PRMP-1185 Create workflow and script to subscribe to MNS notifications

.github/workflows/subscribe-to-mns.yml

@@ -0,0 +1,59 @@
+name: Subscribe to MNS
+
+on:
+  workflow_dispatch:
+    inputs:
+      sandbox:
+        description: Which sandbox would you like to run against?
+        required: true
+        type: choice
+        options:
+          - ndr-dev
+          - test
+          - pre-prod
+          - prod
+      environment:
+        description: Which environment settings to use?
+        required: true
+        type: string
+        default: development
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
+env:
+  SANDBOX: ${{ inputs.sandbox }}
+  AWS_REGION: ${{ vars.AWS_REGION }}
+  URL: ${{ vars.MNS_SUBSCRIPTION_URL }}
+
+jobs:
+  Subscribe_to_MNS:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
+          role-skip-session-tagging: true
+          aws-region: ${{ vars.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+      - name: Install dependencies and run script
+        run: |
+          pip install boto3 requests pyjwt cryptography
+          echo "Installed requirements"
+      - name: Run script
+        working-directory: ./lambdas
+        run: |
+          python3 -m scripts.mns_subscription
+          echo "Subscription complete"

lambdas/scripts/mns_subscription.py

@@ -0,0 +1,65 @@
+import os
+import uuid
+from urllib.error import HTTPError
+
+import boto3
+import requests
+from services.base.nhs_oauth_service import NhsOauthService
+from services.base.ssm_service import SSMService
+
+env_prefix = os.getenv("SANDBOX")
+url = os.getenv("URL")
+
+ssm_service = SSMService()
+auth_service = NhsOauthService(ssm_service)
+
+
+headers = {
+    "authorization": f"Bearer {auth_service.get_active_access_token()}",
+    "x-correlation-id": str(uuid.uuid4()),
+}
+
+events = {
+    "pds-change-of-gp-1": f"/ndr/{env_prefix}/mns/subscription-id/pds-change-of-gp-1",
+    "pds-death-notification-1": f"/ndr/{env_prefix}/mns/subscription-id/pds-death-notification-1",
+}
+
+sqs_client = boto3.client("sqs")
+sqs_url = sqs_client.get_queue_url(QueueName=f"{env_prefix}-mns-notification-queue")[
+    "QueueUrl"
+]
+
+sqs_arn = sqs_client.get_queue_attributes(
+    QueueUrl=sqs_url, AttributeNames=["QueueArn"]
+)["Attributes"]["QueueArn"]
+
+
+def get_subscription_id(event_type):
+    request_body = {
+        "resourceType": "Subscription",
+        "status": "requested",
+        "reason": "Integration with the National Document Repository.",
+        "criteria": f"eventType={event_type}",
+        "channel": {
+            "type": "message",
+            "endpoint": sqs_arn,
+            "payload": "application/json",
+        },
+    }
+    try:
+        response = requests.post(url, headers=headers, json=request_body)
+        response.raise_for_status()
+        subscription_id = response.json().get("id")
+        return subscription_id
+    except HTTPError as err:
+        print(err)
+
+
+if __name__ == "__main__":
+    for event, parameter in events.items():
+        subscription_id = get_subscription_id(event)
+        ssm_service.update_ssm_parameter(
+            parameter_key=parameter,
+            parameter_value=subscription_id,
+            parameter_type="SecureString",
+        )