feat: expose additional OIDC scope settings (cloudposse#73)

* feat: expose additional OIDC scope settings * fix: regenerate README after updating harness
johnB96 · Oct 12, 2020 · 21cf369 · 21cf369
1 parent 45b79e1
commit 21cf369
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -174,13 +174,15 @@ Available targets:
 | alb\_target\_group\_alarms\_response\_time\_threshold | The maximum ALB Target Group response time | `number` | `0.5` | no |
 | assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no |
 | attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no |
+| authentication\_cognito\_scope | Cognito scope | `list(string)` | `[]` | no |
 | authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
 | authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no |
 | authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no |
 | authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no |
 | authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no |
+| authentication\_oidc\_scope | OIDC scope | `list(string)` | `[]` | no |
 | authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no |
 | authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no |
 | authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no |

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -48,13 +48,15 @@
 | alb\_target\_group\_alarms\_response\_time\_threshold | The maximum ALB Target Group response time | `number` | `0.5` | no |
 | assign\_public\_ip | Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false` | `bool` | `false` | no |
 | attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no |
+| authentication\_cognito\_scope | Cognito scope | `list(string)` | `[]` | no |
 | authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
 | authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no |
 | authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no |
 | authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no |
 | authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no |
+| authentication\_oidc\_scope | OIDC scope | `list(string)` | `[]` | no |
 | authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no |
 | authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no |
 | authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no |

diff --git a/main.tf b/main.tf
@@ -27,7 +27,7 @@ resource "aws_cloudwatch_log_group" "app" {
 }
 
 module "alb_ingress" {
-  source                       = "git::https://github.com/cloudposse/terraform-aws-alb-ingress.git?ref=tags/0.13.2"
+  source                       = "git::https://github.com/cloudposse/terraform-aws-alb-ingress.git?ref=tags/0.14.0"
   name                         = var.name
   namespace                    = var.namespace
   stage                        = var.stage
@@ -56,12 +56,14 @@ module "alb_ingress" {
   authentication_cognito_user_pool_arn       = var.authentication_cognito_user_pool_arn
   authentication_cognito_user_pool_client_id = var.authentication_cognito_user_pool_client_id
   authentication_cognito_user_pool_domain    = var.authentication_cognito_user_pool_domain
+  authentication_cognito_scope               = var.authentication_cognito_scope
   authentication_oidc_client_id              = var.authentication_oidc_client_id
   authentication_oidc_client_secret          = var.authentication_oidc_client_secret
   authentication_oidc_issuer                 = var.authentication_oidc_issuer
   authentication_oidc_authorization_endpoint = var.authentication_oidc_authorization_endpoint
   authentication_oidc_token_endpoint         = var.authentication_oidc_token_endpoint
   authentication_oidc_user_info_endpoint     = var.authentication_oidc_user_info_endpoint
+  authentication_oidc_scope                  = var.authentication_oidc_scope
 }
 
 module "container_definition" {

diff --git a/variables.tf b/variables.tf
@@ -833,6 +833,12 @@ variable "authentication_cognito_user_pool_domain" {
   default     = ""
 }
 
+variable "authentication_cognito_scope" {
+  type        = list(string)
+  description = "Cognito scope"
+  default     = []
+}
+
 variable "authentication_oidc_client_id" {
   type        = string
   description = "OIDC Client ID"
@@ -869,6 +875,12 @@ variable "authentication_oidc_user_info_endpoint" {
   default     = ""
 }
 
+variable "authentication_oidc_scope" {
+  type        = list(string)
+  description = "OIDC scope"
+  default     = []
+}
+
 variable "codepipeline_build_compute_type" {
   type        = string
   default     = "BUILD_GENERAL1_SMALL"