From b3031fcf0ae8e017bc4fca5a73f86cb9a491aff8 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Tue, 24 Oct 2023 11:37:41 -0500 Subject: [PATCH 01/26] Update github actions to support mono-repo --- .github/actions/cdk-deploy/action.yml | 71 ++++++++++++++++++++++++++ .github/workflows/cicd.yml | 41 ++------------- .github/workflows/gitflow-enforcer.yml | 19 +++++++ 3 files changed, 94 insertions(+), 37 deletions(-) create mode 100644 .github/actions/cdk-deploy/action.yml create mode 100644 .github/workflows/gitflow-enforcer.yml diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml new file mode 100644 index 0000000..710683a --- /dev/null +++ b/.github/actions/cdk-deploy/action.yml @@ -0,0 +1,71 @@ +name: Deploy + +inputs: + env_aws_secret_name: + required: true + type: string + dir: + required: false + type: string + default: "." + script_path: + required: true + type: string + project_prefix: + required: true + type: string + stage: + required: true + type: string + +runs: + using: "composite" + steps: + - name: Install node and related deps + uses: actions/setup-node@v3 + with: + node-version: 17.3.0 + + - uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} + + - name: Install AWS CDK + shell: bash + run: npm install -g aws-cdk@2 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.10" + cache: "pip" + cache-dependency-path: | + ${{ inputs.dir }}/requirements.txt + + - name: Install python dependencies + shell: bash + working-directory: ${{ inputs.dir }} + run: | + pip install \ + -r requirements.txt \ + + - name: Get relevant environment configuration from aws secrets + shell: bash + working-directory: ${{ inputs.dir }} + env: + AWS_DEFAULT_REGION: us-west-2 + run: | + if [[ -z "${{ inputs.script_path }}" ]]; then + ./scripts/sync-env.sh ${{ inputs.env_aws_secret_name }} + else + python ${{ inputs.script_path }} --secret-id ${{ inputs.env_aws_secret_name }} + echo "PROJECT_PREFIX=${{ inputs.project_prefix }}" >> .env + echo "STAGE=${{ inputs.stage }}" >> .env + fi + + - name: Deploy + shell: bash + working-directory: ${{ inputs.dir }} + run: | + cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index f2c1fda..242d514 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -10,7 +10,6 @@ on: - main - dev - production - - make-mcp-ready jobs: define-environment: @@ -26,8 +25,6 @@ jobs: echo "env_name=development" >> $GITHUB_OUTPUT elif [ "${{ github.ref }}" = "refs/heads/production" ]; then echo "env_name=production" >> $GITHUB_OUTPUT - elif [ "${{ github.ref }}" = "refs/heads/make-mcp-ready" ]; then - echo "env_name=mcp-dev" >> $GITHUB_OUTPUT fi - name: Print the environment run: echo "The environment is ${{ steps.define_environment.outputs.env_name }}" @@ -54,40 +51,10 @@ jobs: uses: aws-actions/configure-aws-credentials@v2 with: role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }} - role-session-name: "veda-auth-github-${{ needs.define-environment.outputs.env_name }}-deployment" + role-session-name: "ghgc-auth-github-${{ needs.define-environment.outputs.env_name }}-deployment" aws-region: "us-west-2" - - name: Install node and related deps - uses: actions/setup-node@v3 + - name: Run deployment + uses: "./.github/actions/cdk-deploy" with: - node-version: 17.3.0 - - - uses: actions/cache@v3 - with: - path: ~/.npm - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} - - - name: Install AWS CDK - shell: bash - run: npm install -g aws-cdk@2 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.10" - cache: "pip" - cache-dependency-path: requirements.txt - - - name: Install python dependencies - run: | - pip install \ - -r requirements.txt \ - - - name: Get relevant environment configuration from aws secrets - run: ./scripts/sync-env.sh veda-auth-mcp-dev - - - name: Deploy - env: - AWS_DEFAULT_REGION: us-west-2 - CDK_DEFAULT_REGION: us-west-2 - run: cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json + env_aws_secret_name: ${{ secrets.ENV_AWS_SECRET_NAME }} diff --git a/.github/workflows/gitflow-enforcer.yml b/.github/workflows/gitflow-enforcer.yml new file mode 100644 index 0000000..3a833a0 --- /dev/null +++ b/.github/workflows/gitflow-enforcer.yml @@ -0,0 +1,19 @@ +name: Gitflow enforcer 🚀 + +on: + pull_request: + branches: + - main + - dev + - production + types: [ opened, reopened, edited, synchronize ] + +jobs: + gitflow-enforcer: + runs-on: ubuntu-latest + steps: + - name: Check branch + if: github.base_ref == 'main' && github.head_ref != 'dev' || github.base_ref == 'production' && github.head_ref != 'main' + run: | + echo "ERROR: You can only merge to main from dev and to production from main" + exit 1 From a76cf2cf2f449b2bf482088b861dcf82742d0556 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Tue, 24 Oct 2023 15:39:03 -0500 Subject: [PATCH 02/26] Remove project prefix --- .github/actions/cdk-deploy/action.yml | 8 -------- app.py | 3 +-- config.py | 5 +++++ 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 710683a..cd4a781 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -11,12 +11,6 @@ inputs: script_path: required: true type: string - project_prefix: - required: true - type: string - stage: - required: true - type: string runs: using: "composite" @@ -60,8 +54,6 @@ runs: ./scripts/sync-env.sh ${{ inputs.env_aws_secret_name }} else python ${{ inputs.script_path }} --secret-id ${{ inputs.env_aws_secret_name }} - echo "PROJECT_PREFIX=${{ inputs.project_prefix }}" >> .env - echo "STAGE=${{ inputs.stage }}" >> .env fi - name: Deploy diff --git a/app.py b/app.py index 4e4eb7b..b9f4353 100644 --- a/app.py +++ b/app.py @@ -23,8 +23,7 @@ } app = cdk.App() -stack = AuthStack(app, f"veda-auth-stack-{app_settings.stage}", app_settings) - +stack = AuthStack(app, f"{app_settings.app_name}-{app_settings.stage}", app_settings) # Create Groups if app_settings.cognito_groups: # Create a data managers group in user pool if data managers role is provided diff --git a/config.py b/config.py index e37f242..81b0d56 100644 --- a/config.py +++ b/config.py @@ -7,6 +7,11 @@ class Config(pydantic.BaseSettings): + # App name and deployment stage + app_name: Optional[str] = pydantic.Field( + "veda-auth-stack", + description="Optional app name used to name stack and resources", + ) stage: str = pydantic.Field( description=" ".join( [ From 23c30ed81d5b815971d607597815058e67980ed4 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 13:59:59 -0500 Subject: [PATCH 03/26] Get the authstack name --- .github/actions/cdk-deploy/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index cd4a781..74a92f9 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -61,3 +61,5 @@ runs: working-directory: ${{ inputs.dir }} run: | cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json + stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') + echo "auth_stackname=$stack" >> $GITHUB_OUTPUT From 44865c97593e6bf1dfc63a9355e9569f61b06d3f Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 14:15:51 -0500 Subject: [PATCH 04/26] Get the authstack name --- .github/actions/cdk-deploy/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 74a92f9..8baf640 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -63,3 +63,5 @@ runs: cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') echo "auth_stackname=$stack" >> $GITHUB_OUTPUT + outputs: + auth_stackname: ${{ steps.define_environment.outputs.auth_stackname }} From 54cf23b823429d42a239402f18c7f7ac7857d0ff Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 14:24:59 -0500 Subject: [PATCH 05/26] Get the authstack name --- .github/actions/cdk-deploy/action.