diff --git a/terraform-unity/main.tf b/terraform-unity/main.tf index 8ae47b8..6b816d4 100644 --- a/terraform-unity/main.tf +++ b/terraform-unity/main.tf @@ -58,10 +58,6 @@ module "unity-sps-airflow" { docker_images = var.airflow_docker_images helm_charts = var.helm_charts karpenter_node_pools = module.unity-sps-karpenter-node-config.karpenter_node_pools - cognito_client_id = var.cognito_client_id - cognito_client_secret = var.cognito_client_secret - cognito_base_url = var.cognito_base_url - cognito_user_pool_id = var.cognito_user_pool_id } module "unity-sps-ogc-processes-api" { diff --git a/terraform-unity/modules/terraform-unity-sps-airflow/data.tf b/terraform-unity/modules/terraform-unity-sps-airflow/data.tf index 2e136b5..7b2c197 100644 --- a/terraform-unity/modules/terraform-unity-sps-airflow/data.tf +++ b/terraform-unity/modules/terraform-unity-sps-airflow/data.tf @@ -47,3 +47,19 @@ data "aws_efs_file_system" "efs" { data "aws_ssm_parameter" "ssl_cert_arn" { name = "/unity/account/network/ssl" } + +data "aws_ssm_parameter" "cognito_base_url" { + name = "/unity/shared-services/cognito/domain" +} + +data "aws_ssm_parameter" "cognito_client_id" { + name = "/unity/dev/sps/cognito_client_id" +} + +data "aws_ssm_parameter" "cognito_client_secret" { + name = "/unity/dev/sps/cognito_client_secret" +} + +data "aws_ssm_parameter" "cognito_user_pool_id" { + name = "/unity/cs/security/shared-services-cognito-user-pool/user-pool-id" +} diff --git a/terraform-unity/modules/terraform-unity-sps-airflow/main.tf b/terraform-unity/modules/terraform-unity-sps-airflow/main.tf index 07cbeaa..099f735 100644 --- a/terraform-unity/modules/terraform-unity-sps-airflow/main.tf +++ b/terraform-unity/modules/terraform-unity-sps-airflow/main.tf @@ -386,10 +386,10 @@ resource "helm_release" "airflow" { karpenter_node_pools = join(",", var.karpenter_node_pools) cwl_dag_ecr_uri = "${data.aws_caller_identity.current.account_id}.dkr.ecr.us-west-2.amazonaws.com" webserver_config = indent(4, file("${path.module}/../../../airflow/config/webserver_config.py")) - cognito_client_id = var.cognito_client_id - cognito_client_secret = var.cognito_client_secret - cognito_base_url = var.cognito_base_url - cognito_user_pool_id = var.cognito_user_pool_id + cognito_client_id = data.aws_ssm_parameter.cognito_client_id.value + cognito_client_secret = data.aws_ssm_parameter.cognito_client_secret.value + cognito_base_url = data.aws_ssm_parameter.cognito_base_url.value + cognito_user_pool_id = data.aws_ssm_parameter.cognito_user_pool_id.value }) ] set_sensitive { diff --git a/terraform-unity/modules/terraform-unity-sps-airflow/variables.tf b/terraform-unity/modules/terraform-unity-sps-airflow/variables.tf index 499ba87..3f6ff75 100644 --- a/terraform-unity/modules/terraform-unity-sps-airflow/variables.tf +++ b/terraform-unity/modules/terraform-unity-sps-airflow/variables.tf @@ -76,23 +76,3 @@ variable "karpenter_node_pools" { description = "Names of the Karpenter node pools" type = list(string) } - -variable "cognito_client_id" { - description = "Cognito user pool client id for application." - type = string -} - -variable "cognito_client_secret" { - description = "Cognito user pool client secret for application." - type = string -} - -variable "cognito_base_url" { - description = "Cognito user pool URL." - type = string -} - -variable "cognito_user_pool_id" { - description = "Cognito user pool id." - type = string -} diff --git a/terraform-unity/variables.tf b/terraform-unity/variables.tf index 57f071c..eed6e71 100644 --- a/terraform-unity/variables.tf +++ b/terraform-unity/variables.tf @@ -339,23 +339,3 @@ variable "dag_catalog_repo" { dags_directory_path = "airflow/dags" } } - -variable "cognito_client_id" { - description = "Cognito user pool client id for application." - type = string -} - -variable "cognito_client_secret" { - description = "Cognito user pool client secret for application." - type = string -} - -variable "cognito_base_url" { - description = "Cognito user pool URL." - type = string -} - -variable "cognito_user_pool_id" { - description = "Cognito user pool id." - type = string -}