Open rocketnova opened 2 weeks ago
@lorenyu I think I've addressed all the comments in your previous review. Could you please take another look? Thanks!
How complicated would it be to add some minimal auth logic to the example app in platform-test that leverages the identity provider?
I think this is too complicated to add to this PR. But does bring up some good questions about how we want to make sure our test apps are exercising all of the core functionality. For instance, I could see wanting to do something similar for notifications. Should we add a follow-up issue for that?
Also, it doesn't necessarily have to be with platform-test example app — if you tested the identity provider with the rails template, I wonder if there is some evidence we can provide that this infra setup works with the rails app — maybe a link to a platform-test-rails PR (if that exists), or if you have a private test repo that's using this same infra maybe just sharing some screenshots or something from there?
Yes, I've been testing with the platform-test-rails
repo. I can include some screenshots from there.
I'm realizing that I totally missed writing documentation for this feature, so I'll add that in, too.
Ticket
N/A
Changes
identity-provider
module to configure an AWS Cognito user poolidentity-provider-client
module to configure an AWS Cognito user pool app clientContext for reviewers
Many projects need an identity provider. This PR adds an option to the app config to allow projects to specify whether they want to enable one using AWS Cognito.
This is needed by the rails template, which comes with auth out-of-the-box.
Testing
Tested using https://github.com/navapbc/platform-test/pull/108
Screenshot showing the Cognito user pool:
Screenshot showing the Cognito user pool app client:
Screenshot of ECS task definition showing that the new Cognito env vars and secrets are passed through to the ECS task: