fix: #1247 #1233 Merge hotfix to add new client role, update client r…

…edirect urls (#1251) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
bcgov · Mar 19, 2024 · 9c220ab · 9c220ab
1 parent ac24c9c
commit 9c220ab
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## [1.12.2](https://github.com/bcgov/nr-forests-access-management/compare/v1.12.1...v1.12.2) (2024-03-18)
+
+
+### Bug Fixes
+
+* [#1247](https://github.com/bcgov/nr-forests-access-management/issues/1247) [#1233](https://github.com/bcgov/nr-forests-access-management/issues/1233) add new client role, update client redirect urls ([#1249](https://github.com/bcgov/nr-forests-access-management/issues/1249)) ([2a79595](https://github.com/bcgov/nr-forests-access-management/commit/2a79595189e3bf3ccce56fc73218d25c6ec52ec0))
+
 ## [1.12.1](https://github.com/bcgov/nr-forests-access-management/compare/v1.12.0...v1.12.1) (2024-03-14)
 
 

diff --git a/infrastructure/server/oidc_clients_forest_client.tf b/infrastructure/server/oidc_clients_forest_client.tf
@@ -8,8 +8,8 @@ resource "aws_cognito_user_pool_client" "dev_forest_client_oidc_client" {
     "http://localhost:3000/dashboard",
   ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/dashboard"])
   logout_urls = concat([
-    "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/"
-  ], [for i in range("${var.dev_pr_url_count}") : "${var.cognito_app_client_logout_chain_url.dev}https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/"])
+    "http://localhost:3000/logout"
+  ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/logout"])
   enable_propagate_additional_user_context_data = "false"
   enable_token_revocation                       = "true"
   explicit_auth_flows                           = ["ALLOW_REFRESH_TOKEN_AUTH"]
@@ -45,12 +45,11 @@ resource "aws_cognito_user_pool_client" "test_forest_client_oidc_client" {
   callback_urls = [
     "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/",
     "http://localhost:3000/dashboard",
-    "https://nr-forest-client-test-frontend.apps.silver.devops.gov.bc.ca/dashboard"
+    "https://forestclient-tst.nrs.gov.bc.ca/dashboard"
   ]
   logout_urls = [
-    "http://localhost:3000/",
-    "${var.cognito_app_client_logout_chain_url.test}https://nr-forest-client-test-frontend.apps.silver.devops.gov.bc.ca/",
-    "${var.cognito_app_client_logout_chain_url.test}https://www2.qa.gov.bc.ca/gov/content/industry/natural-resource-use/client-number"
+    "http://localhost:3000/logout",
+    "https://forestclient-tst.nrs.gov.bc.ca/logout",
   ]
   enable_propagate_additional_user_context_data = "false"
   enable_token_revocation                       = "true"
@@ -84,11 +83,11 @@ resource "aws_cognito_user_pool_client" "prod_forest_client_oidc_client" {
   callback_urls = [
     "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/",
     "http://localhost:3000/dashboard",
-    "https://nr-forest-client-prod-frontend.apps.silver.devops.gov.bc.ca/dashboard"
+    "https://forestclient.nrs.gov.bc.ca/dashboard"
   ]
   logout_urls = [
-    "http://localhost:3000/",
-    "${var.cognito_app_client_logout_chain_url.prod}https://nr-forest-client-prod-frontend.apps.silver.devops.gov.bc.ca/"
+    "http://localhost:3000/logout",
+    "https://forestclient.nrs.gov.bc.ca/logout"
   ]
   enable_propagate_additional_user_context_data = "false"
   enable_token_revocation                       = "true"

diff --git a/server/flyway/sql/V40__add_client_role_viewer.sql b/server/flyway/sql/V40__add_client_role_viewer.sql
@@ -0,0 +1,13 @@
+-- Add a role for CLIENT_DEV, CLIENT_TEST and CLIENT_PROD
+INSERT INTO app_fam.fam_role (
+    role_name,
+    role_purpose,
+    application_id,
+    role_type_code,
+    create_user,
+    create_date
+)
+VALUES ('CLIENT_VIEWER', 'Ministry role to view client information', (select application_id from app_fam.fam_application where application_name = 'CLIENT_DEV'), 'C', CURRENT_USER, CURRENT_DATE),
+       ('CLIENT_VIEWER', 'Ministry role to view client information', (select application_id from app_fam.fam_application where application_name = 'CLIENT_TEST'), 'C', CURRENT_USER, CURRENT_DATE),
+       ('CLIENT_VIEWER', 'Ministry role to view client information', (select application_id from app_fam.fam_application where application_name = 'CLIENT_PROD'), 'C', CURRENT_USER, CURRENT_DATE)
+;
diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-1.12.1
+1.12.2