diff --git a/frontend/README.md b/frontend/README.md
index 14baf4906..9ba3248d8 100644
--- a/frontend/README.md
+++ b/frontend/README.md
@@ -13,8 +13,8 @@ TypeScript cannot handle type information for `.vue` imports by default, so we r
If the standalone TypeScript plugin doesn't feel fast enough to you, Volar has also implemented a [Take Over Mode](https://github.com/johnsoncodehk/volar/discussions/471#discussioncomment-1361669) that is more performant. You can enable it by the following steps:
1. Disable the built-in TypeScript Extension
- 1) Run `Extensions: Show Built-in Extensions` from VSCode's command palette
- 2) Find `TypeScript and JavaScript Language Features`, right click and select `Disable (Workspace)`
+ 1. Run `Extensions: Show Built-in Extensions` from VSCode's command palette
+ 2. Find `TypeScript and JavaScript Language Features`, right click and select `Disable (Workspace)`
2. Reload the VSCode window by running `Developer: Reload Window` from the command palette.
## Customize configuration
@@ -38,3 +38,7 @@ npm run dev
```sh
npm run build
```
+
+### Note
+
+For FAM local and dev environment, we connect with TEST identity provider (TEST-IDIR, TEST-BUSINESSBCEID) for login options. The main reason of that is because we don't have any dev business bceid account can used for testing, so we have to use the TEST-BUSINESSBCEID. And it's better to use the same environment for both IDIR and BUSINESSBCEID, so we can config the same logout chain for both. Use TEST-IDIR in local won't impact any login functionality, work same as DEV-IDIR.
diff --git a/frontend/public/env.json b/frontend/public/env.json
index c6ac2b737..e0bddb638 100644
--- a/frontend/public/env.json
+++ b/frontend/public/env.json
@@ -1,4 +1,5 @@
-{ "fam_admin_management_api_base_url": {
+{
+ "fam_admin_management_api_base_url": {
"sensitive": false,
"type": "string",
"value": "http://localhost:8001"
@@ -31,7 +32,7 @@
"frontend_logout_chain_url": {
"sensitive": false,
"type": "string",
- "value": "https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri="
+ "value": "https://logontest7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout?redirect_uri="
},
"front_end_redirect_base_url": {
"sensitive": false,
@@ -41,11 +42,16 @@
"fam_console_idp_name": {
"sensitive": false,
"type": "string",
- "value": "DEV-IDIR"
+ "value": "TEST-IDIR"
+ },
+ "fam_console_idp_name_bceid": {
+ "sensitive": false,
+ "type": "string",
+ "value": "TEST-BCEIDBUSINESS"
},
"target_env": {
"sensitive": false,
"type": "string",
"value": "dev"
}
-}
+}
\ No newline at end of file
diff --git a/frontend/readme.md b/frontend/readme.md
deleted file mode 100644
index 14baf4906..000000000
--- a/frontend/readme.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# fam-frontend
-
-This template should help get you started developing with Vue 3 in Vite.
-
-## Recommended IDE Setup
-
-[VSCode](https://code.visualstudio.com/) + [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar) (and disable Vetur) + [TypeScript Vue Plugin (Volar)](https://marketplace.visualstudio.com/items?itemName=Vue.vscode-typescript-vue-plugin).
-
-## Type Support for `.vue` Imports in TS
-
-TypeScript cannot handle type information for `.vue` imports by default, so we replace the `tsc` CLI with `vue-tsc` for type checking. In editors, we need [TypeScript Vue Plugin (Volar)](https://marketplace.visualstudio.com/items?itemName=Vue.vscode-typescript-vue-plugin) to make the TypeScript language service aware of `.vue` types.
-
-If the standalone TypeScript plugin doesn't feel fast enough to you, Volar has also implemented a [Take Over Mode](https://github.com/johnsoncodehk/volar/discussions/471#discussioncomment-1361669) that is more performant. You can enable it by the following steps:
-
-1. Disable the built-in TypeScript Extension
- 1) Run `Extensions: Show Built-in Extensions` from VSCode's command palette
- 2) Find `TypeScript and JavaScript Language Features`, right click and select `Disable (Workspace)`
-2. Reload the VSCode window by running `Developer: Reload Window` from the command palette.
