Skip to content

feat: CMS client #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aliziel merged 2 commits into from
Feb 4, 2026
Merged

feat: CMS client #183

aliziel merged 2 commits into from
Feb 4, 2026

Conversation

@aliziel
Copy link
Contributor

@aliziel aliziel commented Jan 30, 2026

#179

Adds CMS client + group to preprod Keycloak instance. Client config was exported (and cleaned up) to maintain fidelity to console testing.

@github-actions
Copy link

github-actions bot commented Jan 30, 2026
edited
Loading

Diff for stage: DefaultStage

Warning

1 Destructive Changes

Diff for stack: veda-keycloak-dev - 1 to add, 3 to update, 0 to destroy

Details

[!WARNING]
Destructive Changes ‼️
Stack: veda-keycloak-dev - Resource: configConfigTaskDef650ED3A2 - Impact: WILL_REPLACE

IAM Statement Changes
┌───┬──────────────────────────────────────────┬────────┬───────────────────────────────┬─────────────────────────────────────────────────┬───────────┐
│   │ Resource                                 │ Effect │ Action                        │ Principal                                       │ Condition │
├───┼──────────────────────────────────────────┼────────┼───────────────────────────────┼─────────────────────────────────────────────────┼───────────┤
│ + │ ${configearthgovcmsclientsecret90151005} │ Allow  │ secretsmanager:DescribeSecret │ AWS:${configConfigTaskDefExecutionRole55730F7C} │           │
│   │                                          │        │ secretsmanager:GetSecretValue │                                                 │           │
└───┴──────────────────────────────────────────┴────────┴───────────────────────────────┴─────────────────────────────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Resources
[+] AWS::SecretsManager::Secret configearthgovcmsclientsecret90151005
[~] AWS::ECS::TaskDefinition configConfigTaskDef650ED3A2 replace
 └─ [~] ContainerDefinitions (requires replacement)
     └─ @@ -28,7 +28,7 @@
        [ ] ],
        [ ] "Essential": true,
        [ ] "Image": {
        [-]   "Fn::Sub": "853558080719.dkr.ecr.us-west-2.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-853558080719-us-west-2:21855b61879599739ff8005edf119dfa23c25f0bb1a5333c14b15256d06f75ca"
        [+]   "Fn::Sub": "853558080719.dkr.ecr.us-west-2.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-853558080719-us-west-2:49f391dfd96777b717c35a6b84d63d6e0ed777ca272a5fdb3847db2bc13f1c26"
        [ ] },
        [ ] "LogConfiguration": {
        [ ]   "LogDriver": "awslogs",
        @@ -295,6 +295,34 @@
        [ ]   }
        [ ] },
        [ ] {
        [+]   "Name": "EARTH_GOV_CMS_CLIENT_ID",
        [+]   "ValueFrom": {
        [+]     "Fn::Join": [
        [+]       "",
        [+]       [
        [+]         {
        [+]           "Ref": "configearthgovcmsclientsecret90151005"
        [+]         },
        [+]         ":id::"
        [+]       ]
        [+]     ]
        [+]   }
        [+] },
        [+] {
        [+]   "Name": "EARTH_GOV_CMS_CLIENT_SECRET",
        [+]   "ValueFrom": {
        [+]     "Fn::Join": [
        [+]       "",
        [+]       [
        [+]         {
        [+]           "Ref": "configearthgovcmsclientsecret90151005"
        [+]         },
        [+]         ":secret::"
        [+]       ]
        [+]     ]
        [+]   }
        [+] },
        [+] {
        [ ]   "Name": "GHGC_AIRFLOW_STAC_ETL_CLIENT_ID",
        [ ]   "ValueFrom": {
        [ ]     "Fn::Join": [
[~] AWS::IAM::Policy configConfigTaskDefExecutionRoleDefaultPolicyB2F7D3D0
 └─ [~] PolicyDocument
     └─ [~] .Statement:
         └─ @@ -134,6 +134,16 @@
            [ ]   ],
            [ ]   "Effect": "Allow",
            [ ]   "Resource": {
            [+]     "Ref": "configearthgovcmsclientsecret90151005"
            [+]   }
            [+] },
            [+] {
            [+]   "Action": [
            [+]     "secretsmanager:GetSecretValue",
            [+]     "secretsmanager:DescribeSecret"
            [+]   ],
            [+]   "Effect": "Allow",
            [+]   "Resource": {
            [ ]     "Ref": "configghgcairflowstacetlclientsecret51E33BCC"
            [ ]   }
            [ ] },
[~] AWS::CloudFormation::Stack sesrelayNestedStacksesrelayNestedStackResource3873FD90
 └─ [~] TemplateURL
     └─ [~] .Fn::Join:
         └─ @@ -5,6 +5,6 @@
            [ ]     {
            [ ]       "Ref": "AWS::URLSuffix"
            [ ]     },
            [-]     "/cdk-hnb659fds-assets-853558080719-us-west-2/d615cee391c4ead91c4e9ec15cf5927799383ce6d86835e911ec21425e50dde6.json"
            [+]     "/cdk-hnb659fds-assets-853558080719-us-west-2/a42ef7d79c64103083488b767412e35429389f38ee1bb609ccc2674b7f669ce0.json"
            [ ]   ]
            [ ] ]

Generated for commit 7fa1c3f at 2026-01-30T21:22:36.490Z

@aliziel aliziel marked this pull request as ready for review January 30, 2026 21:26
@slesaad
Copy link
Member

slesaad commented Feb 2, 2026

Looks good to me

@aliziel aliziel merged commit 29dab80 into main Feb 4, 2026
1 check passed
@aliziel aliziel deleted the feat/init-tinacms branch February 4, 2026 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anayeaye anayeaye anayeaye approved these changes

@slesaad slesaad slesaad approved these changes

@botanical botanical Awaiting requested review from botanical

@smohiudd smohiudd Awaiting requested review from smohiudd

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aliziel @slesaad @anayeaye