Skip to content

Commit 92d74d5

Browse files
isegall-daisegall-da
authored
long auth0 tokens on fixed token clusters (#3042)
Signed-off-by: Itai Segall <itai.segall@digitalasset.com>
1 parent b5bd73f commit 92d74d5

File tree

2 files changed

+20
-6
lines changed

2 files changed

+20
-6
lines changed

cluster/expected/infra/expected.json

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,8 @@
3737
"inputs": {
3838
"allowOfflineAccess": true,
3939
"identifier": "https://ledger_api.sv-1.test-stack.canton.network",
40-
"name": "Ledger API for SV sv-1 on test-stack (Pulumi managed)"
40+
"name": "Ledger API for SV sv-1 on test-stack (Pulumi managed)",
41+
"tokenLifetime": 86400
4142
},
4243
"name": "LedgerApisv1",
4344
"provider": "urn:pulumi:test-stack::test-project::pulumi:providers:auth0::dev::undefined_id",
@@ -49,7 +50,8 @@
4950
"inputs": {
5051
"allowOfflineAccess": true,
5152
"identifier": "https://ledger_api.sv-da-1.test-stack.canton.network",
52-
"name": "Ledger API for SV sv-da-1 on test-stack (Pulumi managed)"
53+
"name": "Ledger API for SV sv-da-1 on test-stack (Pulumi managed)",
54+
"tokenLifetime": 86400
5355
},
5456
"name": "LedgerApisvda1",
5557
"provider": "urn:pulumi:test-stack::test-project::pulumi:providers:auth0::dev::undefined_id",
@@ -117,7 +119,8 @@
117119
"inputs": {
118120
"allowOfflineAccess": true,
119121
"identifier": "https://sv.sv-1.test-stack.canton.network/api",
120-
"name": "SV App API for SV sv-1 on test-stack (Pulumi managed)"
122+
"name": "SV App API for SV sv-1 on test-stack (Pulumi managed)",
123+
"tokenLifetime": 86400
121124
},
122125
"name": "SvAppApisv1",
123126
"provider": "urn:pulumi:test-stack::test-project::pulumi:providers:auth0::dev::undefined_id",
@@ -129,7 +132,8 @@
129132
"inputs": {
130133
"allowOfflineAccess": true,
131134
"identifier": "https://sv.sv-da-1.test-stack.canton.network/api",
132-
"name": "SV App API for SV sv-da-1 on test-stack (Pulumi managed)"
135+
"name": "SV App API for SV sv-da-1 on test-stack (Pulumi managed)",
136+
"tokenLifetime": 86400
133137
},
134138
"name": "SvAppApisvda1",
135139
"provider": "urn:pulumi:test-stack::test-project::pulumi:providers:auth0::dev::undefined_id",
@@ -261,7 +265,8 @@
261265
"inputs": {
262266
"allowOfflineAccess": true,
263267
"identifier": "https://validator.sv-1.test-stack.canton.network/api",
264-
"name": "Validator App API for SV sv-1 on test-stack (Pulumi managed)"
268+
"name": "Validator App API for SV sv-1 on test-stack (Pulumi managed)",
269+
"tokenLifetime": 86400
265270
},
266271
"name": "ValidatorAppApisv1",
267272
"provider": "urn:pulumi:test-stack::test-project::pulumi:providers:auth0::dev::undefined_id",
@@ -273,7 +278,8 @@
273278
"inputs": {
274279
"allowOfflineAccess": true,
275280
"identifier": "https://validator.sv-da-1.test-stack.canton.network/api",
276-
"name": "Validator App API for SV sv-da-1 on test-stack (Pulumi managed)"
281+
"name": "Validator App API for SV sv-da-1 on test-stack (Pulumi managed)",
282+
"tokenLifetime": 86400
277283
},
278284
"name": "ValidatorAppApisvda1",
279285
"provider": "urn:pulumi:test-stack::test-project::pulumi:providers:auth0::dev::undefined_id",

cluster/pulumi/infra/src/auth0.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,18 @@ import {
1212
Auth0NamespaceConfig,
1313
DEFAULT_AUDIENCE,
1414
NamespacedAuth0Configs,
15+
fixedTokens,
1516
} from '@lfdecentralizedtrust/splice-pulumi-common';
1617
import {
1718
standardSvConfigs,
1819
extraSvConfigs,
1920
dsoSize,
2021
} from '@lfdecentralizedtrust/splice-pulumi-common-sv';
2122

23+
function tokenLifetime(): number {
24+
return fixedTokens() ? 2592000 : 86400; // TODO(DACH-NY/canton-network-internal#2114): Move this to the cluster config? We want it to be long for fixed token clusters
25+
}
26+
2227
function ledgerApiAudience(
2328
svNamespace: string,
2429
clusterBasename: string,
@@ -36,6 +41,7 @@ function ledgerApiAudience(
3641
name: `Ledger API for SV ${svNamespace} on ${clusterBasename} (Pulumi managed)`,
3742
identifier: `https://ledger_api.${svNamespace}.${clusterBasename}.canton.network`,
3843
allowOfflineAccess: true, // TODO(DACH-NY/canton-network-internal#2114): is this still needed?
44+
tokenLifetime: tokenLifetime(),
3945
},
4046
{ provider: auth0DomainProvider }
4147
);
@@ -78,6 +84,7 @@ function svAppAudience(
7884
name: `SV App API for SV ${svNamespace} on ${clusterBasename} (Pulumi managed)`,
7985
identifier: `https://sv.${svNamespace}.${clusterBasename}.canton.network/api`,
8086
allowOfflineAccess: true, // TODO(DACH-NY/canton-network-internal#2114): is this still needed?
87+
tokenLifetime: tokenLifetime(),
8188
},
8289
{ provider: auth0DomainProvider }
8390
);
@@ -106,6 +113,7 @@ function validatorAppAudience(
106113
name: `Validator App API for SV ${svNamespace} on ${clusterBasename} (Pulumi managed)`,
107114
identifier: `https://validator.${svNamespace}.${clusterBasename}.canton.network/api`,
108115
allowOfflineAccess: true, // TODO(DACH-NY/canton-network-internal#2114): is this still needed?
116+
tokenLifetime: tokenLifetime(),
109117
},
110118
{ provider: auth0DomainProvider }
111119
);

0 commit comments

Comments
 (0)