DMGT-TECH / authenticated-cloud-docs

A repository that deploys documents to the cloud for secured access via Azure Active Directory
MIT License
0 stars 0 forks source link

Robust fix needed for non-interactive cloudfront-auth #4

Open plaurent opened 3 years ago

plaurent commented 3 years ago

The main issue is that the cloudfront-auth repo code is interactive only, doesn't support non-interactive CLI usage or loading all settings from a preconfigured file.

The tool we are using to build the CloudFront authentication lambda (https://github.com/Widen/cloudfront-auth) - Connect to preview only supports interactive mode. Even with a saved out configuration file, it continues to interactively prompt — it just uses the saved configuration for the prompt defaults. This does not lend itself to automation. However, I was able to add a single line of code to enable command line-based automation for our use case. That's how this action is currently working -- it is patching in that line prior to run. But we're going to need something more robust/less hackish.

Options:

I noticed there's already a PR dated Mar 1 in Widen/cloudfront-auth to address our use case and more (https://github.com/Widen/cloudfront-auth/pull/84). But it's much more than a one-line change. If that gets merged that will resolve our issues. Just not sure when that'll happen.

Rob has suggested either:

plaurent commented 3 years ago

The hack in question is currently found at https://github.com/DMGT-TECH/authenticated-cloud-docs/blob/main/.github/workflows/deploy-static-site.yaml#L44:

    - name: Patch cloudfront-auth to allow non-interative (CLI) use
      run: |
        cd ./deployment/cloudfront-auth
        sed -i"" "s/^prompt.start/prompt.override=require('minimist')(process.argv.slice(2), opts={boolean:true, string:['method', 'AUTHZ']});prompt.start/" build/build.js
plaurent commented 3 years ago

Sidenote: the above hack depends on minimist being available, which I'm not explicitly adding as a requirement to package.json (it is however a sub-dependency).