-
-## Customize configuration
-
-See [Vite Configuration Reference](https://vitejs.dev/config/).
-
-## Project Setup
-
-```sh
-npm run install-frontend
-```
-
-### Compile and Hot-Reload for Development
-
-```sh
-npm run dev
-```
-
-### Type-Check, Compile and Minify for Production
-
-```sh
-npm run build
-```
diff --git a/frontend/src/components/Landing.vue b/frontend/src/components/Landing.vue
index 8d914a78d..e23f504bc 100644
--- a/frontend/src/components/Landing.vue
+++ b/frontend/src/components/Landing.vue
@@ -32,8 +32,7 @@ import TreeLogs from '@/assets/images/tree-logs.jpg';
outlined
label="Login with BCeID"
id="login-bceid-button"
- disabled
- @click="AuthService.login()"
+ @click="AuthService.loginBceid()"
>
diff --git a/frontend/src/components/common/ProfileSidebar.vue b/frontend/src/components/common/ProfileSidebar.vue
index 8bfdc1b94..7e1a80e7c 100644
--- a/frontend/src/components/common/ProfileSidebar.vue
+++ b/frontend/src/components/common/ProfileSidebar.vue
@@ -1,16 +1,23 @@
@@ -61,9 +70,14 @@ const adminRoles = computed(() => {
/>
{{ displayName }}
-
IDIR: {{ userName }}
-
{{ email }}
-
Granted: {{ adminRoles }}
+
{{ userType }}: {{ userName }}
+
+ Organization: {{ organization }}
+
+
Email: {{ email }}
+
+ Granted: {{ adminRoles }}
+
@@ -143,7 +157,8 @@ const adminRoles = computed(() => {
}
.profile-name,
- .profile-idir,
+ .profile-userid,
+ .profile-organization,
.profile-email {
margin-bottom: 0.375rem;
}
@@ -177,7 +192,8 @@ const adminRoles = computed(() => {
outline: none !important;
}
-.profile-idir,
+.profile-userid,
+.profile-organization,
.profile-email,
.profile-admin-level,
.options {
diff --git a/frontend/src/enum/IdpEnum.ts b/frontend/src/enum/IdpEnum.ts
new file mode 100644
index 000000000..fcaf564c1
--- /dev/null
+++ b/frontend/src/enum/IdpEnum.ts
@@ -0,0 +1,4 @@
+export enum IdpProvider {
+ IDIR = 'IDIR',
+ BCEIDBUSINESS = 'Business BCeID',
+}
diff --git a/frontend/src/services/AuthService.ts b/frontend/src/services/AuthService.ts
index 38e2377bc..ebbfc4556 100644
--- a/frontend/src/services/AuthService.ts
+++ b/frontend/src/services/AuthService.ts
@@ -18,9 +18,15 @@ const login = async () => {
*/
const environmentSettings = new EnvironmentSettings();
+ Auth.federatedSignIn({
+ customProvider: environmentSettings.getIdentityProviderIdir(),
+ });
+};
+const loginBceid = async () => {
+ const environmentSettings = new EnvironmentSettings();
Auth.federatedSignIn({
- customProvider: environmentSettings.getIdentityProvider(),
+ customProvider: environmentSettings.getIdentityProviderBceid(),
});
};
@@ -38,7 +44,6 @@ const handlePostLogin = async () => {
// This is to update the FamLoginUser for FamLoginUser.accesses.
// For now team decided to grab user's access only when user login and may change later.
await LoginUserState.cacheUserAccess();
-
} catch (error) {
console.log('Not signed in');
console.log('Authentication Error:', error);
@@ -69,7 +74,6 @@ const refreshToken = async (): Promise => {
if (accesses) famLoginUser.accesses = accesses;
LoginUserState.storeFamUser(famLoginUser);
return famLoginUser;
-
} catch (error) {
console.error(
'Problem refreshing token or token is invalidated:',
@@ -92,8 +96,9 @@ const parseToken = (authToken: CognitoUserSession): FamLoginUser => {
username: decodedIdToken['custom:idp_username'],
displayName: decodedIdToken['custom:idp_display_name'],
email: decodedIdToken['email'],
- idpProvider: decodedIdToken['identities']['providerName'],
+ idpProvider: decodedIdToken['identities'][0]['providerName'],
authToken: authToken,
+ organization: decodedIdToken['custom:idp_business_name'],
};
return famLoginUser;
};
@@ -102,6 +107,7 @@ const parseToken = (authToken: CognitoUserSession): FamLoginUser => {
export default {
login,
+ loginBceid,
isLoggedIn,
handlePostLogin,
logout,
diff --git a/frontend/src/services/EnvironmentSettings.ts b/frontend/src/services/EnvironmentSettings.ts
index 07a2d8100..806c46603 100644
--- a/frontend/src/services/EnvironmentSettings.ts
+++ b/frontend/src/services/EnvironmentSettings.ts
@@ -4,8 +4,8 @@ export class EnvironmentSettings {
private environmentDisplayNameKey: string = 'fam_environment_display_name';
private readonly API = {
- ADMIN_MANAGEMENT_API: "admin_management_api",
- APP_ACCESS_CONTROL_API: "app_access_control_api"
+ ADMIN_MANAGEMENT_API: 'admin_management_api',
+ APP_ACCESS_CONTROL_API: 'app_access_control_api',
};
constructor() {
@@ -25,10 +25,14 @@ export class EnvironmentSettings {
}
}
- getIdentityProvider(): string {
+ getIdentityProviderIdir(): string {
return this.env?.fam_console_idp_name.value;
}
+ getIdentityProviderBceid(): string {
+ return this.env?.fam_console_idp_name_bceid.value;
+ }
+
// Admin Management API
getAdminMgmtApiBaseUrl(): string {
return this.getApiBaseUrl(this.API.ADMIN_MANAGEMENT_API);
@@ -60,12 +64,12 @@ export class EnvironmentSettings {
// Default to 'ADMIN_MANAGEMENT_API'
if (!useApi || useApi == this.API.ADMIN_MANAGEMENT_API) {
- apiBaseUrl = this.env?.fam_admin_management_api_base_url.value
- || 'http://localhost:8001'; // local api
- }
- else {
- apiBaseUrl = this.env?.fam_api_base_url.value
- || 'http://localhost:8000';
+ apiBaseUrl =
+ this.env?.fam_admin_management_api_base_url.value ||
+ 'http://localhost:8001'; // local api
+ } else {
+ apiBaseUrl =
+ this.env?.fam_api_base_url.value || 'http://localhost:8000';
}
return apiBaseUrl;
}
diff --git a/frontend/src/store/FamLoginUserState.ts b/frontend/src/store/FamLoginUserState.ts
index 7a5031f59..a6b788495 100644
--- a/frontend/src/store/FamLoginUserState.ts
+++ b/frontend/src/store/FamLoginUserState.ts
@@ -24,6 +24,7 @@ export interface FamLoginUser {
idpProvider?: string; // from ID Token's ['identities']['providerName'] attribute.
authToken?: CognitoUserSession; // original JWT token from AWS Cognito (ID && Access Tokens).
accesses?: FamAuthGrantDto[]; // admin privileges retrieved from backend.