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 8baf640..38ee5e3 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -63,5 +63,4 @@ runs: cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') echo "auth_stackname=$stack" >> $GITHUB_OUTPUT - outputs: - auth_stackname: ${{ steps.define_environment.outputs.auth_stackname }} + From 59cb7575bb8d10c0c0102d01c52423939ca7e7cb Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 14:37:42 -0500 Subject: [PATCH 06/26] Get the authstack name --- .github/actions/cdk-deploy/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 38ee5e3..b1df0bc 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -62,5 +62,6 @@ runs: run: | cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') - echo "auth_stackname=$stack" >> $GITHUB_OUTPUT + echo $stack + echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT From 07581fd50f4a7887831f6597c2634b8c96a92560 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 14:44:46 -0500 Subject: [PATCH 07/26] Get the authstack name --- .github/actions/cdk-deploy/action.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index b1df0bc..e8cb2d6 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -60,8 +60,5 @@ runs: shell: bash working-directory: ${{ inputs.dir }} run: | - cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json - stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') - echo $stack echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT From 2384db7cb680dfbfd75c6a4ff98c6c4760467065 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 15:26:10 -0500 Subject: [PATCH 08/26] Try output stackname --- .github/actions/cdk-deploy/action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index e8cb2d6..ac7221d 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -57,8 +57,11 @@ runs: fi - name: Deploy + id: deploy_stack shell: bash working-directory: ${{ inputs.dir }} run: | echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT + - name: Print stackname + run: echo "The environment is ${{ steps.deploy_stack.outputs.auth_stackname }}" From f139e9745a2f72a49cfef4b94e304cae2a6f3ce8 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 15:29:03 -0500 Subject: [PATCH 09/26] Try output stackname --- .github/actions/cdk-deploy/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index ac7221d..8d3be0e 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -63,5 +63,6 @@ runs: run: | echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT - name: Print stackname + shell: bash run: echo "The environment is ${{ steps.deploy_stack.outputs.auth_stackname }}" From 46f146532ce25b1872fd6d62c4d3434aa4dc7df4 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 15:40:10 -0500 Subject: [PATCH 10/26] Try output stackname --- .github/actions/cdk-deploy/action.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 8d3be0e..6ee3e92 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -11,7 +11,10 @@ inputs: script_path: required: true type: string - +outputs: + auth_stackname: + description: "Auth Stack name" + value: ${{ steps.deploy_stack.outputs.auth_stackname }} runs: using: "composite" steps: From ba5d28e1b8de6699b7686700cbd59803b2903575 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 15:50:10 -0500 Subject: [PATCH 11/26] Try output stackname --- .github/actions/cdk-deploy/action.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 6ee3e92..d00f92e 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -12,9 +12,8 @@ inputs: required: true type: string outputs: - auth_stackname: - description: "Auth Stack name" - value: ${{ steps.deploy_stack.outputs.auth_stackname }} + auth_stackname: ${{ steps.deploy_stack.outputs.auth_stackname }} + runs: using: "composite" steps: @@ -67,5 +66,5 @@ runs: echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT - name: Print stackname shell: bash - run: echo "The environment is ${{ steps.deploy_stack.outputs.auth_stackname }}" + run: echo "The stackname is ${{ steps.deploy_stack.outputs.auth_stackname }}" From a4617c335062789e1feb7aa8854212fd6fc7014f Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 16:01:48 -0500 Subject: [PATCH 12/26] Try output stackname --- .github/actions/cdk-deploy/action.