Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
90 commits
Select commit Hold shift + click to select a range
156db99
APM-1574 Add github_repo_to_notify param
strutt Nov 16, 2020
01e74cd
APM-1574 Use github_notify_path
strutt Nov 16, 2020
161b076
Try runtime variable
strutt Nov 16, 2020
58e123d
Tidy up variable names
strutt Nov 16, 2020
cc28d8f
Only set NOTIFY_COMMIT_SHA if it's empty
strutt Nov 16, 2020
d96b577
Update deployment logic too
strutt Nov 16, 2020
cd208d7
Fix typo
strutt Nov 16, 2020
6a031fd
APM-1574 Add python script and run with github actions
strutt Nov 16, 2020
c13e6d6
Test commit
strutt Nov 24, 2020
dc0ebdf
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 3, 2021
13b07f5
APM-1216 Add missing underscore in url
HenryIwanejko Feb 3, 2021
247c29e
APM-1216 Remove extra underscore
HenryIwanejko Feb 3, 2021
4dc298c
APM-1216 Add config for pipelines
HenryIwanejko Feb 3, 2021
e0cf9de
APM-1216 Add config for pipeline branch
HenryIwanejko Feb 3, 2021
89f032e
APM-1216 Try add utils pr number to deployment
HenryIwanejko Feb 4, 2021
e4e729c
APM-1216 Set as env
HenryIwanejko Feb 4, 2021
85756c5
APM-1216 Update triggers and pr number
HenryIwanejko Feb 4, 2021
690dd89
APM-1216 Update triggers
HenryIwanejko Feb 4, 2021
647d148
APM-1216 Revert triggers
HenryIwanejko Feb 4, 2021
bedc95c
APM-1216 Specify pull_request and comment out canary temporarily
HenryIwanejko Feb 4, 2021
2eb984f
APM-1216 Utilise utils pr number in build
HenryIwanejko Feb 4, 2021
5323929
APM-1216 Utils pr logic to deploy stage
HenryIwanejko Feb 4, 2021
e4da1fb
APM-1216 Use utils pr in deploy service
HenryIwanejko Feb 4, 2021
fc9dd9e
APM-1216 Add quotes to var
HenryIwanejko Feb 4, 2021
87b987a
APM-1216 negate conditional
HenryIwanejko Feb 4, 2021
9246781
APM-1216 Read var at compile time
HenryIwanejko Feb 8, 2021
532b113
APM-1216 Refactor conditional
HenryIwanejko Feb 8, 2021
b12ec5d
APM-1216 Use the variable to define parameter high up in definitions
HenryIwanejko Feb 8, 2021
7c9bb9f
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 8, 2021
5a9dd7a
APM-1216 Change variable syntax
HenryIwanejko Feb 8, 2021
4bbdd77
Merge branch 'APM-1574-pipeline-regression-tests' of github.com:NHSDi…
HenryIwanejko Feb 8, 2021
d215bd3
APM-1216 Update conditional to check existence of var
HenryIwanejko Feb 8, 2021
6c057cd
APM-1216 Update variable name
HenryIwanejko Feb 8, 2021
f4e308d
APM-1216 Try get access token for azure user
HenryIwanejko Feb 8, 2021
a1887a4
APM-1216 Add no subscription option
HenryIwanejko Feb 8, 2021
b0faad0
APM-1216 Parse azure access token response
HenryIwanejko Feb 8, 2021
2bfe576
APM-1216 Set as bearer token
HenryIwanejko Feb 8, 2021
c52064a
APM-1216 Send as header not auth
HenryIwanejko Feb 8, 2021
e2f74cc
APM-1216 Get raw data from access token
HenryIwanejko Feb 8, 2021
de294d1
APM-1216 Add echo
HenryIwanejko Feb 8, 2021
42d7d76
APM-1216 Update var reference and add debug statement
HenryIwanejko Feb 8, 2021
0bc119d
APM-1216 Reformat retrieval of AZDO access token
HenryIwanejko Feb 8, 2021
4f31641
APM-1216 Remove echo
HenryIwanejko Feb 8, 2021
3042070
APM-1216 Revert and use test user PAT
HenryIwanejko Feb 9, 2021
757d50b
APM-1216 Override config if triggered from utils:
HenryIwanejko Feb 9, 2021
38920b0
APM-1216 Add missing syntax
HenryIwanejko Feb 9, 2021
0b6b448
APM-1216 Try pass as parameter instead
HenryIwanejko Feb 9, 2021
f1fac3e
APM-1216 Run builds in parallel
HenryIwanejko Feb 9, 2021
ea052f9
