Use federated auth for DfE Analytics (#1410)

DFE-Digital · Sep 10, 2024 · eddc1ec · eddc1ec
1 parent 0d31992
commit eddc1ec
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 15 deletions.
diff --git a/TeachingRecordSystem/Directory.Packages.props b/TeachingRecordSystem/Directory.Packages.props
@@ -13,7 +13,7 @@
     <PackageVersion Include="Castle.Core" Version="5.1.1" />
     <PackageVersion Include="CsvHelper" Version="30.1.0" />
     <PackageVersion Include="dbup-sqlserver" Version="5.0.37" />
-    <PackageVersion Include="Dfe.Analytics" Version="0.2.2" />
+    <PackageVersion Include="Dfe.Analytics" Version="0.2.3" />
     <PackageVersion Include="DistributedLock.Azure" Version="1.0.0" />
     <PackageVersion Include="DistributedLock.FileSystem" Version="1.0.2" />
     <PackageVersion Include="EFCore.NamingConventions" Version="8.0.3" />

diff --git a/TeachingRecordSystem/lib/Dfe.Analytics.0.2.2.nupkg b/TeachingRecordSystem/lib/Dfe.Analytics.0.2.2.nupkg
diff --git a/TeachingRecordSystem/lib/Dfe.Analytics.0.2.3.nupkg b/TeachingRecordSystem/lib/Dfe.Analytics.0.2.3.nupkg
diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Program.cs b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Program.cs
@@ -137,6 +137,7 @@ static SecurityKey LoadKey(string configurationValue)
     });
 
 builder.Services.AddDfeAnalytics()
+    .UseFederatedAksBigQueryClientProvider()
     .AddAspNetCoreIntegration(options =>
     {
         options.UserIdClaimType = ClaimTypes.Subject;

diff --git a/terraform/aks/app.tf b/terraform/aks/app.tf
@@ -91,13 +91,14 @@ module "api_application" {
   kubernetes_config_map_name = module.api_application_configuration.kubernetes_config_map_name
   kubernetes_secret_name     = module.api_application_configuration.kubernetes_secret_name
 
-  docker_image = var.docker_image
-  command      = ["/bin/ash", "-c", "cd /Apps/Api/; dotnet TeachingRecordSystem.Api.dll;"]
-  web_port     = 3000
-  probe_path   = "/health"
-  replicas     = var.api_replicas
-  max_memory   = var.api_max_memory
-  enable_logit = var.enable_logit
+  docker_image   = var.docker_image
+  command        = ["/bin/ash", "-c", "cd /Apps/Api/; dotnet TeachingRecordSystem.Api.dll;"]
+  web_port       = 3000
+  probe_path     = "/health"
+  replicas       = var.api_replicas
+  max_memory     = var.api_max_memory
+  enable_logit   = var.enable_logit
+  enable_gcp_wif = true
 }
 
 module "authz_application_configuration" {
@@ -142,13 +143,14 @@ module "authz_application" {
   kubernetes_config_map_name = module.authz_application_configuration.kubernetes_config_map_name
   kubernetes_secret_name     = module.authz_application_configuration.kubernetes_secret_name
 
-  docker_image = var.docker_image
-  command      = ["/bin/ash", "-c", "cd /Apps/AuthorizeAccess/; dotnet TeachingRecordSystem.AuthorizeAccess.dll;"]
-  web_port     = 3000
-  probe_path   = "/health"
-  replicas     = var.authz_replicas
-  max_memory   = var.authz_max_memory
-  enable_logit = var.enable_logit
+  docker_image   = var.docker_image
+  command        = ["/bin/ash", "-c", "cd /Apps/AuthorizeAccess/; dotnet TeachingRecordSystem.AuthorizeAccess.dll;"]
+  web_port       = 3000
+  probe_path     = "/health"
+  replicas       = var.authz_replicas
+  max_memory     = var.authz_max_memory
+  enable_logit   = var.enable_logit
+  enable_gcp_wif = true
 }
 
 module "ui_application_configuration" {
@@ -199,6 +201,7 @@ module "ui_application" {
   replicas                     = var.ui_replicas
   enable_logit                 = var.enable_logit
   enable_prometheus_monitoring = var.enable_prometheus_monitoring
+  enable_gcp_wif               = true
 }
 
 module "worker_application_configuration" {
@@ -249,4 +252,5 @@ module "worker_application" {
   max_memory                   = var.worker_max_memory
   enable_logit                 = var.enable_logit
   enable_prometheus_monitoring = var.enable_prometheus_monitoring
+  enable_gcp_wif               = true
 }