go>> dataworks-cognito>> 返回
项目作者: dwp

项目描述 :
Centralised infrastructure for Cognito
高级语言: HCL
项目地址: git://github.com/dwp/dataworks-cognito.git
创建时间: 2020-09-18T07:09:03Z
项目社区:https://github.com/dwp/dataworks-cognito
开源协议:ISC License
下载


DO NOT USE THIS REPO - MIGRATED TO GITLAB

dataworks-cognito

Centralised infrastructure for Cognito

This repo mangages the infrastrucutre for AWS Cognito. It holds the user pool known as concourse which offers managed authentication for DataWorks services, namely Concourse and Grafana.

The users are managed useing AWS SecretsManager, and can be found here. This is managed within JSON, and passed through a pipeline which checks for various flags being set and carrying out the relevant actions. See below:

User management:

  1.         {
  2.             "username": "myusername",
  3.             "email": "firstname.surname@engineering.digital.dwp.gov.uk",
  4.             "phone": "+441234567890",
  5.             "groups": [
  6.                 "dataworks", <-- Grants access to Concourse.  Omit this to remove access.
  7.                 "grafana-editor" <-- Grants access to Grafana.  Omit this to remove access.
  8.             ],
  9.             "disabled": "false", <-- Setting this to true, removes the user from the Cognito userpool.
  10.             "reset": "false" <-- Setting this to true, causes Cognito to email the user with a new temporary password.  n.b. This only works if the user has entered the first temporary password, and set their own password.  If not, the user will need to be removed from the user pool and re-added.
  11.         }

You cannot remove a user from the JSON without setting them to "disabled": "true", creating a PR, merging and running the pipeline. All that will do is remove the user from the JSON. They, and their access, will remain in Cognito.