From eb3b1a1f88453bfe8b0cbfd71d6cd09796a94e58 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:00:34 +0000 Subject: [PATCH 01/20] use proxygen lambda --- .github/scripts/deploy_api.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 692b89a1e..5c594f97d 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -138,7 +138,18 @@ fi echo echo "Deploy the API instance using Proxygen CLI" if [[ "${DRY_RUN}" == "false" ]]; then - "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" + + jq -n --argfile spec "${SPEC_PATH}" \ + --arg apiName "${apigee_api}" \ + --arg environment "internal-dev" \ + --arg instance "${instance}" \ + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance}' > output.json + + + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenDeploy" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt + cat out.txt + +# "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" else echo "Would run this command" echo "${PROXYGEN_PATH} instance deploy --no-confirm ${APIGEE_ENVIRONMENT} ${instance} ${SPEC_PATH}" From c2d2bdafa2fb427222648155907e36b04c491743 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:21:42 +0000 Subject: [PATCH 02/20] pass the kid --- .github/scripts/deploy_api.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 5c594f97d..afd75a1d0 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -143,7 +143,8 @@ if [[ "${DRY_RUN}" == "false" ]]; then --arg apiName "${apigee_api}" \ --arg environment "internal-dev" \ --arg instance "${instance}" \ - '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance}' > output.json + --arg kid "${PROXYGEN_KID}" \ + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid}' > output.json aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenDeploy" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt From d88d518cdacdc995bbca443c325b981be5d9be67 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 23 Jul 2024 16:02:51 +0000 Subject: [PATCH 03/20] pass secret name to lambda --- .github/scripts/deploy_api.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index afd75a1d0..2c8e6ac6c 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -144,7 +144,8 @@ if [[ "${DRY_RUN}" == "false" ]]; then --arg environment "internal-dev" \ --arg instance "${instance}" \ --arg kid "${PROXYGEN_KID}" \ - '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid}' > output.json + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > output.json aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenDeploy" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt From bb3260748ccbd0f73452b2c4b3b97fe4f2df694d Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 23 Jul 2024 16:09:45 +0000 Subject: [PATCH 04/20] correct lambda name --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 2c8e6ac6c..e83d098b5 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -148,7 +148,7 @@ if [[ "${DRY_RUN}" == "false" ]]; then '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > output.json - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenDeploy" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstancePut" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt cat out.txt # "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" From c41441a5d991ab07711ff49487f8f4a72cea6874 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 23 Jul 2024 16:36:09 +0000 Subject: [PATCH 05/20] try using prod api --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index e83d098b5..5ae959755 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -148,7 +148,7 @@ if [[ "${DRY_RUN}" == "false" ]]; then '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > output.json - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstancePut" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenProdInstancePut" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt cat out.txt # "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" From e7001048041a93db1e5856500c6aaf22a575bbe6 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 23 Jul 2024 17:04:23 +0000 Subject: [PATCH 06/20] check for errors --- .github/scripts/deploy_api.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 5ae959755..31ccb2b64 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -145,11 +145,17 @@ if [[ "${DRY_RUN}" == "false" ]]; then --arg instance "${instance}" \ --arg kid "${PROXYGEN_KID}" \ --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > output.json + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenProdInstancePut" --cli-binary-format raw-in-base64-out --payload file://output.json out.txt - cat out.txt + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenProdInstancePut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 + fi + # "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" else From 0e6b93e9d38fc61cb54d95ea81bb9b1e205c4699 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 10:21:32 +0000 Subject: [PATCH 07/20] set secret using lambda --- .github/scripts/deploy_api.sh | 22 +++++++++++++++- .github/workflows/pull_request.yml | 40 +++++++++++++++--------------- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 31ccb2b64..382e2f5b7 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -129,6 +129,25 @@ if [[ "${is_pull_request}" == "false" ]]; then echo "Store the secret used for mutual TLS to AWS using Proxygen CLI" if [[ "${DRY_RUN}" == "false" ]]; then "${PROXYGEN_PATH}" secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem "${APIGEE_ENVIRONMENT}" psu-mtls-1 + + jq -n --argfile spec "${SPEC_PATH}" \ + --arg apiName "${apigee_api}" \ + --arg environment "internal-dev" \ + --arg secretName "${instance}" \ + --arg secretValue "${PROXYGEN_KID}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, secretName: $secretName, secretValue: $secretValue, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + + + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLSecretPut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 + fi + echo "Secret stored succesfully" + else echo "Would run this command" echo "${PROXYGEN_PATH} secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem ${APIGEE_ENVIRONMENT} psu-mtls-1" @@ -148,7 +167,7 @@ if [[ "${DRY_RUN}" == "false" ]]; then '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenProdInstancePut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstancePut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then echo 'Error calling lambda' @@ -156,6 +175,7 @@ if [[ "${DRY_RUN}" == "false" ]]; then exit 1 fi + echo "Instance deployed" # "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" else diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 836e92daa..4e4abf9e0 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -57,26 +57,26 @@ jobs: needs: get_issue_number uses: ./.github/workflows/run_package_code_and_api.yml - release_code: - needs: [get_issue_number, package_code, get_commit_id] - uses: ./.github/workflows/run_release_code_and_api.yml - with: - STACK_NAME: psu-pr-${{needs.get_issue_number.outputs.issue_number}} - ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} - AWS_ENVIRONMENT: dev - APIGEE_ENVIRONMENT: internal-dev - ENABLE_MUTUAL_TLS: false - BUILD_ARTIFACT: packaged_code - TRUSTSTORE_FILE: psu-truststore.pem - VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} - COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - LOG_RETENTION_DAYS: 30 - DEPLOY_APIGEE: true - DYNAMODB_AUTOSCALE: false - DEPLOY_APIGEE_CPSU: true - DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true - secrets: - CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + # release_code: + # needs: [get_issue_number, package_code, get_commit_id] + # uses: ./.github/workflows/run_release_code_and_api.yml + # with: + # STACK_NAME: psu-pr-${{needs.get_issue_number.outputs.issue_number}} + # ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} + # AWS_ENVIRONMENT: dev + # APIGEE_ENVIRONMENT: internal-dev + # ENABLE_MUTUAL_TLS: false + # BUILD_ARTIFACT: packaged_code + # TRUSTSTORE_FILE: psu-truststore.pem + # VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} + # COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} + # LOG_RETENTION_DAYS: 30 + # DEPLOY_APIGEE: true + # DYNAMODB_AUTOSCALE: false + # DEPLOY_APIGEE_CPSU: true + # DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true + # secrets: + # CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} release_sandbox_code: needs: [get_issue_number, package_code, get_commit_id] From c4de0653076bdef99b508d4803a552d86472900a Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 10:35:47 +0000 Subject: [PATCH 08/20] fix deploy --- .github/scripts/deploy_api.