search

wellcomecollection / identity

Identity services for Wellcome Collection users
MIT License
0 stars 2 forks source link

share the redirect_action_secret with experience account #330

Closed melanierogan closed 2 years ago

melanierogan commented 2 years ago

This means AUTH0_ACTION_SECRET is shared with weco frontend and secrets can stay in sync

Terrform plan

Terraform will perform the following actions:

  # auth0_connection.sierra will be updated in-place
  ~ resource "auth0_connection" "sierra" {
      ~ enabled_clients      = [
          - "[redacted]",
            # (7 unchanged elements hidden)
        ]
        id                   = "[redacted]"
        name                 = "Sierra-Connection"
        # (4 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_cloudwatch_event_rule.auth0_logs will be updated in-place
  ~ resource "aws_cloudwatch_event_rule" "auth0_logs" {
        id             = "aws.partner/auth0.com/wellcomecollection-stage-[redacted]/auth0.logs/capture-auth0-errors-stage"
      ~ is_enabled     = false -> true
        name           = "capture-auth0-errors-stage"
        tags           = {}
        # (5 unchanged attributes hidden)
    }

  # module.secrets_experience.aws_secretsmanager_secret.secret["identity/stage/redirect_action_secret"] will be created
  + resource "aws_secretsmanager_secret" "secret" {
      + arn                     = (known after apply)
      + id                      = (known after apply)
      + name                    = "identity/stage/redirect_action_secret"
      + name_prefix             = (known after apply)
      + policy                  = (known after apply)
      + recovery_window_in_days = 30
      + rotation_enabled        = (known after apply)
      + rotation_lambda_arn     = (known after apply)
      + tags_all                = {
          + "Environment"               = "stage"
          + "ManagedBy"                 = "Terraform"
          + "Project"                   = "Identity"
          + "TerraformConfigurationURL" = "https://github.com/wellcomecollection/identity/tree/main/infra/scoped"
        }

      + rotation_rules {
          + automatically_after_days = (known after apply)
        }
    }

  # module.secrets_experience.aws_secretsmanager_secret_version.secret["identity/stage/redirect_action_secret"] will be created
  + resource "aws_secretsmanager_secret_version" "secret" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

Plan: 2 to add, 2 to change, 0 to destroy.

Towards https://github.com/wellcomecollection/wellcomecollection.org/issues/7896