From 9acfbc0c8ee95b16bef3cff33c5976ed546a5e43 Mon Sep 17 00:00:00 2001 From: jaskaransarkaria Date: Tue, 22 Oct 2024 14:57:13 +0100 Subject: [PATCH 1/2] =?UTF-8?q?style:=20=F0=9F=92=84=20cleanup=20auth0=20r?= =?UTF-8?q?ules?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- add-github-teams-to-saml-mappings.js | 49 ---------------------------- auth0.tf | 11 ------- 2 files changed, 60 deletions(-) delete mode 100644 add-github-teams-to-saml-mappings.js diff --git a/add-github-teams-to-saml-mappings.js b/add-github-teams-to-saml-mappings.js deleted file mode 100644 index 49c7536..0000000 --- a/add-github-teams-to-saml-mappings.js +++ /dev/null @@ -1,49 +0,0 @@ -function(user, context, callback) { - var request = require('request'); - - if(context.connection === 'github'){ - var awsAccount = configuration.AWS_ACCOUNT_ID; - var samlProvider = configuration.AWS_SAML_PROVIDER_NAME; - var rolePrefix = 'arn:aws:iam::' + awsAccount; - var role = 'access-via-github'; - var samlIdP = rolePrefix + ':saml-provider/' + samlProvider; - // Get user's Github profile and API access key - var github_identity = _.find(user.identities, { connection: 'github' }); - // Get list of user's Github teams - var teams_req = { - url: 'https://api.github.com/user/teams', - headers: { - 'Authorization': 'token ' + github_identity.access_token, - 'User-Agent': 'request' - } - }; - request(teams_req, function (err, resp, body) { - if (resp.statusCode !== 200) { - return callback(new Error('Error retrieving teams from GitHub: ' + body || err)); - } - user.awsRoleSession = user.nickname; - user.awsTagKeys = ['GithubTeam']; - var git_teams = JSON.parse(body).map(function (team) { - if (team.organization.login === "ministryofjustice") { - return team.slug; - } - }).filter(function(team) { - if(team === "all-org-members") { - return false; - } - return team; - }); - user.GithubTeam = ":" + git_teams.join(":") + ":"; - user.awsRole = rolePrefix + ':role/' + role + "," + samlIdP; - context.samlConfiguration.mappings = { - 'https://aws.amazon.com/SAML/Attributes/Role': 'awsRole', - 'https://aws.amazon.com/SAML/Attributes/RoleSessionName': 'awsRoleSession', - 'https://aws.amazon.com/SAML/Attributes/PrincipalTag:GithubTeam': 'GithubTeam' - }; - return callback(null, user, context); - - }); - } else { - return callback(null, user, context); - } -} diff --git a/auth0.tf b/auth0.tf index 4311977..ed6d9cf 100644 --- a/auth0.tf +++ b/auth0.tf @@ -29,17 +29,6 @@ resource "auth0_client" "saml" { } -resource "auth0_rule" "saml_mappings" { - name = "add-github-teams-to-saml-mappings" - script = file("${path.module}/add-github-teams-to-saml-mappings.js") - enabled = true -} - -resource "auth0_rule_config" "aws_saml_provider_name" { - key = "AWS_SAML_PROVIDER_NAME" - value = var.auth0_tenant_domain -} - resource "auth0_action" "saml_mappings" { name = "add-github-teams-to-aws-saml" code = file( From f0d26cecb6142758e95cd667ffe83d6af5181f3c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 22 Oct 2024 14:16:48 +0000 Subject: [PATCH 2/2] terraform-docs: automated action --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 0644a8c..cdcda2c 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,6 @@ No modules. |------|------| | [auth0_action.saml_mappings](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/action) | resource | | [auth0_client.saml](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/client) | resource | -| [auth0_rule.saml_mappings](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/rule) | resource | -| [auth0_rule_config.aws_saml_provider_name](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/rule_config) | resource | | [aws_iam_policy.api_gateway_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.github_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.github_access_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |