Skip to content

Commit

Permalink
cleanup: Remove Cognito-related environment variables (#2732)
Browse files Browse the repository at this point in the history
  • Loading branch information
joshlarson authored Aug 7, 2024
1 parent 8b2b317 commit 03652e9
Show file tree
Hide file tree
Showing 9 changed files with 4 additions and 28 deletions.
8 changes: 0 additions & 8 deletions .envrc.template
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,6 @@ export SECRET_KEY_BASE=$(openssl rand -base64 48)
## Used by Erlang (only required in production)
# export RELEASE_COOKIE=

## AWS Cognito Authentication/authorization details (only required in production)
# export COGNITO_DOMAIN
# export COGNITO_CLIENT_ID
# export COGNITO_CLIENT_SECRET
# export COGNITO_USER_POOL_ID
# export COGNITO_AWS_REGION
# export GUARDIAN_SECRET_KEY

## CDN details (only required in production)
# export STATIC_SCHEME
# export STATIC_HOST
Expand Down
2 changes: 1 addition & 1 deletion ARCHITECTURE.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,4 @@ Skate is read-only, so it only needs to ingest data and present it. Skate uses t

## Authentication

Skate's authentication uses AWS Cognito as a middleman to manage interaction with Active Directory (using federated services). The actual login page the user interacts with is hosted by Active Directory, you use your same username and password as your email. We could someday add levels of authorization using groups in Cognito, but don't at this time.
Skate's authentication uses Keycloak as a middleman to manage interaction with Active Directory (using federated services). The actual login page the user interacts with is hosted by Active Directory, you use your same username and password as your email. We could someday add levels of authorization using groups in Keycloak and/or Active Directory, but don't at this time.
6 changes: 2 additions & 4 deletions config/config.exs
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,8 @@ config :logger, :console,
format: "$time [$level] $metadata$message\n",
metadata: [:mfa, :request_id]

# "code" is the secret value returned by AWS to /auth/cognito/callback
log_filter_params =
~w(password code token guardian_default_claims guardian_default_resource guardian_default_token)
~w(password token guardian_default_claims guardian_default_resource guardian_default_token)

config :logster, :filter_parameters, log_filter_params

Expand All @@ -153,10 +152,9 @@ config :phoenix, :filter_parameters, log_filter_params
# Use Jason for JSON parsing in Phoenix
config :phoenix, :json_library, Jason

# Fake Cognito authentication
# Fake Keycloak authentication
config :ueberauth, Ueberauth,
providers: [
cognito: nil,
keycloak: nil
]

Expand Down
1 change: 0 additions & 1 deletion config/dev.exs
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ config :ex_aws,

config :ueberauth, Ueberauth,
providers: [
cognito: {Skate.Ueberauth.Strategy.Fake, [groups: ["skate-dispatcher", "skate-admin"]]},
keycloak:
{Skate.Ueberauth.Strategy.Fake,
[groups: ["skate-readonly", "skate-dispatcher", "skate-admin"]]}
Expand Down
9 changes: 1 addition & 8 deletions config/prod.exs
Original file line number Diff line number Diff line change
Expand Up @@ -51,20 +51,13 @@ config :logger, :console,
format: "$time [$level] node=$node $metadata$message\n",
metadata: [:mfa, :request_id]

# Configure Ueberauth to use Cognito / Keycloak
# Configure Ueberauth to use Keycloak
config :ueberauth, Ueberauth,
providers: [
cognito: {Ueberauth.Strategy.Cognito, []},
keycloak:
{Ueberauth.Strategy.Oidcc, userinfo: true, uid_field: "email", scopes: ~w(openid email)}
]

config :ueberauth, Ueberauth.Strategy.Cognito,
auth_domain: {System, :get_env, ["COGNITO_DOMAIN"]},
client_id: {System, :get_env, ["COGNITO_CLIENT_ID"]},
user_pool_id: {System, :get_env, ["COGNITO_USER_POOL_ID"]},
aws_region: {System, :get_env, ["COGNITO_AWS_REGION"]}

