Make the latest doi-ui work with JPL AWS SSO

NASA-PDS / doi-ui

The web interface for the PDS DOI Service providing the ability management PDS archive DOIs. See the DOI Service for more details on the available capabilities. https://nasa-pds.github.io/doi-service/

Apache License 2.0

0 stars 4 forks source link

Make the latest doi-ui work with JPL AWS SSO #168

Closed tloubrieu-jpl closed 1 year ago

tloubrieu-jpl commented 1 year ago

💡 Description

jordanpadams commented 1 year ago

@tloubrieu-jpl @ramesh-maddegoda I believe this has been completed? Or does something additional need to be updated here?

tloubrieu-jpl commented 1 year ago

Hi @jordanpadams , @ramesh-maddegoda made the DOI-UI work with a test cognito service deployed in NGAP but disconnected from JPL directory. This ticket is about using the JPL AWS Cognito managed by the SA's. That might sounds a bit like going backward but that was the intention of the ticket. We can discuss that if needed.

tloubrieu-jpl commented 1 year ago

Actually we will use the NGAP Cognito which needs to include the JPL directory connection.

ramesh-maddegoda commented 1 year ago

A Jira ticket has been created to get support from ICAM (Identity, Credential, and Access Management) team. https://jira.jpl.nasa.gov/browse/ICAM-8551

ramesh-maddegoda commented 1 year ago

Had a meeting with ICAM team .The doi-ui Cognito integration with JPL SSO DEV was configured successfully during the meeting and tested.

Next steps are: ICAM team to setup same configs in JPL SSO INT and JPL SSO PROD environments.

tloubrieu-jpl commented 1 year ago

Thanks @ramesh-maddegoda , if i am not mistaken, that would be our first service in production on NGAP, how will that be best to document that ? Any ideas on that @jimmie ? It sounds like a cognito user pool can be configured in terraform.

That would be good I think to have all our deployments coded/documented in terraform scripts and maintained in a github repository.

ramesh-maddegoda commented 1 year ago

@tloubrieu-jpl, I have deployed Cognito user pools using terraform for another project. The open source code is available at https://github.com/unity-sds/unity-cs-infra/tree/main/terraform-api-gateway-cognito/terraform-modules/cognito-user-pool. We can do something very similar.

ramesh-maddegoda commented 1 year ago

The setup for JPL SSO PROD is completed. Tested with JPL SSO prod with doi gamma and it is working fine.

tloubrieu-jpl commented 1 year ago

@ramesh-maddegoda will add the email of the PDS admins in the message for first login.

The service on gamma will use the test user pool. The service in production will use the PDS admin group user pool.

ramesh-maddegoda commented 1 year ago

Added the PDS Admin email address to the message which is displayed when user a does not have required Cognito groups.

@tloubrieu-jpl and @eddiesarevalo, please help with reviewing https://github.com/NASA-PDS/doi-ui/pull/176

tloubrieu-jpl commented 1 year ago

@ramesh-maddegoda was not able to test, so the persons reviewing the PR need to test it

tloubrieu-jpl commented 1 year ago

Blocked by ticket https://github.com/NASA-PDS/doi-ui/issues/178

ramesh-maddegoda commented 1 year ago

@tloubrieu-jpl and @jordanpadams, this ticket is not blocked anymore and doi-ui is working as expected I ws able to test this with JPL SSO. We can close this now.