melanierogan
commented
2 years ago @jamieparkinson I've got a terraform plan for these changes below, and have realised despite you mentioning to me that I should check with David that he planned and applied his changes, I didn't do that so this plan is a mix of both changes
Terraform will perform the following actions:
# data.aws_secretsmanager_secret_version.redirect_action_secret will be read during apply
# (config refers to values not yet known)
<= data "aws_secretsmanager_secret_version" "redirect_action_secret" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_binary = (sensitive value)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# auth0_action.redirect_to_full_registration will be created
+ resource "auth0_action" "redirect_to_full_registration" {
+ code = <<-EOT
function noop() {
// Do nothing
}
EOT
+ deploy = true
+ id = (known after apply)
+ name = "Redirect to full registration"
+ runtime = (known after apply)
+ version_id = (known after apply)
+ secrets {
+ name = "IDENTITY_APP_BASEURL"
+ value = (sensitive value)
}
+ secrets {
+ name = "AUTH0_PAYLOAD_SECRET"
+ value = (sensitive value)
}
+ supported_triggers {
+ id = "post-login"
+ version = "v2"
}
}
# auth0_client_grant.dev_and_test["REDACTED"] will be updated in-place
~ resource "auth0_client_grant" "dev_and_test" {
id = "REDACTED"
~ scope = [
# (5 unchanged elements hidden)
"update:password",
+ "update:user",
]
# (2 unchanged attributes hidden)
}
# auth0_client_grant.dev_and_test["REDACTED"] will be updated in-place
~ resource "auth0_client_grant" "dev_and_test" {
id = "REDACTED"
~ scope = [
# (5 unchanged elements hidden)
"update:password",
+ "update:user",
]
# (2 unchanged attributes hidden)
}
# auth0_client_grant.dev_and_test["REDACTEDt"] will be updated in-place
~ resource "auth0_client_grant" "dev_and_test" {
id = "REDACTED"
~ scope = [
# (5 unchanged elements hidden)
"update:password",
+ "update:user",
]
# (2 unchanged attributes hidden)
}
# auth0_client_grant.smoke_test will be updated in-place
~ resource "auth0_client_grant" "smoke_test" {
id = "REDACTED"
~ scope = [
# (5 unchanged elements hidden)
"update:password",
+ "update:user",
]
# (2 unchanged attributes hidden)
}
# auth0_resource_server.identity_api will be updated in-place
~ resource "auth0_resource_server" "identity_api" {
id = "REDACTED"
name = "Identity API"
# (9 unchanged attributes hidden)
+ scopes {
+ description = "Update user info"
+ value = "update:user"
}
# (6 unchanged blocks hidden)
}
# auth0_trigger_binding.post_login will be updated in-place
~ resource "auth0_trigger_binding" "post_login" {
id = "post-login"
# (1 unchanged attribute hidden)
+ actions {
+ display_name = "Redirect to full registration"
+ id = (known after apply)
}
# (1 unchanged block hidden)
}
# aws_api_gateway_integration.users_userid_registration_options will be created
+ resource "aws_api_gateway_integration" "users_userid_registration_options" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "OPTIONS"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = "REDACTED"
+ timeout_milliseconds = REDACTED
+ type = "AWS_PROXY"
+ uri = "REDACTED"
}
# aws_api_gateway_integration.users_userid_registration_put will be created
+ resource "aws_api_gateway_integration" "users_userid_registration_put" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "PUT"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ request_parameters = {
+ "integration.request.path.userId" = "method.request.path.userId"
}
+ resource_id = (known after apply)
+ rest_api_id = "REDACTED"
+ timeout_milliseconds = REDACTED
+ type = "AWS_PROXY"
+ uri = "REDACTED"
}
# aws_api_gateway_method.users_userid_registration_options will be created
+ resource "aws_api_gateway_method" "users_userid_registration_options" {
+ api_key_required = false
+ authorization = "NONE"
+ http_method = "OPTIONS"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = "REDACTED"
}
# aws_api_gateway_method.users_userid_registration_put will be created
+ resource "aws_api_gateway_method" "users_userid_registration_put" {
+ api_key_required = true
+ authorization = "CUSTOM"
+ authorizer_id = "REDACTED"
+ http_method = "PUT"
+ id = (known after apply)
+ request_parameters = {
+ "method.request.path.userId" = true
}
+ request_validator_id = "REDACTED"
+ resource_id = (known after apply)
+ rest_api_id = "REDACTED"
}
# aws_api_gateway_method_response.users_userid_registration_options_204 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_options_204" {
+ http_method = "OPTIONS"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Empty"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Headers" = true
+ "method.response.header.Access-Control-Allow-Methods" = true
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "204"
}
# aws_api_gateway_method_response.users_userid_registration_put_200 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_200" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Empty"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "200"
}
# aws_api_gateway_method_response.users_userid_registration_put_400 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_400" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Error"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "400"
}
# aws_api_gateway_method_response.users_userid_registration_put_401 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_401" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Error"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "401"
}
# aws_api_gateway_method_response.users_userid_registration_put_403 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_403" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Error"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "403"
}
# aws_api_gateway_method_response.users_userid_registration_put_404 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_404" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Error"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "404"
}
# aws_api_gateway_method_response.users_userid_registration_put_422 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_422" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Error"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "422"
}
# aws_api_gateway_method_response.users_userid_registration_put_500 will be created
+ resource "aws_api_gateway_method_response" "users_userid_registration_put_500" {
+ http_method = "PUT"
+ id = (known after apply)
+ resource_id = (known after apply)
+ response_models = {
+ "application/json" = "Error"
}
+ response_parameters = {
+ "method.response.header.Access-Control-Allow-Origin" = true
}
+ rest_api_id = "REDACTED"
+ status_code = "500"
}
# aws_api_gateway_resource.users_userid_registration will be created
+ resource "aws_api_gateway_resource" "users_userid_registration" {
+ id = (known after apply)
+ parent_id = "REDACTED"
+ path = (known after apply)
+ path_part = "registration"
+ rest_api_id = "REDACTED"
}
# aws_secretsmanager_secret.redirect_action_secret will be created
+ resource "aws_secretsmanager_secret" "redirect_action_secret" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "identity/stage/redirect_action_secret"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = REDACTED
+ rotation_enabled = (known after apply)
+ rotation_lambda_arn = (known after apply)
+ tags_all = {
+ "Environment" = "stage"
+ "ManagedBy" = "Terraform"
+ "Project" = "Identity"
+ "TerraformConfigurationURL" = "REDACTED"
}
+ rotation_rules {
+ automatically_after_days = (known after apply)
}
}
Plan: 15 to add, 6 to change, 0 to destroy.
Changes to Outputs:
~ auth0_actions = {
~ names = {
+ redirect_to_full_registration = "Redirect to full registration"
# (1 unchanged element hidden)
}
}`
jamieparkinson
These files are what I think we need to make sure that we can deploy the newest action with terraform. This PR forms part of the work for https://github.com/wellcomecollection/wellcomecollection.org/issues/8006