fix(infra): add TRUSTED_IAM_ISSUER to lambda env (#418)

* fix(infra): add TRUSTED_IAM_ISSUER to lambda env * fix(infra): pass trusted iam issuer as env variable
passportxyz · Oct 10, 2023 · ad3849a · ad3849a
1 parent 9cd85f6
commit ad3849a
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/.github/workflows/api-promote-prod.yml b/.github/workflows/api-promote-prod.yml
@@ -309,6 +309,9 @@ jobs:
           DB_NAME: ${{ secrets.DB_NAME }}
           DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
 
+          # TODO: pull for secrets manager or use this instead of secrets manage value
+          TRUSTED_IAM_ISSUER: ${{ secrets.TRUSTED_IAM_ISSUER }}
+
           REDASH_DB_NAME: ${{ secrets.REDASH_DB_NAME }}
           REDASH_DB_PASSWORD: ${{ secrets.REDASH_DB_PASSWORD }}
           REDASH_DB_USER: ${{ secrets.REDASH_DB_USER }}

diff --git a/.github/workflows/api-promote-staging.yml b/.github/workflows/api-promote-staging.yml
@@ -315,6 +315,9 @@ jobs:
           DB_NAME: ${{ secrets.DB_NAME_STAGING }}
           DB_PASSWORD: ${{ secrets.DB_PASSWORD_STAGING }}
 
+          # TODO: pull for secrets manager or use this instead of secrets manage value
+          TRUSTED_IAM_ISSUER: ${{ secrets.TRUSTED_IAM_ISSUER }}
+
           REDASH_DB_NAME: ${{ secrets.REDASH_DB_NAME }}
           REDASH_DB_PASSWORD: ${{ secrets.REDASH_DB_PASSWORD }}
           REDASH_DB_USER: ${{ secrets.REDASH_DB_USER }}

diff --git a/infra/prod/index.ts b/infra/prod/index.ts
@@ -1358,11 +1358,18 @@ createIndexerService(
 );
 
 export const dockerGtcSubmitPassportLambdaImage = `${process.env["DOCKER_GTC_SUBMIT_PASSPORT_LAMBDA_IMAGE"]}`;
+const trustedIAMIssuer = `${process.env["TRUSTED_IAM_ISSUER"]}`;
 
 buildLambdaFn(
   httpsListener,
   dockerGtcSubmitPassportLambdaImage,
   privateSubnetSecurityGroup,
   vpcPrivateSubnetIds,
-  environment
+  [
+    ...environment,
+    {
+      name: "TRUSTED_IAM_ISSUER",
+      value: trustedIAMIssuer,
+    },
+  ]
 );
diff --git a/infra/staging/index.ts b/infra/staging/index.ts
@@ -466,13 +466,20 @@ const scorerServiceRegistrySubmitPassport = createScorerECSService(
 );
 
 export const dockerGtcSubmitPassportLambdaImage = `${process.env["DOCKER_GTC_SUBMIT_PASSPORT_LAMBDA_IMAGE"]}`;
+const trustedIAMIssuer = `${process.env["TRUSTED_IAM_ISSUER"]}`;
 
 buildLambdaFn(
   httpsListener,
   dockerGtcSubmitPassportLambdaImage,
   privateSubnetSecurityGroup,
   vpcPrivateSubnetIds,
-  environment
+  [
+    ...environment,
+    {
+      name: "TRUSTED_IAM_ISSUER",
+      value: trustedIAMIssuer,
+    },
+  ]
 );
 
 //////////////////////////////////////////////////////////////