fix: Correct recommended var.name for auth0/app (#1108)

cloudposse · Sep 9, 2024 · 5582764 · 5582764
1 parent 53728bc
commit 5582764
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/modules/auth0/app/README.md b/modules/auth0/app/README.md
@@ -17,14 +17,19 @@ client ID and client secret configured with the `auth0/tenant` component.
 
 Here's an example snippet for how to use this component.
 
+> [!IMPORTANT]
+>
+> Be sure that the context ID does not overlap with the context ID of other Auth0 components, such as `auth0/tenant`. We
+> use this ID to generate the SSM parameter names.
+
 ```yaml
 # stacks/catalog/auth0/app.yaml
 components:
   terraform:
     auth0/app:
       vars:
         enabled: true
-        name: "auth0"
+        name: "auth0-app"
 
         # We can centralize plat-sandbox, plat-dev, and plat-staging all use a "nonprod" Auth0 tenant, which is deployed in plat-staging.
         auth0_tenant_stage_name: "plat-staging"
@@ -115,9 +120,9 @@ components:
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_oidc_conformant"></a> [oidc\_conformant](#input\_oidc\_conformant) | OIDC Conformant | `bool` | `true` | no |
-| <a name="input_provider_ssm_base_path"></a> [provider\_ssm\_base\_path](#input\_provider\_ssm\_base\_path) | The base path for the SSM parameters. If not defined, this is set to the module context ID. This is also required when `var.enabled` is set to `false` | `string` | `""` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
+| <a name="input_ssm_base_path"></a> [ssm\_base\_path](#input\_ssm\_base\_path) | The base path for the SSM parameters. If not defined, this is set to the module context ID. This is also required when `var.enabled` is set to `false` | `string` | `""` | no |
 | <a name="input_sso"></a> [sso](#input\_sso) | Single Sign-On for the Auth0 app | `bool` | `true` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |

diff --git a/modules/auth0/app/variables.tf b/modules/auth0/app/variables.tf
@@ -63,7 +63,7 @@ variable "jwt_alg" {
   default     = "RS256"
 }
 
-variable "provider_ssm_base_path" {
+variable "ssm_base_path" {
   type        = string
   description = "The base path for the SSM parameters. If not defined, this is set to the module context ID. This is also required when `var.enabled` is set to `false`"
   default     = ""

diff --git a/modules/auth0/tenant/README.md b/modules/auth0/tenant/README.md
@@ -16,6 +16,7 @@ components:
     auth0/tenant:
       vars:
         enabled: true
+        # Make sure this name does not conflict with other Auth0 components, such as `auth0/app`
         name: auth0
         support_email: "[email protected]"
         support_url: "https://acme.com"
@@ -61,6 +62,11 @@ auth0_client_secret_ssm_path = "/${module.this.id}/client_secret"
 For example, if we're deploying `auth0/tenant` into `plat-gbl-prod` and my default region is `us-west-2`, then I would
 add the following parameters to the `plat-prod` account in `us-west-2`:
 
+> [!IMPORTANT]
+>
+> Be sure that this AWS SSM parameter path does not conflict with SSM parameters used by other Auth0 components, such as
+> `auth0/app`. In both components, the SSM parameter paths are defined by the component deployment's context ID.
+
 ```
 /acme-plat-gbl-prod-auth0/domain
 /acme-plat-gbl-prod-auth0/client_id