[PRMP-1185] Create workflow and script to subscribe to MNS notificati…

…ons (#467)

.github/workflows/subscribe-to-mns.yml

@@ -1,30 +1,61 @@
-name: Subscribe to MNS
-
-on:
-  workflow_dispatch:
-    inputs:
-      build_branch:
-        required: true
-        type: string
-      environment:
-        required: true
-        type: string
-      sandbox:
-        required: true
-        type: string
-permissions:
-  pull-requests: write
-  id-token: write # This is required for requesting the JWT
-  contents: read # This is required for actions/checkout
-jobs:
-  placeholder:
-    runs-on: ubuntu-latest
-    environment: ${{ inputs.environment }}
-    defaults:
-      run:
-        working-directory: lambdas
-    steps:
-      - name: Placeholder
-        run: |
-          echo "Running placeholder job on ${inputs.sandbox}"
-
+name: Subscribe to MNS
+
+on:
+  workflow_dispatch:
+    inputs:
+      sandbox:
+        description: Which sandbox would you like to run against?
+        required: true
+        type: choice
+        options:
+          - ndr-dev
+          - ndr-test
+          - pre-prod
+          - prod
+      environment:
+        description: Which environment settings to use?
+        required: true
+        type: string
+        default: development
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
+env:
+  SANDBOX: ${{ inputs.sandbox }}
+  AWS_REGION: ${{ vars.AWS_REGION }}
+  URL: ${{ vars.MNS_SUBSCRIPTION_URL }}
+
+jobs:
+  Subscribe_to_MNS:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
+          role-skip-session-tagging: true
+          aws-region: ${{ vars.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          pip install boto3 requests pyjwt cryptography
+          echo "Installed requirements"
+
+      - name: Run script
+        working-directory: ./lambdas
+        run: |
+          python3 -m scripts.mns_subscription
+          echo "Subscription complete"

lambdas/requirements/requirements_test.txt

@@ -1,4 +1,4 @@
-Jinja2==3.1.4
+Jinja2==3.1.5
 MarkupSafe==2.1.3
 black==24.3.0
 freezegun==1.2.2

lambdas/scripts/mns_subscription.py

@@ -0,0 +1,65 @@
+import os
+import uuid
+from urllib.error import HTTPError
+
+import boto3
+import requests
+from services.base.nhs_oauth_service import NhsOauthService
+from services.base.ssm_service import SSMService
+
+env_prefix = os.getenv("SANDBOX")
+url = os.getenv("URL")
+
+ssm_service = SSMService()
+auth_service = NhsOauthService(ssm_service)
+
+
+headers = {
+    "authorization": f"Bearer {auth_service.get_active_access_token()}",
+    "x-correlation-id": str(uuid.uuid4()),
+}
+
+events = {
+    "pds-change-of-gp-1": f"/ndr/{env_prefix}/mns/subscription-id/pds-change-of-gp-1",
+    "pds-death-notification-1": f"/ndr/{env_prefix}/mns/subscription-id/pds-death-notification-1",
+}
+
+sqs_client = boto3.client("sqs")
+sqs_url = sqs_client.get_queue_url(QueueName=f"{env_prefix}-mns-notification-queue")[
+    "QueueUrl"
+]
+
+sqs_arn = sqs_client.get_queue_attributes(
+    QueueUrl=sqs_url, AttributeNames=["QueueArn"]
+)["Attributes"]["QueueArn"]
+
+
+def get_subscription_id(event_type):
+    request_body = {
+        "resourceType": "Subscription",
+        "status": "requested",
+        "reason": "Integration with the National Document Repository.",
+        "criteria": f"eventType={event_type}",
+        "channel": {
+            "type": "message",
+            "endpoint": sqs_arn,
+            "payload": "application/json",
+        },
+    }
+    try:
+        response = requests.post(url, headers=headers, json=request_body)
+        response.raise_for_status()
+        subscription_id = response.json().get("id")
+        return subscription_id
+    except HTTPError as err:
+        print(err)
+
+
+if __name__ == "__main__":
+    for event, parameter in events.items():
+        subscription_id = get_subscription_id(event)
+        ssm_service.update_ssm_parameter(
+            parameter_key=parameter,
+            parameter_value=subscription_id,
+            parameter_type="SecureString",
+        )