From 16693ade42afebcf4bc529512bd48410d9f6c6ea Mon Sep 17 00:00:00 2001 From: Michael Collins <15347726+michaeljcollinsuk@users.noreply.github.com> Date: Fri, 9 Feb 2024 17:47:39 +0000 Subject: [PATCH] Update env secrets created when creating auth0 client Adds AWS_DATA_ACCOUNT_ID and APP_ROLE_ARN to secrets that are then used to deploy an app. These are added to both environmnets although currently both values will be the same. This allows it to be extended in the future to have different values for different environments. --- controlpanel/api/cluster.py | 16 +++++++++++----- tests/api/cluster/test_app.py | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/controlpanel/api/cluster.py b/controlpanel/api/cluster.py index 23e5b5dda..bcc068801 100644 --- a/controlpanel/api/cluster.py +++ b/controlpanel/api/cluster.py @@ -388,6 +388,8 @@ class App(EntityResource): AUTH0_CONNECTIONS = "AUTH0_CONNECTIONS" AUTHENTICATION_REQUIRED = "AUTHENTICATION_REQUIRED" AUTH0_PASSWORDLESS = "AUTH0_PASSWORDLESS" + APP_ROLE_ARN = "APP_ROLE_ARN" + DATA_ACCOUNT_ID = 'DATA_ACCOUNT_ID' def __init__(self, app, github_api_token=None, auth0_instance=None): super(App, self).__init__() @@ -411,7 +413,9 @@ def create_or_update_secrets(self, env_name, secret_data): def _create_secrets(self, env_name, client=None): secret_data: dict = { - App.IP_RANGES: self.app.env_allowed_ip_ranges(env_name=env_name) + App.IP_RANGES: self.app.env_allowed_ip_ranges(env_name=env_name), + App.APP_ROLE_ARN: self.app.iam_role_arn, + App.DATA_ACCOUNT_ID: settings.AWS_DATA_ACCOUNT_ID } if client: secret_data[App.AUTH0_CLIENT_ID] = client["client_id"] @@ -651,12 +655,13 @@ def get_env_vars(self, env_name): return app_env_vars def create_auth_settings( - self, env_name, disable_authentication=False, connections=None, app_domain=None + self, env_name, disable_authentication=False, connections=None, app_domain=None ): client = None group = None - connections = connections or \ - {auth0.ExtendedAuth0.DEFAULT_CONNECTION_OPTION: {}} + if connections is None: + connections = {auth0.ExtendedAuth0.DEFAULT_CONNECTION_OPTION: {}} + if not disable_authentication: client, group = self._get_auth0_instance().setup_auth0_client( client_name=self.app.auth0_client_name(env_name), @@ -665,7 +670,8 @@ def create_auth_settings( app_domain=app_domain ) self.app.save_auth_settings( - env_name=env_name, client=client, group=group) + env_name=env_name, client=client, group=group + ) self._create_secrets(env_name, client=client) self._create_env_vars( env_name, diff --git a/tests/api/cluster/test_app.py b/tests/api/cluster/test_app.py index bafa396f1..7530b755d 100644 --- a/tests/api/cluster/test_app.py +++ b/tests/api/cluster/test_app.py @@ -4,6 +4,7 @@ # Third-party import pytest +from django.conf import settings # First-party/Local from controlpanel.api import cluster, models @@ -156,5 +157,22 @@ def test_update_auth_connections(app, ExtendedAuth0): existing_conns='github') +@patch("controlpanel.api.models.App.env_allowed_ip_ranges", new=MagicMock(return_value="1.2.3")) +def test_create_secrets(app): + app_cluster = cluster.App(app) + secrets = { + app_cluster.IP_RANGES: "1.2.3", + app_cluster.APP_ROLE_ARN: app.iam_role_arn, + app_cluster.DATA_ACCOUNT_ID: settings.AWS_DATA_ACCOUNT_ID + } + with patch.object(app_cluster, "create_or_update_secrets"): + app_cluster._create_secrets(env_name="dev", client=None) + app_cluster.create_or_update_secrets.assert_called_once_with( + env_name="dev", + secret_data=secrets + ) + + +# TODO can this be removed? mock_ingress = MagicMock(name="Ingress") mock_ingress.spec.rules = [MagicMock(name="Rule", host="test-app.example.com")]