Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create PierianDx permission stack #407

Closed
alexiswl opened this issue Apr 4, 2024 · 4 comments · Fixed by #409
Closed

Create PierianDx permission stack #407

alexiswl opened this issue Apr 4, 2024 · 4 comments · Fixed by #409
Assignees
@alexiswl
Labels
feature New feature or request infrastructure Label this for automatically get onto infrastructure project board

Comments

@alexiswl
Copy link
Member

alexiswl commented Apr 4, 2024

Problem

Currently we're generating a new pieriandx session token every five minutes (stored in AWS secrets manager) courtesy of the cttso-ica-to-pieriandx stack.

Comprises the following

  • Has two secrets - an API Key (just a username password combination updated every second month) and an access token (expires after 5 mins)
  • One lambda that has read access to the API Key and read/write access to the access token. Lambda determines if the access token is valid / not expired. If the access token is near expired (within 30 seconds), access token is regenerated and stored in AWS secretsmanager, the new access token is returned to the user.
  • One shell script to update the pieriandx username password combination.
@alexiswl alexiswl added the feature New feature or request label Apr 4, 2024
@alexiswl alexiswl self-assigned this Apr 4, 2024
@alexiswl
Copy link
Member Author

alexiswl commented Apr 4, 2024

This service can be used by the cttso-ica-to-pieriandx stack as well as the new v2 pieriandx submission service.

@victorskl victorskl added the infrastructure Label this for automatically get onto infrastructure project board label Apr 4, 2024
@victorskl
Copy link
Member

victorskl commented Apr 5, 2024
edited
Loading

Perhaps, check it out OrcaBus TokenService stack umccr/orcabus#197 and, links pointer in umccr/orcabus#127

@alexiswl
Copy link
Member Author

alexiswl commented Apr 8, 2024

Thanks @victorskl, I'm using the icav2 credentials stack as my template here. Not as simple as the key rotation here since token expires every 30 minutes!

@victorskl
Copy link
Member

O, 30 minutes... is a bit brutal.! 😭

@alexiswl alexiswl linked a pull request Apr 8, 2024 that will close this issue
Cdkts/pieriandx password stack #409
Merged
@alexiswl alexiswl mentioned this issue May 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexiswl alexiswl

Labels
feature New feature or request infrastructure Label this for automatically get onto infrastructure project board
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cdkts/pieriandx password stack umccr/infrastructure
2 participants
@victorskl @alexiswl