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index d00f92e..0bff111 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -12,7 +12,10 @@ inputs: required: true type: string outputs: - auth_stackname: ${{ steps.deploy_stack.outputs.auth_stackname }} + auth_stackname: + description: "Auth Stack name" + value: ${{ steps.deploy_auth_stack.outputs.auth_stackname }} + runs: using: "composite" @@ -59,12 +62,12 @@ runs: fi - name: Deploy - id: deploy_stack + id: deploy_auth_stack shell: bash working-directory: ${{ inputs.dir }} run: | echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT - name: Print stackname shell: bash - run: echo "The stackname is ${{ steps.deploy_stack.outputs.auth_stackname }}" + run: echo "The environment is ${{ steps.deploy_stack.outputs.auth_stackname }}" From f3c33a6052ee42cf2614cf61a9afee6915eecf7e Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Wed, 25 Oct 2023 16:38:32 -0500 Subject: [PATCH 13/26] Try output stackname --- .github/actions/cdk-deploy/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 0bff111..e45b9b0 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -66,8 +66,8 @@ runs: shell: bash working-directory: ${{ inputs.dir }} run: | - echo "auth_stackname=hello-world" >> $GITHUB_OUTPUT - - name: Print stackname - shell: bash - run: echo "The environment is ${{ steps.deploy_stack.outputs.auth_stackname }}" + cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json + stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') + echo "auth_stackname=$stack" >> $GITHUB_OUTPUT + From 236f89235c4de38bdf97288a5fb6a3afeeeef614 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Thu, 26 Oct 2023 11:54:21 -0500 Subject: [PATCH 14/26] Add cloudformation outputs --- app.py | 9 +++++++-- infra/stack.py | 10 +++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/app.py b/app.py index b9f4353..e32dbf9 100644 --- a/app.py +++ b/app.py @@ -104,8 +104,13 @@ ) # Programmatic Clients -stack.add_programmatic_client("veda-sdk") - +client = stack.add_programmatic_client(f"{app_settings.app_name}-{app_settings.stage}-veda-sdk") +cdk.CfnOutput( + stack, + "client_id", + export_name=f"{app_settings.app_name}-{app_settings.stage}-client-id", + value=client.user_pool_client_id, +) # Frontend Clients # stack.add_frontend_client('veda-dashboard') diff --git a/infra/stack.py b/infra/stack.py index f4fc9a1..e01279f 100644 --- a/infra/stack.py +++ b/infra/stack.py @@ -13,7 +13,7 @@ from aws_cdk import Aspects from config import Config - +import uuid class BucketPermissions(str, Enum): read_only = "r" @@ -45,9 +45,13 @@ def __init__( else: self.userpool = self._create_userpool() self.domain = self._add_domain(self.userpool) - stack_name = Stack.of(self).stack_name - + CfnOutput( + self, + "userpool_id", + export_name=f"{uuid.uuid4()}-userpool-id", + value=self.userpool.user_pool_id, + ) if app_settings.cognito_groups: self._group_precedence = 0 From 2b32e2d10d845e70386d0168ce66701bee571897 Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Thu, 26 Oct 2023 12:30:16 -0500 Subject: [PATCH 15/26] Add cloudformation outputs of veda auth --- infra/stack.