From 4902e1f04affadada15b8087f2099f50d8cb46cb Mon Sep 17 00:00:00 2001 From: Jessica McInchak Date: Mon, 11 Nov 2024 14:07:52 +0100 Subject: [PATCH] howto wip --- doc/how-to/how-to-setup-aws-s3-submissions.md | 23 +++++++++++++++++++ .../src/@planx/components/Send/Editor.tsx | 4 ++-- 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 doc/how-to/how-to-setup-aws-s3-submissions.md diff --git a/doc/how-to/how-to-setup-aws-s3-submissions.md b/doc/how-to/how-to-setup-aws-s3-submissions.md new file mode 100644 index 0000000000..03ba31c902 --- /dev/null +++ b/doc/how-to/how-to-setup-aws-s3-submissions.md @@ -0,0 +1,23 @@ +# How to setup AWS S3 submissions + +## Context + +When building a submission service, the "Send" component offers an option "Upload to AWS S3" which uploads the application data payload to PlanX's private S3 Bucket - which then in turn allows a council to receive a notification via a Power Automate Webhook and run a script to securely retrieve the application JSON file, download any associated user-uploaded files, generate custom documents, and save the application to their local Microsoft SharePoint environment. + +There's full documentation on how this method works in the PlanX Service Specification on Notion here. + +Once a council has confirmed they're cleared from their IT dept to use this method (eg allowed to receive external webhook requests) & shared a Power Automate Webhook URL, there's a few steps we need to take: + +1. Add the council-provied URL to `team_integrations.power_automate_webhook_url` as plain text via the production Hasura console + +1. Create 2x tokens for sending secure requests to the Power Automate webhook and add both encrypted values to: + - `team_integrations.production_power_automate_api_key` & `team_integrations.staging_power_automate_api_key` via the production Hasura console + - See `how-to-generate-a-secret` for how to properly generate tokens and encrypt values + +1. Create 2x tokens for downloading files from the PlanX S3 Bucket and add values to: + - Root `.env.example` & `.env` as `FILE_API_KEY_{TEAM_SLUG}` + - Root `docker-compose.yml` + - API's `modules/auth/middleware.ts` function `isAuthenticated` + - Pulumi's `infrastructure/application/index.ts` list of `apiService` "environment" variables + - Run `pulumi config set file-api-key-{team_slug} --stack {stack}` 2x for each staging & production stacks + - Encrypt the values using _our_ encrypt scripts (again see `how-to-generate-a-secret`) and add to `team_integrations.production_file_api_key` & `team_integrations.staging_file_api_key` via the production Hasura console. Please note these values are _not_ currently read, but suitable for a potential future refactor (just a bit tricky because file API keys are issued to a mix of _teams_ and _systems_ (eg BOPS & Idox)). diff --git a/editor.planx.uk/src/@planx/components/Send/Editor.tsx b/editor.planx.uk/src/@planx/components/Send/Editor.tsx index 6cad4a9328..37d7e894a9 100644 --- a/editor.planx.uk/src/@planx/components/Send/Editor.tsx +++ b/editor.planx.uk/src/@planx/components/Send/Editor.tsx @@ -113,10 +113,10 @@ const SendComponent: React.FC = (props) => { if ( value === "s3" && newCheckedValues.includes(value) && - !["barnet", "lambeth"].includes(teamSlug) + !["barnet", "southwark"].includes(teamSlug) ) { alert( - "AWS S3 uploads are currently being prototyped with Barnet and Lambeth only. Please do not select this option for other councils yet.", + "AWS S3 uploads require API tokens and are currently being prototyped with select councils. Reach out on Slack #planx-alternatives-to-integrations before selecting this option please.", ); } };