diff --git a/infrastructure/server/oidc_clients_fom.tf b/infrastructure/server/oidc_clients_fom.tf index 34c2f3859..4b17ac19b 100644 --- a/infrastructure/server/oidc_clients_fom.tf +++ b/infrastructure/server/oidc_clients_fom.tf @@ -3,13 +3,13 @@ resource "aws_cognito_user_pool_client" "dev_fom_oidc_client" { allowed_oauth_flows = ["code"] allowed_oauth_flows_user_pool_client = "true" allowed_oauth_scopes = ["openid", "profile", "email"] - callback_urls = [ + callback_urls = concat([ "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "http://localhost:4200/admin/search" - ] - logout_urls = [ + ], [for i in range("${var.dev_pr_url_count}") : "https://fom-${i}.apps.silver.devops.gov.bc.ca/admin/search"]) + logout_urls = concat([ "${var.cognito_app_client_logout_chain_url.dev}http://localhost:4200/admin/not-authorized?loggedout=true" - ] + ], [for i in range("${var.dev_pr_url_count}") : "${var.cognito_app_client_logout_chain_url.dev}https://fom-${i}.apps.silver.devops.gov.bc.ca/admin/not-authorized?loggedout=true"]) enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH"] diff --git a/infrastructure/server/oidc_clients_forest_client.tf b/infrastructure/server/oidc_clients_forest_client.tf index 63e52ec11..9778d6e20 100644 --- a/infrastructure/server/oidc_clients_forest_client.tf +++ b/infrastructure/server/oidc_clients_forest_client.tf @@ -3,13 +3,13 @@ resource "aws_cognito_user_pool_client" "dev_forest_client_oidc_client" { allowed_oauth_flows = ["code"] allowed_oauth_flows_user_pool_client = "true" allowed_oauth_scopes = ["openid", "profile", "email"] - callback_urls = [ + callback_urls = concat([ "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "http://localhost:3000/dashboard", - ] - logout_urls = [ + ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/dashboard"]) + logout_urls = concat([ "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/" - ] + ], [for i in range("${var.dev_pr_url_count}") : "${var.cognito_app_client_logout_chain_url.dev}https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/"]) enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH"] diff --git a/infrastructure/server/oidc_clients_silva.tf b/infrastructure/server/oidc_clients_silva.tf index 6c4c5fed2..f8c32e280 100644 --- a/infrastructure/server/oidc_clients_silva.tf +++ b/infrastructure/server/oidc_clients_silva.tf @@ -3,16 +3,16 @@ resource "aws_cognito_user_pool_client" "dev_silva_oidc_client" { allowed_oauth_flows = ["code"] allowed_oauth_flows_user_pool_client = "true" allowed_oauth_scopes = ["openid", "profile", "email"] - callback_urls = [ + callback_urls = concat([ "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "http://localhost:3000/dashboard", "https://nr-results-exam-test-frontend.apps.silver.devops.gov.bc.ca/dashboard" - ] - logout_urls = [ + ], [for i in range("${var.dev_pr_url_count}") : "https://nr-silva-${i}-frontend.apps.silver.devops.gov.bc.ca/dashboard"]) + logout_urls = concat([ "${var.cognito_app_client_logout_chain_url.dev}https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/", "${var.cognito_app_client_logout_chain_url.dev}https://nr-results-exam-test-frontend.apps.silver.devops.gov.bc.ca/" - ] + ], [for i in range("${var.dev_pr_url_count}") : "${var.cognito_app_client_logout_chain_url.dev}https://nr-silva-${i}-frontend.apps.silver.devops.gov.bc.ca/"]) enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH"] diff --git a/infrastructure/server/oidc_clients_spar.tf b/infrastructure/server/oidc_clients_spar.tf index d710dd4ac..f09ce5ab3 100644 --- a/infrastructure/server/oidc_clients_spar.tf +++ b/infrastructure/server/oidc_clients_spar.tf @@ -3,15 +3,15 @@ resource "aws_cognito_user_pool_client" "dev_spar_oidc_client" { allowed_oauth_flows = ["code"] allowed_oauth_flows_user_pool_client = "true" allowed_oauth_scopes = ["openid", "profile", "email"] - callback_urls = [ + callback_urls = concat([ "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "http://localhost:3000/", "http://localhost:3000/silent-check-sso" - ] - logout_urls = [ + ], [for i in range("${var.dev_pr_url_count}") : "https://nr-spar-${i}-frontend.apps.silver.devops.gov.bc.ca/"]) + logout_urls = concat([ "${var.cognito_app_client_logout_chain_url.dev}https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/" - ] + ], [for i in range("${var.dev_pr_url_count}") : "${var.cognito_app_client_logout_chain_url.dev}https://nr-spar-${i}-frontend.apps.silver.devops.gov.bc.ca/"]) enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH"] @@ -43,10 +43,10 @@ resource "aws_cognito_user_pool_client" "test_spar_oidc_client" { callback_urls = [ "http://localhost:3000/", "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", - "https://nr-spar-webapp-test-frontend.apps.silver.devops.gov.bc.ca/" + "https://nr-spar-test-frontend.apps.silver.devops.gov.bc.ca/" ] logout_urls = [ - "${var.cognito_app_client_logout_chain_url.test}https://nr-spar-webapp-test-frontend.apps.silver.devops.gov.bc.ca/", + "${var.cognito_app_client_logout_chain_url.test}https://nr-spar-test-frontend.apps.silver.devops.gov.bc.ca/", "${var.cognito_app_client_logout_chain_url.test}http://localhost:3000/" ] enable_propagate_additional_user_context_data = "false" @@ -78,10 +78,10 @@ resource "aws_cognito_user_pool_client" "prod_spar_oidc_client" { allowed_oauth_flows_user_pool_client = "true" allowed_oauth_scopes = ["openid", "profile", "email"] callback_urls = [ - "https://nr-spar-webapp-prod-frontend.apps.silver.devops.gov.bc.ca/" + "https://nr-spar-prod-frontend.apps.silver.devops.gov.bc.ca/" ] logout_urls = [ - "${var.cognito_app_client_logout_chain_url.prod}https://nr-spar-webapp-prod-frontend.apps.silver.devops.gov.bc.ca/" + "${var.cognito_app_client_logout_chain_url.prod}https://nr-spar-prod-frontend.apps.silver.devops.gov.bc.ca/" ] enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" diff --git a/infrastructure/server/variables_provided.tf b/infrastructure/server/variables_provided.tf index f270686f8..28ff694da 100644 --- a/infrastructure/server/variables_provided.tf +++ b/infrastructure/server/variables_provided.tf @@ -334,4 +334,10 @@ variable "prod_override_bcsc_userinfo_proxy_endpoint" { description = "Endpoint for Cognito to get userinfo data for BCSC PROD environment" type = string default = "not used unless overridden in terragrunt" +} + +variable "dev_pr_url_count" { + description = "Number of pull request redirect urls of Cognito dev clients" + type = number + default = 50 } \ No newline at end of file