fic(1197): remove unused var, refs:#1197

infrastructure/server/oidc_idp_bceid_business.tf

@@ -11,10 +11,10 @@ resource "aws_cognito_identity_provider" "dev_bceid_business_oidc_provider" {
     client_secret             = var.dev_oidc_bceid_business_idp_client_secret
     oidc_issuer               = var.dev_oidc_idp_issuer
     attributes_request_method = "GET"
-    authorize_url = var.dev_oidc_idp_authorization_endpoint
-    token_url = var.dev_oidc_idp_token_endpoint
-    attributes_url = var.dev_oidc_idp_userinfo_endpoint
-    jwks_uri = var.dev_oidc_idp_jwk_endpoint
+    authorize_url             = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -40,10 +40,10 @@ resource "aws_cognito_identity_provider" "test_bceid_business_oidc_provider" {
     client_secret             = var.test_oidc_bceid_business_idp_client_secret
     oidc_issuer               = var.test_oidc_idp_issuer
     attributes_request_method = "GET"
-    authorize_url = var.test_oidc_idp_authorization_endpoint
-    token_url = var.test_oidc_idp_token_endpoint
-    attributes_url = var.test_oidc_idp_userinfo_endpoint
-    jwks_uri = var.test_oidc_idp_jwk_endpoint
+    authorize_url             = "${var.test_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.test_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.test_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.test_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -72,10 +72,10 @@ resource "aws_cognito_identity_provider" "prod_bceid_business_oidc_provider" {
     client_secret             = var.prod_oidc_bceid_business_idp_client_secret
     oidc_issuer               = var.prod_oidc_idp_issuer
     attributes_request_method = "GET"
-    authorize_url = var.prod_oidc_idp_authorization_endpoint
-    token_url = var.prod_oidc_idp_token_endpoint
-    attributes_url = var.prod_oidc_idp_userinfo_endpoint
-    jwks_uri = var.prod_oidc_idp_jwk_endpoint
+    authorize_url             = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {

infrastructure/server/oidc_idp_idir.tf

@@ -11,10 +11,10 @@ resource "aws_cognito_identity_provider" "dev_idir_oidc_provider" {
     client_secret             = var.dev_oidc_idir_idp_client_secret
     oidc_issuer               = var.dev_oidc_idp_issuer
     attributes_request_method = "GET"
-    authorize_url = var.dev_oidc_idp_authorization_endpoint
-    token_url = var.dev_oidc_idp_token_endpoint
-    attributes_url = var.dev_oidc_idp_userinfo_endpoint
-    jwks_uri = var.dev_oidc_idp_jwk_endpoint
+    authorize_url             = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -38,10 +38,10 @@ resource "aws_cognito_identity_provider" "test_idir_oidc_provider" {
     client_secret             = var.test_oidc_idir_idp_client_secret
     oidc_issuer               = var.test_oidc_idp_issuer
     attributes_request_method = "GET"
-    authorize_url = var.test_oidc_idp_authorization_endpoint
-    token_url = var.test_oidc_idp_token_endpoint
-    attributes_url = var.test_oidc_idp_userinfo_endpoint
-    jwks_uri = var.test_oidc_idp_jwk_endpoint
+    authorize_url             = "${var.test_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.test_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.test_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.test_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -66,10 +66,10 @@ resource "aws_cognito_identity_provider" "prod_idir_oidc_provider" {
     client_secret             = var.prod_oidc_idir_idp_client_secret
     oidc_issuer               = var.prod_oidc_idp_issuer
     attributes_request_method = "GET"
-    authorize_url = var.prod_oidc_idp_authorization_endpoint
-    token_url = var.prod_oidc_idp_token_endpoint
-    attributes_url = var.prod_oidc_idp_userinfo_endpoint
-    jwks_uri = var.prod_oidc_idp_jwk_endpoint
+    authorize_url             = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -82,4 +82,4 @@ resource "aws_cognito_identity_provider" "prod_idir_oidc_provider" {
     "custom:keycloak_username" = "preferred_username"
   }
 
-}
+}

infrastructure/server/variables_provided.tf

@@ -132,81 +132,6 @@ variable "prod_oidc_bcsc_idp_client_id" {
   default = "not.yet.implemented"
 }
 
-
-locals {
-  dev_oidc_idp_endpoint_base = "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect"
-  test_oidc_idp_endpoint_base = "https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect"
-  prod_oidc_idp_endpoint_base = "https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect"
-}
-
-# OIDC authorization endpoint at Pathfinder SSO (Keycloak)
-
-variable "dev_oidc_idp_authorization_endpoint" {
-  type    = string
-  default = "${local.dev_oidc_idp_endpoint_base}/auth"
-}
-
-variable "test_oidc_idp_authorization_endpoint" {
-  type    = string
-  default = "${local.test_oidc_idp_endpoint_base}/auth"
-}
-
-variable "prod_oidc_idp_authorization_endpoint" {
-  type    = string
-  default = "${local.prod_oidc_idp_endpoint_base}/auth"
-}
-
-# OIDC token endpoint at Pathfinder SSO (Keycloak)
-
-variable "dev_oidc_idp_token_endpoint" {
-  type    = string
-  default = "${local.dev_oidc_idp_endpoint_base}/token"
-}
-
-variable "test_oidc_idp_token_endpoint" {
-  type    = string
-  default = "${local.test_oidc_idp_endpoint_base}/token"
-}
-
-variable "prod_oidc_idp_token_endpoint" {
-  type    = string
-  default = "${local.prod_oidc_idp_endpoint_base}/token"
-}
-
-# OIDC userinfo endpoint at Pathfinder SSO (Keycloak)
-
-variable "dev_oidc_idp_userinfo_endpoint" {
-  type    = string
-  default = "${local.dev_oidc_idp_endpoint_base}/userinfo"
-}
-
-variable "test_oidc_idp_userinfo_endpoint" {
-  type    = string
-  default = "${local.test_oidc_idp_endpoint_base}/userinfo"
-}
-
-variable "prod_oidc_idp_userinfo_endpoint" {
-  type    = string
-  default = "${local.prod_oidc_idp_endpoint_base}/userinfo"
-}
-
-# OIDC jwk endpoint at Pathfinder SSO (Keycloak)
-
-variable "dev_oidc_idp_jwk_endpoint" {
-  type    = string
-  default = "${local.dev_oidc_idp_endpoint_base}/certs"
-}
-
-variable "test_oidc_idp_jwk_endpoint" {
-  type    = string
-  default = "${local.test_oidc_idp_endpoint_base}/certs"
-}
-
-variable "prod_oidc_idp_jwk_endpoint" {
-  type    = string
-  default = "${local.prod_oidc_idp_endpoint_base}/certs"
-}
-
 # Networking Variables
 variable "subnet_data_a" {
   description = "Value of the name tag for a subnet in the DATA security group"