From a1b84509f9a84d793e56b632e54b80cb000dbd5d Mon Sep 17 00:00:00 2001 From: catherine meng Date: Mon, 18 Mar 2024 13:17:04 -0700 Subject: [PATCH 1/2] fix(1247): add new client role, update client redirect urls, refs: #1247 --- .../server/oidc_clients_forest_client.tf | 17 ++++++++--------- .../flyway/sql/V40__add_client_role_viewer.sql | 13 +++++++++++++ 2 files changed, 21 insertions(+), 9 deletions(-) create mode 100644 server/flyway/sql/V40__add_client_role_viewer.sql diff --git a/infrastructure/server/oidc_clients_forest_client.tf b/infrastructure/server/oidc_clients_forest_client.tf index 57760358a..c61882d32 100644 --- a/infrastructure/server/oidc_clients_forest_client.tf +++ b/infrastructure/server/oidc_clients_forest_client.tf @@ -8,8 +8,8 @@ resource "aws_cognito_user_pool_client" "dev_forest_client_oidc_client" { "http://localhost:3000/dashboard", ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/dashboard"]) logout_urls = concat([ - "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/" - ], [for i in range("${var.dev_pr_url_count}") : "${var.cognito_app_client_logout_chain_url.dev}https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/"]) + "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/logout" + ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/logout"]) enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH"] @@ -45,12 +45,11 @@ resource "aws_cognito_user_pool_client" "test_forest_client_oidc_client" { callback_urls = [ "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "http://localhost:3000/dashboard", - "https://nr-forest-client-test-frontend.apps.silver.devops.gov.bc.ca/dashboard" + "https://forestclient-tst.nrs.gov.bc.ca/dashboard" ] logout_urls = [ - "http://localhost:3000/", - "${var.cognito_app_client_logout_chain_url.test}https://nr-forest-client-test-frontend.apps.silver.devops.gov.bc.ca/", - "${var.cognito_app_client_logout_chain_url.test}https://www2.qa.gov.bc.ca/gov/content/industry/natural-resource-use/client-number" + "http://localhost:3000/logout", + "https://forestclient-tst.nrs.gov.bc.ca/logout", ] enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" @@ -84,11 +83,11 @@ resource "aws_cognito_user_pool_client" "prod_forest_client_oidc_client" { callback_urls = [ "https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/", "http://localhost:3000/dashboard", - "https://nr-forest-client-prod-frontend.apps.silver.devops.gov.bc.ca/dashboard" + "https://forestclient.nrs.gov.bc.ca/dashboard" ] logout_urls = [ - "http://localhost:3000/", - "${var.cognito_app_client_logout_chain_url.prod}https://nr-forest-client-prod-frontend.apps.silver.devops.gov.bc.ca/" + "http://localhost:3000/logout", + "https://forestclient.nrs.gov.bc.ca/logout" ] enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true" diff --git a/server/flyway/sql/V40__add_client_role_viewer.sql b/server/flyway/sql/V40__add_client_role_viewer.sql new file mode 100644 index 000000000..d7dbcdd13 --- /dev/null +++ b/server/flyway/sql/V40__add_client_role_viewer.sql @@ -0,0 +1,13 @@ +-- Add a role for CLIENT_DEV, CLIENT_TEST and CLIENT_PROD +INSERT INTO app_fam.fam_role ( + role_name, + role_purpose, + application_id, + role_type_code, + create_user, + create_date +) +VALUES ('CLIENT_VIEWER', 'Ministry role to view client information', (select application_id from app_fam.fam_application where application_name = 'CLIENT_DEV'), 'C', CURRENT_USER, CURRENT_DATE), + ('CLIENT_VIEWER', 'Ministry role to view client information', (select application_id from app_fam.fam_application where application_name = 'CLIENT_TEST'), 'C', CURRENT_USER, CURRENT_DATE), + ('CLIENT_VIEWER', 'Ministry role to view client information', (select application_id from app_fam.fam_application where application_name = 'CLIENT_PROD'), 'C', CURRENT_USER, CURRENT_DATE) +; \ No newline at end of file From 9932381eef3ba375d632cfbfe00d13c133ce3f85 Mon Sep 17 00:00:00 2001 From: catherine meng Date: Mon, 18 Mar 2024 13:24:20 -0700 Subject: [PATCH 2/2] fix(1247): fix missed logout redirect url, refs: #1247 --- infrastructure/server/oidc_clients_forest_client.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/server/oidc_clients_forest_client.tf b/infrastructure/server/oidc_clients_forest_client.tf index c61882d32..04f2b3b8e 100644 --- a/infrastructure/server/oidc_clients_forest_client.tf +++ b/infrastructure/server/oidc_clients_forest_client.tf @@ -8,7 +8,7 @@ resource "aws_cognito_user_pool_client" "dev_forest_client_oidc_client" { "http://localhost:3000/dashboard", ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/dashboard"]) logout_urls = concat([ - "${var.cognito_app_client_logout_chain_url.dev}http://localhost:3000/logout" + "http://localhost:3000/logout" ], [for i in range("${var.dev_pr_url_count}") : "https://nr-forest-client-${i}-frontend.apps.silver.devops.gov.bc.ca/logout"]) enable_propagate_additional_user_context_data = "false" enable_token_revocation = "true"