Merge pull request #205 from platelet-app/github_action_register

Automate registering new tenants
platelet-app · Apr 10, 2024 · 6428f87 · 6428f87
2 parents 3503237 + a87b4f1
commit 6428f87
Show file tree

Hide file tree

Showing 36 changed files with 321 additions and 493 deletions.
diff --git a/.github/workflows/update_tenant_api.yml b/.github/workflows/update_tenant_api.yml
@@ -26,32 +26,43 @@ jobs:
     - name: Wait for Amplify to finish remote build
       uses: duckbytes/amplify-build-status@master
       with:
-        app-id: ${{ secrets.AMPLIFY_APP_ID }}
+        app-id: ${{ vars.AMPLIFY_APP_ID }}
         branch-name: ${{ github.ref_name }}
         commit-id: ${{ github.sha }}
         wait: ${{ github.event_name == 'workflow_dispatch' && inputs.wait_for_amplify || true }}
+      id: amplify_status
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_REGION: ${{ secrets.AWS_REGION }}
+        AWS_REGION: ${{ vars.AWS_REGION }}
     - name: Install Amplify CLI and pull project
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_REGION: ${{ secrets.AWS_REGION }}
+        AWS_REGION: ${{ vars.AWS_REGION }}
       run: |
-        npm install -g @aws-amplify/cli@10.8 @babel/cli --unsafe-perm=true
+        npm install -g @aws-amplify/cli @babel/cli --unsafe-perm=true
         npm install --save-dev @babel/plugin-transform-modules-commonjs
-        amplify pull --appId ${{ secrets.AMPLIFY_APP_ID }} --envName ${{ secrets.AMPLIFY_ENV_NAME }} -y
+        amplify pull --appId ${{ vars.AMPLIFY_APP_ID }} --envName ${{ steps.amplify_status.outputs.environment_name }} -y
         babel --plugins @babel/plugin-transform-modules-commonjs src/aws-exports.js > src/aws-exports-es5.js
     - name: Update the tenant API
       uses: platelet-app/update-tenant-api-action@main
       with:
-        awsEnvName: ${{ secrets.AMPLIFY_ENV_NAME }}
+        awsEnvName: ${{ steps.amplify_status.outputs.environment_name }}
         awsExportsFilepath: ${{ github.workspace }}/src/aws-exports-es5.js
         awsAccessKeyId: ${{ secrets.AWS_ACCESS_KEY_ID }}
         awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        awsRegion: ${{ secrets.AWS_REGION }}
-        apiURL: ${{ secrets.API_URL }}
-        amplifyEnvName: ${{ secrets.AMPLIFY_ENV_NAME }}
+        awsRegion: ${{ vars.AWS_REGION }}
+        apiURL: ${{ vars.API_URL }}
+        amplifyEnvName: ${{ steps.amplify_status.outputs.environment_name }}
         tenantName: ${{ vars.TENANT_NAME }}
+    - name: Register the tenant admin
+      uses: platelet-app/register-tenant-action@master
+      with:
+        awsAccessKeyId: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        awsRegion: ${{ vars.AWS_REGION }}
+        tenantApiUrl: ${{ steps.amplify_status.outputs.graphql_endpoint }}
+        tenantName: ${{ vars.TENANT_NAME }}
+        adminName: ${{ vars.ADMIN_NAME }}
+        adminEmail: ${{ vars.ADMIN_EMAIL }}
diff --git a/amplify.yml b/amplify.yml
@@ -13,8 +13,7 @@ backend:
       commands:
         - '# Execute Amplify CLI with the helper script'
         - npm install -g prebuild-install --unsafe-perm=true
-        - update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.8 11
-        - /usr/local/bin/pip3.8 install --user pipenv
+        - amplify --version
         - amplifyPush --simple
 frontend:
   phases:
@@ -47,8 +46,7 @@ test:
         - '**/*.mp4'
     preTest:
       commands:
-        - npm ci
+        - echo "no tests"
     test:
       commands:
-        - npm test -- --watchAll=false
-        - bash test-amplify-function.sh
+        - echo "no tests"
diff --git a/amplify/backend/api/platelet/custom-roles.json b/amplify/backend/api/platelet/custom-roles.json
@@ -0,0 +1,5 @@
+{
+    "adminRoleNames": [
+        "<something>"
+    ]
+}
diff --git a/amplify/backend/api/platelet/schema.graphql b/amplify/backend/api/platelet/schema.graphql
@@ -1,10 +1,11 @@
 type Tenant
 @auth(rules: [
 {allow: private, operations: [read]},
+{allow: private, provider: iam, operations: [read]},
 ])
 @model {
   id: ID!
-  name: String!
+  name: String! @index(name: "byTenantName", queryField: "getTenantByTenantName")
   referenceIdentifier: String!
   admin: User! @hasOne
 }
@@ -437,7 +438,7 @@ type SendFeedback {
 
