search

navapbc / template-infra

A template to set up foundational infrastructure for your application in AWS
Apache License 2.0
9 stars 2 forks source link

Add identity provider modules #650

Open rocketnova opened 2 weeks ago

rocketnova commented 2 weeks ago

Ticket

N/A

Changes

What was added, updated, or removed in this PR.

Context for reviewers

Testing instructions, background context, more in-depth details of the implementation, and anything else you'd like to call out or ask reviewers.

Many projects need an identity provider. This PR adds an option to the app config to allow projects to specify whether they want to enable one using AWS Cognito.

This is needed by the rails template, which comes with auth out-of-the-box.

Testing

Provide evidence that the code works as expected. Explain what was done for testing and the results of the test plan. Include screenshots, GIF demos, shell commands or output to help show the changes working as expected. ProTip: you can drag and drop or paste images into this textbox.

Tested using https://github.com/navapbc/platform-test/pull/108

Screenshot showing the Cognito user pool:

CleanShot 2024-06-20 at 13 05 11@2x

Screenshot showing the Cognito user pool app client:

CleanShot 2024-06-20 at 13 05 24@2x

Screenshot of ECS task definition showing that the new Cognito env vars and secrets are passed through to the ECS task:

CleanShot
rocketnova commented 1 week ago

@lorenyu I think I've addressed all the comments in your previous review. Could you please take another look? Thanks!

rocketnova commented 1 week ago

How complicated would it be to add some minimal auth logic to the example app in platform-test that leverages the identity provider?

I think this is too complicated to add to this PR. But does bring up some good questions about how we want to make sure our test apps are exercising all of the core functionality. For instance, I could see wanting to do something similar for notifications. Should we add a follow-up issue for that?

Also, it doesn't necessarily have to be with platform-test example app — if you tested the identity provider with the rails template, I wonder if there is some evidence we can provide that this infra setup works with the rails app — maybe a link to a platform-test-rails PR (if that exists), or if you have a private test repo that's using this same infra maybe just sharing some screenshots or something from there?

Yes, I've been testing with the platform-test-rails repo. I can include some screenshots from there.

rocketnova commented 1 week ago

I'm realizing that I totally missed writing documentation for this feature, so I'll add that in, too.