Skip to content

Commit 79fdc18

Browse files
ShaynaCummingsShaynaCummings
authored
Add missing vars/secrets to CO tofu (#159)
* Add missing vars/secrets to CO tofu * Update syntax for oidc step up secret arns * Update variables.tf with authorization endpoint * Update main.tf to reuse non-stepup endpoints
1 parent 7e2392c commit 79fdc18

2 files changed

Lines changed: 19 additions & 6 deletions

File tree

tofu/config/dev-co/main.tf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,15 +111,22 @@ module "app" {
111111

112112
state_api_environment_variables = {
113113
"Oidc__DiscoveryEndpoint" = var.oidc_discovery_endpoint
114+
"Oidc__AuthorizationEndpoint" = var.oidc_authorization_endpoint
114115
"Oidc__CallbackRedirectUri" = "https://${var.domain}/callback"
115116
"Oidc__LanguageParam" = "en"
117+
"Oidc__StepUp__DiscoveryEndpoint" = var.oidc_discovery_endpoint
118+
"Oidc__StepUp__AuthorizationEndpoint" = var.oidc_authorization_endpoint
119+
"Oidc__StepUp__CallbackRedirectUri" = "https://${var.domain}/callback"
116120
"StateHouseholdId__PreferredHouseholdIdTypes__0" = "Phone"
117121
}
118122

119123
state_api_environment_secrets = {
120124
"Cbms__ClientId" = "${module.state_secrets.secrets["cbms"].secret_arn}:client_id"
121125
"Cbms__ClientSecret" = "${module.state_secrets.secrets["cbms"].secret_arn}:client_secret"
122126
"Oidc__ClientId" = "${module.state_secrets.secrets["oidc"].secret_arn}:client_id"
127+
"Oidc__ClientSecret" = "${module.state_secrets.secrets["oidc"].secret_arn}:client_secret"
128+
"Oidc__StepUp__ClientId" = "${module.state_secrets.secrets["oidc"].secret_arn}:step_up_client_id"
129+
"Oidc__StepUp__ClientSecret" = "${module.state_secrets.secrets["oidc"].secret_arn}:step_up_client_secret"
123130
"Oidc__CompleteLoginSigningKey" = "${module.state_secrets.secrets["oidc"].secret_arn}:complete_login_signing_key"
124131
}
125132

tofu/config/dev-co/variables.tf

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,18 @@ variable "image_tag" {
1515
default = "latest"
1616
}
1717

18+
variable "oidc_discovery_endpoint" {
19+
type = string
20+
description = "MyColorado OIDC discovery endpoint URL."
21+
default = "https://auth.pingone.com/e8e64475-39e1-43de-964b-3bc2e835a2f5/as/.well-known/openid-configuration"
22+
}
23+
24+
variable "oidc_authorization_endpoint" {
25+
type = string
26+
description = "MyColorado OIDC authorization endpoint URL."
27+
default = "https://auth.pingone.com/e8e64475-39e1-43de-964b-3bc2e835a2f5/as/authorize"
28+
}
29+
1830
variable "private_subnets" {
1931
type = list(string)
2032
description = "List of private subnet CIDR blocks."
@@ -46,9 +58,3 @@ variable "vpc_cidr" {
4658
type = string
4759
description = "IPv4 CIDR block for the VPC."
4860
}
49-
50-
variable "oidc_discovery_endpoint" {
51-
type = string
52-
description = "MyColorado OIDC discovery endpoint URL."
53-
default = "https://auth.pingone.com/e8e64475-39e1-43de-964b-3bc2e835a2f5/as/.well-known/openid-configuration"
54-
}

0 commit comments

Comments
 (0)