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 382e2f5b7..d765ab9aa 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -124,7 +124,7 @@ endpoint_url: https://proxygen.prod.api.platform.nhs.uk spec_output_format: json EOF -if [[ "${is_pull_request}" == "false" ]]; then +if [[ "${is_pull_request}" == "true" ]]; then echo echo "Store the secret used for mutual TLS to AWS using Proxygen CLI" if [[ "${DRY_RUN}" == "false" ]]; then @@ -132,7 +132,7 @@ if [[ "${is_pull_request}" == "false" ]]; then jq -n --argfile spec "${SPEC_PATH}" \ --arg apiName "${apigee_api}" \ - --arg environment "internal-dev" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ --arg secretName "${instance}" \ --arg secretValue "${PROXYGEN_KID}" \ --arg kid "${PROXYGEN_KID}" \ @@ -160,7 +160,7 @@ if [[ "${DRY_RUN}" == "false" ]]; then jq -n --argfile spec "${SPEC_PATH}" \ --arg apiName "${apigee_api}" \ - --arg environment "internal-dev" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ --arg instance "${instance}" \ --arg kid "${PROXYGEN_KID}" \ --arg proxygenSecretName "${proxygen_private_key_arn}" \ From 20be823e851b99c2226783d659e4addc64764868 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 11:20:49 +0000 Subject: [PATCH 09/20] use new lambda for secret --- .github/scripts/deploy_api.sh | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index d765ab9aa..b85f1bcb3 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -126,27 +126,27 @@ EOF if [[ "${is_pull_request}" == "true" ]]; then echo - echo "Store the secret used for mutual TLS to AWS using Proxygen CLI" + echo "Store the secret used for mutual TLS to AWS using Proxygen proxy lambda" if [[ "${DRY_RUN}" == "false" ]]; then - "${PROXYGEN_PATH}" secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem "${APIGEE_ENVIRONMENT}" psu-mtls-1 - - jq -n --argfile spec "${SPEC_PATH}" \ - --arg apiName "${apigee_api}" \ - --arg environment "${APIGEE_ENVIRONMENT}" \ - --arg secretName "${instance}" \ - --arg secretValue "${PROXYGEN_KID}" \ - --arg kid "${PROXYGEN_KID}" \ - --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, environment: $environment, secretName: $secretName, secretValue: $secretValue, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - - - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLSecretPut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json - if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then - echo 'Error calling lambda' - cat out.txt - exit 1 - fi - echo "Secret stored succesfully" +# "${PROXYGEN_PATH}" secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem "${APIGEE_ENVIRONMENT}" psu-mtls-1 + + jq -n --argfile spec "${SPEC_PATH}" \ + --arg apiName "${apigee_api}" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ + --arg secretName "${instance}" \ + --arg secretValue "${client_private_key}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, secretName: $secretName, secretValue: $secretValue, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + + + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLMTLSSecretPut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 + fi + echo "Secret stored succesfully" else echo "Would run this command" @@ -155,7 +155,7 @@ if [[ "${is_pull_request}" == "true" ]]; then fi echo -echo "Deploy the API instance using Proxygen CLI" +echo "Deploy the API instance using Proxygen proxy lambda" if [[ "${DRY_RUN}" == "false" ]]; then jq -n --argfile spec "${SPEC_PATH}" \ From 2d59b03f535c3e72a7bb46698ba0cfffc04c3586 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 11:29:29 +0000 Subject: [PATCH 10/20] correct input to lambda --- .github/scripts/deploy_api.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index b85f1bcb3..7c57102ad 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -134,7 +134,8 @@ if [[ "${is_pull_request}" == "true" ]]; then --arg apiName "${apigee_api}" \ --arg environment "${APIGEE_ENVIRONMENT}" \ --arg secretName "${instance}" \ - --arg secretValue "${client_private_key}" \ + --arg secretKey "${client_private_key}" \ + --arg secretCert "${client_cert}" \ --arg kid "${PROXYGEN_KID}" \ --arg proxygenSecretName "${proxygen_private_key_arn}" \ '{apiName: $apiName, environment: $environment, secretName: $secretName, secretValue: $secretValue, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json From a0f19eee9ce7a0d9bcb620a1add1bead8fa1e7eb Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 11:44:20 +0000 Subject: [PATCH 11/20] correct putting secret --- .github/scripts/deploy_api.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 7c57102ad..4ec4e8470 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -130,15 +130,14 @@ if [[ "${is_pull_request}" == "true" ]]; then if [[ "${DRY_RUN}" == "false" ]]; then # "${PROXYGEN_PATH}" secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem "${APIGEE_ENVIRONMENT}" psu-mtls-1 - jq -n --argfile spec "${SPEC_PATH}" \ - --arg apiName "${apigee_api}" \ + jq -n --arg apiName "${apigee_api}" \ --arg environment "${APIGEE_ENVIRONMENT}" \ - --arg secretName "${instance}" \ + --arg secretName "psu-mtls-1" \ --arg secretKey "${client_private_key}" \ --arg secretCert "${client_cert}" \ --arg kid "${PROXYGEN_KID}" \ --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, environment: $environment, secretName: $secretName, secretValue: $secretValue, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + '{apiName: $apiName, environment: $environment, secretName: $secretName, secretKey: $secretKey, secretCert: $secretCert, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLMTLSSecretPut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json From 4b98f7142770550ddf48f2caa54710e91c87968b Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 14:56:39 +0000 Subject: [PATCH 12/20] try publishing spec --- .github/scripts/delete_stacks.sh | 40 +++++++++++++++++++++++++++--- .github/scripts/deploy_api.sh | 15 ++++++++--- .github/workflows/pull_request.yml | 40 +++++++++++++++--------------- 3 files changed, 69 insertions(+), 26 deletions(-) diff --git a/.github/scripts/delete_stacks.sh b/.github/scripts/delete_stacks.sh index 38f33b972..5544840a4 100755 --- a/.github/scripts/delete_stacks.sh +++ b/.github/scripts/delete_stacks.sh @@ -21,12 +21,12 @@ main() { delete_cloudformation_stacks create_proxygen_credentials "PSUProxygenPrivateKey" "eps-cli-key-1" "prescription-status-update-api" delete_apigee_deployments "internal-dev" - delete_apigee_deployments "internal-dev-sandbox" + delete_apigee_deployments "internal-dev-sandbox" "prescription-status-update-api" PULL_REQUEST_PROXYGEN_REGEX=custom-prescription-status-update-pr- create_proxygen_credentials "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" "custom-prescription-status-update-api" delete_apigee_deployments "internal-dev" - delete_apigee_deployments "internal-dev-sandbox" + delete_apigee_deployments "internal-dev-sandbox" "custom-prescription-status-update-api" } delete_cloudformation_stacks() { @@ -97,9 +97,28 @@ EOF delete_apigee_deployments() { APIGEE_ENVIRONMENT=$1 + APIGEE_API=$2 echo echo "checking apigee deployments on ${APIGEE_ENVIRONMENT}" echo + + jq -n --arg apiName "${APIGEE_API}" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstanceGet" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 + fi + # This returns a JSON array in out.txt that looks like this + # [{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-495","last_modified":"2024-07-09T15:18:34+00:00","spec_hash":"4ae4a2e8e30e77576f58d98ccbc9ec23","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-544","last_modified":"2024-07-24T14:00:46+00:00","spec_hash":"a250eb95d16df57374b3e0e9cba53c62","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-552","last_modified":"2024-07-23T11:38:56+00:00","spec_hash":"54b0fe2a35b59609fa83a85c0265670e","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-559","last_modified":"2024-07-23T16:20:21+00:00","spec_hash":"e33779f5575ea061b7de17be4518dd0b","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-565","last_modified":"2024-07-23T09:45:12+00:00","spec_hash":"3215a7efcf0453da913f175252f50338","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update","last_modified":"2024-07-24T11:44:44+00:00","spec_hash":"5f5d3e3d43231016723779bcf92b6f34","temporary":"False"}] + # will need to put this into an array we can loop around + # then delete the next lines ACTIVE_APIGEE=$(poetry run proxygen instance list --env "${APIGEE_ENVIRONMENT}" | awk 'NR > 2 {print $3}') mapfile -t ACTIVE_APIGEE_ARRAY <<< "$ACTIVE_APIGEE" @@ -113,7 +132,22 @@ delete_apigee_deployments() { STATE=$(echo "${RESPONSE}" | jq -r .state) if [ "$STATE" == "closed" ]; then echo "** going to delete apigee deployment $i as state is ${STATE} **" - poetry run proxygen instance delete --no-confirm "${APIGEE_ENVIRONMENT}" "${i}" + # poetry run proxygen instance delete --no-confirm "${APIGEE_ENVIRONMENT}" "${i}" + jq -n --arg apiName "${APIGEE_API}" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ + --arg instance "${i}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, kid, $kid, proxygenSecretName: $proxygenSecretName, instance: $instance}' > payload.json + + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstanceDelete" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 + fi + + else echo "not going to delete apigee deployment $i as state is ${STATE}" fi diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 4ec4e8470..92c56110c 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -124,7 +124,7 @@ endpoint_url: https://proxygen.prod.api.platform.nhs.uk spec_output_format: json EOF -if [[ "${is_pull_request}" == "true" ]]; then +if [[ "${is_pull_request}" == "false" ]]; then echo echo "Store the secret used for mutual TLS to AWS using Proxygen proxy lambda" if [[ "${DRY_RUN}" == "false" ]]; then @@ -166,7 +166,6 @@ if [[ "${DRY_RUN}" == "false" ]]; then --arg proxygenSecretName "${proxygen_private_key_arn}" \ '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstancePut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then @@ -187,7 +186,17 @@ if [[ "${APIGEE_ENVIRONMENT}" == "int" ]]; then echo echo "Deploy the API spec if in the int environment" if [[ "${DRY_RUN}" == "false" ]]; then - "${PROXYGEN_PATH}" spec