config :ex_aws, json_codec: Jason

config :ehmon, :report_mf, {:ehmon, :info_report}
3 changes: 0 additions & 3 deletions config/runtime.exs
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,6 @@ config :skate, Skate.OpenRouteServiceAPI,
api_key: System.get_env("OPEN_ROUTE_SERVICE_API_KEY"),
client: Skate.OpenRouteServiceAPI.Client

config :ueberauth, Ueberauth.Strategy.Cognito,
client_secret: System.get_env("COGNITO_CLIENT_SECRET")

config :skate, SkateWeb.AuthManager, secret_key: System.get_env("GUARDIAN_SECRET_KEY")

pool_size =
Expand Down
1 change: 0 additions & 1 deletion config/test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ config :skate, Oban, testing: :inline

config :ueberauth, Ueberauth,
providers: [
cognito: {Skate.Ueberauth.Strategy.Fake, [groups: ["skate-dispatcher", "skate-nav-beta"]]},
keycloak: {Skate.Ueberauth.Strategy.Fake, [groups: ["skate-dispatcher", "skate-nav-beta"]]}
]

Expand Down
1 change: 0 additions & 1 deletion mix.exs
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@ defmodule Skate.MixProject do
{:ssl_verify_fun, "~> 1.1"},
{:stream_data, "~> 1.1.1", only: :test},
{:timex, "~> 3.7.5"},
{:ueberauth_cognito, "~> 0.4.0"},
{:ueberauth_oidcc, "~> 0.4.0"},
{:ueberauth, "~> 0.10.5"}
]
Expand Down
1 change: 0 additions & 1 deletion mix.lock
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@
"timex": {:hex, :timex, "3.7.11", "bb95cb4eb1d06e27346325de506bcc6c30f9c6dea40d1ebe390b262fad1862d1", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.20", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 1.1", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "8b9024f7efbabaf9bd7aa04f65cf8dcd7c9818ca5737677c7b76acbc6a94d1aa"},
"tzdata": {:hex, :tzdata, "1.1.1", "20c8043476dfda8504952d00adac41c6eda23912278add38edc140ae0c5bcc46", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a69cec8352eafcd2e198dea28a34113b60fdc6cb57eb5ad65c10292a6ba89787"},
"ueberauth": {:hex, :ueberauth, "0.10.8", "ba78fbcbb27d811a6cd06ad851793aaf7d27c3b30c9e95349c2c362b344cd8f0", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f2d3172e52821375bccb8460e5fa5cb91cfd60b19b636b6e57e9759b6f8c10c1"},
"ueberauth_cognito": {:hex, :ueberauth_cognito, "0.4.0", "62daa3f675298c2b03002d2e1b7e5a30cbc513400e5732a264864a26847e71ac", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:jose, "~> 1.0", [hex: :jose, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.7", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "62378f4f34c8569cd95cc4e7463c56e9981c8afc83fdc516922065f0e1302a35"},
"ueberauth_oidcc": {:hex, :ueberauth_oidcc, "0.4.0", "3fbfbc38735b4dba54ed8bf3e9b80f5054f73cc1ec9af6ae88b7886d25934768", [:mix], [{:oidcc, "~> 3.2.0", [hex: :oidcc, repo: "hexpm", optional: false]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}, {:ueberauth, "~> 0.10", [hex: :ueberauth, repo: "hexpm", optional: false]}], "hexpm", "cdd8517d773cfe499c0b692f795f213b2eb33119afbec34aefd8be0a85c62b21"},
"unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"},
"vector": {:hex, :vector, "1.1.0", "0789b5e00e9c551d8d5880acab9a8f44ed46690d083af397018bf0c7f30c1092", [:mix], [], "hexpm", "48b0a800ec88e55b12c689b09100e4c9ba41ea1befb459221c085a4e70040696"},
Expand Down

0 comments on commit 03652e9

Please sign in to comment.