Merge pull request #516 from bheesham/eqs-integrity-line-cryptokey

feat(tf): EQS Integrity line requires adding a custom attribute

Author: bheesham

tf/actions.tf

@@ -86,6 +86,13 @@ resource "auth0_action" "samlMappings" {
     id      = "post-login"
     version = "v3"
   }
+
+  # EQS Integrity Line requires an additional parameter.
+  # https://mozilla-hub.atlassian.net/browse/IAM-1827
+  secrets {
+    name  = "samlMappings_eqs_integrity_line_cryptokey"
+    value = local.parsed_secrets["samlMappings_eqs_integrity_line_cryptokey"]
+  }
 }
 
 resource "auth0_action" "gheGroups" {

tf/actions/samlMappings.js

@@ -225,6 +225,19 @@ exports.onExecutePostLogin = async (event, api) => {
       api.samlResponse.setAttribute("grant_all_merchant_accounts", "true");
       api.samlResponse.setAttribute("roles", event.user.app_metadata.groups);
       break;
+
+    case "3c7lAT2sPywWjvgVP5ngCQysHtnNqQFj": // EQS Integrity Line
+      const cryptokey = event.secrets.samlMappings_eqs_integrity_line_cryptokey;
+      if (!cryptokey) {
+        console.log(
+          "Required secret cryptokey not set (for app EQS Integrity Line)"
+        );
+        return api.access.deny(
+          "No specified cryptokey (SAML misconfiguration)."
+        );
+      }
+      api.samlResponse.setAttribute("cryptokey", cryptokey);
+      break;
   }
 
   return;