Merge pull request #5 from FIAP-3SOAT-G15/update-functions

Update functions
FIAP-3SOAT-G15 · Mar 18, 2024 · d909023 · d909023
2 parents 910d6bc + 94f8077
commit d909023
Show file tree

Hide file tree

Showing 6 changed files with 129 additions and 43 deletions.
diff --git a/.github/workflows/provisioning.yml b/.github/workflows/provisioning.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::202062340677:role/TechChallengeLambdaDeployer
+          role-to-assume: arn:aws:iam::202062340677:role/TechChallengeAuthDeployer
           aws-region: ${{ vars.AWS_REGION }}
 
       - name: Setup Terraform

diff --git a/src/sign-in/lambda_function.py b/src/sign-in/lambda_function.py
@@ -7,6 +7,7 @@
 USER_POOL_ID = os.getenv('USER_POOL_ID')
 CLIENT_ID = os.getenv('CLIENT_ID')
 
+
 def lambda_handler(event, context):
     print(event)
     body = json.loads(event['body'])
@@ -16,26 +17,26 @@ def lambda_handler(event, context):
     if not identifier:
         return {
             'statusCode': 400,
-            'headers': { 'Content-Type': 'application/json' },
+            'headers': {'Content-Type': 'application/json'},
             'body': "{ 'message': 'Identifier (CPF or email) is required' }",
         }
 
     try:
         response = cognito.admin_initiate_auth(
-            UserPoolId = USER_POOL_ID,
-            ClientId = CLIENT_ID,
-            AuthFlow = 'CUSTOM_AUTH',
-            AuthParameters = { 'USERNAME': identifier }
+            UserPoolId=USER_POOL_ID,
+            ClientId=CLIENT_ID,
+            AuthFlow='CUSTOM_AUTH',
+            AuthParameters={'USERNAME': identifier}
         )
         return {
             'statusCode': 200,
-            'headers': { 'Content-Type': 'application/json' },
-            'body': response,
+            'headers': {'Content-Type': 'application/json'},
+            'body': json.dumps(response),
         }
     except cognito.exceptions.ClientError as e:
         print(e)
         return {
             'statusCode': 500,
-            'headers': { 'Content-Type': 'application/json' },
+            'headers': {'Content-Type': 'application/json'},
             'body': "{ 'message': 'Error initiating authentication' }",
         }
diff --git a/src/sign-up/lambda_function.py b/src/sign-up/lambda_function.py
@@ -6,6 +6,7 @@
 
 user_pool_id = os.getenv('USER_POOL_ID')
 
+
 def lambda_handler(event, context):
     print(event)
     body = json.loads(event.get("body", "{}"))
@@ -14,42 +15,41 @@ def lambda_handler(event, context):
     name = body.get('name')
     cpf = body.get('cpf')
 
-    username = ''
     user_attributes = []
     if cpf:
         username = cpf
-        user_attributes.append({ 'Name': 'custom:CPF', 'Value': cpf })
+        user_attributes.append({'Name': 'custom:CPF', 'Value': cpf})
     elif email and name:
         username = email
         user_attributes.extend([
-            { 'Name': 'email', 'Value': email },
-            { 'Name': 'email_verified', 'Value': 'true' },
-            { 'Name': 'name', 'Value': name },
+            {'Name': 'email', 'Value': email},
+            {'Name': 'email_verified', 'Value': 'true'},
+            {'Name': 'name', 'Value': name},
         ])
     else:
         return {
             'statusCode': 400,
-            'headers': { 'Content-Type': 'application/json' },
+            'headers': {'Content-Type': 'application/json'},
             'body': "{ 'message': 'Please provide either CPF or both Email and Name' }"
         }
 