+ organization?: string;
}
const state = ref({
diff --git a/frontend/src/tests/Landing.spec.ts b/frontend/src/tests/Landing.spec.ts
index 5a106767a..b62ac7583 100644
--- a/frontend/src/tests/Landing.spec.ts
+++ b/frontend/src/tests/Landing.spec.ts
@@ -61,13 +61,19 @@ describe('Landing', () => {
await button.trigger('click');
expect(loginSpy).toHaveBeenCalled();
});
- it('should render BCeID button and be disabled', async () => {
+ it('should render BCeID button and be enabled', async () => {
const button = wrapper.get('#login-bceid-button');
expect(button.classes()).toEqual(
expect.arrayContaining(['landing-button'])
);
expect(button.html().includes('Login with BCeID')).toBe(true);
- expect(button.attributes()).toHaveProperty('disabled');
+ expect(button.attributes()).not.toHaveProperty('disabled');
+ });
+ it('should button Login with BCEID be clicked', async () => {
+ const button = wrapper.get('#login-bceid-button');
+ const loginSpy = vi.spyOn(AuthService, 'loginBceid');
+ await button.trigger('click');
+ expect(loginSpy).toHaveBeenCalled();
});
it('should render image', () => {
const img = wrapper.findAll('.landing-img');
diff --git a/infrastructure/server/oidc_clients_fam.tf b/infrastructure/server/oidc_clients_fam.tf
index 7bba62145..5b4a5462b 100644
--- a/infrastructure/server/oidc_clients_fam.tf
+++ b/infrastructure/server/oidc_clients_fam.tf
@@ -3,22 +3,22 @@ resource "aws_cognito_user_pool_client" "fam_console_oidc_client" {
allowed_oauth_flows = ["code"]
allowed_oauth_flows_user_pool_client = "true"
allowed_oauth_scopes = ["openid", "profile", "email"]
- callback_urls = "${concat(var.fam_callback_urls,
- [
- "${aws_api_gateway_deployment.fam_api_gateway_deployment.invoke_url}/docs/oauth2-redirect",
- "${aws_api_gateway_stage.admin_management_api_gateway_stage.invoke_url}/docs/oauth2-redirect"
- ]
- )}"
- logout_urls = var.fam_logout_urls
+ callback_urls = (concat(var.fam_callback_urls,
+ [
+ "${aws_api_gateway_deployment.fam_api_gateway_deployment.invoke_url}/docs/oauth2-redirect",
+ "${aws_api_gateway_stage.admin_management_api_gateway_stage.invoke_url}/docs/oauth2-redirect"
+ ]
+ ))
+ logout_urls = var.fam_logout_urls
enable_propagate_additional_user_context_data = "false"
enable_token_revocation = "true"
explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH"]
id_token_validity = "60"
name = "fam_console"
prevent_user_existence_errors = "ENABLED"
- read_attributes = "${concat(var.minimum_oidc_attribute_list, ["custom:idp_display_name", "email"])}"
+ read_attributes = concat(var.minimum_oidc_attribute_list, ["custom:idp_display_name", "email", "custom:idp_business_id", "custom:idp_business_name"])
refresh_token_validity = "24"
- supported_identity_providers = [ var.fam_console_idp_name ]
+ supported_identity_providers = [var.fam_console_idp_name, var.fam_console_idp_name_bceid]
token_validity_units {
access_token = "minutes"
@@ -27,7 +27,7 @@ resource "aws_cognito_user_pool_client" "fam_console_oidc_client" {
}
user_pool_id = aws_cognito_user_pool.fam_user_pool.id
- write_attributes = "${concat(var.minimum_oidc_attribute_list, ["custom:idp_display_name", "email"])}"
+ write_attributes = concat(var.minimum_oidc_attribute_list, ["custom:idp_display_name", "email", "custom:idp_business_id", "custom:idp_business_name"])
depends_on = [
aws_cognito_identity_provider.dev_idir_oidc_provider,
@@ -56,4 +56,4 @@ resource "aws_secretsmanager_secret" "fam_oidc_client_id_secret" {
resource "aws_secretsmanager_secret_version" "fam_oidc_client_id_secret_version" {
