update

Enterprise-CMCS · Jan 2, 2025 · 36ec17c · 36ec17c
1 parent 69ec6e8
commit 36ec17c
Show file tree

Hide file tree

Showing 6 changed files with 113 additions and 154 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -174,6 +174,8 @@ jobs:
           VITE_E2E_PASSWORD: "${{ secrets.VITE_E2E_PASSWORD }}"
       - name: Upload Playwright Report
         uses: actions/upload-artifact@v3
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         if: always()
         with:
           name: playwright-report

diff --git a/lib/libs/email/vitest.setup.ts b/lib/libs/email/vitest.setup.ts
@@ -6,7 +6,7 @@ beforeAll(() => {});
 beforeEach(() => {
   process.env.isDev = "true";
   vi.useFakeTimers();
-  const now = new Date(1672531200000);
+  const now = new Date(1672592200000);
   vi.setSystemTime(now);
 });
 

diff --git a/lib/stacks/auth.ts b/lib/stacks/auth.ts
@@ -80,9 +80,7 @@ export class Auth extends cdk.NestedStack {
         email: true,
       },
       selfSignUpEnabled: false, // This corresponds to allowAdminCreateUserOnly: true
-      email: cdk.aws_cognito.UserPoolEmail.withCognito(
-        "[email protected]",
-      ),
+      email: cdk.aws_cognito.UserPoolEmail.withCognito("[email protected]"),
       standardAttributes: {
         givenName: {
           required: true,
@@ -99,95 +97,74 @@ export class Auth extends cdk.NestedStack {
         username: new cdk.aws_cognito.StringAttribute({ mutable: true }),
       },
     });
-    let userPoolIdentityProviderOidc:
-      | cdk.aws_cognito.UserPoolIdentityProviderOidc
-      | undefined = undefined;
+    let userPoolIdentityProviderOidc: cdk.aws_cognito.UserPoolIdentityProviderOidc | undefined =
+      undefined;
     if (idmEnable) {
-      userPoolIdentityProviderOidc =
-        new cdk.aws_cognito.UserPoolIdentityProviderOidc(
-          this,
-          "UserPoolIdentityProviderIDM",
-          {
-            userPool,
-            name: "IDM",
-            clientId: idmClientId,
-            clientSecret: idmClientSecret.secretValue.unsafeUnwrap(),
-            issuerUrl: idmClientIssuer,
-            attributeMapping: {
-              email: cdk.aws_cognito.ProviderAttribute.other("email"),
-              givenName: cdk.aws_cognito.ProviderAttribute.other("given_name"),
-              familyName:
-                cdk.aws_cognito.ProviderAttribute.other("family_name"),
-              custom: {
-                "custom:username":
-                  cdk.aws_cognito.ProviderAttribute.other("preferred_username"),
-              },
+      userPoolIdentityProviderOidc = new cdk.aws_cognito.UserPoolIdentityProviderOidc(
+        this,
+        "UserPoolIdentityProviderIDM",
+        {
+          userPool,
+          name: "IDM",
+          clientId: idmClientId,
+          clientSecret: idmClientSecret.secretValue.unsafeUnwrap(),
+          issuerUrl: idmClientIssuer,
+          attributeMapping: {
+            email: cdk.aws_cognito.ProviderAttribute.other("email"),
+            givenName: cdk.aws_cognito.ProviderAttribute.other("given_name"),
+            familyName: cdk.aws_cognito.ProviderAttribute.other("family_name"),
+            custom: {
+              "custom:username": cdk.aws_cognito.ProviderAttribute.other("preferred_username"),
             },
-            attributeRequestMethod:
-              cdk.aws_cognito.OidcAttributeRequestMethod.GET,
-            scopes: ["email", "openid", "profile", "phone"],
-            identifiers: ["IDM"],
           },
-        );
+          attributeRequestMethod: cdk.aws_cognito.OidcAttributeRequestMethod.GET,
+          scopes: ["email", "openid", "profile", "phone"],
+          identifiers: ["IDM"],
+        },
+      );
     }
 
