howto wip

theopensystemslab · Nov 11, 2024 · 4902e1f · 4902e1f
1 parent 937671c
commit 4902e1f
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/doc/how-to/how-to-setup-aws-s3-submissions.md b/doc/how-to/how-to-setup-aws-s3-submissions.md
@@ -0,0 +1,23 @@
+# How to setup AWS S3 submissions
+
+## Context
+
+When building a submission service, the "Send" component offers an option "Upload to AWS S3" which uploads the application data payload to PlanX's private S3 Bucket - which then in turn allows a council to receive a notification via a Power Automate Webhook and run a script to securely retrieve the application JSON file, download any associated user-uploaded files, generate custom documents, and save the application to their local Microsoft SharePoint environment.
+
+There's full documentation on how this method works in the PlanX Service Specification on Notion here.
+
+Once a council has confirmed they're cleared from their IT dept to use this method (eg allowed to receive external webhook requests) & shared a Power Automate Webhook URL, there's a few steps we need to take:
+
+1. Add the council-provied URL to `team_integrations.power_automate_webhook_url` as plain text via the production Hasura console
+
+1. Create 2x tokens for sending secure requests to the Power Automate webhook and add both encrypted values to:
+  - `team_integrations.production_power_automate_api_key` & `team_integrations.staging_power_automate_api_key` via the production Hasura console
+  - See `how-to-generate-a-secret` for how to properly generate tokens and encrypt values
+
+1. Create 2x tokens for downloading files from the PlanX S3 Bucket and add values to:
+  - Root `.env.example` & `.env` as `FILE_API_KEY_{TEAM_SLUG}`
+  - Root `docker-compose.yml`
+  - API's `modules/auth/middleware.ts` function `isAuthenticated`
+  - Pulumi's `infrastructure/application/index.ts` list of `apiService` "environment" variables
+    - Run `pulumi config set file-api-key-{team_slug} --stack {stack}` 2x for each staging & production stacks
+  - Encrypt the values using _our_ encrypt scripts (again see `how-to-generate-a-secret`) and add to `team_integrations.production_file_api_key` & `team_integrations.staging_file_api_key` via the production Hasura console. Please note these values are _not_ currently read, but suitable for a potential future refactor (just a bit tricky because file API keys are issued to a mix of _teams_ and _systems_ (eg BOPS & Idox)).
diff --git a/editor.planx.uk/src/@planx/components/Send/Editor.tsx b/editor.planx.uk/src/@planx/components/Send/Editor.tsx
@@ -113,10 +113,10 @@ const SendComponent: React.FC<Props> = (props) => {
       if (
         value === "s3" &&
         newCheckedValues.includes(value) &&
-        !["barnet", "lambeth"].includes(teamSlug)
+        !["barnet", "southwark"].includes(teamSlug)
       ) {
         alert(
-          "AWS S3 uploads are currently being prototyped with Barnet and Lambeth only. Please do not select this option for other councils yet.",
+          "AWS S3 uploads require API tokens and are currently being prototyped with select councils. Reach out on Slack #planx-alternatives-to-integrations before selecting this option please.",
         );
       }
     };