diff --git a/.github/workflows/subscribe-to-mns.yml b/.github/workflows/subscribe-to-mns.yml index c49f68eae..d15cdc0bd 100644 --- a/.github/workflows/subscribe-to-mns.yml +++ b/.github/workflows/subscribe-to-mns.yml @@ -1,33 +1,62 @@ -name: Subscribe to MNS - -on: - workflow_dispatch: - inputs: - build_branch: - required: true - type: string - environment: - required: true - type: string - sandbox: - required: true - type: string - secrets: - AWS_ASSUME_ROLE: - required: true -permissions: - pull-requests: write - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout -jobs: - batch_update_build_docker_image: - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - defaults: - run: - working-directory: lambdas - steps: - - name: Placeholder - run: | - echo "Running placeholder job on ${inputs.sandbox}" - +name: Subscribe to MNS + +on: + workflow_dispatch: + inputs: + sandbox: + description: Which sandbox would you like to run against? + required: true + type: choice + options: + - ndra + - ndr-dev + - ndr-test + - pre-prod + - prod + environment: + description: Which environment settings to use? + required: true + type: string + default: development + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +env: + SANDBOX: ${{ inputs.sandbox }} + AWS_REGION: ${{ vars.AWS_REGION }} + URL: ${{ vars.MNS_SUBSCRIPTION_URL }} + +jobs: + Subscribe_to_MNS: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + mask-aws-account-id: true + + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + cache: 'pip' + + - name: Install dependencies + run: | + pip install boto3 requests pyjwt cryptography + echo "Installed requirements" + + - name: Run script + working-directory: ./lambdas + run: | + python3 -m scripts.mns_subscription + echo "Subscription complete" \ No newline at end of file diff --git a/lambdas/scripts/mns_subscription.py b/lambdas/scripts/mns_subscription.py new file mode 100644 index 000000000..60558f965 --- /dev/null +++ b/lambdas/scripts/mns_subscription.py @@ -0,0 +1,65 @@ +import os +import uuid +from urllib.error import HTTPError + +import boto3 +import requests +from services.base.nhs_oauth_service import NhsOauthService +from services.base.ssm_service import SSMService + +env_prefix = os.getenv("SANDBOX") +url = os.getenv("URL") + +ssm_service = SSMService() +auth_service = NhsOauthService(ssm_service) + + +headers = { + "authorization": f"Bearer {auth_service.get_active_access_token()}", + "x-correlation-id": str(uuid.uuid4()), +} + +events = { + "pds-change-of-gp-1": f"/ndr/{env_prefix}/mns/subscription-id/pds-change-of-gp-1", + "pds-death-notification-1": f"/ndr/{env_prefix}/mns/subscription-id/pds-death-notification-1", +} + +sqs_client = boto3.client("sqs") +sqs_url = sqs_client.get_queue_url(QueueName=f"{env_prefix}-mns-notification-queue")[ + "QueueUrl" +] + +sqs_arn = sqs_client.get_queue_attributes( + QueueUrl=sqs_url, AttributeNames=["QueueArn"] +)["Attributes"]["QueueArn"] + + +def get_subscription_id(event_type): + request_body = { + "resourceType": "Subscription", + "status": "requested", + "reason": "Integration with the National Document Repository.", + "criteria": f"eventType={event_type}", + "channel": { + "type": "message", + "endpoint": sqs_arn, + "payload": "application/json", + }, + } + try: + response = requests.post(url, headers=headers, json=request_body) + response.raise_for_status() + subscription_id = response.json().get("id") + return subscription_id + except HTTPError as err: + print(err) + + +if __name__ == "__main__": + for event, parameter in events.items(): + subscription_id = get_subscription_id(event) + ssm_service.update_ssm_parameter( + parameter_key=parameter, + parameter_value=subscription_id, + parameter_type="SecureString", + )