Skip to content

Commit a9ea83a

Browse files
authored
Merge pull request #323 from NHSDigital/master
White List prod-auto-approval/auto product clean up/monitoring envs fix
2 parents a1200e1 + 1905fc1 commit a9ea83a

8 files changed

Lines changed: 104 additions & 2 deletions

File tree

ansible/Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,9 @@ remove-old-pr-portal-apis:
7575
remove-old-auto-apps:
7676
@poetry run ansible-playbook -i local remove-old-auto-apps.yml
7777

78+
remove-old-auto-products:
79+
@poetry run ansible-playbook -i local remove-old-auto-products.yml
80+
7881
remove-old-pr-specs:
7982
@poetry run ansible-playbook -i local remove-old-pr-specs.yml
8083

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/models/ansible/add_jwks_resource_url.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ def default_jwks_resource_url(environment=None, app_id=None):
2424
if app_id is None:
2525
global _app_id
2626
app_id = _app_id
27-
return f"https://raw.githubusercontent.com/NHSDigital/identity-service-jwks/main/jwks/{environment}/{app_id}.json"
27+
return f"https://nhsdigital.github.io/identity-service-jwks/jwks/{environment}/{app_id}.json"
2828

2929

3030
class AddJwksResourceUrlToApp(pydantic.BaseModel):

ansible/collections/ansible_collections/nhsd/apigee/plugins/module_utils/models/apigee/product.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import typing
22
import pydantic
3+
import os
34

45

56
def _literal_name(class_):
@@ -60,8 +61,10 @@ class ApigeeProduct(pydantic.BaseModel):
6061

6162
@pydantic.root_validator
6263
def override_approval_type_for_prod(cls, values):
64+
manual_approval_exceptions = ["canary-api-prod"]
6365
if "prod" in values["environments"]:
64-
values["approvalType"] = "manual"
66+
if values["approvalType"] == "auto" and not values["name"] in manual_approval_exceptions:
67+
values["approvalType"] = "manual"
6568
return values
6669

6770
@pydantic.validator("environments", "scopes", "proxies")

ansible/collections/ansible_collections/nhsd/apigee/tests/unit/plugins/module_utils/models/manifest/test_product.py

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,37 @@ def test_prod_cannot_have_auto_approvalType_on_products(
3838
}
3939
product = ApigeeProduct(**raw_product)
4040
assert product.approvalType == final_approvalType
41+
42+
@pytest.mark.parametrize(
43+
"name,env,initial_approvalType,final_approvalType",
44+
[
45+
("canary-api-prod", "prod", "auto", "auto"),
46+
("canary-api-prod", "prod", "manual", "manual"),
47+
("non-exception-product", "prod", "auto", "manual"),
48+
("non-exception-product", "prod", "manual", "manual"),
49+
],
50+
)
51+
def test_manual_approval_exception_list_on_prod(
52+
name, env, initial_approvalType, final_approvalType
53+
):
54+
raw_product = {
55+
"name": name,
56+
"approvalType": initial_approvalType,
57+
"attributes": [
58+
{"name": "access", "value": "public"},
59+
{"name": "ratelimit", "value": "300pm"},
60+
],
61+
"description": "testing our validators",
62+
"displayName": "Test Product",
63+
"environments": [env],
64+
"proxies": [f"identity-service-{env}"],
65+
"scopes": [
66+
"urn:nhsd:apim:app:level3:test-service",
67+
"urn:nhsd:apim:user-nhs-login:P9:test-service",
68+
],
69+
"quota": "300",
70+
"quotaInterval": "1",
71+
"quotaTimeUnit": "minute",
72+
}
73+
product = ApigeeProduct(**raw_product)
74+
assert product.approvalType == final_approvalType
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
- name: remove old auto created products
2+
hosts: 127.0.0.1
3+
connection: local
4+
gather_facts: yes
5+
6+
vars:
7+
APIGEE_ENVIRONMENT: "internal-dev"
8+
APIGEE_ORGANIZATION: "{{ lookup('env', 'APIGEE_ORGANIZATION') }}"
9+
APIGEE_ACCESS_TOKEN: "{{ lookup('env', 'APIGEE_ACCESS_TOKEN') }}"
10+
11+
pre_tasks:
12+
- name: check APIGEE_ORGANIZATION
13+
fail:
14+
msg: "APIGEE_ORGANIZATION not set"
15+
when: not APIGEE_ORGANIZATION
16+
17+
- name: check APIGEE_ACCESS_TOKEN
18+
fail:
19+
msg: "APIGEE_ACCESS_TOKEN not set"
20+
when: not APIGEE_ACCESS_TOKEN
21+
22+
roles:
23+
- remove-old-auto-products
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
2+
- name: "get product"
3+
uri:
4+
url: "{{ products_uri }}?expand=true"
5+
headers:
6+
Authorization: "Bearer {{ APIGEE_ACCESS_TOKEN }}"
7+
return_content: yes
8+
timeout: 120
9+
register: get_products
10+
11+
- name: filter prodcuts
12+
set_fact:
13+
auto_products: "{{ get_products.json.apiProduct | selectattr('name', 'match', '^apim-auto-.*') | selectattr('createdAt', 'le', (min_timestamp|int)) }}"
14+
15+
- debug:
16+
msg: "{{ auto_products | map(attribute='name') | list }}"
17+
18+
- name: remove product
19+
uri:
20+
url: "{{ products_uri }}/{{ product.name | urlencode }}"
21+
headers:
22+
Authorization: "Bearer {{ APIGEE_ACCESS_TOKEN }}"
23+
method: DELETE
24+
changed_when: yes
25+
loop: "{{ auto_products }}"
26+
loop_control:
27+
loop_var: product
28+
label: "{{ product.name }}"
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
org_uri: "https://api.enterprise.apigee.com/v1/organizations/{{ APIGEE_ORGANIZATION }}"
2+
products_uri: "{{ org_uri }}/apiproducts"
3+
retain_hours: "{{ (lookup('env', 'retain_hours') or 73) }}"
4+
min_timestamp: "{{ ((ansible_date_time.epoch | int) - ((retain_hours | int) * 3600)) * 1000 }}"

azure/cleanup-pr-portal-apis-and-specs.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,13 @@ jobs:
7171
ANSIBLE_FORCE_COLOR=yes make -C ansible remove-old-auto-apps
7272
displayName: "cleanup old auto apps"
7373
74+
- bash: |
75+
export APIGEE_ORGANIZATION="nhsd-nonprod"
76+
export APIGEE_ACCESS_TOKEN="$(secret.AccessToken)"
77+
export retain_hours=12
78+
ANSIBLE_FORCE_COLOR=yes make -C ansible remove-old-auto-products
79+
displayName: "cleanup old auto products"
80+
7481
- bash: |
7582
export APIGEE_ORGANIZATION="nhsd-nonprod"
7683
export APIGEE_ACCESS_TOKEN="$(secret.AccessToken)"

0 commit comments

Comments
 (0)