Widen · tuomovee · Feb 26, 2021 · Feb 26, 2021 · Mar 1, 2021 · Mar 1, 2021
diff --git a/README.md b/README.md
@@ -135,6 +135,32 @@ Session duration is defined as the number of hours that the JWT is valid for. Af
 ## Testing
 Detailed instructions on testing your function can be found [in the Wiki](https://github.com/Widen/cloudfront-auth/wiki/Debug-&-Test).
 
+## Non-interactive configuration
+
+Configuration of the Lambda@Edge deployment package can be done in a non-interactive manner by defining the configuration using command-line arguments to build.sh, environment variables or both. Table below describes the names of the variables and arguments and the IdPs they apply to.
+
+|Command-line argument       |Environment variable      |Google|Microsoft|GitHub|Okta|Auth0|Centrify|Okta Native|About|
+|----------------------------|--------------------------|:----:|:-------:|:----:|:--:|:---:|:------:|:---------:|-----|
+|\-\-distribution            |                          |x     |x        |x     |x   |x    |x       |x          | Distribution name |
+|\-\-method                  |                          |x     |x        |x     |x   |x    |x       |x          | 1=Google, 2=Microsoft, 3=GitHub, 4=Okta, 5=Auth0, 6=Centrify, 7=Okta Native|
+|\-\-tenant                   |TENANT                   |      |x        |      |    |     |        |           | |
+|\-\-client-id                |CLIENT_ID                |x     |x        |x     |x   |x    |x       |x          | |
+|\-\-client-secret            |CLIENT_SECRET            |x     |x        |x     |x   |x    |x       |           | |
+|\-\-redirect-uri             |REDIRECT_URI             |x     |x        |x     |x   |x    |x       |x          | |
+|\-\-session-duration         |SESSION_DURATION         |x     |x        |x     |x   |x    |x       |x          |Hours |
+|\-\-authz                    |AUTHZ                    |1=Hosted Domain, 2=HTTP Email lookup, 3=Google Groups lookup|1=Azure AD, 2=JSON Username Lookup| | | | | |IdP-specific authorization method|
+|\-\-json-username-lookup     |JSON_USERNAME_LOOKUP     |      |x        |      |    |     |        |           |JSON Username Lookup URL |
+|\-\-hd                       |HD                       |x     |         |      |    |     |        |           |Hosted Domain |
+|\-\-json-email-lookup        |JSON_EMAIL_LOOKUP        |x     |         |      |    |     |        |           |JSON email lookup endpoint for  |
+|\-\-move                     |MOVE                     |x     |         |      |    |     |        |           |Provide a dummy value if using Google Groups lookup and you have google-authz.json already in your distribution directory |
+|\-\-service-account-email    |SERVICE_ACCOUNT_EMAIL    |      |         |      |    |     |        |           | |
+|\-\-pkce-code-verifier-length|PKCE_CODE_VERIFIER_LENGTH|      |         |      |    |     |        |x          | |
+|\-\-organization             |ORGANIZATION             |      |         |x     |    |     |        |           | |
+|\-\-base-url                 |BASE_URL                 |      |         |      |x   |x    |x       |x          | |
+
+
+The command line arguments are of form \-\-argument=value. Command-line arguments always take precedence over environment variables.
+
 ## Build Requirements
  - [npm](https://www.npmjs.com/) ^5.6.0
  - [node](https://nodejs.org/en/) ^10.0

diff --git a/build.sh b/build.sh
@@ -7,4 +7,4 @@ if [ ! -d "distributions" ]; then
   fi
 fi
 
-npm run-script build
+npm run-script build -- "$@"
diff --git a/build/build.js b/build/build.js
@@ -5,10 +5,50 @@ const axios = require('axios');
 const colors = require('colors/safe');
 const url = require('url');
 const R = require('ramda');
+const parseArgs = require('minimist');
 
 var config = { AUTH_REQUEST: {}, TOKEN_REQUEST: {} };
 var oldConfig;
 
+// Transform env var names to neat command line arguments, e.g. JSON_EMAIL_LOOKUP => json-email-lookup
+const envParamToArg = v => v.toLowerCase().replace(/\_/g, '-')
+
+function prepareOverrides() {
+  // prompted overrides available as environment variables
+  const envParams = [
+      'TENANT',
+      'CLIENT_ID',
+      'CLIENT_SECRET',
+      'REDIRECT_URI',
+      'SESSION_DURATION',
+      'AUTHZ',
+      'JSON_USERNAME_LOOKUP',
+      'HD',
+      'JSON_EMAIL_LOOKUP',
+      'MOVE',
+      'SERVICE_ACCOUNT_EMAIL',
+      'PKCE_CODE_VERIFIER_LENGTH',
+      'ORGANIZATION',
+      'BASE_URL'
+  ]
+
+  const args = parseArgs(process.argv.slice(2), {
+    string: [
+      'distribution',
+      'method',
+      ...envParams.map(envParamToArg)
+    ]
+  });
+
+  // Combine environment variables and truthy command line arguments, args have precedence
+  return R.mergeRight(
+   R.pick(envParams, process.env),
+   R.reduce((acc, v) => args[envParamToArg(v)] ? R.assoc(v, args[envParamToArg(v)], acc) : acc, {}, ['method', 'distribution', ...envParams])
+  );
+}
+
+prompt.override = prepareOverrides();
+
 prompt.message = colors.blue(">");
 prompt.start();
 prompt.get({