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/infra/stack.py b/infra/stack.py index e01279f..d3af118 100644 --- a/infra/stack.py +++ b/infra/stack.py @@ -13,7 +13,6 @@ from aws_cdk import Aspects from config import Config -import uuid class BucketPermissions(str, Enum): read_only = "r" @@ -49,7 +48,7 @@ def __init__( CfnOutput( self, "userpool_id", - export_name=f"{uuid.uuid4()}-userpool-id", + export_name=f"{stack_name}-userpool-id", value=self.userpool.user_pool_id, ) if app_settings.cognito_groups: From 671892807295764a8e82fff5f92380653929716a Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Fri, 27 Oct 2023 14:20:20 -0500 Subject: [PATCH 16/26] add client secret output --- app.py | 1 + infra/stack.py | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app.py b/app.py index e32dbf9..dc0ce3f 100644 --- a/app.py +++ b/app.py @@ -111,6 +111,7 @@ export_name=f"{app_settings.app_name}-{app_settings.stage}-client-id", value=client.user_pool_client_id, ) + # Frontend Clients # stack.add_frontend_client('veda-dashboard') diff --git a/infra/stack.py b/infra/stack.py index d3af118..b380686 100644 --- a/infra/stack.py +++ b/infra/stack.py @@ -227,10 +227,12 @@ def _create_secret( secret_string_value=SecretValue.unsafe_plain_text(json.dumps(secret_dict)), ) + # We need to extract the secret name to be used for ingestor stac + # We expect the exported name to be of the format "-" CfnOutput( self, f"{service_id}-secret-output", - export_name=f"{stack_name}-{service_id}-secret", + export_name=f"{stack_name}-{service_id}-secret" if stack_name not in service_id else f"{stack_name}-client-secret", value=secret.secret_name, ) CfnOutput( From a5ae4c0e4192c77ad783c857ac189ff0497e6e4d Mon Sep 17 00:00:00 2001 From: amarouane-ABDELHAK Date: Mon, 30 Oct 2023 12:04:20 -0500 Subject: [PATCH 17/26] Move output to main module --- .github/actions/cdk-deploy/action.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index e45b9b0..f42fa6e 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -11,10 +11,7 @@ inputs: script_path: required: true type: string -outputs: - auth_stackname: - description: "Auth Stack name" - value: ${{ steps.deploy_auth_stack.outputs.auth_stackname }} + runs: @@ -67,7 +64,3 @@ runs: working-directory: ${{ inputs.dir }} run: | cdk deploy --all --require-approval never --outputs-file ${HOME}/cdk-outputs.json - stack=$(cat ${HOME}/cdk-outputs.json | jq -r 'keys_unsorted[0]') - echo "auth_stackname=$stack" >> $GITHUB_OUTPUT - - From 73f575d9744f63cfcc12494bcab11eeb0593ea7b Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Wed, 21 Feb 2024 16:49:09 -0600 Subject: [PATCH 18/26] Fix CfnOutput source --- app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.py b/app.py index 665071c..1514af6 100644 --- a/app.py +++ b/app.py @@ -99,7 +99,7 @@ # Programmatic Clients client = stack.add_programmatic_client(f"{app_settings.app_name}-{app_settings.stage}-veda-sdk") -cdk.CfnOutput( +aws_cdk.CfnOutput( stack, "client_id", export_name=f"{app_settings.app_name}-{app_settings.stage}-client-id", From e2364cfbf537e75cf3303f4b7e52ae63d27091e6 Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Wed, 21 Feb 2024 16:53:42 -0600 Subject: [PATCH 19/26] =?UTF-8?q?=F0=9F=A4=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app.py b/app.py index 1514af6..e0dc0d5 100644 --- a/app.py +++ b/app.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 import subprocess -from aws_cdk import App, Tags, DefaultStackSynthesizer +from aws_cdk import App, CfnOutput, Tags, DefaultStackSynthesizer from infra.stack import AuthStack, BucketPermissions @@ -99,7 +99,7 @@ # Programmatic Clients client = stack.add_programmatic_client(f"{app_settings.app_name}-{app_settings.stage}-veda-sdk") -aws_cdk.CfnOutput( +CfnOutput( stack, "client_id", export_name=f"{app_settings.app_name}-{app_settings.stage}-client-id", From a0160750fa73f15cd12202c58effed986d0a7cf4 Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Wed, 21 Feb 2024 16:54:25 -0600 Subject: [PATCH 20/26] Add newline --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 21d830c..0ed1c4f 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -59,4 +59,4 @@ jobs: - name: Run deployment uses: "./.github/actions/cdk-deploy" with: - env_aws_secret_name: ${{ secrets.ENV_AWS_SECRET_NAME }} \ No newline at