secret_id = aws_secretsmanager_secret.fam_oidc_client_id_secret.id
secret_string = aws_cognito_user_pool_client.fam_console_oidc_client.id
-}
\ No newline at end of file
+}
diff --git a/infrastructure/server/outputs.tf b/infrastructure/server/outputs.tf
index 6df7e7fa5..47614664e 100644
--- a/infrastructure/server/outputs.tf
+++ b/infrastructure/server/outputs.tf
@@ -50,4 +50,9 @@ output "target_env" {
output "fam_console_idp_name" {
description = "Identifies which version of IDIR to use (DEV, TEST, or PROD)"
value = var.fam_console_idp_name
+}
+
+output "fam_console_idp_name_bceid" {
+ description = "Identifies which version of BUSINESS BCEID to use (DEV, TEST, or PROD)"
+ value = var.fam_console_idp_name_bceid
}
\ No newline at end of file
diff --git a/infrastructure/server/variables_provided.tf b/infrastructure/server/variables_provided.tf
index 69d236779..8bd9ca7ea 100644
--- a/infrastructure/server/variables_provided.tf
+++ b/infrastructure/server/variables_provided.tf
@@ -238,6 +238,11 @@ variable "fam_console_idp_name" {
type = string
}
+variable "fam_console_idp_name_bceid" {
+ description = "Identifies which version of BUSINESS BCEID to use (DEV, TEST, or PROD)"
+ type = string
+}
+
variable "minimum_oidc_attribute_list" {
description = "Required fields for FAM clients to be able to read and write"
type = list(string)
diff --git a/server/admin_management/api/app/jwt_validation.py b/server/admin_management/api/app/jwt_validation.py
index ff51ea73b..9c3191784 100644
--- a/server/admin_management/api/app/jwt_validation.py
+++ b/server/admin_management/api/app/jwt_validation.py
@@ -184,7 +184,6 @@ def validate_token(
def authorize(claims: dict = Depends(validate_token)) -> dict:
-
if JWT_GROUPS_KEY not in claims or len(claims[JWT_GROUPS_KEY]) == 0:
raise HTTPException(
status_code=403,
@@ -211,3 +210,9 @@ def get_request_cognito_user_id(claims: dict = Depends(authorize)):
cognito_username = claims[COGNITO_USERNAME_KEY]
LOGGER.debug(f"Current requester's cognito_username for API: {cognito_username}")
return cognito_username
+
+
+def get_request_cognito_user_id_without_access_check(claims: dict = Depends(validate_token)):
+ cognito_username = claims[COGNITO_USERNAME_KEY]
+ LOGGER.debug(f"Current requester's cognito_username for API: {cognito_username}")
+ return cognito_username
diff --git a/server/admin_management/api/app/routers/router_admin_user_accesses.py b/server/admin_management/api/app/routers/router_admin_user_accesses.py
index a5338dbc1..d456c44cc 100644
--- a/server/admin_management/api/app/routers/router_admin_user_accesses.py
+++ b/server/admin_management/api/app/routers/router_admin_user_accesses.py
@@ -1,7 +1,6 @@
import logging
-from api.app.jwt_validation import authorize
-from api.app.routers.router_guards import get_current_requester
+from api.app.routers.router_guards import get_current_requester_without_access_check
from api.app.routers.router_utils import admin_user_access_service_instance
from api.app.schemas import AdminUserAccessResponse, Requester
from api.app.services.admin_user_access_service import AdminUserAccessService
@@ -16,13 +15,15 @@
"",
response_model=AdminUserAccessResponse,
status_code=200,
- dependencies=[Depends(authorize)],
name="Admin user access privilege",
description="Access privilege for logged on admin user for what applications/roles(scoped) the user can grant.",
)
async def get_admin_user_access(
- requester: Requester = Depends(get_current_requester), # Internally Requester already has basic token claim validated.
+ requester: Requester = Depends(
+ get_current_requester_without_access_check
+ ), # the get_admin_user_access API don't require user has any access, it will return what access the user has
admin_user_access_service: AdminUserAccessService = Depends(
- admin_user_access_service_instance),
+ admin_user_access_service_instance
+ ),
):
return admin_user_access_service.get_access_grants(requester.user_id)
diff --git a/server/admin_management/api/app/routers/router_guards.py b/server/admin_management/api/app/routers/router_guards.py
index 4c3736d4c..f51c9e042 100644
--- a/server/admin_management/api/app/routers/router_guards.py
+++ b/server/admin_management/api/app/routers/router_guards.py
@@ -9,6 +9,7 @@
get_access_roles,
get_request_cognito_user_id,
validate_token,
+ get_request_cognito_user_id_without_access_check,
)
from api.app.schemas import Requester, TargetUser, FamAppAdminCreateRequest
from api.app.constants import AdminRoleAuthGroup, UserType
@@ -66,6 +67,8 @@ def authorize_by_fam_admin(claims: dict = Depends(validate_token)):
)
+# for app admin and FAM admin, we require the access group in the token
+# the get_request_cognito_user_id will check the access in the token
async def get_current_requester(
request_cognito_user_id: str = Depends(get_request_cognito_user_id),
access_roles=Depends(get_access_roles),
@@ -83,6 +86,26 @@ async def get_current_requester(
return requester
+# for delegated admin, there is no access group in the token, our auth lambda function only add app admin to the token
+# get_request_cognito_user_id_without_access_check will return the requester without checking the access group in the token
+# this should only used by the get_admin_user_access API, all other APIs require admin access in the token
+async def get_current_requester_without_access_check(
+ request_cognito_user_id: str = Depends(
+ get_request_cognito_user_id_without_access_check
+ ),
+ user_service: UserService = Depends(user_service_instance),
+):
+ fam_user: FamUser = user_service.get_user_by_cognito_user_id(
+ request_cognito_user_id
+ )
+ if fam_user is None:
+ raise no_requester_exception
+
+ requester = Requester.model_validate(fam_user)
+ LOGGER.debug(f"Current request user (requester): {requester}")
+ return requester
+
+
# Note!!
# currently to take care of different scenarios (id or fields needed in path/param/body)
# to find target user, will only consider request "path_params" and for "body"(json) for PUT/POST.
diff --git a/server/admin_management/tests/jwt_utils.py b/server/admin_management/tests/jwt_utils.py
index 364e01c0e..2ec04a69d 100644
--- a/server/admin_management/tests/jwt_utils.py
+++ b/server/admin_management/tests/jwt_utils.py
@@ -11,7 +11,7 @@
COGNITO_USER_POOL_DOMAIN = os.environ.get("COGNITO_USER_POOL_DOMAIN")
IDP_USER_GUID = "b5ecdb094dfb4149a6a8445a0mangled"
-COGNITO_USERNAME = f"dev-idir_{IDP_USER_GUID}@idir"
+COGNITO_USERNAME = f"test-idir_{IDP_USER_GUID}@idir"
IDIR_USERNAME = "COGUSTAF"
diff --git a/server/backend/testspg/jwt_utils.py b/server/backend/testspg/jwt_utils.py
index 02ef95894..76bd308b9 100644
--- a/server/backend/testspg/jwt_utils.py
+++ b/server/backend/testspg/jwt_utils.py
@@ -9,7 +9,7 @@
COGNITO_USER_POOL_DOMAIN = os.environ.get('COGNITO_USER_POOL_DOMAIN')
IDP_USER_GUID = "b5ecdb094dfb4149a6a8445a0mangled"
-COGNITO_USERNAME = F"dev-idir_{IDP_USER_GUID}@idir"
+COGNITO_USERNAME = F"test-idir_{IDP_USER_GUID}@idir"
IDIR_USERNAME = "COGUSTAF"
diff --git a/server/flyway/local_sql/V1000__update_test_user_cognito_id.sql b/server/flyway/local_sql/V1000__update_test_user_cognito_id.sql
index b006a1ad8..aeb7ea12e 100644
--- a/server/flyway/local_sql/V1000__update_test_user_cognito_id.sql
+++ b/server/flyway/local_sql/V1000__update_test_user_cognito_id.sql
@@ -2,6 +2,6 @@
-- run the API locally, copy
UPDATE app_fam.fam_user
-SET cognito_user_id = 'dev-idir_b5ecdb094dfb4149a6a8445a0mangled@idir'
+SET cognito_user_id = 'test-idir_b5ecdb094dfb4149a6a8445a0mangled@idir'
WHERE user_name = 'COGUSTAF';
diff --git a/server/flyway/local_sql/sample_V1001__add_local_user_cognito_id.sql b/server/flyway/local_sql/sample_V1001__add_local_user_cognito_id.sql
index ba3e160b0..afa7f6f01 100644
--- a/server/flyway/local_sql/sample_V1001__add_local_user_cognito_id.sql
+++ b/server/flyway/local_sql/sample_V1001__add_local_user_cognito_id.sql
@@ -1,6 +1,6 @@
-- This is a script to add local developers into FAM DB with their cognito user
--- IDs. When the correct values are in the DB, the JWT from the DEV-IDIR domain
--- in Cognito (from the FAM DEV environment) can be used to log into FAM and
+-- IDs. When the correct values are in the DB, the JWT from the TEST-IDIR domain
+-- in Cognito (from the FAM DEV environment, we use TEST-IDIR identity provider in local and dev environment) can be used to log into FAM and
-- the API logic that depends on finding the "requestor" still works.
-- For this script to run, the name of the file needs to match the flyway
@@ -17,19 +17,19 @@
-- These users are already in the DB from an early production flyway script
UPDATE app_fam.fam_user
-SET cognito_user_id = 'dev-idir_b5ecdb094dmangledmangled@idir'
+SET cognito_user_id = 'test-idir_b5ecdb094dmangledmangled@idir'
WHERE user_name = 'COGUSTAF';
UPDATE app_fam.fam_user
-SET cognito_user_id = 'dev-idir_0171bed26ffmanglede20651d1ee01@idir'
+SET cognito_user_id = 'test-idir_0171bed26ffmanglede20651d1ee01@idir'
WHERE user_name = 'BVANDEGR';
UPDATE app_fam.fam_user
-SET cognito_user_id = 'dev-idir_e72a12c916amangled9e5dcdffae7@idir'
+SET cognito_user_id = 'test-idir_e72a12c916amangled9e5dcdffae7@idir'
WHERE user_name = 'IANLIU';
UPDATE app_fam.fam_user
-SET cognito_user_id = 'dev-idir_eb65e9d782mangledc7d7f9b1@idir'
+SET cognito_user_id = 'test-idir_eb65e9d782mangledc7d7f9b1@idir'
WHERE user_name = 'PTOLLEST';
-- These users were never added through a script
@@ -42,8 +42,8 @@ INSERT INTO app_fam.fam_user (
)
VALUES
-('JFERREIR','I','dev-idir_278f48bd9mangledf7e618d@idir',CURRENT_USER),
-('NSAGLION','I','dev-idir_3f1414bd1mangled18a1293c40@idir',CURRENT_USER),
-('CMENG','I','dev-idir_a9888e8ac6a04mangled35df625bf@idir',CURRENT_USER),
-('OLIBERCH','I','dev-idir_b7e191fa11dmangled9df1854b71@idir',CURRENT_USER);
+('JFERREIR','I','test-idir_278f48bd9mangledf7e618d@idir',CURRENT_USER),
+('NSAGLION','I','test-idir_3f1414bd1mangled18a1293c40@idir',CURRENT_USER),
+('CMENG','I','test-idir_a9888e8ac6a04mangled35df625bf@idir',CURRENT_USER),
+('OLIBERCH','I','test-idir_b7e191fa11dmangled9df1854b71@idir',CURRENT_USER);
diff --git a/terraform/dev/terragrunt.hcl b/terraform/dev/terragrunt.hcl
index ba0fb547a..49dc3fe90 100644
--- a/terraform/dev/terragrunt.hcl
+++ b/terraform/dev/terragrunt.hcl
@@ -36,10 +36,11 @@ generate "dev_tfvars" {
"https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/"
]
fam_logout_urls = [
- "${local.common_vars.inputs.idp_logout_chain_dev_url}https://fam-dev.nrs.gov.bc.ca",
- "${local.common_vars.inputs.idp_logout_chain_dev_url}http://localhost:5173"
+ "${local.common_vars.inputs.idp_logout_chain_test_url}https://fam-dev.nrs.gov.bc.ca",
+ "${local.common_vars.inputs.idp_logout_chain_test_url}http://localhost:5173"
]
- fam_console_idp_name = "DEV-IDIR"
+ fam_console_idp_name = "TEST-IDIR"
+ fam_console_idp_name_bceid = "TEST-BCEIDBUSINESS"
forest_client_api_base_url = "https://nr-forest-client-api-test.api.gov.bc.ca"
use_override_proxy_endpoints = true
dev_override_bcsc_userinfo_proxy_endpoint = "https://c727z9v3cc.execute-api.ca-central-1.amazonaws.com/v1/bcsc/userinfo/dev"
diff --git a/terraform/prod/terragrunt.hcl b/terraform/prod/terragrunt.hcl
index 6ef902b7b..41e6ee0dc 100644
--- a/terraform/prod/terragrunt.hcl
+++ b/terraform/prod/terragrunt.hcl
@@ -36,6 +36,7 @@ generate "prod_tfvars" {
"${local.common_vars.inputs.idp_logout_chain_prod_url}https://fam.nrs.gov.bc.ca",
]
fam_console_idp_name = "PROD-IDIR"
+ fam_console_idp_name_bceid = "PROD-BCEIDBUSINESS"
forest_client_api_base_url = "https://nr-forest-client-api-prod.api.gov.bc.ca/"
use_override_proxy_endpoints = false
idim_proxy_api_base_url = "https://nr-fam-idim-lookup-proxy-prod-backend.apps.silver.devops.gov.bc.ca"
diff --git a/terraform/test/terragrunt.hcl b/terraform/test/terragrunt.hcl
index ab998cd68..3a5ad6f1a 100644
--- a/terraform/test/terragrunt.hcl
+++ b/terraform/test/terragrunt.hcl
@@ -37,6 +37,7 @@ generate "test_tfvars" {
"${local.common_vars.inputs.idp_logout_chain_test_url}http://localhost:5173"
]
fam_console_idp_name = "TEST-IDIR"
+ fam_console_idp_name_bceid = "TEST-BCEIDBUSINESS"
forest_client_api_base_url = "https://nr-forest-client-api-test.api.gov.bc.ca"
use_override_proxy_endpoints = false
idim_proxy_api_base_url = "https://nr-fam-idim-lookup-proxy-test-backend.apps.silver.devops.gov.bc.ca"
diff --git a/terraform/tools/terragrunt.hcl b/terraform/tools/terragrunt.hcl
index 132c2f8d4..3849b7cad 100644
--- a/terraform/tools/terragrunt.hcl
+++ b/terraform/tools/terragrunt.hcl
@@ -37,10 +37,11 @@ generate "tools_tfvars" {
"https://oidcdebugggersecure-c6af30-dev.apps.gold.devops.gov.bc.ca/"
]
fam_logout_urls = [
- "${local.common_vars.inputs.idp_logout_chain_tools_url}https://fam-tools.nrs.gov.bc.ca",
- "${local.common_vars.inputs.idp_logout_chain_tools_url}http://localhost:5173"
+ "${local.common_vars.inputs.idp_logout_chain_test_url}https://fam-tools.nrs.gov.bc.ca",
+ "${local.common_vars.inputs.idp_logout_chain_test_url}http://localhost:5173"
]
- fam_console_idp_name = "DEV-IDIR"
+ fam_console_idp_name = "TEST-IDIR"
+ fam_console_idp_name_bceid = "TEST-BCEIDBUSINESS"
forest_client_api_base_url = "https://nr-forest-client-api-test.api.gov.bc.ca"
use_override_proxy_endpoints = true
dev_override_bcsc_userinfo_proxy_endpoint = "https://c727z9v3cc.execute-api.ca-central-1.amazonaws.com/v1/bcsc/userinfo/dev"