     // Cognito User Pool Client
-    const userPoolClient = new cdk.aws_cognito.CfnUserPoolClient(
-      this,
-      "CognitoUserPoolClient",
-      {
-        clientName: `${project}-${stage}-${stack}`,
-        userPoolId: userPool.userPoolId,
-        explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
-        generateSecret: false,
-        allowedOAuthFlows: ["code"],
-        allowedOAuthFlowsUserPoolClient: true,
-        allowedOAuthScopes: [
-          "email",
-          "openid",
-          "aws.cognito.signin.user.admin",
-        ],
-        callbackUrLs: [applicationEndpointUrl, "http://localhost:5000/"],
-        defaultRedirectUri: applicationEndpointUrl,
-        logoutUrLs: [applicationEndpointUrl, "http://localhost:5000/"],
-        supportedIdentityProviders: userPoolIdentityProviderOidc
-          ? ["COGNITO", userPoolIdentityProviderOidc.providerName]
-          : ["COGNITO"],
-        accessTokenValidity: 30,
-        idTokenValidity: 30,
-        refreshTokenValidity: 12,
-        tokenValidityUnits: {
-          accessToken: "minutes",
-          idToken: "minutes",
-          refreshToken: "hours",
-        },
+    const userPoolClient = new cdk.aws_cognito.CfnUserPoolClient(this, "CognitoUserPoolClient", {
+      clientName: `${project}-${stage}-${stack}`,
+      userPoolId: userPool.userPoolId,
+      explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
+      generateSecret: false,
+      allowedOAuthFlows: ["code"],
+      allowedOAuthFlowsUserPoolClient: true,
+      allowedOAuthScopes: ["email", "openid", "aws.cognito.signin.user.admin"],
+      callbackUrLs: [applicationEndpointUrl, "http://localhost:5000/"],
+      defaultRedirectUri: applicationEndpointUrl,
+      logoutUrLs: [applicationEndpointUrl, "http://localhost:5000/"],
+      supportedIdentityProviders: userPoolIdentityProviderOidc
+        ? ["COGNITO", userPoolIdentityProviderOidc.providerName]
+        : ["COGNITO"],
+      accessTokenValidity: 30,
+      idTokenValidity: 30,
+      refreshTokenValidity: 12,
+      tokenValidityUnits: {
+        accessToken: "minutes",
+        idToken: "minutes",
+        refreshToken: "hours",
       },
-    );
+    });
 
-    const userPoolDomain = new cdk.aws_cognito.CfnUserPoolDomain(
-      this,
-      "UserPoolDomain",
-      {
-        domain: `${stage}-login-${userPoolClient.ref}`,
-        userPoolId: userPool.userPoolId,
-      },
-    );
+    const userPoolDomain = new cdk.aws_cognito.CfnUserPoolDomain(this, "UserPoolDomain", {
+      domain: `${stage}-login-${userPoolClient.ref}`,
+      userPoolId: userPool.userPoolId,
+    });
 
     // Cognito Identity Pool
-    const identityPool = new cdk.aws_cognito.CfnIdentityPool(
-      this,
-      "CognitoIdentityPool",
-      {
-        identityPoolName: `${project}-${stage}-${stack}`,
-        allowUnauthenticatedIdentities: false,
-        cognitoIdentityProviders: [
-          {
-            clientId: userPoolClient.ref,
-            providerName: userPool.userPoolProviderName,
-          },
-        ],
-      },
-    );
+    const identityPool = new cdk.aws_cognito.CfnIdentityPool(this, "CognitoIdentityPool", {
+      identityPoolName: `${project}-${stage}-${stack}`,
+      allowUnauthenticatedIdentities: false,
+      cognitoIdentityProviders: [
+        {
+          clientId: userPoolClient.ref,
+          providerName: userPool.userPoolProviderName,
+        },
+      ],
+    });
 
     // IAM Role for Cognito Authenticated Users
     const authRole = new cdk.aws_iam.Role(this, "CognitoAuthRole", {
@@ -218,79 +195,59 @@ export class Auth extends cdk.NestedStack {
       },
     });
 
-    new cdk.aws_cognito.CfnIdentityPoolRoleAttachment(
-      this,
-      "CognitoIdentityPoolRoles",
-      {
-        identityPoolId: identityPool.ref,
-        roles: { authenticated: authRole.roleArn },
-      },
-    );
+    new cdk.aws_cognito.CfnIdentityPoolRoleAttachment(this, "CognitoIdentityPoolRoles", {
+      identityPoolId: identityPool.ref,
+      roles: { authenticated: authRole.roleArn },
+    });
 
     new ManageUsers(
       this,
       "ManageUsers",
       userPool,
-      JSON.parse(
-        readFileSync(
-          join(__dirname, "../../test/users/app-users.json"),
-          "utf8",
-        ),
-      ),
+      JSON.parse(readFileSync(join(__dirname, "../../test/users/app-users.json"), "utf8")),
       devPasswordArn,
     );
 
     if (idmEnable) {
-      const postAuthLambdaLogGroup = new cdk.aws_logs.LogGroup(
-        this,
-        "PostAuthLambdaLogGroup",
-        {
-          logGroupName: `/aws/lambda/${project}-${stage}-${stack}-postAuth`,
-          removalPolicy: cdk.RemovalPolicy.DESTROY,
-        },
-      );
+      const postAuthLambdaLogGroup = new cdk.aws_logs.LogGroup(this, "PostAuthLambdaLogGroup", {
+        logGroupName: `/aws/lambda/${project}-${stage}-${stack}-postAuth`,
+        removalPolicy: cdk.RemovalPolicy.DESTROY,
+      });
 
-      const postAuthLambdaRole = new cdk.aws_iam.Role(
-        this,
-        "PostAuthLambdaRole",
-        {
-          assumedBy: new cdk.aws_iam.ServicePrincipal("lambda.amazonaws.com"),
-          managedPolicies: [
-            cdk.aws_iam.ManagedPolicy.fromAwsManagedPolicyName(
-              "service-role/AWSLambdaBasicExecutionRole",
-            ),
-            cdk.aws_iam.ManagedPolicy.fromAwsManagedPolicyName(
-              "service-role/AWSLambdaVPCAccessExecutionRole",
-            ),
-          ],
-          inlinePolicies: {
-            DataStackLambdarole: new cdk.aws_iam.PolicyDocument({
-              statements: [
-                new cdk.aws_iam.PolicyStatement({
-                  effect: cdk.aws_iam.Effect.ALLOW,
-                  actions: [
-                    "cognito-idp:AdminGetUser",
-                    "cognito-idp:AdminCreateUser",
-                    "cognito-idp:AdminSetUserPassword",
-                    "cognito-idp:AdminUpdateUserAttributes",
-                  ],
-                  resources: [
-                    `arn:aws:cognito-idp:${this.region}:${this.account}:userpool/us-east-*`,
-                  ],
-                }),
-                new cdk.aws_iam.PolicyStatement({
-                  effect: cdk.aws_iam.Effect.ALLOW,
-                  actions: [
-                    "secretsmanager:DescribeSecret",
-                    "secretsmanager:GetSecretValue",
-                  ],
-                  resources: [idmAuthzApiKeyArn],
-                }),
-              ],
-            }),
-          },
+      const postAuthLambdaRole = new cdk.aws_iam.Role(this, "PostAuthLambdaRole", {
+        assumedBy: new cdk.aws_iam.ServicePrincipal("lambda.amazonaws.com"),
+        managedPolicies: [
+          cdk.aws_iam.ManagedPolicy.fromAwsManagedPolicyName(
+            "service-role/AWSLambdaBasicExecutionRole",
+          ),
+          cdk.aws_iam.ManagedPolicy.fromAwsManagedPolicyName(
+            "service-role/AWSLambdaVPCAccessExecutionRole",
+          ),
+        ],
+        inlinePolicies: {
+          DataStackLambdarole: new cdk.aws_iam.PolicyDocument({
+            statements: [
+              new cdk.aws_iam.PolicyStatement({
+                effect: cdk.aws_iam.Effect.ALLOW,
+                actions: [
+                  "cognito-idp:AdminGetUser",
+                  "cognito-idp:AdminCreateUser",
+                  "cognito-idp:AdminSetUserPassword",
+                  "cognito-idp:AdminUpdateUserAttributes",
+                ],
+                resources: [
+                  `arn:aws:cognito-idp:${this.region}:${this.account}:userpool/us-east-*`,
+                ],
+              }),
+              new cdk.aws_iam.PolicyStatement({
+                effect: cdk.aws_iam.Effect.ALLOW,
+                actions: ["secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue"],
+                resources: [idmAuthzApiKeyArn],
+              }),
+            ],
+          }),
         },
-      );
+      });
       const postAuthLambda = new NodejsFunction(this, "PostAuthLambda", {
         runtime: cdk.aws_lambda.Runtime.NODEJS_18_X,
         entry: join(__dirname, "../lambda/postAuth.ts"),
@@ -313,10 +270,7 @@ export class Auth extends cdk.NestedStack {
         bundling: commonBundlingOptions,
       });
 
