Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: consume dynamic env vars from SSM rather than env vars [CHI-2897] #801

Open
wants to merge 28 commits into
base: master
Choose a base branch
from
Open

refactor: consume dynamic env vars from SSM rather than env vars [CHI-2897] #801

wants to merge 28 commits into from

Conversation

GPaoloni
Copy link
Collaborator

@GPaoloni GPaoloni commented Dec 30, 2024
edited
Loading

This PR completes the migrations of https://github.com/techmatters/infrastructure-config/pull/407 and techmatters/flex-plugins#2673.

Description

This PR

  • Adds a "dependency injection" logic to our auth functions (packages/twilio-worker-auth/src/twilioWorkerAuthMiddleware.ts): authTokenLookup and staticKeyLookup are required as parameters, with no "defaults" being configured.
  • Defines SSM cache helpers in HRM core that read the required parameters and caches them. This is used as the lookup functions mentioned above, by using auth_token and static_key parameters.
  • Above SSM cache is also used to lookup permissions config, by using permission_config parameter.
  • HRM and Resources services now expect to be given lookup functions that will then be used in auth. Both are being passed the same defaultAuthSecretsLookup (defined in HRM core), but should be rather trivial to pass the resources secrets once this service is isolated.

Note: all of the above is "added on top" of the environment variables. If the env vars are still provisioned via the env vars file, nothing will change, except that there's some extra "async" code around.
Once https://github.com/techmatters/infrastructure-config/pull/410 is applied, and the env vars are not provisioned from S3 anymore, the SSM reading logic will kick in.

Checklist

Verification steps

Is easier to deploy to development and test there. Configuring local environment to test this changes is time consuming. I'm happy to explain how to, if that's really desired, since I can quickly share the needed secrets.

AFTER YOU MERGE

  1. Cut a release tag using the GitHub workflow. Wait for it to complete and notify in the #aselo-deploys Slack channel.
  2. Comment on the ticket with the release tag version AND any additional instructions required to configure an environment to test the changes.
  3. Only then move the ticket into the QA column in JIRA

You are responsible for ensuring the above steps are completed. If you move a ticket into QA without advising what version to test, the QA team will assume the latest tag has the changes. If it does not, the following confusion is on you! :-P

@GPaoloni
refactor: consume dynamic env vars from SSM rather than env vars
36331bc
@GPaoloni
fix: lint
498fe9d
@GPaoloni
fix: TS error in resources service
d5a82a6
@GPaoloni
fix: remove unnecessary TS dep
38f60ce
@GPaoloni
chore: add type option to lambdas tsconfig
31ada77
@GPaoloni
fix: TS errors in test
3d5a281
@GPaoloni
fix: added node types to job-complete
59192c2
@GPaoloni
fix: tests types
6705de2
@GPaoloni
fix: mock types
2b51e79
@GPaoloni
fix: docker file runs root npm ci to include common deps
e93a888
@GPaoloni
fix: mock open rules
b2e3ca0
@GPaoloni
fix: add ts as explicit dev dep
a06a3c3
@GPaoloni
chore: rollback deps
641f4c9
@GPaoloni
Revert "chore: rollback deps"
55aaf15 
This reverts commit 641f4c9.
@GPaoloni
chore: revert all deps
d80b3fc
@GPaoloni
chore: ssm cache defined within each module, removed extra package
d37dfee
@GPaoloni
fix: test mocks type errors
f78d0ac
@GPaoloni
fix: more ts errors in tests
e218024
@GPaoloni
fix: ssm mocks
a0e0f61
@GPaoloni
fix: unit tests
7563f9a
@GPaoloni
refactor: twilio worker auth package expects lookup functions as para…
ab41b26 
…meters, removed default
@GPaoloni
refactor: hrm and resources service provide auth secrets lookup funct…
8e8951c 
…ions to services
@GPaoloni
fix: unit test
36761fb
@GPaoloni
fix: rollback unintended change
83166d0
@GPaoloni
fix: service tests
e0981a5
@GPaoloni
fix: missing lookup function in resources service
da91db0
@GPaoloni
Merge remote-tracking branch 'origin/master' into gian_CHI-2897
7abede2
@GPaoloni GPaoloni changed the title refactor: consume dynamic env vars from SSM rather than env vars refactor: consume dynamic env vars from SSM rather than env vars [CHI-2897] Jan 15, 2025
@GPaoloni GPaoloni marked this pull request as ready for review January 15, 2025 17:03
stephenhand
stephenhand approved these changes Jan 16, 2025
View reviewed changes
Copy link
Collaborator

@stephenhand stephenhand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the naming thing. Looks good otherwise

hrm-domain/hrm-core/config/ssm-cache.ts
@@ -0,0 +1,66 @@
/**
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we revert this back to the correct file naming convention? i.e. camel case

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact, given it's specialised nature, perhaps we could call it something like ssmConfigurationCache?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephenhand stephenhand stephenhand approved these changes

@mythilytm mythilytm Awaiting requested review from mythilytm

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GPaoloni @stephenhand