     try:
         response = cognito_client.admin_create_user(
-            UserPoolId = user_pool_id,
-            Username = username,
-            UserAttributes = user_attributes,
-            MessageAction = 'SUPPRESS'
+            UserPoolId=user_pool_id,
+            Username=username,
+            UserAttributes=user_attributes,
+            MessageAction='SUPPRESS'
         )
         print(response)
         return {
             'statusCode': 200,
-            'headers': { 'Content-Type': 'application/json' },
+            'headers': {'Content-Type': 'application/json'},
             'body': "{ 'message': 'User created successfully' }"
         }
     except Exception as e:
         print(e)
         return {
             'statusCode': 500,
-            'headers': { 'Content-Type': 'application/json' },
+            'headers': {'Content-Type': 'application/json'},
             'body': "{ 'message': 'Error creating user' }"
         }
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -1,36 +1,128 @@
-module "lambda_sign_up" {
+locals {
+  runtime = "python3.12"
+}
+
+resource "aws_cognito_user_pool" "user_pool" {
+  name = "self-order-management"
+
+  admin_create_user_config {
+    allow_admin_create_user_only = true
+  }
+
+  schema {
+    attribute_data_type = "String"
+    name                = "CPF"
+    required            = false
+
+    string_attribute_constraints {
+      min_length = 11
+      max_length = 11
+    }
+  }
+
+  lambda_config {
+    define_auth_challenge = module.lambda_auth_challenge.lambda_function_arn
+  }
+
+  tags = var.tags
+
+  depends_on = [
+    module.lambda_auth_challenge
+  ]
+}
+
+resource "aws_cognito_user_group" "admin" {
+  name         = "admin"
+  user_pool_id = aws_cognito_user_pool.user_pool.id
+
+  depends_on = [
+    aws_cognito_user_pool.user_pool
+  ]
+}
+
+resource "aws_cognito_user_group" "customer" {
+  name         = "customer"
+  user_pool_id = aws_cognito_user_pool.user_pool.id
+
+  depends_on = [
+    aws_cognito_user_pool.user_pool
+  ]
+}
+
+resource "aws_cognito_user_pool_client" "client" {
+  name = "client"
+
+  user_pool_id = aws_cognito_user_pool.user_pool.id
+}
+
+module "lambda_auth_sign_up" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "7.2.2"
 
-  function_name = "sign-up"
-  handler       = "index.lambda_handler"
-  runtime       = "python3.12"
+  function_name = "auth-sign-up"
+  handler       = "lambda_function.lambda_handler"
+  runtime       = local.runtime
 
   source_path = "../src/sign-up"
 
+  environment_variables = {
+    USER_POOL_ID = aws_cognito_user_pool.user_pool.id
+  }
+
+  attach_policy_statements = true
+  policy_statements = {
+    cognito = {
+      effect    = "Allow"
+      actions   = ["cognito-idp:AdminCreateUser"]
+      resources = [aws_cognito_user_pool.user_pool.arn]
+    }
+  }
+
   tags = var.tags
+
+  depends_on = [
+    aws_cognito_user_pool.user_pool
+  ]
 }
 
-module "lambda_sign_in" {
+module "lambda_auth_sign_in" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "7.2.2"
 
-  function_name = "sign-in"
-  handler       = "index.lambda_handler"
-  runtime       = "python3.12"
+  function_name = "auth-sign-in"
+  handler       = "lambda_function.lambda_handler"
+  runtime       = local.runtime
 
   source_path = "../src/sign-in"
 
+  environment_variables = {
+    USER_POOL_ID = aws_cognito_user_pool.user_pool.id
+    CLIENT_ID    = aws_cognito_user_pool_client.client.id
+  }
+
+  attach_policy_statements = true
+  policy_statements = {
+    cognito = {
+      effect    = "Allow"
+      actions   = ["cognito-idp:AdminInitiateAuth"]
+      resources = [aws_cognito_user_pool.user_pool.arn]
+    }
+  }
+
   tags = var.tags
+
+  depends_on = [
+    aws_cognito_user_pool.user_pool
+  ]
 }
 
 module "lambda_auth_challenge" {
   source  = "terraform-aws-modules/lambda/aws"
   version = "7.2.2"
 
   function_name = "auth-challenge"
-  handler       = "index.lambda_handler"
-  runtime       = "python3.12"
+  handler       = "lambda_function.lambda_handler"
+  runtime       = local.runtime
 
   source_path = "../src/auth-challenge"
 

diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -1,11 +1,11 @@
 variable "region" {
-  type = string
+  type    = string
+  default = "us-east-1"
 }
 
 variable "tags" {
   type = map(string)
-}
-
-variable "account_id" {
-  type = string
+  default = {
+    managed_by_terraform = true
+  }
 }