-      userPool.addTrigger(
-        cdk.aws_cognito.UserPoolOperation.PRE_TOKEN_GENERATION,
-        postAuthLambda,
-      );
+      userPool.addTrigger(cdk.aws_cognito.UserPoolOperation.PRE_TOKEN_GENERATION, postAuthLambda);
     }
 
     return { userPool, userPoolClient, userPoolDomain, identityPool };

diff --git a/mocks/data/items.ts b/mocks/data/items.ts
@@ -8,7 +8,7 @@ export const EXISTING_ITEM_APPROVED_AMEND_ID = "MD-0000.R00.01";
 export const EXISTING_ITEM_APPROVED_RENEW_ID = "MD-0000.R01.00";
 export const EXISTING_ITEM_ID = "MD-00-0000";
 export const NOT_FOUND_ITEM_ID = "MD-0004.R00.00";
-export const NOT_EXISTING_ITEM_ID = "MD-11-0000"
+export const NOT_EXISTING_ITEM_ID = "MD-11-0000";
 export const TEST_ITEM_ID = "MD-0005.R01.00";
 export const EXISTING_ITEM_TEMPORARY_EXTENSION_ID = "MD-0005.R01.TE00";
 export const HI_TEST_ITEM_ID = "HI-0000.R00.00";
@@ -211,7 +211,7 @@ const items: Record<string, TestItemResult> = {
               },
             ],
             additionalInformation: "Amendment to the capitated contract terms for 2024.",
-            timestamp: 1672531200000, // Jan 1, 2023, in milliseconds
+            timestamp: 1672592200000, // Jan 1, 2023, in milliseconds
           },
         },
         {

diff --git a/test/playwright.config.ts b/test/playwright.config.ts
@@ -24,7 +24,10 @@ export default defineConfig({
   /* Limit concurrency on CI */
   workers: process.env.CI ? 4 : undefined,
   // Minimal reporter; you could also chain reporters if needed
-  reporter: [["list"], ["json", { outputFile: "e2e/playwright-report/index.html" }]],
+  reporter: [
+    ["list", "json-summary", "json", "html"],
+    ["json", { outputFile: "e2e/playwright-report/index.html" }],
+  ],
   // Shared settings
   use: {
     baseURL,
@@ -36,7 +39,7 @@ export default defineConfig({
     {
       name: "setup",
       // We'll only run "utils/auth.ts" under e2e
-      testMatch: ["utils/auth.ts"],
+      testMatch: ["e2e/utils/auth.ts"],
       // No parallel runs for setup
       fullyParallel: false,
     },

diff --git a/tsconfig.json b/tsconfig.json
@@ -25,7 +25,7 @@
     "rootDir": "./",
     "paths": {
       "mocks/*": ["mocks/*"],
-      "libs/*": ["libs/*"],
+      "libs/*": ["lib/libs/*"],
       "shared-types/*": ["shared-types/*"],
       "shared-utils/*": ["shared-utils/*"]
     }