APM-1216 Rename var and restructure
HenryIwanejko Feb 9, 2021
8a1d7c3
APM-1216 Add PDS to pipelines to run
HenryIwanejko Feb 9, 2021
4239aa2
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 9, 2021
d5a75ab
APM-1216 Add regex to accept utils pull request
HenryIwanejko Feb 9, 2021
58c01e5
Merge branch 'APM-1574-pipeline-regression-tests' of github.com:NHSDi…
HenryIwanejko Feb 9, 2021
6b4379d
APM-1216 Run pr pipeline based of build result
HenryIwanejko Feb 9, 2021
1f690aa
APM-1216 Use github workflow vars
HenryIwanejko Feb 10, 2021
d14aaa2
APM-1216 Add echo SHA statement
HenryIwanejko Feb 10, 2021
f49feb7
APM-1216 Use gihub workflow vars
HenryIwanejko Feb 10, 2021
03ba164
APM-1216 split up script to seperate class
HenryIwanejko Feb 10, 2021
b72ab9b
APM-1216 Get release tags
HenryIwanejko Feb 10, 2021
16f0083
APM-1216 Set default for pr_number
HenryIwanejko Feb 10, 2021
75ebe09
APM-1216 Use runtime expression and add release deployments
HenryIwanejko Feb 10, 2021
4069d2b
APM-1216 Change workflow syntax and add var for release
HenryIwanejko Feb 10, 2021
4d3fa87
APM-1216 Check for literal variable value
HenryIwanejko Feb 10, 2021
508f287
APM-1216 Try set default at compile expression
HenryIwanejko Feb 10, 2021
34d267d
APM-1216 Check for literal
HenryIwanejko Feb 10, 2021
f269787
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 10, 2021
6d647a4
APM-1216 Convert to single quotes
HenryIwanejko Feb 10, 2021
fabe425
APM-1216 Remove release deployment
HenryIwanejko Feb 11, 2021
a85b01a
APM-1216 Override vars in deploy stage
HenryIwanejko Feb 11, 2021
86410cd
APM-1216 Move override to after set
HenryIwanejko Feb 11, 2021
18a83c9
APM-1216 Reformat utils namespace
HenryIwanejko Feb 11, 2021
9c16557
APM-1216 Refactor run pipelines script
HenryIwanejko Feb 11, 2021
8121f0e
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 11, 2021
7881682
APM-1216 Update README
HenryIwanejko Feb 11, 2021
aae1708
Merge branch 'APM-1574-pipeline-regression-tests' of github.com:NHSDi…
HenryIwanejko Feb 11, 2021
a32a973
APM-1216 Update README and remove encoded url
HenryIwanejko Feb 15, 2021
9f1dfa5
APM-1162 Add role to add jwks-resource-url to app
strutt Feb 15, 2021
c141abd
Merge pull request #242 from NHSDigital/APM-1162-automate-jwks-resour…
strutt Feb 15, 2021
1b71479
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 15, 2021
fce4e90
APM-1162 No APIGEE_ORGANIZATION for add-jwks-resource-url-to-app
strutt Feb 15, 2021
9f2655d
Merge pull request #243 from NHSDigital/APM-1162-tweak-apigee-organiz…
strutt Feb 15, 2021
164deb0
APM-1162 Add general org-name lookup filter
strutt Feb 15, 2021
e09b3cf
Merge pull request #244 from NHSDigital/APM-1162-tweak-apigee-organiz…
strutt Feb 15, 2021
3de2bd0
APM-1162 Fix missing import
strutt Feb 15, 2021
6872430
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 15, 2021
51203dc
Merge pull request #245 from NHSDigital/APM-1162-add-missing-import
Feb 15, 2021
07d753c
APM-1216 Add NHS App + change to pull request
HenryIwanejko Feb 15, 2021
73acee1
Merge branch 'APM-1574-pipeline-regression-tests' of github.com:NHSDi…
HenryIwanejko Feb 15, 2021
3c13f8f
Merge branch 'master' into APM-1574-pipeline-regression-tests
HenryIwanejko Feb 15, 2021
7233578
Merge pull request #236 from NHSDigital/APM-1574-pipeline-regression-…
HenryIwanejko Feb 15, 2021
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/workflows/continuous-integration.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Test deployments

