Restore previous secrets and update cfn parameter (#512)

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
opensearch-project · Nov 27, 2024 · 29245f3 · 29245f3
1 parent fcb84d1
commit 29245f3
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/lib/ci-config-stack.ts b/lib/ci-config-stack.ts
@@ -21,6 +21,8 @@ export class CIConfigStack extends Stack {
 
   static readonly REDIRECT_URL_SECRET_EXPORT_VALUE: string = 'redirectUrlSecret';
 
+  static readonly OIDC_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE: string = 'OIDCConfigValueSecret';
+
   static readonly AUTH_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE: string = 'authConfigValueSecret';
 
   static readonly CASC_RELOAD_TOKEN_SECRET_EXPORT_VALUE: string = 'casc';
@@ -43,10 +45,12 @@ export class CIConfigStack extends Stack {
     const redirectUrlSecret = new Secret(this, 'redirectUrl', {
       description: 'Redirect url for Jenkins',
     });
+    const OIDCConfigValuesSecret = new Secret(this, 'OIDCConfigValues', {
+      description: 'OIDC params in JSON format',
+    });
     const authConfigValuesSecret = new Secret(this, 'authConfigValues', {
       description: 'Auth credentials in JSON format',
     });
-
     const CascReloadTokenValuesSecret = new Secret(this, 'CascReloadTokenValue', {
       description: 'Reload token (password) required for configuration as code plugin',
     });
@@ -76,6 +80,11 @@ export class CIConfigStack extends Stack {
       exportName: CIConfigStack.REDIRECT_URL_SECRET_EXPORT_VALUE,
     });
 
+    new CfnOutput(this, 'OIDCConfigValuesSecret', {
+      value: OIDCConfigValuesSecret.secretArn,
+      exportName: CIConfigStack.OIDC_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE,
+    });
+
     new CfnOutput(this, 'authConfigValuesSecret', {
       value: authConfigValuesSecret.secretArn,
       exportName: CIConfigStack.AUTH_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE,

diff --git a/lib/ci-stack.ts b/lib/ci-stack.ts
@@ -31,7 +31,7 @@ export interface CIStackProps extends StackProps {
   /** Should the Jenkins use https  */
   readonly useSsl?: boolean;
   /** Type of login mechanism to adopt */
-  readonly authType?:string;
+  readonly authType?: string;
   /** Restrict jenkins access to */
   readonly restrictServerAccessTo?: IPeer;
   /** Additional verification during deployment and resource startup. */
@@ -123,8 +123,8 @@ export class CIStack extends Stack {
     const additionalCommandsContext = `${props?.additionalCommands ?? this.node.tryGetContext('additionalCommands')}`;
 
     // Setting CfnParameters to record the value in cloudFormation
-    new CfnParameter(this, 'runWithOidc', {
-      description: 'If the jenkins instance should use OIDC + federate',
+    new CfnParameter(this, 'authType', {
+      description: 'Auth type for jenkins login',
       default: authType,
     });