Merge pull request #4695 from ministryofjustice/kpi-auth

Set up KPI authentication
ministryofjustice · Aug 1, 2024 · 0bf879a · 0bf879a
2 parents f83e228 + a113350
commit 0bf879a
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 5 deletions.
diff --git a/.github/workflows/cicd-terraform-auth0.yml b/.github/workflows/cicd-terraform-auth0.yml
@@ -14,6 +14,7 @@ on:
     branches: ["main"]
 
 env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   TERRAFORM_VERSION: "1.6.6"
 
   TF_VAR_auth0_client_id: ${{ secrets.AUTH0_OPERATIONS_ENGINEERING_PROD_DEFAULT_CLIENTID }}
@@ -54,10 +55,9 @@ jobs:
 
       - name: Post Link to Apply Pipeline
         if: github.ref == 'refs/heads/main'
-        uses: mshick/add-pr-comment@v1
+        uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          repo-token-user-login: "github-actions[bot]"
           message: |
             Your PR is applying here: https://github.com/ministryofjustice/operations-engineering/actions/workflows/cicd-terraform-auth0.yml?query=event%3Apush+branch%3Amain
 
@@ -67,7 +67,7 @@ jobs:
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           delete_user_name: github-actions[bot]
-          ssue_number: ${{ github.event.number }}
+          issue_number: ${{ github.event.number }}
 
       - name: Terraform fmt
         id: fmt
@@ -87,10 +87,9 @@ jobs:
 
       - name: Post Plan to GitHub PR
         if: github.ref != 'refs/heads/main'
-        uses: mshick/add-pr-comment@v1
+        uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          repo-token-user-login: "github-actions[bot]"
           message: |
             ## Terraform github repositories plan
             ```

diff --git a/.gitignore b/.gitignore
@@ -13,6 +13,7 @@ htmlcov
 *__pycache__*
 .DS_Store
 .terraform*
+codeql*
 
 ministryofjustice_first_email_list.json
 moj-analytical-services_first_email_list.json

diff --git a/terraform/auth0/operations-engineering/clients.tf b/terraform/auth0/operations-engineering/clients.tf
@@ -559,3 +559,56 @@ resource "auth0_client" "api_explorer_application" {
   }
 }
 
+resource "auth0_client" "operations_engineering_kpi_dashboard" {
+  allowed_clients                       = []
+  allowed_logout_urls                   = ["http://127.0.0.1:4567", "http://127.0.0.1/", "http://localhost:4567", "http://localhost", "http://operations-engineering-kpi-dashboard.cloud-platform.service.justice.gov.uk", "http://operations-engineering-kpi-dashboard-poc.cloud-platform.service.justice.gov.uk", "http://operations-engineering-kpi-dashboard-prod.cloud-platform.service.justice.gov.uk"]
+  allowed_origins                       = []
+  app_type                              = "regular_web"
+  callbacks                             = ["http://127.0.0.1:4567/callback", "http://127.0.0.1:4567/auth/callback", "http://localhost:4567/auth/callback", "https://localhost:4567/auth/callback", "http://127.0.0.1/callback", "http://localhost:4567/callback", "http://localhost/callback", "http://operations-engineering-kpi-dashboard.cloud-platform.service.justice.gov.uk/callback", "http://operations-engineering-kpi-dashboard-poc.cloud-platform.service.justice.gov.uk/callback", "http://operations-engineering-kpi-dashboard-prod.cloud-platform.service.justice.gov.uk/callback"]
+  client_aliases                        = []
+  client_metadata                       = {}
+  cross_origin_auth                     = false
+  cross_origin_loc                      = null
+  custom_login_page                     = null
+  custom_login_page_on                  = true
+  description                           = null
+  encryption_key                        = {}
+  form_template                         = null
+  grant_types                           = ["authorization_code", "implicit", "refresh_token"]
+  initiate_login_uri                    = null
+  is_first_party                        = true
+  is_token_endpoint_ip_header_trusted   = false
+  logo_uri                              = null
+  name                                  = "Operations-Engineering-KPI-Dashboard"
+  oidc_backchannel_logout_urls          = []
+  oidc_conformant                       = true
+  organization_require_behavior         = null
+  organization_usage                    = null
+  require_pushed_authorization_requests = false
+  sso                                   = false
+  sso_disabled                          = false
+  web_origins                           = ["http://127.0.0.1:4567", "http://localhost:4567", "http://localhost", "http://127.0.0.1/", "http://operations-engineering-kpi-dashboard.cloud-platform.service.justice.gov.uk", "http://operations-engineering-kpi-dashboard-poc.cloud-platform.service.justice.gov.uk", "http://operations-engineering-kpi-dashboard-prod.cloud-platform.service.justice.gov.uk"]
+  jwt_configuration {
+    alg                 = "RS256"
+    lifetime_in_seconds = 36000
+    scopes              = {}
+    secret_encoded      = false
+  }
+  native_social_login {
+    apple {
+      enabled = false
+    }
+    facebook {
+      enabled = false
+    }
+  }
+  refresh_token {
+    expiration_type              = "non-expiring"
+    idle_token_lifetime          = 1296000
+    infinite_idle_token_lifetime = true
+    infinite_token_lifetime      = true
+    leeway                       = 0
+    rotation_type                = "non-rotating"
+    token_lifetime               = 2592000
+  }
+}