publish --no-confirm "${SPEC_PATH}" +# "${PROXYGEN_PATH}" spec publish --no-confirm "${SPEC_PATH}" + jq -n --argfile spec "${SPEC_PATH}" \ + --arg apiName "${apigee_api}" \ + --arg environment "uat" \ + --arg instance "${instance}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + + aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLSpecPublish" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + else echo "Would run this command" echo "${PROXYGEN_PATH} spec publish --no-confirm ${SPEC_PATH}" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 4e4abf9e0..836e92daa 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -57,26 +57,26 @@ jobs: needs: get_issue_number uses: ./.github/workflows/run_package_code_and_api.yml - # release_code: - # needs: [get_issue_number, package_code, get_commit_id] - # uses: ./.github/workflows/run_release_code_and_api.yml - # with: - # STACK_NAME: psu-pr-${{needs.get_issue_number.outputs.issue_number}} - # ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} - # AWS_ENVIRONMENT: dev - # APIGEE_ENVIRONMENT: internal-dev - # ENABLE_MUTUAL_TLS: false - # BUILD_ARTIFACT: packaged_code - # TRUSTSTORE_FILE: psu-truststore.pem - # VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} - # COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} - # LOG_RETENTION_DAYS: 30 - # DEPLOY_APIGEE: true - # DYNAMODB_AUTOSCALE: false - # DEPLOY_APIGEE_CPSU: true - # DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true - # secrets: - # CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + release_code: + needs: [get_issue_number, package_code, get_commit_id] + uses: ./.github/workflows/run_release_code_and_api.yml + with: + STACK_NAME: psu-pr-${{needs.get_issue_number.outputs.issue_number}} + ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} + AWS_ENVIRONMENT: dev + APIGEE_ENVIRONMENT: internal-dev + ENABLE_MUTUAL_TLS: false + BUILD_ARTIFACT: packaged_code + TRUSTSTORE_FILE: psu-truststore.pem + VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} + COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} + LOG_RETENTION_DAYS: 30 + DEPLOY_APIGEE: true + DYNAMODB_AUTOSCALE: false + DEPLOY_APIGEE_CPSU: true + DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true + secrets: + CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} release_sandbox_code: needs: [get_issue_number, package_code, get_commit_id] From ea731461fb74f00f2d8e547162a7cc58f47e17de Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 24 Jul 2024 14:57:40 +0000 Subject: [PATCH 13/20] publish spec for this pr --- .github/scripts/deploy_api.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 92c56110c..cc3f52f55 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -182,7 +182,7 @@ else echo "${PROXYGEN_PATH} instance deploy --no-confirm ${APIGEE_ENVIRONMENT} ${instance} ${SPEC_PATH}" fi -if [[ "${APIGEE_ENVIRONMENT}" == "int" ]]; then +if [[ "${APIGEE_ENVIRONMENT}" == "internal-dev" ]]; then echo echo "Deploy the API spec if in the int environment" if [[ "${DRY_RUN}" == "false" ]]; then From c5702528881dec9dfa27c53a10079ce08f78102a Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Thu, 25 Jul 2024 07:12:22 +0000 Subject: [PATCH 14/20] use pr splunk --- SAMtemplates/apis/api_resources.yaml | 25 +++++++------- SAMtemplates/functions/lambda_resources.yaml | 34 ++++++++++---------- SAMtemplates/functions/main.yaml | 24 +++++++------- SAMtemplates/state_machines/main.yaml | 8 ++--- 4 files changed, 45 insertions(+), 46 deletions(-) diff --git a/SAMtemplates/apis/api_resources.yaml b/SAMtemplates/apis/api_resources.yaml index cdade1bf2..438035cec 100644 --- a/SAMtemplates/apis/api_resources.yaml +++ b/SAMtemplates/apis/api_resources.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Description: | Resources for an API @@ -8,14 +8,14 @@ Parameters: Type: CommaDelimitedList Description: A list of additional policies to attach to the API gateway role (comma delimited). Default: none - + ApiName: Type: String Default: none - + LogRetentionInDays: Type: Number - + EnableSplunk: Type: String @@ -38,35 +38,34 @@ Resources: Action: - sts:AssumeRole ManagedPolicyArns: !Split - - ',' + - "," - !Join - - ',' + - "," - - !Join - - ',' + - "," - !Ref AdditionalPolicies - ApiGwAccessLogs: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub /aws/apigateway/${ApiName} RetentionInDays: !Ref LogRetentionInDays KmsKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn - + ApiGwAccessLogsSplunkSubscriptionFilter: Condition: ShouldUseSplunk Type: AWS::Logs::SubscriptionFilter Properties: - RoleArn: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + RoleArn: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole LogGroupName: !Ref ApiGwAccessLogs - FilterPattern: '' - DestinationArn: !ImportValue lambda-resources:SplunkDeliveryStream + FilterPattern: "" + DestinationArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream Outputs: ApiGwRoleArn: Description: The API GW role ARN Value: !GetAtt ApiGwRole.Arn - + ApiGwAccessLogsArn: Description: The API GW access logs ARN Value: !GetAtt ApiGwAccessLogs.Arn diff --git a/SAMtemplates/functions/lambda_resources.yaml b/SAMtemplates/functions/lambda_resources.yaml index 81534640e..713352b67 100644 --- a/SAMtemplates/functions/lambda_resources.yaml +++ b/SAMtemplates/functions/lambda_resources.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Description: | Resources for a lambda @@ -10,34 +10,34 @@ Parameters: LambdaName: Type: String Default: none - + LambdaArn: Type: String Default: none - + IncludeAdditionalPolicies: Type: String Default: false - + AdditionalPolicies: Type: CommaDelimitedList Description: A list of additional policies to attach the lambdas role (comma delimited). Default: none - + LogRetentionInDays: Type: Number - + CloudWatchKMSKeyId: Type: String Default: none - + EnableSplunk: Type: String - + SplunkSubscriptionFilterRole: Type: String Default: none - + SplunkDeliveryStreamArn: Type: String Default: none @@ -46,7 +46,7 @@ Conditions: ShouldUseSplunk: !Equals - true - !Ref EnableSplunk - + ShouldIncludeAdditionalPolicies: !Equals - true - !Ref IncludeAdditionalPolicies @@ -76,17 +76,17 @@ Resources: Action: - sts:AssumeRole ManagedPolicyArns: !Split - - ',' + - "," - !Join - - ',' + - "," - - !Ref LambdaManagedPolicy - - !ImportValue lambda-resources:LambdaInsightsLogGroupPolicy + - !ImportValue lambda-resources-pr-294:LambdaInsightsLogGroupPolicy - !ImportValue account-resources:CloudwatchEncryptionKMSPolicyArn - !ImportValue account-resources:LambdaDecryptSecretsKMSPolicy - !If - ShouldIncludeAdditionalPolicies - !Join - - ',' + - "," - !Ref AdditionalPolicies - !Ref AWS::NoValue @@ -103,21 +103,21 @@ Resources: Resource: - !GetAtt LambdaLogGroup.Arn - !Sub ${LambdaLogGroup.Arn}:log-stream:* - + LambdaLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub /aws/lambda/${LambdaName} RetentionInDays: !Ref LogRetentionInDays KmsKeyId: !Ref CloudWatchKMSKeyId - + LambdaSplunkSubscriptionFilter: Condition: ShouldUseSplunk Type: AWS::Logs::SubscriptionFilter Properties: RoleArn: !Ref SplunkSubscriptionFilterRole LogGroupName: !Ref LambdaLogGroup - FilterPattern: '' + FilterPattern: "" DestinationArn: !Ref SplunkDeliveryStreamArn Outputs: diff --git a/SAMtemplates/functions/main.yaml b/SAMtemplates/functions/main.yaml index d0233d5d7..b1db6368c 100644 --- a/SAMtemplates/functions/main.yaml +++ b/SAMtemplates/functions/main.yaml @@ -86,8 +86,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream ConvertRequestToFhirFormat: Type: AWS::Serverless::Function @@ -122,8 +122,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream GetStatusUpdates: Type: AWS::Serverless::Function @@ -162,8 +162,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream Status: Type: AWS::Serverless::Function @@ -202,8 +202,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream CapabilityStatement: Type: AWS::Serverless::Function @@ -234,8 +234,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream CheckPrescriptionStatusUpdates: Condition: ShouldDeployCheckPrescriptionStatusUpdate @@ -277,8 +277,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream Outputs: UpdatePrescriptionStatusFunctionName: diff --git a/SAMtemplates/state_machines/main.yaml b/SAMtemplates/state_machines/main.yaml index d1b175237..fac7e9122 100644 --- a/SAMtemplates/state_machines/main.yaml +++ b/SAMtemplates/state_machines/main.yaml @@ -72,8 +72,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream Format1UpdatePrescriptionsStatusStateMachine: Type: AWS::Serverless::StateMachine @@ -109,8 +109,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream Outputs: UpdatePrescriptionStatusStateMachineArn: From ca4fd5747462bd193280367e66212adb5f1f2dc5 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 6 Aug 2024 12:23:11 +0000 Subject: [PATCH 15/20] use lambdas --- .github/scripts/deploy_api.sh | 105 ++++++++---------- .github/workflows/pull_request.yml | 2 + .github/workflows/release.yml | 7 ++ .../workflows/run_release_code_and_api.yml | 56 +++------- 4 files changed, 75 insertions(+), 95 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index cc3f52f55..165d0a2b7 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -13,6 +13,30 @@ echo "Proxygen KID: ${PROXYGEN_KID}" echo "Deploy Check Prescription Status Update: ${DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE}" echo "Dry run: ${DRY_RUN}" + +client_private_key=$(cat ~/.proxygen/tmp/client_private_key) +client_cert=$(cat ~/.proxygen/tmp/client_cert) + +if [ -z "${client_private_key}" ]; then + echo "client_private_key is unset or set to the empty string" + exit 1 +fi +if [ -z "${client_cert}" ]; then + echo "client_cert is unset or set to the empty string" + exit 1 +fi + +put_secret_lambda=lambda-resources-ProxygenPTLMTLSSecretPut +instance_put_lambda=lambda-resources-ProxygenPTLInstancePut +spec_publish_lambda=lambda-resources-ProxygenPTLSpecPublish + +if [[ "$APIGEE_ENVIRONMENT" =~ ^(int|sandbox|prod)$ ]]; then + put_secret_lambda=lambda-resources-ProxygenProdMTLSSecretPut + instance_put_lambda=lambda-resources-ProxygenProdInstancePut + spec_publish_lambda=lambda-resources-ProxygenProdSpecPublish +fi + + is_pull_request=false instance_suffix="" if [[ ${STACK_NAME} == psu-pr-* ]]; then @@ -94,42 +118,11 @@ echo "Retrieving proxygen credentials" # Retrieve the proxygen private key and client private key and cert from AWS Secrets Manager proxygen_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:${PROXYGEN_PRIVATE_KEY_NAME}'].Value" --output text) -client_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientKeySecret'].Value" --output text) -client_cert_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientCertSecret'].Value" --output text) - -proxygen_private_key=$(aws secretsmanager get-secret-value --secret-id "${proxygen_private_key_arn}" --query SecretString --output text) -client_private_key=$(aws secretsmanager get-secret-value --secret-id "${client_private_key_arn}" --query SecretString --output text) -client_cert=$(aws secretsmanager get-secret-value --secret-id "${client_cert_arn}" --query SecretString --output text) - -# Create the .proxygen/tmp directory if it doesn't exist -mkdir -p ~/.proxygen/tmp - -# Save the proxygen private key, client private key, and client cert to temporary files -echo "${proxygen_private_key}" > ~/.proxygen/tmp/proxygen_private_key.pem -echo "${client_private_key}" > ~/.proxygen/tmp/client_private_key.pem -echo "${client_cert}" > ~/.proxygen/tmp/client_cert.pem - -cat < ~/.proxygen/credentials.yaml -client_id: ${apigee_api}-client -key_id: ${PROXYGEN_KID} -private_key_path: tmp/proxygen_private_key.pem -base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers -client_secret: https://nhsdigital.github.io/identity-service-jwks/jwks/paas/${apigee_api}.json -EOF - -# Create settings.yaml file -cat < ~/.proxygen/settings.yaml -api: ${apigee_api} -endpoint_url: https://proxygen.prod.api.platform.nhs.uk -spec_output_format: json -EOF if [[ "${is_pull_request}" == "false" ]]; then echo echo "Store the secret used for mutual TLS to AWS using Proxygen proxy lambda" if [[ "${DRY_RUN}" == "false" ]]; then -# "${PROXYGEN_PATH}" secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem "${APIGEE_ENVIRONMENT}" psu-mtls-1 - jq -n --arg apiName "${apigee_api}" \ --arg environment "${APIGEE_ENVIRONMENT}" \ --arg secretName "psu-mtls-1" \ @@ -139,8 +132,7 @@ if [[ "${is_pull_request}" == "false" ]]; then --arg proxygenSecretName "${proxygen_private_key_arn}" \ '{apiName: $apiName, environment: $environment, secretName: $secretName, secretKey: $secretKey, secretCert: $secretCert, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLMTLSSecretPut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + aws lambda invoke --function-name "${put_secret_lambda}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then echo 'Error calling lambda' cat out.txt @@ -149,8 +141,7 @@ if [[ "${is_pull_request}" == "false" ]]; then echo "Secret stored succesfully" else - echo "Would run this command" - echo "${PROXYGEN_PATH} secret put --mtls-cert ~/.proxygen/tmp/client_cert.pem --mtls-key ~/.proxygen/tmp/client_private_key.pem ${APIGEE_ENVIRONMENT} psu-mtls-1" + echo "Would call ${put_secret_lambda}" fi fi @@ -166,40 +157,33 @@ if [[ "${DRY_RUN}" == "false" ]]; then --arg proxygenSecretName "${proxygen_private_key_arn}" \ '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstancePut" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + aws lambda invoke --function-name "${instance_put_lambda}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then echo 'Error calling lambda' cat out.txt exit 1 fi - echo "Instance deployed" - -# "${PROXYGEN_PATH}" instance deploy --no-confirm "${APIGEE_ENVIRONMENT}" "${instance}" "${SPEC_PATH}" else - echo "Would run this command" - echo "${PROXYGEN_PATH} instance deploy --no-confirm ${APIGEE_ENVIRONMENT} ${instance} ${SPEC_PATH}" + echo "Would call ${instance_put_lambda}" fi -if [[ "${APIGEE_ENVIRONMENT}" == "internal-dev" ]]; then +if [[ "${APIGEE_ENVIRONMENT}" == "int" ]]; then echo echo "Deploy the API spec if in the int environment" if [[ "${DRY_RUN}" == "false" ]]; then -# "${PROXYGEN_PATH}" spec publish --no-confirm "${SPEC_PATH}" - jq -n --argfile spec "${SPEC_PATH}" \ - --arg apiName "${apigee_api}" \ - --arg environment "uat" \ - --arg instance "${instance}" \ - --arg kid "${PROXYGEN_KID}" \ - --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLSpecPublish" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + jq -n --argfile spec "${SPEC_PATH}" \ + --arg apiName "${apigee_api}" \ + --arg environment "uat" \ + --arg instance "${instance}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + aws lambda invoke --function-name "${spec_publish_lambda}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json else - echo "Would run this command" - echo "${PROXYGEN_PATH} spec publish --no-confirm ${SPEC_PATH}" + echo "Would call ${spec_publish_lambda}" fi fi @@ -207,9 +191,16 @@ if [[ "${APIGEE_ENVIRONMENT}" == "internal-dev" && "${is_pull_request}" == "fals echo echo "Deploy the API spec to uat if in the internal-dev environment" if [[ "${DRY_RUN}" == "false" ]]; then - "${PROXYGEN_PATH}" spec publish --uat --no-confirm "${SPEC_PATH}" + jq -n --argfile spec "${SPEC_PATH}" \ + --arg apiName "${apigee_api}" \ + --arg environment "uat" \ + --arg instance "${instance}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, specDefinition: $spec, instance: $instance, kid: $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + + aws lambda invoke --function-name "${spec_publish_lambda}" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json else - echo "Would run this command" - echo "${PROXYGEN_PATH} spec publish --uat --no-confirm ${SPEC_PATH}" + echo "Would call ${spec_publish_lambda}" fi fi diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 836e92daa..741a39dbe 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -77,6 +77,7 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} release_sandbox_code: needs: [get_issue_number, package_code, get_commit_id] @@ -98,3 +99,4 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68a5fae14..9393bc88d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -137,6 +137,7 @@ jobs: INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} release_dev_sandbox: needs: [tag_release, package_code, get_commit_id] @@ -158,6 +159,7 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} release_ref: needs: @@ -187,6 +189,7 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} release_qa: needs: @@ -216,6 +219,7 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }} release_int: needs: [tag_release, release_qa, package_code, get_commit_id] @@ -244,6 +248,7 @@ jobs: INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }} release_int_sandbox: needs: [tag_release, release_qa, package_code, get_commit_id] @@ -265,6 +270,7 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: true secrets: CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.INT_CLOUD_FORMATION_DEPLOY_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }} release_prod: needs: @@ -300,3 +306,4 @@ jobs: INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} + PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PROD_ROLE }} diff --git a/.github/workflows/run_release_code_and_api.yml b/.github/workflows/run_release_code_and_api.yml index 5b79636a0..76c231f7d 100644 --- a/.github/workflows/run_release_code_and_api.yml +++ b/.github/workflows/run_release_code_and_api.yml @@ -72,6 +72,8 @@ on: required: false DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: required: false + PROXYGEN_ROLE: + required: false jobs: release_code_and_api: @@ -115,38 +117,6 @@ jobs: name: ${{ inputs.BUILD_ARTIFACT }} path: . - - name: Download python dependency artifact - uses: actions/download-artifact@v4 - with: - name: python_dependency_files - path: . - - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - - - name: Cache asdf - uses: actions/cache@v4 - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf- - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - env: - PYTHON_CONFIGURE_OPTS: --enable-shared - - - name: Run make install-python - run: | - make install-python - - name: Export specification paths run: | SPEC_PATH="$(pwd)/.aws-sam/build/specification/eps-prescription-status-update-api.resolved.json" @@ -156,12 +126,6 @@ jobs: echo "CPSU Specification location: $CPSU_SPEC_PATH" echo "CPSU_SPEC_PATH=${CPSU_SPEC_PATH}" >> "$GITHUB_ENV" - - name: Export proxygen path - run: | - PROXYGEN_PATH=$(poetry run which proxygen) - echo "Proxygen location: $PROXYGEN_PATH" - echo "PROXYGEN_PATH=${PROXYGEN_PATH}" >> "$GITHUB_ENV" - - name: release code shell: bash working-directory: .github/scripts @@ -180,6 +144,22 @@ jobs: DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: ${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }} run: ./release_code.sh + - name: get mtls secrets + shell: bash + run: | + mkdir -p ~/.proxygen/tmp + client_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientKeySecret'].Value" --output text) + client_cert_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:PsuClientCertSecret'].Value" --output text) + aws secretsmanager get-secret-value --secret-id "${client_private_key_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_private_key + aws secretsmanager get-secret-value --secret-id "${client_cert_arn}" --query SecretString --output text > ~/.proxygen/tmp/client_cert + + - name: Configure AWS Credentials for api release + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: eu-west-2 + role-to-assume: ${{ secrets.PROXYGEN_ROLE }} + role-session-name: proxygen-ptl + - name: Deploy PSU API shell: bash working-directory: .github/scripts From bd47c27fa3ac70e3f5a3616bd10784b16130d302 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 6 Aug 2024 12:47:15 +0000 Subject: [PATCH 16/20] no need for poetry --- .github/workflows/run_release_code_and_api.