on: [pull_request]

jobs:
test_deployments:
runs-on: ubuntu-latest
steps:
- name: Checkout Scripts
uses: actions/checkout@v2

- name: Test Pull Request Deployments
env:
AZURE_TOKEN: "${{ secrets.AZURE_TOKEN }}"
run: |
export BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
export NOTIFY_COMMIT_SHA="${{ github.event.pull_request.head.sha }}"
export UTILS_PR_NUMBER="${{ github.event.pull_request.number }}"
echo UTILS_PR_NUMBER=${UTILS_PR_NUMBER}
echo BRANCH_NAME=${BRANCH_NAME}
echo NOTIFY_COMMIT_SHA=${NOTIFY_COMMIT_SHA}
python3 scripts/test_pull_request_deployments.py
2 changes: 1 addition & 1 deletion .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: Build

on: push
on: [pull_request]

jobs:
build:
Expand Down
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,8 @@ Scripts and utilities used across API managment platform and services

## Scripts
* `template.py` - cli for basic jinja templating
* `test_pull_request_deployments.py` - cli for testing utils against other repositories
* Environment Variables:
* `AZURE_TOKEN` - Azure Devops token.
* `NOTIFY_COMMIT_SHA` - Git Commit SHA that you want to report to.
* `UTILS_PR_NUMBER` - The utils pull request number e.g. '123'
13 changes: 9 additions & 4 deletions ansible/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,23 @@ guard-%:
exit 1; \
fi

CHECK := $(if ${CHECK},--check , )
VERBOSE := $(if ${VERBOSE},-vvv , )

template-manifest: guard-DIST_DIR
@poetry run ansible-playbook -i local template-manifest.yml
@poetry run ansible-playbook $(VERBOSE) -i local template-manifest.yml

add-jwks-resource-url-to-app: guard-APIGEE_ENVIRONMENT guard-APIGEE_ACCESS_TOKEN guard-APP_ID
@poetry run ansible-playbook $(VERBOSE) --diff $(CHECK) -i local add-jwks-resource-url-to-app.yml

add-apim-guids-policy:
@poetry run ansible-playbook --diff -i local add-apim-guids-policy.yml
@poetry run ansible-playbook $(VERBOSE) --diff $(CHECK) -i local add-apim-guids-policy.yml

validate-manifest: guard-DIST_DIR
@poetry run ansible-playbook -i local validate-manifest.yml
@poetry run ansible-playbook $(VERBOSE) -i local validate-manifest.yml

deploy-manifest: guard-APIGEE_ENVIRONMENT guard-APIGEE_ORGANIZATION guard-APIGEE_ACCESS_TOKEN
@poetry run ansible-playbook --diff -i local deploy-manifest.yml
@poetry run ansible-playbook $(VERBOSE) --diff $(CHECK) -i local deploy-manifest.yml

build-ecs-proxies: guard-build_label guard-service_id guard-CONTAINER_VARS_FILE
@poetry run ansible-playbook -i local build-ecs-proxies.yml
Expand Down
7 changes: 7 additions & 0 deletions ansible/add-jwks-resource-url-to-app.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- name: add jwks_resource_url to app
hosts: 127.0.0.1
connection: local
gather_facts: no

roles:
- nhsd.apigee.add_jwks_resource_url_to_app
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
import copy
from ansible_collections.nhsd.apigee.plugins.module_utils.models.ansible.add_jwks_resource_url import (
AddJwksResourceUrlToApp
)
from ansible_collections.nhsd.apigee.plugins.module_utils.apigee_action import (
ApigeeAction,
)
from ansible_collections.nhsd.apigee.plugins.module_utils import utils
from ansible_collections.nhsd.apigee.plugins.module_utils import constants