 type Mutation {
   registerUser(name: String, email: String, tenantId: ID, roles: [Role]): User @function(name: "plateletAdminAddNewUser-${env}") @auth(rules: [{allow: groups, groups: ["ADMIN"]}])
-  registerTenant(name: String, emailAddress: String, tenantName: String): Tenant @function(name: "plateletAddNewTenant-${env}") @auth(rules: [{allow: groups, groups: ["SUPER"]}])
+  registerTenant(name: String, emailAddress: String, tenantName: String): Tenant @function(name: "plateletAddNewTenant-${env}") @auth(rules: [{allow: private, provider: iam}])
   updateUserRoles(userId: ID, roles: [Role]): User @function(name: "plateletAdminChangeUserRoles-${env}") @auth(rules: [{allow: groups, groups: ["ADMIN"]}])
   disableUser(userId: ID): User @function(name: "plateletAdminDisableUser-${env}") @auth(rules: [{allow: groups, groups: ["ADMIN"]}])
   enableUser(userId: ID): User @function(name: "plateletAdminEnableUser-${env}") @auth(rules: [{allow: groups, groups: ["ADMIN"]}])

diff --git a/amplify/backend/backend-config.json b/amplify/backend/backend-config.json
@@ -488,22 +488,6 @@
         }
       ]
     },
-    "AMPLIFY_function_plateletAddNewTenant_plateletDomainName": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletAddNewTenant"
-        }
-      ]
-    },
-    "AMPLIFY_function_plateletAddNewTenant_plateletWelcomeEmail": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletAddNewTenant"
-        }
-      ]
-    },
     "AMPLIFY_function_plateletAddNewTenant_s3Key": {
       "usedBy": [
         {
@@ -520,22 +504,6 @@
         }
       ]
     },
-    "AMPLIFY_function_plateletAdminAddNewUser_plateletDomainName": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletAdminAddNewUser"
-        }
-      ]
-    },
-    "AMPLIFY_function_plateletAdminAddNewUser_plateletWelcomeEmail": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletAdminAddNewUser"
-        }
-      ]
-    },
     "AMPLIFY_function_plateletAdminAddNewUser_s3Key": {
       "usedBy": [
         {
@@ -616,22 +584,6 @@
         }
       ]
     },
-    "AMPLIFY_function_plateletAdminResetUserPassword_plateletDomainName": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletAdminResetUserPassword"
-        }
-      ]
-    },
-    "AMPLIFY_function_plateletAdminResetUserPassword_plateletWelcomeEmail": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletAdminResetUserPassword"
-        }
-      ]
-    },
     "AMPLIFY_function_plateletAdminResetUserPassword_s3Key": {
       "usedBy": [
         {
@@ -760,22 +712,6 @@
         }
       ]
     },
-    "AMPLIFY_function_plateletSendUserFeedback_plateletSendFromEmailAddress": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletSendUserFeedback"
-        }
-      ]
-    },
-    "AMPLIFY_function_plateletSendUserFeedback_plateletSendToEmailAddress": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "plateletSendUserFeedback"
-        }
-      ]
-    },
     "AMPLIFY_function_plateletSendUserFeedback_s3Key": {
       "usedBy": [
         {

diff --git a/...backend/function/PlateletTaskResolvers/PlateletTaskResolvers-cloudformation-template.json b/...backend/function/PlateletTaskResolvers/PlateletTaskResolvers-cloudformation-template.json
@@ -78,7 +78,7 @@
             "Arn"
           ]
         },
-        "Runtime": "nodejs14.x",
+        "Runtime": "nodejs18.x",
         "Layers": [],
         "Timeout": 25
       }

diff --git a/amplify/backend/function/plateletAddNewTenant/function-parameters.json b/amplify/backend/function/plateletAddNewTenant/function-parameters.json
@@ -31,15 +31,6 @@
       "env": "awaaaaa"
     }
   ],
-  "environmentVariableList": [
-    {
-      "cloudFormationParameterName": "plateletWelcomeEmail",
-      "environmentVariableName": "PLATELET_WELCOME_EMAIL"
-    },
-    {
-      "cloudFormationParameterName": "plateletDomainName",
-      "environmentVariableName": "PLATELET_DOMAIN_NAME"
-    }
-  ],
+  "environmentVariableList": [],
   "secretNames": []
 }
diff --git a/amplify/backend/function/plateletAddNewTenant/parameters.json b/amplify/backend/function/plateletAddNewTenant/parameters.json
@@ -1,4 +1 @@
-{
-    "plateletWelcomeEmail": "[email protected]",
-    "plateletDomainName": "app.example.com"
-}
+{}
diff --git a/...y/backend/function/plateletAddNewTenant/plateletAddNewTenant-cloudformation-template.json b/...y/backend/function/plateletAddNewTenant/plateletAddNewTenant-cloudformation-template.json
@@ -35,12 +35,6 @@
     "functionplateletappSyncOperationsArn": {
       "Type": "String",
       "Default": "functionplateletappSyncOperationsArn"
-    },
-    "plateletWelcomeEmail": {
-      "Type": "String"
-    },
-    "plateletDomainName": {
-      "Type": "String"
     }
   },
   "Conditions": {
@@ -104,12 +98,6 @@
             },
             "API_PLATELET_GRAPHQLAPIENDPOINTOUTPUT": {
               "Ref": "apiplateletGraphQLAPIEndpointOutput"
-            },
-            "PLATELET_WELCOME_EMAIL": {
-              "Ref": "plateletWelcomeEmail"
-            },
-            "PLATELET_DOMAIN_NAME": {
-              "Ref": "plateletDomainName"
             }
           }
         },
@@ -119,7 +107,7 @@
             "Arn"
           ]
         },
-        "Runtime": "nodejs14.x",
+        "Runtime": "nodejs18.x",
         "Layers": [
           {
             "Ref": "functionplateletappSyncOperationsArn"

