From 405745246482ef3f43db1833987aa74a8d7bf241 Mon Sep 17 00:00:00 2001 From: Brian Ojeda <9335829+sgtoj@users.noreply.github.com> Date: Tue, 2 Jan 2024 18:16:26 +0000 Subject: [PATCH] feat: discovery info to secrets --- examples/complete/output.tf | 7 +++++++ main.tf | 36 ++++++++++++++++++++++++++++-------- outputs.tf | 8 ++++++++ version.tf | 5 +++++ 4 files changed, 48 insertions(+), 8 deletions(-) diff --git a/examples/complete/output.tf b/examples/complete/output.tf index e69de29..53d181f 100644 --- a/examples/complete/output.tf +++ b/examples/complete/output.tf @@ -0,0 +1,7 @@ +output "userpool_id" { + value = module.congito_userpool_clients.userpool_id +} + +output "userpool_discovery_data" { + value = module.congito_userpool_clients.userpool_discovery_data +} diff --git a/main.tf b/main.tf index ab8c20d..45506bc 100755 --- a/main.tf +++ b/main.tf @@ -1,8 +1,10 @@ locals { - enabled = module.this.enabled - userpool_id = var.userpool_id + enabled = module.this.enabled + userpool_id = var.userpool_id + userpool_discovery_data = local.enabled ? jsondecode(data.http.cognito_user_pool[0].body) : null aws_kv_namespace = trim(coalesce(var.aws_kv_namespace, "cognito-userpool-clients/${local.userpool_id}"), "/") + aws_region_name = local.enabled ? data.aws_region.current[0].name : "" defaults = merge(var.client_defaults, { userpool_id = var.userpool_id }) @@ -91,6 +93,12 @@ locals { builtin_write_attrs = [ for x in local.builtin_read_attrs : x if !contains(["email_verified", "phone_number_verified"], x) ] + + +} + +data "aws_region" "current" { + count = local.enabled ? 1 : 0 } # ================================================================== clients === @@ -170,11 +178,23 @@ resource "aws_secretsmanager_secret_version" "clients" { secret_id = aws_secretsmanager_secret.clients[each.key].id secret_string = jsonencode({ - user_pool_id = local.userpool_id - client_id = each.value.id - client_secret = each.value.client_secret - scopes = each.value.allowed_oauth_scopes - callback_urls = each.value.callback_urls - logout_urls = each.value.logout_urls + user_pool_id = local.userpool_id + userpool_id = local.userpool_id + client_id = each.value.id + client_secret = each.value.client_secret + scopes = each.value.allowed_oauth_scopes + callback_urls = each.value.callback_urls + logout_urls = each.value.logout_urls + authorize_endpoint = local.userpool_discovery_data.authorization_endpoint + token_endpoint = local.userpool_discovery_data.token_endpoint + userinfo_endpoint = local.userpool_discovery_data.userinfo_endpoint }) } + +# ================================================================== lookups === + +data "http" "cognito_user_pool" { + count = local.enabled ? 1 : 0 + + url = "https://cognito-idp.${local.aws_region_name}.amazonaws.com/${local.userpool_id}/.well-known/openid-configuration" +} diff --git a/outputs.tf b/outputs.tf index 1434b54..a029341 100755 --- a/outputs.tf +++ b/outputs.tf @@ -1,3 +1,11 @@ +output "userpool_id" { + value = local.userpool_id +} + +output "userpool_discovery_data" { + value = local.userpool_discovery_data +} + output "clients" { description = "Map of Cognito user pool clients created by the module." value = aws_cognito_user_pool_client.this diff --git a/version.tf b/version.tf index e3e40a2..f6887d2 100755 --- a/version.tf +++ b/version.tf @@ -6,5 +6,10 @@ terraform { source = "hashicorp/aws" version = ">= 5.0.0, < 6.0.0" } + + http = { + source = "hashicorp/http" + version = ">= 3.4.1" + } } }