From 1e53de15468accfab2537e0a0361e2b9a8645df9 Mon Sep 17 00:00:00 2001
From: Ronaldo Macapobre <rmacapob@gov.bc.ca>
Date: Fri, 3 Jan 2025 23:51:55 +0000
Subject: [PATCH] Added PCSS secrets

---
 .../cloud/modules/SecretsManager/main.tf           | 14 ++++++++++++++
 .../cloud/modules/SecretsManager/output.tf         | 14 +++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/infrastructure/cloud/modules/SecretsManager/main.tf b/infrastructure/cloud/modules/SecretsManager/main.tf
index bd823c9a..cc8bfd00 100644
--- a/infrastructure/cloud/modules/SecretsManager/main.tf
+++ b/infrastructure/cloud/modules/SecretsManager/main.tf
@@ -209,3 +209,17 @@ resource "aws_secretsmanager_secret_version" "api_authorizer_secret_value" {
     "verifyKey" = random_uuid.initial_api_auth_value.result
   })
 }
+
+resource "aws_secretsmanager_secret" "pcss_secret" {
+  name       = "external/${var.app_name}-pcss-secret-${var.environment}"
+  kms_key_id = var.kms_key_arn
+}
+
+resource "aws_secretsmanager_secret_version" "pcss_secret_value" {
+  secret_id = aws_secretsmanager_secret.pcss_secret.id
+  secret_string = jsonencode({
+    username = "",
+    password = "",
+    baseUrl  = ""
+  })
+}
diff --git a/infrastructure/cloud/modules/SecretsManager/output.tf b/infrastructure/cloud/modules/SecretsManager/output.tf
index 4162b9cf..2ccc8074 100644
--- a/infrastructure/cloud/modules/SecretsManager/output.tf
+++ b/infrastructure/cloud/modules/SecretsManager/output.tf
@@ -12,7 +12,8 @@ output "secrets_arn_list" {
     aws_secretsmanager_secret.request_secret.arn,
     aws_secretsmanager_secret.splunk_secret.arn,
     aws_secretsmanager_secret.user_services_client_secret.arn,
-    aws_secretsmanager_secret.api_authorizer_secret.arn
+    aws_secretsmanager_secret.api_authorizer_secret.arn,
+    aws_secretsmanager_secret.pcss_secret.arn
   ]
 }
 
@@ -42,6 +43,9 @@ output "api_secrets" {
     ["LookupServicesClient__Username", "${aws_secretsmanager_secret.lookup_services_client_secret.arn}:username::"],
     ["LookupServicesClient__Password", "${aws_secretsmanager_secret.lookup_services_client_secret.arn}:password::"],
     ["LookupServicesClient__Url", "${aws_secretsmanager_secret.lookup_services_client_secret.arn}:baseUrl::"],
+    ["PCSS__Username", "${aws_secretsmanager_secret.pcss_secret.arn}:username::"],
+    ["PCSS__Password", "${aws_secretsmanager_secret.pcss_secret.arn}:password::"],
+    ["PCSS__Url", "${aws_secretsmanager_secret.pcss_secret.arn}:baseUrl::"],
     ["Request__ApplicationCd", "${aws_secretsmanager_secret.request_secret.arn}:applicationCd::"],
     ["Request__AgencyIdentifierId", "${aws_secretsmanager_secret.request_secret.arn}:agencyIdentifierId::"],
     ["Request__GetUserLoginDefaultAgencyId", "${aws_secretsmanager_secret.request_secret.arn}:getUserLoginDefaultAgencyId::"],
@@ -89,3 +93,11 @@ output "allowed_ip_ranges" {
   value     = jsondecode(data.aws_secretsmanager_secret_version.current_misc_secret_value.secret_string).allowedIpRanges
   sensitive = true
 }
+
+output "file_services_client_secret_name" {
+  value = aws_secretsmanager_secret.file_services_client_secret.name
+}
+
+output "pcss_secret_name" {
+  value = aws_secretsmanager_secret.pcss_secret.name
+}
\ No newline at end of file