ATTRIBUTE_NAME = "jwks-resource-url"


class ActionModule(ApigeeAction):
def run(self, tmp=None, task_vars=None):
super(ActionModule, self).run(tmp, task_vars)
args, errors = self.validate_args(AddJwksResourceUrlToApp)
if errors:
return errors

diff_mode = self._play_context.diff
check_mode = self._play_context.check_mode

before = args._app_data
after = copy.deepcopy(before)

jwks_attribute = {"name": ATTRIBUTE_NAME, "value": str(args.jwks_resource_url)}

# Delete any existing jwks attributes, for now there can only be one.
after["attributes"] = [attr for attr in after["attributes"] if attr["name"] != ATTRIBUTE_NAME]
# Append the desired jwks attributes and sort
after["attributes"].append(jwks_attribute)
after["attributes"] = sorted(after["attributes"], key=lambda attr: attr["name"])

delta = utils.delta(before, after)
result = {"changed": bool(delta), "app": after}

if diff_mode:
result["diff"] = [{"before": before, "after": after}]

if check_mode:
return result

developer_email = args._app_data["createdBy"]
app_name = args._app_data["name"]
app_attribute_url = (
constants.APIGEE_BASE_URL
+ f"organizations/{args.organization}/developers/{developer_email}/apps/{app_name}/attributes"
)
app_data2 = utils.post(app_attribute_url, args.access_token,
json={"attribute": after["attributes"]})
if app_data2.get("failed"):
return app_data2

app_url = (
constants.APIGEE_BASE_URL
+ f"organizations/{args.organization}/apps/{args.app_id}"
)
updated_app_response = utils.get(app_url, args.access_token)
if updated_app_response.get("failed"):
return updated_app_response

after = updated_app_response["response"]["body"]
if diff_mode:
result["diff"][-1]["after"] = after

result["app"] = after
return result
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
DeployProduct,
)
from ansible_collections.nhsd.apigee.plugins.module_utils import utils


APIGEE_BASE_URL = "https://api.enterprise.apigee.com/v1/"
from ansible_collections.nhsd.apigee.plugins.module_utils.constants import (
APIGEE_BASE_URL,
)


class ActionModule(ApigeeAction):
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
from ansible_collections.nhsd.apigee.plugins.module_utils import constants


def org_from_env(environment) -> str:
"""Get nhsd apigee organization name from environment name."""
for org, envs in constants.APIGEE_ORG_TO_ENV.items():
if environment in envs:
return org
valid_envs = []
for v in constants.APIGEE_ORG_TO_ENV.values():
valid_envs = valid_envs + v
raise ValueError(f"Unknown environment {environment}, valid environments are {valid_envs}")


class FilterModule:

@staticmethod
def filters():
return {
'org_from_env': org_from_env
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,17 @@
APIGEE_BASE_URL = "https://api.enterprise.apigee.com/v1/"
APIGEE_DAPI_URL = "https://apigee.com/dapi/api/"

APIGEE_ORG_TO_ENV = {
"nhsd-nonprod": [
"internal-dev",
"internal-dev-sandbox",
"internal-qa",
"internal-qa-sandbox",
"ref",
],
"nhsd-prod": ["dev", "int", "sandbox", "prod"],
}


def portal_uri(org: typing.Literal["nhsd-nonprod", "nhsd-prod"]) -> str:
portal_ids = {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
import pydantic
import typing
import requests


from ansible_collections.nhsd.apigee.plugins.module_utils import utils
from ansible_collections.nhsd.apigee.plugins.module_utils.constants import (
APIGEE_BASE_URL,
)

_cached_app_data = None
_environment = None
_app_id = None


def _put_app_data():
return _cached_app_data


def default_jwks_resource_url(environment=None, app_id=None):
if environment is None:
global _environment
environment = _environment
if app_id is None:
global _app_id
app_id = _app_id
return f"https://raw.githubusercontent.com/NHSDigital/identity-service-jwks/main/jwks/{environment}/{app_id}.json"


class AddJwksResourceUrlToApp(pydantic.BaseModel):
organization: typing.Literal["nhsd-nonprod", "nhsd-prod"]
environment: typing.Literal[
"internal-dev",
"internal-dev-sandbox",
"internal-qa",
"internal-qa-sandbox",
"ref",
"dev",
"int",
"sandbox",
"prod",
]
access_token: str
app_id: pydantic.UUID4
jwks_resource_url: pydantic.HttpUrl = pydantic.Field(default_factory=default_jwks_resource_url)
_app_data: typing.Dict = pydantic.PrivateAttr(default_factory=_put_app_data)

