd_user_token"
   AUTH_ENABLED: true
 
 secrets:
+  PUBLISH_URL: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/FORM_RUNNER_INTERNAL_HOST
   RSA256_PUBLIC_KEY_BASE64: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/RSA256_PUBLIC_KEY_BASE64
   SESSION_COOKIE_PASSWORD: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/SESSION_COOKIE_PASSWORD
 

copilot/fsd-form-runner-adapter/manifest.yml

@@ -66,7 +66,6 @@ variables:
   COPILOT_ENV: ${COPILOT_ENVIRONMENT_NAME}
   AWS_BUCKET_NAME:
     from_cfn: ${COPILOT_APPLICATION_NAME}-${COPILOT_ENVIRONMENT_NAME}-FormUploadsBucket
-  BASIC_AUTH_ON: false
   NODE_CONFIG: '{"safelist": ["fsd-application-store", "fsd-pre-award-stores", "fsd-pre-award", "fsd-pre-award.${COPILOT_ENVIRONMENT_NAME}.pre-award.local"]}'
   NODE_ENV: production
   SINGLE_REDIS: true
@@ -84,14 +83,47 @@ environments:
   dev:
     variables:
       PREVIEW_MODE: true
-
     count:
       spot: 2
+    sidecars:
+      nginx:
+        port: 8087
+        image:
+          location: xscys/nginx-sidecar-basic-auth
+        variables:
+          FORWARD_PORT: 3009
+          CLIENT_MAX_BODY_SIZE: 10m
+        secrets:
+          BASIC_AUTH_USERNAME: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/BASIC_AUTH_USERNAME
+          BASIC_AUTH_PASSWORD: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/BASIC_AUTH_PASSWORD
+    http:
+      target_container: nginx
+      healthcheck:
+        path: /health-check
+        port: 3009
+
   test:
     variables:
       PREVIEW_MODE: true
     count:
       spot: 2
+    sidecars:
+      nginx:
+        port: 8087
+        image:
+          location: xscys/nginx-sidecar-basic-auth
+        variables:
+          FORWARD_PORT: 3009
+          CLIENT_MAX_BODY_SIZE: 10m
+        secrets:
+          BASIC_AUTH_USERNAME: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/BASIC_AUTH_USERNAME
+          BASIC_AUTH_PASSWORD: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/BASIC_AUTH_PASSWORD
+    http:
+      target_container: nginx
+      healthcheck:
+        path: /health-check
+        port: 3009
+
   uat:
     variables:
       PREVIEW_MODE: true
@@ -106,12 +138,28 @@ environments:
         value: 80
       requests: 30
       response_time: 2s
+    sidecars:
+      nginx:
+        port: 8087
+        image:
+          location: xscys/nginx-sidecar-basic-auth
+        variables:
+          FORWARD_PORT: 3009
+          CLIENT_MAX_BODY_SIZE: 10m
+        secrets:
+          BASIC_AUTH_USERNAME: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/BASIC_AUTH_USERNAME
+          BASIC_AUTH_PASSWORD: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/BASIC_AUTH_PASSWORD
+    http:
+      target_container: nginx
+      healthcheck:
+        path: /health-check
+        port: 3009
+
   prod:
     http:
       alias: ['forms.access-funding.levellingup.gov.uk', 'application-questions.access-funding.communities.gov.uk']
     variables:
       ACCESSIBILITY_STATEMENT_URL: "https://apply.access-funding.communities.gov.uk/accessibility_statement"
-      BASIC_AUTH_ON: false
       CONTACT_US_URL: "https://apply.access-funding.communities.gov.uk/contact_us"
       COOKIE_POLICY_URL: "https://apply.access-funding.communities.gov.uk/cookie_policy"
       FEEDBACK_LINK: "https://apply.access-funding.communities.gov.uk/feedback"

runner/src/server/plugins/engine/api/RegisterFormPublishApi.ts

@@ -244,9 +244,9 @@ export class RegisterFormPublishApi implements RegisterApi {
             }
         }
 
-        // TODO: Stop being naughty! Conditionally disabling auth for UAT env is a temporary measure for getting FAB
-        // into production
-        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv !== "uat") {
+        // TODO: Stop being naughty! Conditionally disabling auth for pre-prod envs is a temporary measure for getting
+        // FAB into production
+        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv === "prod") {
             getOptions.options.auth = jwtAuthStrategyName
         }
 
@@ -311,7 +311,7 @@ export class RegisterFormPublishApi implements RegisterApi {
                 handler: postHandler,
             }
         }
-        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv !== "uat") {
+        if (config.jwtAuthEnabled && config.jwtAuthEnabled === "true" && config.copilotEnv === "prod") {
             postConfig.options.auth = jwtAuthStrategyName
         }
         server.route(postConfig);