end of file + env_aws_secret_name: ${{ secrets.ENV_AWS_SECRET_NAME }} From 393d670949d69712c32a0750400083ad1395fc4b Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Fri, 23 Feb 2024 15:20:04 -0600 Subject: [PATCH 21/26] Update action versions --- .github/actions/cdk-deploy/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/cdk-deploy/action.yml b/.github/actions/cdk-deploy/action.yml index 0a0a448..7f2b6b4 100644 --- a/.github/actions/cdk-deploy/action.yml +++ b/.github/actions/cdk-deploy/action.yml @@ -16,9 +16,9 @@ runs: using: "composite" steps: - name: Install node and related deps - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: - node-version: 17.3.0 + node-version: 20 - uses: actions/cache@v3 with: @@ -30,7 +30,7 @@ runs: run: npm install -g aws-cdk@2 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.10" cache: "pip" From 7848094999d3946d5053996cc53edfbaa9b17002 Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Mon, 26 Feb 2024 17:23:45 -0600 Subject: [PATCH 22/26] Remove client secret cdk output --- README.md | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++ infra/stack.py | 8 ------- 2 files changed, 63 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1380385..e869c16 100644 --- a/README.md +++ b/README.md @@ -90,3 +90,66 @@ A streamlined version of the client can be installed with `pip install cognito_c # License This project is licensed under **Apache 2**, see the [LICENSE](LICENSE) file for more details. + + +## userpool + +```python +cognito.UserPool( + self, + "userpool", + user_pool_name=Stack.of(self).stack_name, + removal_policy=RemovalPolicy.DESTROY, + self_sign_up_enabled=False, + sign_in_aliases={"username": True, "email": True}, + sign_in_case_sensitive=False, + standard_attributes=cognito.StandardAttributes( + email=cognito.StandardAttribute(required=True) + ), +) +``` + +no mfa +email only +user name and email +don't enable self-registration +send email with cognito +userpool name: veda-auth-mcp-test +client: + auth_provider_client = self.add_programmatic_client( + "cognito-identity-pool-auth-provider", + name="Identity Pool Authentication Provider", + ) + client = self.userpool.add_client( + service_id, + auth_flows=cognito.AuthFlow(user_password=True, admin_user_password=True), + generate_secret=False, + user_pool_client_name=name or service_id, + # disable_o_auth=True, + ) + +identity pool + +```python +cognito_id_pool.IdentityPool( + self, + "identity_pool", + identity_pool_name=f"{stack.stack_name} IdentityPool", + authentication_providers=cognito_id_pool.IdentityPoolAuthenticationProviders( + user_pools=[userpool_provider], + ), + role_mappings=[ + cognito_id_pool.IdentityPoolRoleMapping( + provider_url=cognito_id_pool.IdentityPoolProviderUrl.user_pool( + f"cognito-idp.{stack.region}.{stack.url_suffix}/" + f"{userpool.user_pool_id}:{auth_provider_client.user_pool_client_id}" + ), + use_token=True, + mapping_key="userpool", + ) + ], +) +``` + +user access - authenticated access +authrnticated identity sources - amazon cognito user pool \ No newline at end of file diff --git a/infra/stack.py b/infra/stack.py index a18e0ca..ffe2b44 100644 --- a/infra/stack.py +++ b/infra/stack.py @@ -227,14 +227,6 @@ def _create_secret( secret_string_value=SecretValue.unsafe_plain_text(json.dumps(secret_dict)), ) - # We need to extract the secret name to be used for ingestor stac - # We expect the exported name to be of the format "-" - CfnOutput( - self, - f"{service_id}-secret-output", - export_name=f"{stack_name}-{service_id}-secret" if stack_name not in service_id else f"{stack_name}-client-secret", - value=secret.secret_name, - ) CfnOutput( self, f"{service_id}-secret-arn-output", From f46d058ddb54f8ee7670f758cada265bc02b8de1 Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Mon, 26 Feb 2024 17:25:58 -0600 Subject: [PATCH 23/26] Rename ghgc to veda --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 0ed1c4f..1c0b800 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -53,7 +53,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v3 with: role-to-assume: ${{ secrets.DEPLOYMENT_ROLE_ARN }} - role-session-name: "ghgc-auth-github-${{ needs.define-environment.outputs.env_name }}-deployment" + role-session-name: "veda-auth-github-${{ needs.define-environment.outputs.env_name }}-deployment" aws-region: "us-west-2" - name: Run deployment From 4f2ab4fa58873fa9b26b273e63e5f499951e9145 Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Mon, 26 Feb 2024 17:27:37 -0600 Subject: [PATCH 24/26] Remove accidental change in README --- README.md | 63 ------------------------------------------------------- 1 file changed, 63 deletions(-) diff --git a/README.md b/README.md index e869c16..1380385 100644 --- a/README.md +++ b/README.md @@ -90,66 +90,3 @@ A streamlined version of the client can be installed with `pip install cognito_c # License This project is licensed under **Apache 2**, see the [LICENSE](LICENSE) file for more details. - - -## userpool - -```python -cognito.UserPool( - self, - "userpool", - user_pool_name=Stack.of(self).stack_name, - removal_policy=RemovalPolicy.DESTROY, - self_sign_up_enabled=False, - sign_in_aliases={"username": True, "email": True}, - sign_in_case_sensitive=False, - standard_attributes=cognito.StandardAttributes( - email=cognito.StandardAttribute(required=True) - ), -) -``` - -no mfa -email only -user name and email -don't enable self-registration -send email with cognito -userpool name: veda-auth-mcp-test -client: - auth_provider_client = self.add_programmatic_client( - "cognito-identity-pool-auth-provider", - name="Identity Pool Authentication Provider", - ) - client = self.userpool.add_client( - service_id, - auth_flows=cognito.AuthFlow(user_password=True, admin_user_password=True), - generate_secret=False, - user_pool_client_name=name or service_id, - # disable_o_auth=True, - ) - -identity pool - -```python -cognito_id_pool.IdentityPool( - self, - "identity_pool", - identity_pool_name=f"{stack.stack_name} IdentityPool", - authentication_providers=cognito_id_pool.IdentityPoolAuthenticationProviders( - user_pools=[userpool_provider], - ), - role_mappings=[ - cognito_id_pool.IdentityPoolRoleMapping( - provider_url=cognito_id_pool.IdentityPoolProviderUrl.user_pool( - f"cognito-idp.{stack.region}.{stack.url_suffix}/" - f"{userpool.user_pool_id}:{auth_provider_client.user_pool_client_id}" - ), - use_token=True, - mapping_key="userpool", - ) - ], -) -``` - -user access - authenticated access -authrnticated identity sources - amazon cognito user pool \ No newline at end of file From ad957482cf49bb5e08f4c085dbb47897b4ee69c4 Mon Sep 17 00:00:00 2001 From: Jennifer Tran Date: Mon, 4 Mar 2024 10:21:59 -0800 Subject: [PATCH 25/26] fix: update aws-cdk=lib and aws_cdk.aws_cognito_identitypool_alpha versions --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 352a31a..8a00a57 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ -aws-cdk-lib==2.35.0 -aws_cdk.aws_cognito_identitypool_alpha==2.35.0a0 +aws-cdk-lib==2.112.0 +aws_cdk.aws_cognito_identitypool_alpha==2.112.0a0 constructs>=10.0.0,<11.0.0 pydantic==1.9.1 black==22.3.0 From f6adfaaad869402121ea05d23f083341ec744c7e Mon Sep 17 00:00:00 2001 From: Jennifer Tran Date: Mon, 4 Mar 2024 10:41:39 -0800 Subject: [PATCH 26/26] fix: update aws_cdk.aws_cognito_identitypool_alpha to use minimum version instead of fixed --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8a00a57..f7e1493 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ aws-cdk-lib==2.112.0 -aws_cdk.aws_cognito_identitypool_alpha==2.112.0a0 +aws_cdk.aws_cognito_identitypool_alpha>=2.112.0a0 constructs>=10.0.0,<11.0.0 pydantic==1.9.1 black==22.3.0