Feature/auth0

files/control-plane/control-plane-helm-chart/templates/cm-subscription-service.yaml

@@ -12,6 +12,7 @@ data:
       BASE_PATH: '{{ .Values.subscriptionService.base_path }}'
       SITE: '{{ .Values.subscriptionService.site }}'
       API_KEY: '{{ .Values.subscriptionService.api_key }}'
+      PAYMENT_GATEWAY_ID: '{{ .Values.subscriptionService.payment_gateway_id }}'
       WEBHOOK_USERNAME: '{{ .Values.tenantMgmtFacade.webhook_user }}'
       WEBHOOK_PASSWORD: '{{ .Values.tenantMgmtFacade.webhook_password }}'
 {{- end}}

files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-facade.yaml

@@ -20,4 +20,6 @@ data:
       GATEWAY_ACCOUNT_ID: '{{ .Values.tenantMgmtFacade.gateway_id }}'
       WEBHOOK_USERNAME: '{{ .Values.tenantMgmtFacade.webhook_user }}'
       WEBHOOK_PASSWORD: '{{ .Values.tenantMgmtFacade.webhook_password }}'
+      AUTH0_DOMAIN: '{{ .Values.tenantMgmtService.auth0_domain }}'
+      AUTH0_CLIENT_ID: '{{ .Values.tenantMgmtService.auth0_client_id }}'
 {{- end}}

files/control-plane/control-plane-helm-chart/templates/cm-tenant-mgmt-service.yaml

@@ -20,4 +20,7 @@ data:
       SYSTEM_USER_ID: '{{ .Values.adminUserTenantId }}'
       EVENT_BUS_NAME: '{{ .Values.projectName }}-{{ .Values.environment }}-DecouplingEventBus'
       EVENT_BUS_REGION: '{{ .Values.region }}'
+      AUTH0_DOMAIN: '{{ .Values.tenantMgmtService.auth0_domain }}'
+      AUTH0_CLIENT_ID: '{{ .Values.tenantMgmtService.auth0_client_id }}'
+      WEBHOOK_SECRET_EXPIRY: '{{ .Values.tenantMgmtService.webhookSecretExpiry }}'
 {{- end}}

files/control-plane/control-plane-helm-chart/templates/secret-provider-class-and-sa.yaml

@@ -73,6 +73,8 @@ spec:
       key: PRIVATE_KEY
     - objectName: public_key
       key: PUBLIC_KEY
+    - objectName: auth0_client_secret
+      key: AUTH0_CLIENT_SECRET
 {{- if .Values.ses.enabled }}
     - objectName: ses_access_key
       key: SMTP_USER
@@ -148,6 +150,9 @@ spec:
       - objectName: {{ .Values.publicKey }}
         objectType: ssmparameter
         objectAlias: public_key
+      - objectName: {{ .Values.auth0ClientSecret }}
+        objectType: ssmparameter
+        objectAlias: auth0_client_secret
 {{- if .Values.ses.enabled }}
       - objectName: "/{{ .Values.projectName }}/ses_access_key"
         objectType: ssmparameter

files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-facade-deployment.yaml

@@ -168,6 +168,11 @@ spec:
               secretKeyRef:
                 name: api-token
                 key: PUBLIC_KEY
+          - name: AUTH0_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: AUTH0_CLIENT_SECRET
 {{- if .Values.imagePullSecret.enabled }}            
       imagePullSecrets:
       - name: {{ .Values.imagePullSecret.name }}

files/control-plane/control-plane-helm-chart/templates/tenant-mgmt-service-deployment.yaml

@@ -128,6 +128,11 @@ spec:
               secretKeyRef:
                 name: api-token
                 key: JWT_ISSUER
+          - name: AUTH0_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: api-token
+                key: AUTH0_CLIENT_SECRET
 
 {{- if .Values.imagePullSecret.enabled }}            
       imagePullSecrets:

files/control-plane/control-plane-helm-chart/values.yaml.template

@@ -27,7 +27,7 @@ frontend:
   enabled: true
   repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-ui
   pullPolicy: Always
-  tag: "0.0.6"
+  tag: "0.0.11"
   log_level: "info"
   home_path: "/main/home"
   replicaCount: 1
@@ -62,7 +62,7 @@ tenantMgmtFacade:
   enabled: true
   repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-facade
   pullPolicy: Always
-  tag: "0.0.4"
+  tag: "0.0.6"
   replicaCount: 1
   port: 3000
   node_env: "production"
@@ -138,7 +138,7 @@ authenticationService:
   enabled: true
   repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-authentication-service
   pullPolicy: Always
-  tag: "0.0.1"
+  tag: "0.0.3"
   replicaCount: 1
   port: 3000
   node_env: "production"
@@ -211,13 +211,14 @@ subscriptionService:
   enabled: true
   repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-subscription-service
   pullPolicy: Always
-  tag: "0.0.3"
+  tag: "0.0.4"
   replicaCount: 1
   port: 3000
   node_env: "production"
   log_level: "info"
-  site: "sunnytyagiplus6-test"
-  api_key: "test_dw4pcuXuEqQ1cufcdg6GfeRUZpCSRHxOW37"
+  site: "sourcefuse-arc-test"
+  api_key: "test_U3Ac7r41QHHc54O7SZucdndPmaJVBFcuNn"
+  payment_gateway_id: "gw_16CcLPUQmL1KGV41"
   affinity: {}
   allowed_origins: "*"
   imagePullPolicy:
@@ -283,26 +284,22 @@ tenantMgmtService:
   enabled: true
   repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-tenant-management-service
   pullPolicy: Always
-  tag: "0.0.4"
+  tag: "0.0.6"
   replicaCount: 1
   port: 3000
   node_env: "production"
   log_level: "info"
   from_email: ${FROM_EMAIL}
   system_user_id: ""
   app_login_url: ""
+  auth0_domain: "dev-db7dz4wg6ccbguer.us.auth0.com"
+  auth0_client_id: "pluqd6RqaLilAn7p1kUFkNo20bxuwUK5"
+  webhookSecretExpiry: "86400000"
   affinity: {}
   allowed_origins: "*"
   imagePullPolicy:
     enabled: "yes"
     name: regcred
-  resources:
-    requests:
-      memory: "128Mi"
-      cpu: "100m"
-    limits:
-      memory: "2048Mi"
-      cpu: "1"
   service:
     type: NodePort
     port: 3000
@@ -323,7 +320,7 @@ migrationJob:
   enabled: true
   repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-control-plane-migration
   pullPolicy: Always
-  tag: "0.0.3"
+  tag: "0.0.4"
   replicaCount: 1
   affinity: {}
   allowed_origins: "*"
@@ -460,3 +457,4 @@ cognitoid: ${COGNITO_ID}
 cognitosecret: ${COGNITO_SECRET}
 privateKey: ${PRIVATE_KEY}
 publicKey: ${PUBLIC_KEY}
+auth0ClientSecret: ${AUTH0_CLIENT_SECRET}

files/tenant-samples/bridge/buildspec.yaml

@@ -45,6 +45,8 @@ phases:
       - export TENANT_ADMIN_EMAIL=$(echo $tenant | jq -r '.contacts[] | select(.isPrimary == true) | .email')
       - export USERNAME=$(echo $tenant | jq -r '.key')
       - export KEY=$(echo $tenant | jq -r '.key')
+      - export IdP=$(echo $tenant | jq -r '.identityProvider')
+      #- export IdP="cognito"
       - export TIER=$(echo "${tier}" | tr '[:upper:]' '[:lower:]')
 
       # Webhook Envs
@@ -75,6 +77,7 @@ phases:
       - export TF_VAR_karpenter_role="${KARPENTER_ROLE}"
       - export TF_VAR_tenant_host_domain="${KEY}.${DOMAIN_NAME}"
       - export TF_VAR_jwt_issuer="${KEY}"
+      - export TF_VAR_IdP="${IdP}"
       - export TF_VAR_rds_instance_allocated_storage="${POSTGRES_SIZE}"
       - export TF_VAR_tenant_client_id="${KEY}"-$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_ID}"
       - export TF_VAR_tenant_client_secret=$(echo "$TENANT_ID" | cut -c 10-)-"${TENANT_CLIENT_SECRET}"
@@ -117,8 +120,8 @@ phases:
       - ./push-values.sh
       - kubectl apply -f ${TIER}-argo-workflow.yaml --namespace argo-workflows || true 
       - kubectl apply -f argocd-application.yaml --namespace argocd || true
-      - sleep 240 # waiting time to spin up tenant pods 
-      - terraform apply -auto-approve --refresh=false  # refresh is false to avoid unnecessary API hitting
+      - sleep 300 # waiting time to spin up tenant pods 
+      #- terraform apply -auto-approve --refresh=false  # refresh is false to avoid unnecessary API hitting
       - kubectl apply -f argo-workflow.yaml --namespace argo-workflows || true