Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX - Frontend Config Role Issue while switching from Cognito Idp to Custom Auth #938

Merged
merged 24 commits into from
Jan 2, 2024
Merged

FIX - Frontend Config Role Issue while switching from Cognito Idp to Custom Auth #938

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
ed8b16f
Backend and Frontend Changes For External Idp Changes
TejasRGitHub Nov 29, 2023
93e64fe
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Dec 1, 2023
89af5ab
Backend and Frontend Changes For External Idp Changes -1
TejasRGitHub Dec 1, 2023
684ed18
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Dec 1, 2023
f173c2a
Backend and Frontend Changes For External Idp Changes - 2
TejasRGitHub Dec 1, 2023
0f4b88e
semgrep and linting corrections
TejasRGitHub Dec 1, 2023
e844dae
npm audit corrections
TejasRGitHub Dec 1, 2023
e39f7ab
npm audit corrections - 1
TejasRGitHub Dec 1, 2023
0bba194
Resolving Merge Conflicts
Dec 1, 2023
f67153f
Resolved Merged Conflicts and added for tests
TejasRGitHub Dec 1, 2023
ee21ca4
Merge branch 'main' of https://github.com/TejasRGitHub/aws-dataall
Dec 1, 2023
622b923
Fixing Semgrep Error in Frontend
TejasRGitHub Dec 4, 2023
83d482b
Added Redirect URL as a config
TejasRGitHub Dec 5, 2023
e940a6c
Addressing Changes from review comments
TejasRGitHub Dec 5, 2023
393a282
Minor Corections
TejasRGitHub Dec 5, 2023
6f3aee3
Frontend Global Imports, Backend Validation for custom auth params an…
TejasRGitHub Dec 8, 2023
692e5be
Mergin Files from Open source
TejasRGitHub Dec 8, 2023
4cf5f7d
Addressing review comments - Minor backend deploy changes and fixing …
TejasRGitHub Dec 11, 2023
bea1836
user id check from context in resolver function. Fixed tests
TejasRGitHub Dec 11, 2023
92cf30c
Added Guardrails for user id and few frontend linter fixes
TejasRGitHub Dec 12, 2023
09a9a06
Adding Policy for frontend deployment
TejasRGitHub Dec 12, 2023
74c2576
Synching Upstrem and resolving merge conflicts
TejasRGitHub Dec 26, 2023
9e98e88
Using Different configs roles as per custom auth config
TejasRGitHub Dec 26, 2023
82be94b
Removing extra new lines
TejasRGitHub Dec 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions deploy/stacks/cognito.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,8 @@ def __init__(

cross_account_frontend_config_role = iam.Role(
self,
f'{resource_prefix}-{envname}-frontend-config-role',
role_name=f'{resource_prefix}-{envname}-frontend-config-role',
f'{resource_prefix}-{envname}-cognito-config-role',
role_name=f'{resource_prefix}-{envname}-cognito-config-role',
assumed_by=iam.AccountPrincipal(tooling_account_id),
)
cross_account_frontend_config_role.add_to_policy(
Expand Down
8 changes: 6 additions & 2 deletions deploy/stacks/pipeline.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -893,7 +893,7 @@ def cognito_config_action(self, target_env):
f'export enable_cw_canaries={target_env.get("enable_cw_canaries", False)}',
'mkdir ~/.aws/ && touch ~/.aws/config',
'echo "[profile buildprofile]" > ~/.aws/config',
f'echo "role_arn = arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-frontend-config-role" >> ~/.aws/config',
f'echo "role_arn = arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-cognito-config-role" >> ~/.aws/config',
'echo "credential_source = EcsContainer" >> ~/.aws/config',
'aws sts get-caller-identity --profile buildprofile',
'export AWS_PROFILE=buildprofile',
Expand All @@ -906,6 +906,10 @@ def cognito_config_action(self, target_env):
)

def set_albfront_stage(self, target_env, repository_name):
if target_env.get('custom_auth', None) is None:
frontend_deployment_role_arn = f'arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-cognito-config-role'
else:
frontend_deployment_role_arn = f'arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-frontend-config-role'
albfront_stage = self.pipeline.add_stage(
AlbFrontStage(
self,
Expand Down Expand Up @@ -956,7 +960,7 @@ def set_albfront_stage(self, target_env, repository_name):
f'export custom_auth_claims_mapping_user_id={str(target_env.get("custom_auth", {}).get("claims_mapping", {}).get("user_id", "None"))}',
'mkdir ~/.aws/ && touch ~/.aws/config',
'echo "[profile buildprofile]" > ~/.aws/config',
f'echo "role_arn = arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-frontend-config-role" >> ~/.aws/config',
f'echo "role_arn = {frontend_deployment_role_arn}" >> ~/.aws/config',
'echo "credential_source = EcsContainer" >> ~/.aws/config',
'aws sts get-caller-identity --profile buildprofile',
'export AWS_PROFILE=buildprofile',
Expand Down
Loading