Merge pull request #401 from NEU-DSG/lambda-assign-users-to-group-fro…

…m-list Lambda-assign-users-to-group-from-list
NEU-DSG · Feb 9, 2024 · cab187f · cab187f
2 parents f2d424b + a5fc97b
commit cab187f
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 0 deletions.
diff --git a/flake.nix b/flake.nix
@@ -86,6 +86,8 @@
               mkdir -p $out
               cp -f ${targetPackage}/bin/dailp-graphql $out/bootstrap
               zip -j $out/dailp-graphql.zip $out/bootstrap
+              cp -f ${targetPackage}/bin/auth-post-confirmation $out/bootstrap
+              zip -j $out/auth-post-confirmation.zip $out/bootstrap
             '';
           };
         terraformConfig = pkgs.writeTextFile {

diff --git a/terraform/auth-functions.nix b/terraform/auth-functions.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+let 
+  prefixName = import ./utils.nix { stage = config.setup.stage; };
+in {
+  config.resource = {
+    aws_lambda_function.post_confirmation_event = {
+      function_name = "dailp_post_user_confirmation";
+      role = "$\{aws_iam_role.lambda_exec.arn}";
+      architectures = [ "x86_64" ];
+      description = ''
+        To be invoked by Cognito on PostConfirmation. 
+        Adds a user to a group if their email is in a predefined list.
+      '';
+      environment.variables = {
+        DAILP_AWS_REGION = builtins.getEnv "DAILP_AWS_REGION";
+        GOOGLE_API_KEY = builtins.getEnv "GOOGLE_API_KEY";
+        DAILP_USER_POOL = builtins.getEnv "DAILP_USER_POOL";
+      };
+      filename = "${config.functions.package_path}/dailp-auth-post-confirmation.zip";
+      handler="function_handler";
+      runtime="provided.al2";
+      timeout=60;
+    };
+
+    aws_lambda_permission.allow_cognito_invocation = {
+      action = "lambda:InvokeFunction";
+      function_name = "$\{aws_lambda_function.post_confirmation_event.function_name}";
+      principal = "cognito-idp.amazonaws.com";
+      source_arn = "$\{aws_cognito_user_pool.main.arn}";
+    };
+  };
+}
diff --git a/terraform/auth.nix b/terraform/auth.nix
@@ -21,6 +21,9 @@ in {
           You can access the confirmation page at https://${subdomain}dailp.northeastern.edu/auth/confirmation
         '';
       };
+      lambda_config = {
+        post_confirmation = "\${aws_lambda_function.post_confirmation_event.arn}";
+      };
     };
     aws_cognito_user_pool_client.main = {
       name = prefixName "user-pool-client";

diff --git a/terraform/functions-base.nix b/terraform/functions-base.nix
@@ -8,6 +8,7 @@ in {
       managed_policy_arns = [
         "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
       ];
+
       assume_role_policy = ''
         {
           "Version": "2012-10-17",

diff --git a/terraform/main.nix b/terraform/main.nix
@@ -19,6 +19,7 @@ in {
     ./bootstrap.nix
     ./functions.nix
     ./auth.nix
+    ./auth-functions.nix
     ./website.nix
     ./nu-tags.nix
     ./database-sql.nix