Create ACO Admin Task (Lambda and Workflows) #1043
+362
−19
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| name: Admin Create ACO dev deploy | ||
|
|
||
| on: | ||
| workflow_call: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - austin/BCDA-8629-create-aco-wf | ||
| paths: | ||
| - bcda/lambda/admin_create_aco/** | ||
| - .github/workflows/admin-create-aco-dev-deploy.yml | ||
|
|
||
| jobs: | ||
| test: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| environment: dev | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-go@v5 | ||
| - name: Build admin_create_aco zip file | ||
| env: | ||
| CGO_ENABLED: 0 | ||
| run: | | ||
| pwd | ||
| go build -o bin/bootstrap ./lambda/admin_create_aco/*.go | ||
| zip -j function.zip bin/bootstrap | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-dev-github-actions | ||
| - name: Upload and reload | ||
| run: | | ||
| aws s3 cp --no-progress function.zip \ | ||
| s3://bcda-dev-admin-create-aco-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-dev-admin-create-aco \ | ||
| --s3-bucket bcda-dev-admin-create-aco-function --s3-key function-${{ github.sha }}.zip | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| name: Admin Create ACO prod deploy | ||
austincanada marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| deploy: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| environment: prod | ||
| steps: | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-prod-github-actions | ||
| - name: Promote lambda code from test to prod | ||
| run: | | ||
| aws s3 cp --no-progress \ | ||
| s3://bcda-test-admin-create-aco-function/function-${{ github.sha }}.zip \ | ||
| s3://bcda-prod-admin-create-aco-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-prod-admin-create-aco \ | ||
| --s3-bucket bcda-prod-admin-create-aco-function --s3-key function-${{ github.sha }}.zip | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| name: Admin Create ACO sbx deploy | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| deploy: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| environment: sbx | ||
| steps: | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-sbx-github-actions | ||
| - name: Promote lambda code from test to sbx | ||
| run: | | ||
| aws s3 cp --no-progress \ | ||
| s3://bcda-test-admin-create-aco-function/function-${{ github.sha }}.zip \ | ||
| s3://bcda-sbx-admin-create-aco-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-sbx-admin-create-aco \ | ||
| --s3-bucket bcda-sbx-admin-create-aco-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| name: Admin Create ACO Test Deploy | ||
|
|
||
| on: | ||
| workflow_call: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| test: | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: bcda | ||
| environment: test | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-go@v5 | ||
| - name: Build Admin Create ACO zip file | ||
| env: | ||
| CGO_ENABLED: 0 | ||
| run: | | ||
| go build -o bin/bootstrap ./lambda/admin_create_aco/*.go | ||
| zip -j function.zip bin/bootstrap | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-test-github-actions | ||
| - name: Upload and reload | ||
| run: | | ||
| aws s3 cp --no-progress function.zip \ | ||
| s3://bcda-test-admin-create-aco-function/function-${{ github.sha }}.zip | ||
| aws lambda update-function-code --function-name bcda-test-admin-create-aco \ | ||
| --s3-bucket bcda-test-admin-create-aco-function --s3-key function-${{ github.sha }}.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| name: Admin Create ACO Integration Tests | ||
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - .github/workflows/admin-create-aco-test-integration.yml | ||
| - .github/workflows/admin-create-aco-dev-deploy.yml | ||
| - .github/workflows/admin-create-aco-test-deploy.yml | ||
| - .github/workflows/admin-create-aco-sbx-deploy.yml | ||
| - .github/workflows/admin-create-aco-prod-deploy.yml | ||
| - bcda/lambda/admin_create_aco/** | ||
| workflow_dispatch: | ||
|
|
||
| # Ensure we have only one integration test running at a time | ||
| concurrency: | ||
| group: admin-create-aco-integration-test | ||
|
|
||
| jobs: | ||
| # Deploy first if triggered by pull_request | ||
| deploy: | ||
| if: ${{ github.event_name == 'pull_request' }} | ||
| uses: ./.github/workflows/admin-create-aco-dev-deploy.yml | ||
| secrets: inherit | ||
|
|
||
| trigger: | ||
| if: ${{ always() }} | ||
| needs: deploy | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| working-directory: ./bcda/lambda/admin_create_aco | ||
| outputs: | ||
| start_time: ${{ steps.invoke-lambda.outputs.STARTTIME }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-dev-github-actions | ||
| - name: Send event to trigger lambda function | ||
| id: invoke-lambda | ||
| run: | | ||
| echo "STARTTIME=`date +%s`" >> "$GITHUB_OUTPUT" | ||
| aws lambda invoke --function-name bcda-dev-admin-create-aco \ | ||
| --cli-binary-format raw-in-base64-out \ | ||
| --payload '{"name":"Test ACO","cms_id":"testcms"}' test-result.txt | ||
|
There was a problem hiding this comment. This will be creating the same ACO each time its called. Do we need to do some kind of clean up? What happens when we call create ACO with an existing ACO by that name/cms_id? There was a problem hiding this comment. That is a good point; do we want to add a cleanupACO type function in this lambda where the removal occurs? We could potentially configure it by saying that if it's running in a non-prod env, then run the cleanup afterwards? There was a problem hiding this comment. Looking into it currently. |
||
| - name: Verify result | ||
| run: | | ||
| if grep -q "errorType" test-result.txt; then cat test-result.txt; exit 1; else echo "Success"; fi | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| The Create ACO administrative task lambda will create an ACO and add it to the database. It should be called via AWS's lambda interface (see: <https://confluence.cms.gov/display/BCDA/How+To+deny+an+ACO+From+Generating+Credentials>). | ||
|
|
||
| You can run the unit test suite from the base dir (bcda-app) using the following command: | ||
|
|
||
| make test-path TEST_PATH="bcda/lambda/admin_create_aco/\*.go". (You might have to make load-fixtures first). It also has an integration test run via github actions (see .github/workflows/admin-create-aco-integration-test.yml). | ||
| The lambda is deployed (or promoted in the case of prod) using github actions (see .github/workflows/admin-create-aco-lambda-{env}-deploy.yml files). |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once all changes are done this should change to 'main'