fix: rename env variables to *_SSM

GemeenteNijmegen · Mar 14, 2023 · 0197aa9 · 0197aa9
1 parent 5634216
commit 0197aa9
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 17 deletions.
diff --git a/src/ApiFunction.ts b/src/ApiFunction.ts
@@ -41,9 +41,6 @@ export class ApiFunction<T extends Lambda.Function> extends Construct {
       logRetention: retention,
       environment: {
         APPLICATION_URL_BASE: props.applicationUrlBase || '',
-        AUTH_URL_BASE: SSM.StringParameter.valueForStringParameter(this, Statics.ssmAuthUrlBaseParameter),
-        OIDC_CLIENT_ID: SSM.StringParameter.valueForStringParameter(this, Statics.ssmOIDCClientID),
-        OIDC_SCOPE: SSM.StringParameter.valueForStringParameter(this, Statics.ssmOIDCScope),
         SESSION_TABLE: props.table.tableName,
         ...props.environment,
       },

diff --git a/src/ApiStack.ts b/src/ApiStack.ts
@@ -78,6 +78,11 @@ export class ApiStack extends Stack {
       applicationUrlBase: baseUrl,
       readOnlyRole,
       lambdaInsightsExtensionArn: insightsArn,
+      environment: {
+        AUTH_URL_BASE_SSM: Statics.ssmAuthUrlBaseParameter,
+        OIDC_CLIENT_ID_SSM: Statics.ssmOIDCClientID,
+        OIDC_SCOPE_SSM: Statics.ssmOIDCScope,
+      },
     }, LoginFunction);
     authBaseUrl.grantRead(loginFunction.lambda);
     odicClientId.grantRead(loginFunction.lambda);
@@ -101,6 +106,9 @@ export class ApiStack extends Stack {
       readOnlyRole,
       environment: {
         CLIENT_SECRET_ARN: oidcSecret.secretArn,
+        AUTH_URL_BASE_SSM: Statics.ssmAuthUrlBaseParameter,
+        OIDC_CLIENT_ID_SSM: Statics.ssmOIDCClientID,
+        OIDC_SCOPE_SSM: Statics.ssmOIDCScope,
       },
       lambdaInsightsExtensionArn: insightsArn,
     }, AuthFunction);

diff --git a/src/app/code/OpenIDConnect.ts b/src/app/code/OpenIDConnect.ts
@@ -16,19 +16,19 @@ export class OpenIDConnect {
   constructor() {}
 
   async init() {
-    if (!process.env.AUTH_URL_BASE || !process.env.OIDC_CLIENT_ID || !process.env.APPLICATION_URL_BASE || !process.env.OIDC_SCOPE) {
+    if (!process.env.AUTH_URL_BASE_SSM || !process.env.OIDC_CLIENT_ID_SSM || !process.env.APPLICATION_URL_BASE || !process.env.OIDC_SCOPE_SSM) {
       let errorMsg = 'Initalization failed: one of the folowing env variables is missing:';
       errorMsg += [
-        'AUTH_URL_BASE (ssm path)',
-        'OIDC_CLIENT_ID (ssm path)',
+        'AUTH_URL_BASE_SSM',
+        'OIDC_CLIENT_ID_SSM',
         'APPLICATION_URL_BASE',
-        'OIDC_SCOPE',
+        'OIDC_SCOPE_SSM',
       ].join(', ');
       throw Error(errorMsg);
     }
-    this.authBaseUrl = await AWS.getParameter(process.env.AUTH_URL_BASE);
-    this.oidcClientId = await AWS.getParameter(process.env.OIDC_CLIENT_ID);
-    this.oidcScope = await AWS.getParameter(process.env.OIDC_SCOPE);
+    this.authBaseUrl = await AWS.getParameter(process.env.AUTH_URL_BASE_SSM);
+    this.oidcClientId = await AWS.getParameter(process.env.OIDC_CLIENT_ID_SSM);
+    this.oidcScope = await AWS.getParameter(process.env.OIDC_SCOPE_SSM);
 
     this.issuer = this.getIssuer(this.authBaseUrl);
     this.applicationBaseUrl = process.env.APPLICATION_URL_BASE;

diff --git a/test/app/auth.test.ts b/test/app/auth.test.ts
@@ -24,11 +24,11 @@ beforeAll( async () => {
 
   // Set env variables
   process.env.SESSION_TABLE = 'mijnuitkering-sessions';
-  process.env.AUTH_URL_BASE = 'https://authenticatie-accp.nijmegen.nl';
+  process.env.AUTH_URL_BASE_SSM = 'https://authenticatie-accp.nijmegen.nl';
   process.env.APPLICATION_URL_BASE = 'https://testing.example.com/';
   process.env.CLIENT_SECRET_ARN = '123';
-  process.env.OIDC_CLIENT_ID = '1234';
-  process.env.OIDC_SCOPE = 'openid';
+  process.env.OIDC_CLIENT_ID_SSM = '1234';
+  process.env.OIDC_SCOPE_SSM = 'openid';
 
   await OIDC.init();
 

diff --git a/test/app/login.test.ts b/test/app/login.test.ts
@@ -25,11 +25,11 @@ beforeAll( async () => {
 
   // Set env variables
   process.env.SESSION_TABLE = 'yivi-issue-sessions';
-  process.env.AUTH_URL_BASE = 'https://authenticatie-accp.nijmegen.nl';
+  process.env.AUTH_URL_BASE_SSM = 'https://authenticatie-accp.nijmegen.nl';
   process.env.APPLICATION_URL_BASE = 'https://testing.example.com/';
   process.env.OIDC_SECRET_ARN = '123';
-  process.env.OIDC_CLIENT_ID = '1234';
-  process.env.OIDC_SCOPE = 'openid';
+  process.env.OIDC_CLIENT_ID_SSM = '1234';
+  process.env.OIDC_SCOPE_SSM = 'openid';
 
   await OIDC.init();
 });
@@ -54,7 +54,7 @@ test('Return login page with correct link', async () => {
     expect('body' in result).toBe(true);
     return;
   }
-  expect(result.body).toContain(`${process.env.AUTH_URL_BASE}/broker/sp/oidc/authenticate`);
+  expect(result.body).toContain(`${process.env.AUTH_URL_BASE_SSM}/broker/sp/oidc/authenticate`);
   expect(result.body).toContain(encodeURIComponent(`${process.env.APPLICATION_URL_BASE}auth`));
   expect(result.statusCode).toBe(200);
   writeFile(path.join(__dirname, 'output', 'test.html'), result.body ?? '', () => { });