Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(deletion): revoke fxa tokens when deleting accounts #897

Merged
merged 3 commits into from
Jan 29, 2025
Merged

feat(deletion): revoke fxa tokens when deleting accounts #897

merged 3 commits into from
Jan 29, 2025

Conversation

kschelonka
Copy link
Contributor

@kschelonka kschelonka commented Oct 28, 2024
edited
Loading

This data was deleted before on the Pocket side,
but now it will remove Pocket from integrations
so it no longer shows up on the Mozilla account page.

POCKET-9990

@kschelonka kschelonka requested a review from a team as a code owner October 28, 2024 22:01
@kschelonka kschelonka requested review from marcin-kozinski and removed request for a team October 28, 2024 22:01
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 28, 2024
edited
Loading

Plan Result (account-data-deleter-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 1 to add, 0 to change, 1 to destroy.
  • Replace
    • aws_ecs_task_definition.data-deleter-app_application_ecs_service_ecs-task_243DED07
Change Result (Click me) 
  # aws_ecs_task_definition.data-deleter-app_application_ecs_service_ecs-task_243DED07 must be replaced
-/+ resource "aws_ecs_task_definition" "data-deleter-app_application_ecs_service_ecs-task_243DED07" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/AccountDataDeleter-Prod:842" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/AccountDataDeleter-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                    name                   = "app"
                  ~ secrets                = [
                        # (7 unchanged elements hidden)
                        {
                            name      = "EXPORT_SIGNEDURL_USER_SECRET_KEY"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:AccountDataDeleter/Prod/EXPORT_USER_CREDS:secretAccessKey::"
                        },
                      + {
                          + name      = "FXA_CLIENT_ID"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Web/Prod/FIREFOX_WEB_AUTH_CLIENT_ID"
                        },
                      + {
                          + name      = "FXA_CLIENT_SECRET"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Web/Prod/FIREFOX_WEB_AUTH_CLIENT_SECRET"
                        },
                      + {
                          + name      = "FXA_OAUTH_URL"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Web/Prod/FIREFOX_AUTH_OAUTH_URL"
                        },
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/AccountDataDeleter/Prod/SENTRY_DSN"
                        },
                        # (3 unchanged elements hidden)
                    ]
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "AccountDataDeleter-Prod" -> (known after apply)
      ~ revision                 = 842 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-accountdatadeleter"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "AccountDataDeleter"
        }
        # (12 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ ecs-task-arn                                                                              = "arn:aws:ecs:us-east-1:996905175585:task-definition/AccountDataDeleter-Prod:842" -> (known after apply)

@kschelonka kschelonka force-pushed the pocket-9990 branch 2 times, most recently from b48d26b to df3c0ee Compare November 4, 2024 19:54
@kschelonka kschelonka enabled auto-merge (squash) November 4, 2024 19:55
@kschelonka
feat(deletion): revoke fxa tokens when deleting accounts
5e1ec85 
This data was deleted before on the Pocket side,
but now it will remove Pocket from integrations
on the Mozilla account page.

[POCKET-9990]
@kschelonka
fix(test): add reference to user_firefox_account for test seeds
f37ae6e
@kschelonka kschelonka disabled auto-merge January 29, 2025 01:06
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 29, 2025
edited
Loading

Plan Result (@infrastructure/account-data-deleter-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 1 to add, 0 to change, 1 to destroy.
  • Replace
    • aws_ecs_task_definition.data-deleter-app_application_ecs_service_ecs-task_243DED07
Change Result (Click me) 
  # aws_ecs_task_definition.data-deleter-app_application_ecs_service_ecs-task_243DED07 must be replaced
-/+ resource "aws_ecs_task_definition" "data-deleter-app_application_ecs_service_ecs-task_243DED07" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/AccountDataDeleter-Prod:842" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/AccountDataDeleter-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                    name                   = "app"
                  ~ secrets                = [
                        # (7 unchanged elements hidden)
                        {
                            name      = "EXPORT_SIGNEDURL_USER_SECRET_KEY"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:AccountDataDeleter/Prod/EXPORT_USER_CREDS:secretAccessKey::"
                        },
                      + {
                          + name      = "FXA_CLIENT_ID"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Web/Prod/FIREFOX_WEB_AUTH_CLIENT_ID"
                        },
                      + {
                          + name      = "FXA_CLIENT_SECRET"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Web/Prod/FIREFOX_WEB_AUTH_CLIENT_SECRET"
                        },
                      + {
                          + name      = "FXA_OAUTH_URL"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Web/Prod/FIREFOX_AUTH_OAUTH_URL"
                        },
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/AccountDataDeleter/Prod/SENTRY_DSN"
                        },
                        # (3 unchanged elements hidden)
                    ]
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "AccountDataDeleter-Prod" -> (known after apply)
      ~ revision                 = 842 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-accountdatadeleter"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "AccountDataDeleter"
        }
        # (12 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ ecs-task-arn                                                                              = "arn:aws:ecs:us-east-1:996905175585:task-definition/AccountDataDeleter-Prod:842" -> (known after apply)

⚠️ Errors

@kschelonka kschelonka enabled auto-merge (squash) January 29, 2025 17:49
@kschelonka kschelonka disabled auto-merge January 29, 2025 18:59
@kschelonka kschelonka merged commit c943522 into main Jan 29, 2025
204 checks passed
@kschelonka kschelonka deleted the pocket-9990 branch January 29, 2025 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bassrock bassrock bassrock approved these changes

@marcin-kozinski marcin-kozinski Awaiting requested review from marcin-kozinski marcin-kozinski is a code owner automatically assigned from Pocket/pocket

Assignees
No one assigned
Labels
account-data-deleter-cdk-production/destroy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kschelonka @bassrock