From 29245f3ee88cb89d59c8ecb1d097b04224a418e8 Mon Sep 17 00:00:00 2001
From: Sayali Gaikawad <61760125+gaiksaya@users.noreply.github.com>
Date: Wed, 27 Nov 2024 13:16:45 -0800
Subject: [PATCH] Restore previous secrets and update cfn parameter (#512)

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
---
 lib/ci-config-stack.ts | 11 ++++++++++-
 lib/ci-stack.ts        |  6 +++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/lib/ci-config-stack.ts b/lib/ci-config-stack.ts
index a55fbf4..91a79cc 100644
--- a/lib/ci-config-stack.ts
+++ b/lib/ci-config-stack.ts
@@ -21,6 +21,8 @@ export class CIConfigStack extends Stack {
 
   static readonly REDIRECT_URL_SECRET_EXPORT_VALUE: string = 'redirectUrlSecret';
 
+  static readonly OIDC_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE: string = 'OIDCConfigValueSecret';
+
   static readonly AUTH_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE: string = 'authConfigValueSecret';
 
   static readonly CASC_RELOAD_TOKEN_SECRET_EXPORT_VALUE: string = 'casc';
@@ -43,10 +45,12 @@ export class CIConfigStack extends Stack {
     const redirectUrlSecret = new Secret(this, 'redirectUrl', {
       description: 'Redirect url for Jenkins',
     });
+    const OIDCConfigValuesSecret = new Secret(this, 'OIDCConfigValues', {
+      description: 'OIDC params in JSON format',
+    });
     const authConfigValuesSecret = new Secret(this, 'authConfigValues', {
       description: 'Auth credentials in JSON format',
     });
-
     const CascReloadTokenValuesSecret = new Secret(this, 'CascReloadTokenValue', {
       description: 'Reload token (password) required for configuration as code plugin',
     });
@@ -76,6 +80,11 @@ export class CIConfigStack extends Stack {
       exportName: CIConfigStack.REDIRECT_URL_SECRET_EXPORT_VALUE,
     });
 
+    new CfnOutput(this, 'OIDCConfigValuesSecret', {
+      value: OIDCConfigValuesSecret.secretArn,
+      exportName: CIConfigStack.OIDC_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE,
+    });
+
     new CfnOutput(this, 'authConfigValuesSecret', {
       value: authConfigValuesSecret.secretArn,
       exportName: CIConfigStack.AUTH_CONFIGURATION_VALUE_SECRET_EXPORT_VALUE,
diff --git a/lib/ci-stack.ts b/lib/ci-stack.ts
index c098486..1772414 100644
--- a/lib/ci-stack.ts
+++ b/lib/ci-stack.ts
@@ -31,7 +31,7 @@ export interface CIStackProps extends StackProps {
   /** Should the Jenkins use https  */
   readonly useSsl?: boolean;
   /** Type of login mechanism to adopt */
-  readonly authType?:string;
+  readonly authType?: string;
   /** Restrict jenkins access to */
   readonly restrictServerAccessTo?: IPeer;
   /** Additional verification during deployment and resource startup. */
@@ -123,8 +123,8 @@ export class CIStack extends Stack {
     const additionalCommandsContext = `${props?.additionalCommands ?? this.node.tryGetContext('additionalCommands')}`;
 
     // Setting CfnParameters to record the value in cloudFormation
-    new CfnParameter(this, 'runWithOidc', {
-      description: 'If the jenkins instance should use OIDC + federate',
+    new CfnParameter(this, 'authType', {
+      description: 'Auth type for jenkins login',
       default: authType,
     });