Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Testing Terraform Auth0 Connections #4910

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
+87 −0
Draft

✨ Testing Terraform Auth0 Connections #4910

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3654dd4
:sparkles: New repository added for the certificate flask application.
PepperMoJ Sep 30, 2024
03864e6
:negative_squared_cross_mark: Removed homepage URL variable.
PepperMoJ Sep 30, 2024
4a33750
:sparkles: Added GitHub Actions secrets to `TF_VAR` list
PepperMoJ Oct 14, 2024
a219912
:sparkles: Added test connection use Terraform for Azure AD
PepperMoJ Oct 14, 2024
477ea1c
:sparkles: Added two new Terraform variables for client ID and secret
PepperMoJ Oct 14, 2024
fc994a3
:sparkles: Added GitHub Action Secret for encryption key values.
PepperMoJ Oct 14, 2024
8f219f5
:fire: Removed default variable functions
PepperMoJ Oct 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/cicd-terraform-auth0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,9 @@ jobs:
TF_VAR_auth0_client_id_test=${{ secrets.AUTH0_OPERATIONS_ENGINEERING_DEV_DEFAULT_CLIENTID }}
TF_VAR_auth0_client_secret_test=${{ secrets.AUTH0_OPERATIONS_ENGINEERING_DEV_DEFAULT_CLIENTSECRET }}
TF_VAR_auth0_domain_test=${{ secrets.AUTH0_OPERATIONS_ENGINEERING_DEV_DOMAIN }}
TF_VAR_auth0_azure_client_secret_test=${{ secrets.AZURE_CLIENT_SECRET_TEST }}
TF_VAR_auth0_azure_client_id_test=${{ secrets.AZURE_CLIENT_ID_TEST }}
TF_VAR_terraform_provider_auth0_encryption_key=${{ secrets.TERRAFORM_PROVIDER_AUTH0_ENCRYPTION_KEY }}
TF_VAR_default_app_encryption_key=${{ secrets.DEFAULT_APP_ENCRYPTION_KEY }}


2 changes: 2 additions & 0 deletions terraform/auth0/operations-engineering-test/clients.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ resource "auth0_client" "terraform_provider_auth0" {
custom_login_page = null
custom_login_page_on = true
description = null
encryption_key = var.terraform_provider_auth0_encryption_key
form_template = null
grant_types = ["client_credentials"]
initiate_login_uri = null
Expand Down Expand Up @@ -145,6 +146,7 @@ resource "auth0_client" "default_app" {
custom_login_page = null
custom_login_page_on = true
description = null
encryption_key = var.default_app_encryption_key
form_template = null
grant_types = ["authorization_code", "implicit", "refresh_token", "client_credentials"]
initiate_login_uri = null
Expand Down
38 changes: 38 additions & 0 deletions terraform/auth0/operations-engineering-test/connections.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
resource "auth0_connection" "operations_engineering_test_connection" {
name = "test-connection-azure-ad"
strategy = "waad"
show_as_button = true
options {
identity_api = "azure-active-directory-v1.0"
client_id = var.azure_client_id_test
client_secret = var.azure_client_secret_test
strategy_version = 2
user_id_attribute = "userName"
app_id = "app-id-123"
tenant_domain = "example.onmicrosoft.com"
domain = "example.onmicrosoft.com"
domain_aliases = [
"example.com",
"api.example.com"
]
icon_url = "https://example.onmicrosoft.com/assets/logo.png"
use_wsfed = false
waad_protocol = "openid-connect"
waad_common_endpoint = false
max_groups_to_retrieve = 250
api_enable_users = true
scopes = [
"basic_profile",
"ext_groups",
"ext_profile"
]
set_user_root_attributes = "on_each_login"
should_trust_email_verified_connection = "never_set_emails_as_verified"
upstream_params = jsonencode({
"screen_name" : {
"alias" : "login_hint"
}
})
non_persistent_attrs = ["ethnicity", "gender"]
}
}
24 changes: 24 additions & 0 deletions terraform/auth0/operations-engineering-test/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,27 @@ variable "auth0_client_secret_test" {
type = string
sensitive = true
}

variable "azure_client_secret_test" {
description = "Test client secret for azure connection"
type = string
sensitive = true
}

variable "azure_client_id_test" {
description = "Test client ID for azure connection"
type = string
sensitive = true
}

variable "terraform_provider_auth0_encryption_key" {
description = "Encryption key value for terraform provider auth0"
type = string
sensitive = true
}

variable "default_app_encryption_key" {
description = "Encryption key value for the default app"
type = string
sensitive = true
}
17 changes: 17 additions & 0 deletions terraform/github/repositories/ministryofjustice/operations-engineering-certificate-form.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
module "operations-engineering-certificate-form" {
source = "ministryofjustice/repository/github"
version = "1.2.0"

name = "operations-engineering-certificate-form"
description = "An experimental web form that assists with automating part of the certificate renewal process."
topics = ["operations-engineering"]

template = {
owner = "ministryofjustice"
repository = "operations-engineering-flask-template"
}

team_access = {
admin = [var.operations_engineering_team_id]
}
}