@pydantic.validator("environment")
def check_org_env_combo(cls, environment, values):
org = values.get("organization")
if org is None:
return
non_prod_envs = [
"internal-dev",
"internal-dev-sandbox",
"internal-qa",
"internal-qa-sandbox",
"ref",
]
if org == "nhsd-nonprod" and environment not in non_prod_envs:
raise ValueError(
f"Invalid environment {environment} for organization {org}"
)
return environment

@pydantic.validator("environment")
def cache_put(cls, environment):
global _environment
_environment = environment
return environment

@pydantic.validator("app_id")
def check_app_exists(cls, app_id, values):
access_token = values.get("access_token")
org = values.get("organization")
url = f"{APIGEE_BASE_URL}organizations/{org}/apps/{app_id}"
app_response = utils.get(url, access_token)

if app_response.get("failed"):
raise ValueError(f"Unable to find app with app_id {app_id} in {org}")

app_data = app_response["response"]["body"]
attributes = app_data.get("attributes", [])
jwks_attribs = [a for a in attributes if a["name"] == "jwks-resource-url"]
if len(jwks_attribs) > 1:
raise ValueError(
f"App {app_id} has {len(jwks_attribs)} jwks-resource-url attributes! {[v['value'] for v in jwks_attribs]}"
)

# cache response data
global _cached_app_data
_cached_app_data = app_data
global _app_id
_app_id = app_id
return app_id

@pydantic.validator("jwks_resource_url", always=True)
def check_jwks_url(cls, jwks_resource_url):
resp = requests.get(jwks_resource_url)
if resp.status_code != 200:
raise ValueError(f"Invalid jwks_resource_url: GET {jwks_resource_url} returned {resp.status_code}")
try:
resp.json()
except Exception:
raise ValueError(
f"Invalid jwks_resource_url: GET {jwks_resource_url} returned {resp.content.decode()}, which is not valid JSON"
)
return jwks_resource_url
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,11 @@ class ApplyPullRequestNamespace(pydantic.BaseModel):
:class:`ApigeeSpec` objects.

:param pull_request: A string like 'pr-1234' for pull request
number 1234.
number 1234. Alternatively 'utils-pr-1234' for utils pull request number 1234
:param manifest: The content of your manifest.yml.
"""

pull_request: pydantic.constr(regex=r"^pr-[0-9]+$") # i.e. 'pr-1234'
pull_request: pydantic.constr(regex=r"^pr-[0-9]+$|^utils-pr-[0-9]+$") # i.e. 'pr-1234' or 'utils-pr-1234'
manifest: Manifest

@pydantic.validator("manifest")
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
import pydantic
import typing

from ansible_collections.nhsd.apigee.plugins.module_utils.models.apigee.apidoc import ApigeeApidoc


class DeployApidoc(pydantic.BaseModel):
api_catalog_item: ApigeeApidoc
organization: str
organization: typing.Literal["nhsd-nonprod", "nhsd-prod"]
access_token: str
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
import typing

import pydantic
from ansible_collections.nhsd.apigee.plugins.module_utils.models.apigee.product import ApigeeProduct

from ansible_collections.nhsd.apigee.plugins.module_utils.models.apigee.product import (
ApigeeProduct,
)


class DeployProduct(pydantic.BaseModel):
organization: str
organization: typing.Literal["nhsd-nonprod", "nhsd-prod"]
access_token: str
product: ApigeeProduct
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
import pydantic
import typing

from ansible_collections.nhsd.apigee.plugins.module_utils.models import apigee


class DeploySpec(pydantic.BaseModel):
spec: apigee.spec.ApigeeSpec
organization: str
organization: typing.Literal["nhsd-nonprod", "nhsd-prod"]
access_token: str
Loading