diff --git a/build/build.test.js b/build/build.test.js
@@ -0,0 +1,128 @@
+/*
+ * Currently prompt.get() on module level blocks on load of build.js.
+ * Do something like following if running test in a non-interactive environment:
+ * $ echo \0 | npm test
+*/
+
+const rewire = require('rewire');
+const build = rewire('./build.js');
+
+const prepareOverrides = build.__get__('prepareOverrides')
+
+const testCases = [
+	// Simple case with everything prompted
+	{
+		'argv': [],
+		'env': {},
+		'expectedOverrides': {}
+	},
+	// All parameters from env, distribution name and auth method prompted
+	{
+		'argv': [],
+		'env': {
+			'TENANT': 'tenant-env',
+			'CLIENT_ID': 'client_id-env',
+			'CLIENT_SECRET': 'client_secret-env',
+			'REDIRECT_URI': 'redirect_uri-env',
+			'SESSION_DURATION': 'session_duration-env',
+			'AUTHZ': 'authz-env',
+			'JSON_USERNAME_LOOKUP': 'json_username_lookup-env',
+			'HD': 'hd-env',
+			'JSON_EMAIL_LOOKUP': 'json_email_lookup-env',
+			'MOVE': 'move-env',
+			'SERVICE_ACCOUNT_EMAIL': 'service_account_email-env',
+			'PKCE_CODE_VERIFIER_LENGTH': 'pkce_code_verifier_length-env',
+			'ORGANIZATION': 'organization-env',
+			'BASE_URL': 'base_url-env'
+		},
+		'expectedOverrides': {
+			'TENANT': 'tenant-env',
+			'CLIENT_ID': 'client_id-env',
+			'CLIENT_SECRET': 'client_secret-env',
+			'REDIRECT_URI': 'redirect_uri-env',
+			'SESSION_DURATION': 'session_duration-env',
+			'AUTHZ': 'authz-env',
+			'JSON_USERNAME_LOOKUP': 'json_username_lookup-env',
+			'HD': 'hd-env',
+			'AUTHZ': 'authz-env',
+			'JSON_EMAIL_LOOKUP': 'json_email_lookup-env',
+			'MOVE': 'move-env',
+			'SERVICE_ACCOUNT_EMAIL': 'service_account_email-env',
+			'PKCE_CODE_VERIFIER_LENGTH': 'pkce_code_verifier_length-env',
+			'ORGANIZATION': 'organization-env',
+			'BASE_URL': 'base_url-env'
+		}
+	},
+	// All parameters from args
+	{
+		'argv': [
+			'foo', 'bar',
+			'--method=method-arg',
+			'--distribution=distribution-arg',
+			'--tenant=tenant-arg',
+			'--client-id=client_id-arg',
+			'--client-secret=client_secret-arg',
+			'--redirect-uri=redirect_uri-arg',
+			'--session-duration=session_duration-arg',
+			'--json-username-lookup=json_username_lookup-arg',
+			'--hd=hd-arg',
+			'--authz=authz-arg',
+			'--json-email-lookup=json_email_lookup-arg',
+			'--move=move-arg',
+			'--service-account-email=service_account_email-arg',
+			'--pkce-code-verifier-length=pkce_code_verifier_length-arg',
+			'--organization=organization-arg',
+			'--base-url=base_url-arg'
+		],
+		'env': {},
+		'expectedOverrides': {
+			'method': 'method-arg',
+			'distribution': 'distribution-arg',
+			'TENANT': 'tenant-arg',
+			'CLIENT_ID': 'client_id-arg',
+			'CLIENT_SECRET': 'client_secret-arg',
+			'REDIRECT_URI': 'redirect_uri-arg',
+			'SESSION_DURATION': 'session_duration-arg',
+			'AUTHZ': 'authz-arg',
+			'JSON_USERNAME_LOOKUP': 'json_username_lookup-arg',
+			'HD': 'hd-arg',
+			'AUTHZ': 'authz-arg',
+			'JSON_EMAIL_LOOKUP': 'json_email_lookup-arg',
+			'MOVE': 'move-arg',
+			'SERVICE_ACCOUNT_EMAIL': 'service_account_email-arg',
+			'PKCE_CODE_VERIFIER_LENGTH': 'pkce_code_verifier_length-arg',
+			'ORGANIZATION': 'organization-arg',
+			'BASE_URL': 'base_url-arg'
+		}
+	},
+	// Command line arguments have precedence
+	{
+		'argv': [
+			'first', 'two',
+			'--session-duration=session_duration-arg',
+			'--json-email-lookup=json_email_lookup-arg',
+		],
+		'env': {
+			'SESSION_DURATION': 'session_duration-env',
+			'JSON_EMAIL_LOOKUP': 'json-email-lookup-env',
+			'ORGANIZATION': 'organization-env'
+		},
+		'expectedOverrides': {
+			'SESSION_DURATION': 'session_duration-arg',
+			'JSON_EMAIL_LOOKUP': 'json_email_lookup-arg',
+			'ORGANIZATION': 'organization-env'
+		}
+	}
+
+]
+
+const tableTest = (testCase, i) => test(`prepareOverrides test case #${i+1}`, () => {
+	build.__set__('process', {
+		env: testCase.env,
+		argv: testCase.argv
+	});
+	expect(prepareOverrides()).toEqual(testCase.expectedOverrides);
+});
+
+testCases.map(tableTest);
+