diff --git a/amplify/backend/function/plateletAddNewTenant/src/index.js b/amplify/backend/function/plateletAddNewTenant/src/index.js
@@ -12,6 +12,7 @@ Amplify Params - DO NOT EDIT */
 
 const aws = require("aws-sdk");
 const uuid = require("uuid");
+const { sendTenantWelcomeEmail } = require("/opt/sendWelcomeEmail");
 
 const {
     createUser,
@@ -23,66 +24,6 @@ const { request, errorCheck } = require("/opt/appSyncRequest");
 
 const GRAPHQL_ENDPOINT = process.env.API_PLATELET_GRAPHQLAPIENDPOINTOUTPUT;
 
-async function sendWelcomeEmail(emailAddress, recipientName, password) {
-    const ses = new aws.SES({
-        apiVersion: "2010-12-01",
-        region: process.env.REGION,
-    });
-    const params = {
-        Destination: {
-            ToAddresses: [emailAddress],
-        },
-        Message: {
-            Body: {
-                Html: {
-                    Charset: "UTF-8",
-                    Data: `
-                    <p>
-                        Welcome to https://${process.env.PLATELET_DOMAIN_NAME}, ${recipientName}!
-                    </p>
-                    <p>
-                        Your account has been created. You can now start adding users to your team.
-                    </p>
-                    <p>
-                        You will be asked to change your password on first log in.
-                    </p>
-                    <p>
-                        <b>Username:</b> ${emailAddress}
-                    </p>
-                    <p>
-                        <b>Password:</b> ${password}
-                    </p>
-                    <p>
-                        <b>This temporary password will expire in one week.</b>
-                    </p>
-                    <p>
-                        Thank you.
-                    </p>
-                    `,
-                },
-                Text: {
-                    Charset: "UTF-8",
-                    Data: `Welcome to https://${process.env.PLATELET_DOMAIN_NAME}, ${recipientName}!
-                    Your account has been created. You can now start adding users to your team.
-                    You will be asked to change your password on first log in.
-                    Username: ${emailAddress}
-                    Password: ${password}
-                    Thank you.`,
-                },
-            },
-            Subject: {
-                Charset: "UTF-8",
-                Data: "Welcome to Platelet!",
-            },
-        },
-        Source: process.env.PLATELET_WELCOME_EMAIL,
-        ReplyToAddresses: [process.env.PLATELET_WELCOME_EMAIL],
-        ReturnPath: process.env.PLATELET_WELCOME_EMAIL,
-    };
-
-    return await ses.sendEmail(params).promise();
-}
-
 function generateReferenceIdentifier(tenantName) {
     if (!tenantName) {
         throw new Error(`tenantName is required`);
@@ -329,7 +270,7 @@ exports.handler = async (event) => {
     await setUserRoles(user.username);
     console.log("Tenant result:", newTenant);
     console.log("User result:", newUser);
-    await sendWelcomeEmail(
+    await sendTenantWelcomeEmail(
         event.arguments.emailAddress,
         event.arguments.name,
         cognitoUser.password

diff --git a/amplify/backend/function/plateletAdminAddNewUser/function-parameters.json b/amplify/backend/function/plateletAdminAddNewUser/function-parameters.json
@@ -31,15 +31,6 @@
       "env": "awaaaaa"
     }
   ],
-  "environmentVariableList": [
-    {
-      "cloudFormationParameterName": "plateletWelcomeEmail",
-      "environmentVariableName": "PLATELET_WELCOME_EMAIL"
-    },
-    {
-      "cloudFormationParameterName": "plateletDomainName",
-      "environmentVariableName": "PLATELET_DOMAIN_NAME"
-    }
-  ],
+  "environmentVariableList": [],
   "secretNames": []
 }
diff --git a/amplify/backend/function/plateletAdminAddNewUser/parameters.json b/amplify/backend/function/plateletAdminAddNewUser/parameters.json
@@ -1,4 +1 @@
-{
-    "plateletWelcomeEmail": "[email protected]",
-    "plateletDomainName": "app.example.com"
-}
+{}