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run_release_code_and_api.yml b/.github/workflows/run_release_code_and_api.yml index 76c231f7d..7d8857923 100644 --- a/.github/workflows/run_release_code_and_api.yml +++ b/.github/workflows/run_release_code_and_api.yml @@ -176,7 +176,7 @@ jobs: PROXYGEN_KID: "eps-cli-key-1" DRY_RUN: false DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: ${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }} - run: poetry run ./deploy_api.sh + run: ./deploy_api.sh - name: Deploy CPSU API shell: bash @@ -194,7 +194,7 @@ jobs: PROXYGEN_KID: eps-cli-key-cpsu-1 DRY_RUN: false DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE: ${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }} - run: poetry run ./deploy_api.sh + run: ./deploy_api.sh - name: create_int_release_notes uses: ./.github/actions/update_confluence_jira From 4142f74340689c5b73a9b1028aa72162f057ea34 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Tue, 6 Aug 2024 16:39:14 +0000 Subject: [PATCH 17/20] modify delete stacks --- .../scripts/delete_proxygen_deployments.sh | 74 ++++++++++++ .github/scripts/delete_stacks.sh | 108 ------------------ .../delete_old_cloudformation_stacks.yml | 44 +++---- .../workflows/run_package_code_and_api.yml | 19 +-- 4 files changed, 93 insertions(+), 152 deletions(-) create mode 100755 .github/scripts/delete_proxygen_deployments.sh diff --git a/.github/scripts/delete_proxygen_deployments.sh b/.github/scripts/delete_proxygen_deployments.sh new file mode 100755 index 000000000..f9908c878 --- /dev/null +++ b/.github/scripts/delete_proxygen_deployments.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env bash + +# generic script for removing cloudformation stacks and proxygen deployed apis where the pull request is closed + +# set the repo name to be the name of the repo this is running in +REPO_NAME=eps-prescription-status-update-api + +# this should be customised to delete cloudformation stacks and proxygen deployments if they are used +main() { + PULL_REQUEST_PROXYGEN_REGEX=prescription-status-update-pr- + delete_apigee_deployments "internal-dev" "prescription-status-update-api" "PSUProxygenPrivateKey" "eps-cli-key-1" + delete_apigee_deployments "internal-dev-sandbox" "prescription-status-update-api" "PSUProxygenPrivateKey" "eps-cli-key-1" + + PULL_REQUEST_PROXYGEN_REGEX=custom-prescription-status-update-pr- + delete_apigee_deployments "internal-dev" "prescription-status-update-api" "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" + delete_apigee_deployments "internal-dev-sandbox" "custom-prescription-status-update-api" "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" +} + +delete_apigee_deployments() { + APIGEE_ENVIRONMENT=$1 + APIGEE_API=$2 + PROXYGEN_PRIVATE_KEY_NAME=$3 + PROXYGEN_KID=$4 + proxygen_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:${PROXYGEN_PRIVATE_KEY_NAME}'].Value" --output text) + + echo + echo "checking apigee deployments on ${APIGEE_ENVIRONMENT}" + echo + + jq -n --arg apiName "${APIGEE_API}" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json + + aws lambda invoke --function-name "lambda-resources-ProxygenPTLInstanceGet" --cli-binary-format raw-in-base64-out --payload file://payload.json out.json > response.json + + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.json + exit 1 + fi + + jq -r '.[].name' "out.json" | while read -r i; do + echo "Checking if apigee deployment $i has open pull request" + PULL_REQUEST=${i//${PULL_REQUEST_PROXYGEN_REGEX}/} + echo "Checking pull request id ${PULL_REQUEST}" + URL="https://api.github.com/repos/NHSDigital/${REPO_NAME}/pulls/${PULL_REQUEST}" + RESPONSE=$(curl "${URL}" 2>/dev/null) + STATE=$(echo "${RESPONSE}" | jq -r .state) + if [ "$STATE" == "closed" ]; then + echo "** going to delete apigee deployment $i as state is ${STATE} **" + jq -n --arg apiName "${APIGEE_API}" \ + --arg environment "${APIGEE_ENVIRONMENT}" \ + --arg instance "${i}" \ + --arg kid "${PROXYGEN_KID}" \ + --arg proxygenSecretName "${proxygen_private_key_arn}" \ + '{apiName: $apiName, environment: $environment, kid, $kid, proxygenSecretName: $proxygenSecretName, instance: $instance}' > payload.json + + aws lambda invoke --function-name "lambda-resources-ProxygenPTLInstanceDelete" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json + if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then + echo 'Error calling lambda' + cat out.txt + exit 1 + fi + + + else + echo "not going to delete apigee deployment $i as state is ${STATE}" + fi + done +} + +main diff --git a/.github/scripts/delete_stacks.sh b/.github/scripts/delete_stacks.sh index 5544840a4..0400eb312 100755 --- a/.github/scripts/delete_stacks.sh +++ b/.github/scripts/delete_stacks.sh @@ -12,21 +12,10 @@ CAPTURE_REGEX="^psu-pr-(\\d+)(-sandbox)?$" # this is used in a replace command to replace the stack name so what is left is just the pull request id PULL_REQUEST_STACK_REGEX=psu-pr- -# this should be a regex that is used to get the pull request id from the proxygen deployed API -# this is used in a replace command to replace the proxy name so what is left is just the pull request id -PULL_REQUEST_PROXYGEN_REGEX=prescription-status-update-pr- # this should be customised to delete cloudformation stacks and proxygen deployments if they are used main() { delete_cloudformation_stacks - create_proxygen_credentials "PSUProxygenPrivateKey" "eps-cli-key-1" "prescription-status-update-api" - delete_apigee_deployments "internal-dev" - delete_apigee_deployments "internal-dev-sandbox" "prescription-status-update-api" - - PULL_REQUEST_PROXYGEN_REGEX=custom-prescription-status-update-pr- - create_proxygen_credentials "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" "custom-prescription-status-update-api" - delete_apigee_deployments "internal-dev" - delete_apigee_deployments "internal-dev-sandbox" "custom-prescription-status-update-api" } delete_cloudformation_stacks() { @@ -56,102 +45,5 @@ delete_cloudformation_stacks() { done } -create_proxygen_credentials() { - PROXYGEN_PRIVATE_KEY_NAME=$1 - PROXYGEN_KID=$2 - APIGEE_API=$3 - echo - echo "getting proxygen key" - echo "PROXYGEN_PRIVATE_KEY_NAME: ${PROXYGEN_PRIVATE_KEY_NAME}" - echo "PROXYGEN_KID: ${PROXYGEN_KID}" - echo "APIGEE_API: ${APIGEE_API}" - echo - # Retrieve the proxygen private key - proxygen_private_key_arn=$(aws cloudformation list-exports --query "Exports[?Name=='account-resources:${PROXYGEN_PRIVATE_KEY_NAME}'].Value" --output text) - proxygen_private_key=$(aws secretsmanager get-secret-value --secret-id "${proxygen_private_key_arn}" --query SecretString --output text) - - # Create the .proxygen/tmp directory if it doesn't exist - mkdir -p ~/.proxygen/tmp - - # Save the proxygen private key, client private key, and client cert to temporary files - echo "$proxygen_private_key" > ~/.proxygen/tmp/proxygen_private_key.pem - - # Create the .proxygen/tmp directory if it doesn't exist - mkdir -p ~/.proxygen/tmp - # Create credentials.yaml file - cat < ~/.proxygen/credentials.yaml - client_id: ${APIGEE_API}-client - key_id: ${PROXYGEN_KID} - private_key_path: tmp/proxygen_private_key.pem - base_url: https://identity.prod.api.platform.nhs.uk/realms/api-producers - client_secret: https://nhsdigital.github.io/identity-service-jwks/jwks/paas/${APIGEE_API}.json -EOF - - # Create settings.yaml file - cat < ~/.proxygen/settings.yaml - api: ${APIGEE_API} - endpoint_url: https://proxygen.prod.api.platform.nhs.uk - spec_output_format: json -EOF -} - -delete_apigee_deployments() { - APIGEE_ENVIRONMENT=$1 - APIGEE_API=$2 - echo - echo "checking apigee deployments on ${APIGEE_ENVIRONMENT}" - echo - - jq -n --arg apiName "${APIGEE_API}" \ - --arg environment "${APIGEE_ENVIRONMENT}" \ - --arg kid "${PROXYGEN_KID}" \ - --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, environment: $environment, kid, $kid, proxygenSecretName: $proxygenSecretName}' > payload.json - - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstanceGet" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json - - if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then - echo 'Error calling lambda' - cat out.txt - exit 1 - fi - # This returns a JSON array in out.txt that looks like this - # [{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-495","last_modified":"2024-07-09T15:18:34+00:00","spec_hash":"4ae4a2e8e30e77576f58d98ccbc9ec23","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-544","last_modified":"2024-07-24T14:00:46+00:00","spec_hash":"a250eb95d16df57374b3e0e9cba53c62","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-552","last_modified":"2024-07-23T11:38:56+00:00","spec_hash":"54b0fe2a35b59609fa83a85c0265670e","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-559","last_modified":"2024-07-23T16:20:21+00:00","spec_hash":"e33779f5575ea061b7de17be4518dd0b","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update-pr-565","last_modified":"2024-07-23T09:45:12+00:00","spec_hash":"3215a7efcf0453da913f175252f50338","temporary":"False"},{"environment":"internal-dev","type":"instance","name":"prescription-status-update","last_modified":"2024-07-24T11:44:44+00:00","spec_hash":"5f5d3e3d43231016723779bcf92b6f34","temporary":"False"}] - # will need to put this into an array we can loop around - # then delete the next lines - ACTIVE_APIGEE=$(poetry run proxygen instance list --env "${APIGEE_ENVIRONMENT}" | awk 'NR > 2 {print $3}') - mapfile -t ACTIVE_APIGEE_ARRAY <<< "$ACTIVE_APIGEE" - - for i in "${ACTIVE_APIGEE_ARRAY[@]}" - do - echo "Checking if apigee deployment $i has open pull request" - PULL_REQUEST=${i//${PULL_REQUEST_PROXYGEN_REGEX}/} - echo "Checking pull request id ${PULL_REQUEST}" - URL="https://api.github.com/repos/NHSDigital/${REPO_NAME}/pulls/${PULL_REQUEST}" - RESPONSE=$(curl "${URL}" 2>/dev/null) - STATE=$(echo "${RESPONSE}" | jq -r .state) - if [ "$STATE" == "closed" ]; then - echo "** going to delete apigee deployment $i as state is ${STATE} **" - # poetry run proxygen instance delete --no-confirm "${APIGEE_ENVIRONMENT}" "${i}" - jq -n --arg apiName "${APIGEE_API}" \ - --arg environment "${APIGEE_ENVIRONMENT}" \ - --arg instance "${i}" \ - --arg kid "${PROXYGEN_KID}" \ - --arg proxygenSecretName "${proxygen_private_key_arn}" \ - '{apiName: $apiName, environment: $environment, kid, $kid, proxygenSecretName: $proxygenSecretName, instance: $instance}' > payload.json - - aws lambda invoke --function-name "arn:aws:lambda:eu-west-2:591291862413:function:lambda-resources-pr-294-ProxygenPTLInstanceDelete" --cli-binary-format raw-in-base64-out --payload file://payload.json out.txt > response.json - if eval "cat response.json | jq -e '.FunctionError' >/dev/null"; then - echo 'Error calling lambda' - cat out.txt - exit 1 - fi - - - else - echo "not going to delete apigee deployment $i as state is ${STATE}" - fi - done -} main diff --git a/.github/workflows/delete_old_cloudformation_stacks.yml b/.github/workflows/delete_old_cloudformation_stacks.yml index 26837641a..e0a973b14 100644 --- a/.github/workflows/delete_old_cloudformation_stacks.yml +++ b/.github/workflows/delete_old_cloudformation_stacks.yml @@ -1,4 +1,4 @@ -name: 'Delete old cloudformation stacks' +name: "Delete old cloudformation stacks" # Controls when the action will run - in this case triggered manually on: @@ -13,8 +13,8 @@ jobs: # The type of runner that the job will run on runs-on: ubuntu-latest permissions: - id-token: write - contents: read + id-token: write + contents: read # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -24,40 +24,26 @@ jobs: ref: ${{ env.BRANCH_NAME }} fetch-depth: 0 - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.11.3 - - - name: Cache asdf - uses: actions/cache@v4 - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf- - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 with: - asdf_branch: v0.11.3 - env: - PYTHON_CONFIGURE_OPTS: --enable-shared + aws-region: eu-west-2 + role-to-assume: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} + role-session-name: delete-old-stacks - - name: make install - run: | - make install + - name: delete stacks + shell: bash + working-directory: .github/scripts + run: ./delete_stacks.sh - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-region: eu-west-2 - role-to-assume: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} - role-session-name: github-actions + role-to-assume: ${{ secrets.PROXYGEN_PTL_ROLE }} + role-session-name: delete-old-proxygen - name: delete stacks shell: bash working-directory: .github/scripts - run: ./delete_stacks.sh + run: ./delete_proxygen_deployments.sh diff --git a/.github/workflows/run_package_code_and_api.yml b/.github/workflows/run_package_code_and_api.yml index 0903c57f8..ea3ba7c61 100644 --- a/.github/workflows/run_package_code_and_api.yml +++ b/.github/workflows/run_package_code_and_api.yml @@ -21,7 +21,7 @@ jobs: uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 with: asdf_branch: v0.11.3 - + - name: Cache asdf uses: actions/cache@v4 with: @@ -37,14 +37,14 @@ jobs: asdf_branch: v0.11.3 env: PYTHON_CONFIGURE_OPTS: --enable-shared - + - name: Setting up .npmrc env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc - + - name: Run make install run: | make install @@ -71,17 +71,7 @@ jobs: .aws-sam/build SAMtemplates/state_machines/UpdatePrescriptionStatusStateMachine.asl.json SAMtemplates/state_machines/Format1UpdatePrescriptionsStatusStateMachine.asl.json - - - uses: actions/upload-artifact@v4 - name: Upload python dependency files - with: - name: python_dependency_files - path: | - .tool-versions - poetry.lock - poetry.toml - pyproject.toml - + - shell: bash name: Package sandbox run: | @@ -96,7 +86,6 @@ jobs: cp packages/specification/dist/eps-prescription-status-update-api.resolved.json .aws-sam/build/specification/ cp packages/specification/dist/eps-custom-prescription-status-update-api.resolved.json .aws-sam/build/specification/ - # Readme is included to stop the action flattening the folder structure of aws-sam/build when it is the only item to upload - uses: actions/upload-artifact@v4 name: Upload sandbox build artifact From ac114c216e5306964bc164e7cc99aacec4c0afc9 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 7 Aug 2024 12:54:39 +0000 Subject: [PATCH 18/20] fix api name --- .github/scripts/delete_proxygen_deployments.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/scripts/delete_proxygen_deployments.sh b/.github/scripts/delete_proxygen_deployments.sh index f9908c878..95ec92889 100755 --- a/.github/scripts/delete_proxygen_deployments.sh +++ b/.github/scripts/delete_proxygen_deployments.sh @@ -7,12 +7,14 @@ REPO_NAME=eps-prescription-status-update-api # this should be customised to delete cloudformation stacks and proxygen deployments if they are used main() { + echo "Checking prescripton status update deployments" PULL_REQUEST_PROXYGEN_REGEX=prescription-status-update-pr- delete_apigee_deployments "internal-dev" "prescription-status-update-api" "PSUProxygenPrivateKey" "eps-cli-key-1" delete_apigee_deployments "internal-dev-sandbox" "prescription-status-update-api" "PSUProxygenPrivateKey" "eps-cli-key-1" + echo "Checking custom prescripton status update deployments" PULL_REQUEST_PROXYGEN_REGEX=custom-prescription-status-update-pr- - delete_apigee_deployments "internal-dev" "prescription-status-update-api" "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" + delete_apigee_deployments "internal-dev" "custom-prescription-status-update-api" "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" delete_apigee_deployments "internal-dev-sandbox" "custom-prescription-status-update-api" "CPSUProxygenPrivateKey" "eps-cli-key-cpsu-1" } From 30d5a452faa7984ac08d419147becbfea8d08ffb Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:08:02 +0000 Subject: [PATCH 19/20] remove reference to proxygen cli --- .github/scripts/deploy_api.sh | 1 - poetry.lock | 176 +--------------------------------- pyproject.toml | 1 - 3 files changed, 2 insertions(+), 176 deletions(-) diff --git a/.github/scripts/deploy_api.sh b/.github/scripts/deploy_api.sh index 165d0a2b7..585a547f7 100755 --- a/.github/scripts/deploy_api.sh +++ b/.github/scripts/deploy_api.sh @@ -2,7 +2,6 @@ set -eu pipefail echo "API type: ${API_TYPE}" -echo "Proxygen path: ${PROXYGEN_PATH}" echo "Specification path: ${SPEC_PATH}" echo "Specification version: ${VERSION_NUMBER}" echo "Stack name: ${STACK_NAME}" diff --git a/poetry.lock b/poetry.lock index 6df9fa9e9..844418f6b 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand. [[package]] name = "argparse" @@ -657,114 +657,6 @@ files = [ [package.dependencies] referencing = ">=0.31.0" -[[package]] -name = "lxml" -version = "4.9.4" -description = "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API." -optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, != 3.4.*" -files = [ - {file = "lxml-4.9.4-cp27-cp27m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:e214025e23db238805a600f1f37bf9f9a15413c7bf5f9d6ae194f84980c78722"}, - {file = "lxml-4.9.4-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:ec53a09aee61d45e7dbe7e91252ff0491b6b5fee3d85b2d45b173d8ab453efc1"}, - {file = "lxml-4.9.4-cp27-cp27m-win32.whl", hash = "sha256:7d1d6c9e74c70ddf524e3c09d9dc0522aba9370708c2cb58680ea40174800013"}, - {file = "lxml-4.9.4-cp27-cp27m-win_amd64.whl", hash = "sha256:cb53669442895763e61df5c995f0e8361b61662f26c1b04ee82899c2789c8f69"}, - {file = "lxml-4.9.4-cp27-cp27mu-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:647bfe88b1997d7ae8d45dabc7c868d8cb0c8412a6e730a7651050b8c7289cf2"}, - {file = "lxml-4.9.4-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:4d973729ce04784906a19108054e1fd476bc85279a403ea1a72fdb051c76fa48"}, - {file = "lxml-4.9.4-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:056a17eaaf3da87a05523472ae84246f87ac2f29a53306466c22e60282e54ff8"}, - {file = "lxml-4.9.4-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:aaa5c173a26960fe67daa69aa93d6d6a1cd714a6eb13802d4e4bd1d24a530644"}, - {file = "lxml-4.9.