Config auth (phase 4)

FIAP-3SOAT-G15 · May 18, 2024 · 6b5c100 · 6b5c100
1 parent 3bb2de5
commit 6b5c100
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 34 deletions.
diff --git a/.github/workflows/provisioning.yml → .github/workflows/provision.yml b/.github/workflows/provisioning.yml → .github/workflows/provision.yml
@@ -1,24 +1,24 @@
-name: "Provisioning"
+name: Provision
 
 on:
   push:
     branches:
       - main
     paths:
-      - .github/workflows/provisioning.yml
+      - .github/workflows/provision.yml
       - 'terraform/**'
       - 'src/**'
   pull_request:
     branches:
       - main
     paths:
-      - .github/workflows/provisioning.yml
+      - .github/workflows/provision.yml
       - 'terraform/**'
       - 'src/**'
   workflow_dispatch:
 
 jobs:
-  provisioning:
+  provision:
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -40,7 +40,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::202062340677:role/TechChallengeAuthDeployer
+          role-to-assume: ${{ vars.AWS_IAM_ROLE }}
           aws-region: ${{ vars.AWS_REGION }}
 
       - name: Setup Terraform

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Bleno Claus, Giovanni di Luca, Mateus Albino, Wellyson Freitas
+Copyright (c) 2023 Bleno Claus, Giovanni di Luca, Lucas Gabriel, Mateus Albino, Wellyson Freitas
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/src/auth-authorizer/lambda_function.py b/src/auth-authorizer/lambda_function.py
@@ -2,8 +2,6 @@
 import jwt
 from jwt.algorithms import RSAAlgorithm
 import requests
-from urllib.request import urlopen
-
 
 REGION = os.environ.get('REGION')
 USER_POOL_ID = os.environ.get('USER_POOL_ID')
@@ -12,34 +10,36 @@
 KEYS_URL = f'https://cognito-idp.{REGION}.amazonaws.com/{USER_POOL_ID}/.well-known/jwks.json'
 KEYS = requests.get(KEYS_URL).json()['keys']
 
+
 def lambda_handler(event, context):
     print('event: ', event)
 
     token = event['authorizationToken']
     if token.startswith('Bearer '):
         token = token.split(' ')[1]
-    
+
     try:
         headers = jwt.get_unverified_header(token)
         key = [k for k in KEYS if k['kid'] == headers['kid']][0]
         public_key = RSAAlgorithm.from_jwk(key)
-        claims = jwt.decode(token, public_key, algorithms = ['RS256'], audience = APP_CLIENT_ID)
+        claims = jwt.decode(token, public_key, algorithms=['RS256'], audience=APP_CLIENT_ID)
         print('claims: ', claims)
     except Exception as e:
         print('Error: ', e)
-        return generate_policy('user', 'Deny', event['methodArn'])    
+        return generate_policy('user', 'Deny', event['methodArn'])
 
     groups = claims.get('cognito:groups', [])
     print('groups: ', groups)
 
     if 'admin' not in groups:
         return generate_policy('user', 'Deny', event['methodArn'])
-    
+
     return generate_policy('user', 'Allow', event['methodArn'])
 
+
 def generate_policy(principal_id, effect, resource):
-    auth_response = {}
-    auth_response['principalId'] = principal_id
+    auth_response = {'principalId': principal_id}
+
     if effect and resource:
         policy_document = {
             'Version': '2012-10-17',
@@ -50,5 +50,7 @@ def generate_policy(principal_id, effect, resource):
             }]
         }
         auth_response['policyDocument'] = policy_document
+
     print('auth_response: ', auth_response)
+
     return auth_response
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -6,25 +6,15 @@ data "terraform_remote_state" "tech-challenge" {
   backend = "s3"
 
   config = {
-    bucket = "fiap-3soat-g15-infra-tech-challenge-state"
-    key    = "live/terraform.tfstate"
-    region = var.region
-  }
-}
-
-data "terraform_remote_state" "rds" {
-  backend = "s3"
-
-  config = {
-    bucket = "fiap-3soat-g15-infra-db-state"
+    bucket = "fiap-3soat-g15-iac-tech-challenge"
     key    = "live/terraform.tfstate"
     region = var.region
   }
 }
 
 resource "null_resource" "always_run" {
   triggers = {
-    timestamp = "${timestamp()}"
+    timestamp = timestamp()
   }
 }
 
@@ -93,14 +83,6 @@ resource "aws_cognito_user_pool_client" "client" {
   user_pool_id = aws_cognito_user_pool.user_pool.id
 }
 
-data "aws_ssm_parameter" "rds_param" {
-  name = data.terraform_remote_state.rds.outputs.rds_ssm_parameter_name
-}
-
-data "aws_secretsmanager_secret" "rds_secret" {
-  arn = data.terraform_remote_state.rds.outputs.db_instance_master_user_secret_arn
-}
-
 data "aws_lb" "load_balancer" {
   name = var.load_balancer_name
 }