Skip to content

Commit

Permalink
Merge pull request #2 from cruxstack/add-discovery-info-to-secret
Browse files Browse the repository at this point in the history
feat: discovery info to secrets
  • Loading branch information
sgtoj authored Jan 2, 2024
2 parents 570c5ab + 4057452 commit 10de1d4
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 8 deletions.
7 changes: 7 additions & 0 deletions examples/complete/output.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
output "userpool_id" {
value = module.congito_userpool_clients.userpool_id
}

output "userpool_discovery_data" {
value = module.congito_userpool_clients.userpool_discovery_data
}
36 changes: 28 additions & 8 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
locals {
enabled = module.this.enabled
userpool_id = var.userpool_id
enabled = module.this.enabled
userpool_id = var.userpool_id
userpool_discovery_data = local.enabled ? jsondecode(data.http.cognito_user_pool[0].body) : null

aws_kv_namespace = trim(coalesce(var.aws_kv_namespace, "cognito-userpool-clients/${local.userpool_id}"), "/")
aws_region_name = local.enabled ? data.aws_region.current[0].name : ""

defaults = merge(var.client_defaults, { userpool_id = var.userpool_id })

Expand Down Expand Up @@ -91,6 +93,12 @@ locals {
builtin_write_attrs = [
for x in local.builtin_read_attrs : x if !contains(["email_verified", "phone_number_verified"], x)
]


}

data "aws_region" "current" {
count = local.enabled ? 1 : 0
}

# ================================================================== clients ===
Expand Down Expand Up @@ -170,11 +178,23 @@ resource "aws_secretsmanager_secret_version" "clients" {

secret_id = aws_secretsmanager_secret.clients[each.key].id
secret_string = jsonencode({
user_pool_id = local.userpool_id
client_id = each.value.id
client_secret = each.value.client_secret
scopes = each.value.allowed_oauth_scopes
callback_urls = each.value.callback_urls
logout_urls = each.value.logout_urls
user_pool_id = local.userpool_id
userpool_id = local.userpool_id
client_id = each.value.id
client_secret = each.value.client_secret
scopes = each.value.allowed_oauth_scopes
callback_urls = each.value.callback_urls
logout_urls = each.value.logout_urls
authorize_endpoint = local.userpool_discovery_data.authorization_endpoint
token_endpoint = local.userpool_discovery_data.token_endpoint
userinfo_endpoint = local.userpool_discovery_data.userinfo_endpoint
})
}

# ================================================================== lookups ===

data "http" "cognito_user_pool" {
count = local.enabled ? 1 : 0

url = "https://cognito-idp.${local.aws_region_name}.amazonaws.com/${local.userpool_id}/.well-known/openid-configuration"
}
8 changes: 8 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
output "userpool_id" {
value = local.userpool_id
}

output "userpool_discovery_data" {
value = local.userpool_discovery_data
}

output "clients" {
description = "Map of Cognito user pool clients created by the module."
value = aws_cognito_user_pool_client.this
Expand Down
5 changes: 5 additions & 0 deletions version.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,10 @@ terraform {
source = "hashicorp/aws"
version = ">= 5.0.0, < 6.0.0"
}

http = {
source = "hashicorp/http"
version = ">= 3.4.1"
}
}
}

0 comments on commit 10de1d4

Please sign in to comment.