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:647459b23594f370c1c01768edaa0ba0959afc39caeeb793b43158bb9bb6a663"}, - {file = "lxml-4.9.4-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:bdd9abccd0927673cffe601d2c6cdad1c9321bf3437a2f507d6b037ef91ea307"}, - {file = "lxml-4.9.4-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:00e91573183ad273e242db5585b52670eddf92bacad095ce25c1e682da14ed91"}, - {file = "lxml-4.9.4-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:a602ed9bd2c7d85bd58592c28e101bd9ff9c718fbde06545a70945ffd5d11868"}, - {file = "lxml-4.9.4-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:de362ac8bc962408ad8fae28f3967ce1a262b5d63ab8cefb42662566737f1dc7"}, - {file = "lxml-4.9.4-cp310-cp310-win32.whl", hash = "sha256:33714fcf5af4ff7e70a49731a7cc8fd9ce910b9ac194f66eaa18c3cc0a4c02be"}, - {file = "lxml-4.9.4-cp310-cp310-win_amd64.whl", hash = "sha256:d3caa09e613ece43ac292fbed513a4bce170681a447d25ffcbc1b647d45a39c5"}, - {file = "lxml-4.9.4-cp311-cp311-macosx_11_0_universal2.whl", hash = "sha256:359a8b09d712df27849e0bcb62c6a3404e780b274b0b7e4c39a88826d1926c28"}, - {file = "lxml-4.9.4-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:43498ea734ccdfb92e1886dfedaebeb81178a241d39a79d5351ba2b671bff2b2"}, - {file = "lxml-4.9.4-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:4855161013dfb2b762e02b3f4d4a21cc7c6aec13c69e3bffbf5022b3e708dd97"}, - {file = "lxml-4.9.4-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:c71b5b860c5215fdbaa56f715bc218e45a98477f816b46cfde4a84d25b13274e"}, - {file = "lxml-4.9.4-cp311-cp311-manylinux_2_28_aarch64.whl", hash = "sha256:9a2b5915c333e4364367140443b59f09feae42184459b913f0f41b9fed55794a"}, - {file = "lxml-4.9.4-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:d82411dbf4d3127b6cde7da0f9373e37ad3a43e89ef374965465928f01c2b979"}, - {file = "lxml-4.9.4-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:273473d34462ae6e97c0f4e517bd1bf9588aa67a1d47d93f760a1282640e24ac"}, - {file = "lxml-4.9.4-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:389d2b2e543b27962990ab529ac6720c3dded588cc6d0f6557eec153305a3622"}, - {file = "lxml-4.9.4-cp311-cp311-win32.whl", hash = "sha256:8aecb5a7f6f7f8fe9cac0bcadd39efaca8bbf8d1bf242e9f175cbe4c925116c3"}, - {file = "lxml-4.9.4-cp311-cp311-win_amd64.whl", hash = "sha256:c7721a3ef41591341388bb2265395ce522aba52f969d33dacd822da8f018aff8"}, - {file = "lxml-4.9.4-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:dbcb2dc07308453db428a95a4d03259bd8caea97d7f0776842299f2d00c72fc8"}, - {file = "lxml-4.9.4-cp312-cp312-manylinux_2_28_aarch64.whl", hash = "sha256:01bf1df1db327e748dcb152d17389cf6d0a8c5d533ef9bab781e9d5037619229"}, - {file = "lxml-4.9.4-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:e8f9f93a23634cfafbad6e46ad7d09e0f4a25a2400e4a64b1b7b7c0fbaa06d9d"}, - {file = "lxml-4.9.4-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:3f3f00a9061605725df1816f5713d10cd94636347ed651abdbc75828df302b20"}, - {file = "lxml-4.9.4-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:953dd5481bd6252bd480d6ec431f61d7d87fdcbbb71b0d2bdcfc6ae00bb6fb10"}, - {file = "lxml-4.9.4-cp312-cp312-win32.whl", hash = "sha256:266f655d1baff9c47b52f529b5f6bec33f66042f65f7c56adde3fcf2ed62ae8b"}, - {file = "lxml-4.9.4-cp312-cp312-win_amd64.whl", hash = "sha256:f1faee2a831fe249e1bae9cbc68d3cd8a30f7e37851deee4d7962b17c410dd56"}, - {file = "lxml-4.9.4-cp35-cp35m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:23d891e5bdc12e2e506e7d225d6aa929e0a0368c9916c1fddefab88166e98b20"}, - {file = "lxml-4.9.4-cp35-cp35m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:e96a1788f24d03e8d61679f9881a883ecdf9c445a38f9ae3f3f193ab6c591c66"}, - {file = "lxml-4.9.4-cp36-cp36m-macosx_11_0_x86_64.whl", hash = "sha256:5557461f83bb7cc718bc9ee1f7156d50e31747e5b38d79cf40f79ab1447afd2d"}, - {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:fdb325b7fba1e2c40b9b1db407f85642e32404131c08480dd652110fc908561b"}, - {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3d74d4a3c4b8f7a1f676cedf8e84bcc57705a6d7925e6daef7a1e54ae543a197"}, - {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:ac7674d1638df129d9cb4503d20ffc3922bd463c865ef3cb412f2c926108e9a4"}, - {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_28_x86_64.whl", hash = "sha256:ddd92e18b783aeb86ad2132d84a4b795fc5ec612e3545c1b687e7747e66e2b53"}, - {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2bd9ac6e44f2db368ef8986f3989a4cad3de4cd55dbdda536e253000c801bcc7"}, - {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:bc354b1393dce46026ab13075f77b30e40b61b1a53e852e99d3cc5dd1af4bc85"}, - {file = "lxml-4.9.4-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:f836f39678cb47c9541f04d8ed4545719dc31ad850bf1832d6b4171e30d65d23"}, - {file = "lxml-4.9.4-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:9c131447768ed7bc05a02553d939e7f0e807e533441901dd504e217b76307745"}, - {file = "lxml-4.9.4-cp36-cp36m-win32.whl", hash = "sha256:bafa65e3acae612a7799ada439bd202403414ebe23f52e5b17f6ffc2eb98c2be"}, - {file = "lxml-4.9.4-cp36-cp36m-win_amd64.whl", hash = "sha256:6197c3f3c0b960ad033b9b7d611db11285bb461fc6b802c1dd50d04ad715c225"}, - {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:7b378847a09d6bd46047f5f3599cdc64fcb4cc5a5a2dd0a2af610361fbe77b16"}, - {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:1343df4e2e6e51182aad12162b23b0a4b3fd77f17527a78c53f0f23573663545"}, - {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:6dbdacf5752fbd78ccdb434698230c4f0f95df7dd956d5f205b5ed6911a1367c"}, - {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_28_x86_64.whl", hash = "sha256:506becdf2ecaebaf7f7995f776394fcc8bd8a78022772de66677c84fb02dd33d"}, - {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ca8e44b5ba3edb682ea4e6185b49661fc22b230cf811b9c13963c9f982d1d964"}, - {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:9d9d5726474cbbef279fd709008f91a49c4f758bec9c062dfbba88eab00e3ff9"}, - {file = "lxml-4.9.4-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:bbdd69e20fe2943b51e2841fc1e6a3c1de460d630f65bde12452d8c97209464d"}, - {file = "lxml-4.9.4-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:8671622256a0859f5089cbe0ce4693c2af407bc053dcc99aadff7f5310b4aa02"}, - {file = "lxml-4.9.4-cp37-cp37m-win32.whl", hash = "sha256:dd4fda67f5faaef4f9ee5383435048ee3e11ad996901225ad7615bc92245bc8e"}, - {file = "lxml-4.9.4-cp37-cp37m-win_amd64.whl", hash = "sha256:6bee9c2e501d835f91460b2c904bc359f8433e96799f5c2ff20feebd9bb1e590"}, - {file = "lxml-4.9.4-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:1f10f250430a4caf84115b1e0f23f3615566ca2369d1962f82bef40dd99cd81a"}, - {file = "lxml-4.9.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:3b505f2bbff50d261176e67be24e8909e54b5d9d08b12d4946344066d66b3e43"}, - {file = "lxml-4.9.4-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:1449f9451cd53e0fd0a7ec2ff5ede4686add13ac7a7bfa6988ff6d75cff3ebe2"}, - {file = "lxml-4.9.4-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:4ece9cca4cd1c8ba889bfa67eae7f21d0d1a2e715b4d5045395113361e8c533d"}, - {file = "lxml-4.9.4-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:59bb5979f9941c61e907ee571732219fa4774d5a18f3fa5ff2df963f5dfaa6bc"}, - {file = "lxml-4.9.4-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:b1980dbcaad634fe78e710c8587383e6e3f61dbe146bcbfd13a9c8ab2d7b1192"}, - {file = "lxml-4.9.4-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:9ae6c3363261021144121427b1552b29e7b59de9d6a75bf51e03bc072efb3c37"}, - {file = "lxml-4.9.4-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:bcee502c649fa6351b44bb014b98c09cb00982a475a1912a9881ca28ab4f9cd9"}, - {file = "lxml-4.9.4-cp38-cp38-win32.whl", hash = "sha256:a8edae5253efa75c2fc79a90068fe540b197d1c7ab5803b800fccfe240eed33c"}, - {file = "lxml-4.9.4-cp38-cp38-win_amd64.whl", hash = "sha256:701847a7aaefef121c5c0d855b2affa5f9bd45196ef00266724a80e439220e46"}, - {file = "lxml-4.9.4-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:f610d980e3fccf4394ab3806de6065682982f3d27c12d4ce3ee46a8183d64a6a"}, - {file = "lxml-4.9.4-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:aa9b5abd07f71b081a33115d9758ef6077924082055005808f68feccb27616bd"}, - {file = "lxml-4.9.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:365005e8b0718ea6d64b374423e870648ab47c3a905356ab6e5a5ff03962b9a9"}, - {file = "lxml-4.9.