Move DSS whitelist to AWS Secrets Manager or Auth0

[mweiden]

User Story

• As an operator of the DSS
• I would like the whitelist secrets to be stored in AWS Secrets Manager or Auth0
• so that no sensitive identifiers are stored in the repository and that others can deploy the code without inheriting vestigial configuration.

Definition of done

• Access to subscriptions are stored in DSS_SUBSCRIPTION_AUTHORIZED_DOMAINS_ARRAY are removed or stored in Secrets Manager (removal case depends on Any logged in user with a valid email address should be able to subscribe #1486)
• Admin user emails (ADMIN_USER_EMAILS) are stored in AWS Secrets Manager

[Bento007]

When deploying changes to auth0 import the whitelisted email domain and admin email from secrets and add it to the rules.

[Bento007]

removed DSS_SUBSCRIPTION_AUTHORIZED_DOMAINS_ARRAY variable

[Bento007]

Where do we currently store admin-emails?

[Bento007]

Change admin list to a group and store in auth0

[mweiden]

@Bento007 this is where it's used: https://github.com/HumanCellAtlas/data-store/blob/master/dss/api/bundles/__init__.py#L243-L244

[Bento007]

I need to check of this is actually need considering we have dcp-infra which maintains a whitelist of admin users.

[Bento007]

I need to close this and create new tickets to remove the admin operations from the API.

[Bento007]

See #1736