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:16b9ec51cc2feab009e800f2c6327338d6ee4e752c76e95a35c4465e80390ccd"}, - {file = "lxml-4.9.4-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:a905affe76f1802edcac554e3ccf68188bea16546071d7583fb1b693f9cf756b"}, - {file = "lxml-4.9.4-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fd814847901df6e8de13ce69b84c31fc9b3fb591224d6762d0b256d510cbf382"}, - {file = "lxml-4.9.4-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:91bbf398ac8bb7d65a5a52127407c05f75a18d7015a270fdd94bbcb04e65d573"}, - {file = "lxml-4.9.4-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:f99768232f036b4776ce419d3244a04fe83784bce871b16d2c2e984c7fcea847"}, - {file = "lxml-4.9.4-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:bb5bd6212eb0edfd1e8f254585290ea1dadc3687dd8fd5e2fd9a87c31915cdab"}, - {file = "lxml-4.9.4-cp39-cp39-win32.whl", hash = "sha256:88f7c383071981c74ec1998ba9b437659e4fd02a3c4a4d3efc16774eb108d0ec"}, - {file = "lxml-4.9.4-cp39-cp39-win_amd64.whl", hash = "sha256:936e8880cc00f839aa4173f94466a8406a96ddce814651075f95837316369899"}, - {file = "lxml-4.9.4-pp310-pypy310_pp73-macosx_11_0_x86_64.whl", hash = "sha256:f6c35b2f87c004270fa2e703b872fcc984d714d430b305145c39d53074e1ffe0"}, - {file = "lxml-4.9.4-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:606d445feeb0856c2b424405236a01c71af7c97e5fe42fbc778634faef2b47e4"}, - {file = "lxml-4.9.4-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:a1bdcbebd4e13446a14de4dd1825f1e778e099f17f79718b4aeaf2403624b0f7"}, - {file = "lxml-4.9.4-pp37-pypy37_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:0a08c89b23117049ba171bf51d2f9c5f3abf507d65d016d6e0fa2f37e18c0fc5"}, - {file = "lxml-4.9.4-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:232fd30903d3123be4c435fb5159938c6225ee8607b635a4d3fca847003134ba"}, - {file = "lxml-4.9.4-pp37-pypy37_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:231142459d32779b209aa4b4d460b175cadd604fed856f25c1571a9d78114771"}, - {file = "lxml-4.9.4-pp38-pypy38_pp73-macosx_11_0_x86_64.whl", hash = "sha256:520486f27f1d4ce9654154b4494cf9307b495527f3a2908ad4cb48e4f7ed7ef7"}, - {file = "lxml-4.9.4-pp38-pypy38_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:562778586949be7e0d7435fcb24aca4810913771f845d99145a6cee64d5b67ca"}, - {file = "lxml-4.9.4-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:a9e7c6d89c77bb2770c9491d988f26a4b161d05c8ca58f63fb1f1b6b9a74be45"}, - {file = "lxml-4.9.4-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:786d6b57026e7e04d184313c1359ac3d68002c33e4b1042ca58c362f1d09ff58"}, - {file = "lxml-4.9.4-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:95ae6c5a196e2f239150aa4a479967351df7f44800c93e5a975ec726fef005e2"}, - {file = "lxml-4.9.4-pp39-pypy39_pp73-macosx_11_0_x86_64.whl", hash = "sha256:9b556596c49fa1232b0fff4b0e69b9d4083a502e60e404b44341e2f8fb7187f5"}, - {file = "lxml-4.9.4-pp39-pypy39_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:cc02c06e9e320869d7d1bd323df6dd4281e78ac2e7f8526835d3d48c69060683"}, - {file = "lxml-4.9.4-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:857d6565f9aa3464764c2cb6a2e3c2e75e1970e877c188f4aeae45954a314e0c"}, - {file = "lxml-4.9.4-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:c42ae7e010d7d6bc51875d768110c10e8a59494855c3d4c348b068f5fb81fdcd"}, - {file = "lxml-4.9.4-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:f10250bb190fb0742e3e1958dd5c100524c2cc5096c67c8da51233f7448dc137"}, - {file = "lxml-4.9.4.tar.gz", hash = "sha256:b1541e50b78e15fa06a2670157a1962ef06591d4c998b998047fff5e3236880e"}, -] - -[package.extras] -cssselect = ["cssselect (>=0.7)"] -html5 = ["html5lib"] -htmlsoup = ["BeautifulSoup4"] -source = ["Cython (==0.29.37)"] - [[package]] name = "markdown-it-py" version = "3.0.0" @@ -1057,28 +949,6 @@ wcwidth = "*" [package.extras] tests = ["pytest", "pytest-cov", "pytest-lazy-fixtures"] -[[package]] -name = "proxygen-cli" -version = "2.1.14" -description = "CLI for interacting with NHSD APIM's proxygen service" -optional = false -python-versions = "<4.0,>=3.9" -files = [ - {file = "proxygen_cli-2.1.14-py3-none-any.whl", hash = "sha256:029fc8e460d380921c70e41fb239718776e9dd90d739c807c3a2ef430ccbc0b8"}, - {file = "proxygen_cli-2.1.14.tar.gz", hash = "sha256:9fcf45686e4b583522f0b0c03b35962eb842328595e01faebddb99825855aef3"}, -] - -[package.dependencies] -click = ">=8.1.3,<9.0.0" -cryptography = ">=42.0,<43.0" -lxml = ">=4.7.1,<5.0.0" -pydantic = ">=1.9.1,<2.0.0" -pyjwt = ">=2.3.0,<3.0.0" -pyyaml = ">=6.0,<7.0" -requests = ">=2.27.1,<3.0.0" -tabulate = ">=0.9.0,<0.10.0" -yaspin = ">=2.2.0,<3.0.0" - [[package]] name = "pycodestyle" version = "2.12.0" @@ -1621,34 +1491,6 @@ files = [ [package.dependencies] mpmath = ">=0.19" -[[package]] -name = "tabulate" -version = "0.9.0" -description = "Pretty-print tabular data" -optional = false -python-versions = ">=3.7" -files = [ - {file = "tabulate-0.9.0-py3-none-any.whl", hash = "sha256:024ca478df22e9340661486f85298cff5f6dcdba14f3813e8830015b9ed1948f"}, - {file = "tabulate-0.9.0.tar.gz", hash = "sha256:0095b12bf5966de529c0feb1fa08671671b3368eec77d7ef7ab114be2c068b3c"}, -] - -[package.extras] -widechars = ["wcwidth"] - -[[package]] -name = "termcolor" -version = "2.4.0" -description = "ANSI color formatting for output in terminal" -optional = false -python-versions = ">=3.8" -files = [ - {file = "termcolor-2.4.0-py3-none-any.whl", hash = "sha256:9297c0df9c99445c2412e832e882a7884038a25617c60cea2ad69488d4040d63"}, - {file = "termcolor-2.4.0.tar.gz", hash = "sha256:aab9e56047c8ac41ed798fa36d892a37aca6b3e9159f3e0c24bc64a9b3ac7b7a"}, -] - -[package.extras] -tests = ["pytest", "pytest-cov"] - [[package]] name = "tomli" version = "2.0.1" @@ -1719,21 +1561,7 @@ files = [ {file = "wcwidth-0.2.13.tar.gz", hash = "sha256:72ea0c06399eb286d978fdedb6923a9eb47e1c486ce63e9b4e64fc18303972b5"}, ] -[[package]] -name = "yaspin" -version = "2.5.0" -description = "Yet Another Terminal Spinner" -optional = false -python-versions = ">=3.8.1,<4.0.0" -files = [ - {file = "yaspin-2.5.0-py3-none-any.whl", hash = "sha256:58aaa19330b9eacf86241043342b4040ded75f170240276d963c570263cd8f53"}, - {file = "yaspin-2.5.0.tar.gz", hash = "sha256:f96ab3b5c42e1eaa6af3193508082309d9dc43f6963339f9aa606003ee8d7e63"}, -] - -[package.dependencies] -termcolor = ">=2.3,<3.0" - [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "2c153e00f730c3d4b575f328154e16088961e145c700a9a3622a238f2b8ea5c3" +content-hash = "43e6ed07ffc90a48aae5cfb826e5656d81e8976557fc5292b03781c44372bcab" diff --git a/pyproject.toml b/pyproject.toml index 0df9f8c29..3376fef28 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -38,7 +38,6 @@ pre-commit = "^3.8.0" pytest = "^8.3.2" cfn-lint = "^1.9.5" pyjwt = {extras = ["crypto"], version = "^2.9.0"} -proxygen-cli = "^2.1.14" [tool.poetry.scripts] From 09366901c5a6152c322fdac417459350823aa873 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:18:15 +0000 Subject: [PATCH 20/20] use correct lambda-resources --- SAMtemplates/apis/api_resources.yaml | 4 ++-- SAMtemplates/functions/lambda_resources.yaml | 2 +- SAMtemplates/functions/main.yaml | 24 ++++++++++---------- SAMtemplates/state_machines/main.yaml | 8 +++---- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/SAMtemplates/apis/api_resources.yaml b/SAMtemplates/apis/api_resources.yaml index 438035cec..ef0360ea7 100644 --- a/SAMtemplates/apis/api_resources.yaml +++ b/SAMtemplates/apis/api_resources.yaml @@ -56,10 +56,10 @@ Resources: Condition: ShouldUseSplunk Type: AWS::Logs::SubscriptionFilter Properties: - RoleArn: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole + RoleArn: !ImportValue lambda-resources:SplunkSubscriptionFilterRole LogGroupName: !Ref ApiGwAccessLogs FilterPattern: "" - DestinationArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + DestinationArn: !ImportValue lambda-resources:SplunkDeliveryStream Outputs: ApiGwRoleArn: diff --git a/SAMtemplates/functions/lambda_resources.yaml b/SAMtemplates/functions/lambda_resources.yaml index 713352b67..545e67b7c 100644 --- a/SAMtemplates/functions/lambda_resources.yaml +++ b/SAMtemplates/functions/lambda_resources.yaml @@ -80,7 +80,7 @@ Resources: - !Join - "," - - !Ref LambdaManagedPolicy - - !ImportValue lambda-resources-pr-294:LambdaInsightsLogGroupPolicy + - !ImportValue lambda-resources:LambdaInsightsLogGroupPolicy - !ImportValue account-resources:CloudwatchEncryptionKMSPolicyArn - !ImportValue account-resources:LambdaDecryptSecretsKMSPolicy - !If diff --git a/SAMtemplates/functions/main.yaml b/SAMtemplates/functions/main.yaml index b1db6368c..d0233d5d7 100644 --- a/SAMtemplates/functions/main.yaml +++ b/SAMtemplates/functions/main.yaml @@ -86,8 +86,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream ConvertRequestToFhirFormat: Type: AWS::Serverless::Function @@ -122,8 +122,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream GetStatusUpdates: Type: AWS::Serverless::Function @@ -162,8 +162,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream Status: Type: AWS::Serverless::Function @@ -202,8 +202,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream CapabilityStatement: Type: AWS::Serverless::Function @@ -234,8 +234,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream CheckPrescriptionStatusUpdates: Condition: ShouldDeployCheckPrescriptionStatusUpdate @@ -277,8 +277,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream Outputs: UpdatePrescriptionStatusFunctionName: diff --git a/SAMtemplates/state_machines/main.yaml b/SAMtemplates/state_machines/main.yaml index fac7e9122..d1b175237 100644 --- a/SAMtemplates/state_machines/main.yaml +++ b/SAMtemplates/state_machines/main.yaml @@ -72,8 +72,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream Format1UpdatePrescriptionsStatusStateMachine: Type: AWS::Serverless::StateMachine @@ -109,8 +109,8 @@ Resources: LogRetentionInDays: !Ref LogRetentionInDays CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn EnableSplunk: !Ref EnableSplunk - SplunkSubscriptionFilterRole: !ImportValue lambda-resources-pr-294:SplunkSubscriptionFilterRole - SplunkDeliveryStreamArn: !ImportValue lambda-resources-pr-294:SplunkDeliveryStream + SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole + SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream Outputs: UpdatePrescriptionStatusStateMachineArn: