feat: [DTOSS-12154] disabled shared access key for storage account and enabled use managed identity for storage account

Author: nc-shahidazim

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/RetrieveMeshFile.cs

@@ -20,7 +20,7 @@ public class RetrieveMeshFile
 
     private readonly IMeshToBlobTransferHandler _meshToBlobTransferHandler;
     private readonly string _mailboxId;
-    private readonly string _blobConnectionString;
+    private Uri _blobServiceUri;
     private readonly IBlobStorageHelper _blobStorageHelper;
     private readonly RetrieveMeshFileConfig _config;
     private const string NextHandShakeTimeConfigKey = "NextHandShakeTime";
@@ -33,7 +33,7 @@ public RetrieveMeshFile(ILogger<RetrieveMeshFile> logger, IMeshToBlobTransferHan
         _blobStorageHelper = blobStorageHelper;
         _mailboxId = options.Value.BSSMailBox;
         _config = options.Value;
-        _blobConnectionString = _config.caasfolder_STORAGE;
+        _blobServiceUri = new Uri(_config.nemsmeshfolder_STORAGE__blobServiceUri);
     }
     /// <summary>
     /// This function polls the MESH Mailbox every 5 minutes, if there is a file posted to the mailbox.
@@ -51,7 +51,7 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
         try
         {
             var shouldExecuteHandShake = await ShouldExecuteHandShake();
-            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobConnectionString, "inbound", shouldExecuteHandShake);
+            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobServiceUri, "inbound", shouldExecuteHandShake);
 
             if (!result)
             {
@@ -74,7 +74,7 @@ private async Task<bool> ShouldExecuteHandShake()
 
         Dictionary<string, string> configValues;
         TimeSpan handShakeInterval = new TimeSpan(0, 23, 54, 0);
-        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, "config", ConfigFileName);
+        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobServiceUri, "config", ConfigFileName);
         if (meshState == null)
         {
 
@@ -140,7 +140,7 @@ private async Task<bool> SetConfigState(Dictionary<string, string> state)
             using (var stream = GenerateStreamFromString(jsonString))
             {
                 var blobFile = new BlobFile(stream, ConfigFileName);
-                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, "config", blobFile, true);
+                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobServiceUri, "config", blobFile, true);
                 return result;
             }
         }

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/RetrieveMeshFileConfig.cs

@@ -15,7 +15,7 @@ public class RetrieveMeshFileConfig
     public string? MeshKeyName { get; set; }
     public string KeyVaultConnectionString { get; set; }
     [Required]
-    public string caasfolder_STORAGE { get; set; }
+    public string nemsmeshfolder_STORAGE__blobServiceUri { get; set; }
     public string? ServerSideCerts { get; set; }
     public string? MeshCertName { get; set; }
     public bool? BypassServerCertificateValidation { get; set; }

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/ProcessFileClasses/CopyFailedBatchToBlob.cs

@@ -29,7 +29,7 @@ public async Task<bool> writeBatchToBlob(string jsonFromBatch, InvalidOperationE
         {
             // we do this so that we do not have files with the same names either failing to be added or over writing another failed batch
             var blobFile = new BlobFile(stream, $"failedBatch-{Guid.NewGuid()}.json");
-            var copied = await _blobStorageHelper.UploadFileToBlobStorage(_config.caasfolder_STORAGE, "failed-batch", blobFile);
+            var copied = await _blobStorageHelper.UploadFileToBlobStorage(new Uri(_config.caasfolder_STORAGE__blobServiceUri), "failed-batch", blobFile);
 
             if (copied)
             {

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/receiveCaasFile.cs

@@ -100,7 +100,7 @@ public async Task Run([BlobTrigger("inbound/{name}", Connection = "caasfolder_ST
         {
             _logger.LogError(ex, "There was a system exception in receive-caas-file");
             await _exceptionHandler.CreateSystemExceptionLogFromNhsNumber(ex, "", name, screeningName, "");
-            await _blobStorageHelper.CopyFileToPoisonAsync(_config.caasfolder_STORAGE, name, _config.inboundBlobName);
+            await _blobStorageHelper.CopyFileToPoisonAsync(new Uri(_config.caasfolder_STORAGE__blobServiceUri), name, _config.inboundBlobName);
         }
         finally
         {

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/receiveCaasFileConfig.cs

@@ -16,7 +16,7 @@ public class ReceiveCaasFileConfig
     [Required]
     public int maxNumberOfChecks { get; set; }
     [Required]
-    public string caasfolder_STORAGE { get; set; }
+    public string caasfolder_STORAGE__blobServiceUri { get; set; }
     [Required]
     public string inboundBlobName { get; set; }
     [Required]

application/CohortManager/src/Functions/NemsSubscriptionService/NemsMeshRetrieval/NemsMeshRetrieval.cs

@@ -20,7 +20,7 @@ public class NemsMeshRetrieval
 
     private readonly IMeshToBlobTransferHandler _meshToBlobTransferHandler;
     private readonly string _mailboxId;
-    private readonly string _blobConnectionString;
+    private readonly Uri _blobServiceUri;
     private readonly IBlobStorageHelper _blobStorageHelper;
     private readonly NemsMeshRetrievalConfig _config;
     private const string NextHandShakeTimeConfigKey = "NextHandShakeTime";
@@ -33,7 +33,7 @@ public NemsMeshRetrieval(ILogger<NemsMeshRetrieval> logger, IMeshToBlobTransferH
         _blobStorageHelper = blobStorageHelper;
         _mailboxId = options.Value.NemsMeshMailBox;
         _config = options.Value;
-        _blobConnectionString = _config.nemsmeshfolder_STORAGE;
+        _blobServiceUri = new Uri(_config.nemsmeshfolder_STORAGE__blobServiceUri);
     }
     /// <summary>
     /// This function polls the MESH Mailbox every 5 minutes, if there is a file posted to the mailbox.
@@ -51,7 +51,7 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
         try
         {
             var shouldExecuteHandShake = await ShouldExecuteHandShake();
-            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobConnectionString, _config.NemsMeshInboundContainer, shouldExecuteHandShake);
+            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobServiceUri, _config.NemsMeshInboundContainer, shouldExecuteHandShake);
 
             if (!result)
             {
@@ -74,7 +74,7 @@ private async Task<bool> ShouldExecuteHandShake()
 
         Dictionary<string, string> configValues;
         TimeSpan handShakeInterval = new TimeSpan(0, 23, 54, 0);
-        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, ConfigFileName);
+        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobServiceUri, _config.NemsMeshConfigContainer, ConfigFileName);
         if (meshState == null)
         {
 
@@ -140,7 +140,7 @@ private async Task<bool> SetConfigState(Dictionary<string, string> state)
             using (var stream = GenerateStreamFromString(jsonString))
             {
                 var blobFile = new BlobFile(stream, ConfigFileName);
-                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, blobFile, true);
+                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobServiceUri, _config.NemsMeshConfigContainer, blobFile, true);
                 return result;
             }
         }

application/CohortManager/src/Functions/NemsSubscriptionService/NemsMeshRetrieval/NemsMeshRetrievalConfig.cs

@@ -15,7 +15,7 @@ public class NemsMeshRetrievalConfig
     public string NemsMeshKeyName {get; set;}
     public string KeyVaultConnectionString {get; set;}
     [Required]
-    public string nemsmeshfolder_STORAGE {get; set;}
+    public string nemsmeshfolder_STORAGE__blobServiceUri { get; set;}
     public string NemsMeshInboundContainer { get; set; } = "nems-updates";
     public string NemsMeshConfigContainer { get; set; } = "nems-config";
     public string NemsMeshServerSideCerts { get; set; }

application/CohortManager/src/Functions/NemsSubscriptionService/ProcessNemsUpdate/ProcessNemsUpdate.cs

@@ -1,4 +1,4 @@
-namespace NHS.Screening.ProcessNemsUpdate;
+namespace NHS.Screening.ProcessNemsUpdate;
 
 using System.Collections.Concurrent;
 using System.Collections.Specialized;
@@ -119,7 +119,7 @@ public async Task Run([BlobTrigger("nems-updates/{name}", Connection = "nemsmesh
 
     private async Task CopyToPoisonContainer(string fileName)
     {
-        await _blobStorageHelper.CopyFileToPoisonAsync(_config.nemsmeshfolder_STORAGE, fileName, _config.NemsMessages, _config.NemsPoisonContainer, addTimestamp: true);
+        await _blobStorageHelper.CopyFileToPoisonAsync(new Uri(_config.nemsmeshfolder_STORAGE__blobServiceUri), fileName, _config.NemsMessages, _config.NemsPoisonContainer, addTimestamp: true);
         _logger.LogInformation("Copied failed NEMS file {FileName} to poison container with timestamp.", fileName);
     }
 

application/CohortManager/src/Functions/NemsSubscriptionService/ProcessNemsUpdate/ProcessNemsUpdateConfig.cs

@@ -23,6 +23,6 @@ public class ProcessNemsUpdateConfig
     public required string DemographicDataServiceURL { get; set; }
 
     [Required]
-    public required string nemsmeshfolder_STORAGE { get; set; }
+    public required string nemsmeshfolder_STORAGE__blobServiceUri { get; set; }
     public string NemsPoisonContainer { get; set; } = "nems-poison";
 }

application/CohortManager/src/Functions/Shared/Common/BlobstorageHelper.cs

@@ -1,6 +1,7 @@
 namespace Common;
 
 using Azure;
+using Azure.Identity;
 using Azure.Storage.Blobs;
 using Azure.Storage.Blobs.Models;
 using Azure.Storage.Blobs.Specialized;
@@ -14,22 +15,23 @@ public BlobStorageHelper(ILogger<BlobStorageHelper> logger)
     {
         _logger = logger;
     }
-    public async Task CopyFileToPoisonAsync(string connectionString, string fileName, string containerName)
+    public async Task CopyFileToPoisonAsync(Uri serviceUri, string fileName, string containerName)
     {
         // Delegate to the extended overload to avoid duplication; preserve env var behaviour
         var poisonContainerName = Environment.GetEnvironmentVariable("fileExceptions");
-        await CopyFileToPoisonAsync(connectionString, fileName, containerName, poisonContainerName, addTimestamp: false);
+        await CopyFileToPoisonAsync(serviceUri, fileName, containerName, poisonContainerName, addTimestamp: false);
     }
 
-    public async Task CopyFileToPoisonAsync(string connectionString, string fileName, string containerName, string poisonContainerName, bool addTimestamp = false)
+    public async Task CopyFileToPoisonAsync(Uri serviceUri, string fileName, string containerName, string poisonContainerName, bool addTimestamp = false)
     {
-        var sourceBlobServiceClient = new BlobServiceClient(connectionString);
+        var defaultAzureCredential = new DefaultAzureCredential();
+        var sourceBlobServiceClient = new BlobServiceClient(serviceUri, defaultAzureCredential);
         var sourceContainerClient = sourceBlobServiceClient.GetBlobContainerClient(containerName);
         var sourceBlobClient = sourceContainerClient.GetBlobClient(fileName);
 
         BlobLeaseClient sourceBlobLease = new(sourceBlobClient);
 
-        var destinationBlobServiceClient = new BlobServiceClient(connectionString);
+        var destinationBlobServiceClient = new BlobServiceClient(serviceUri, defaultAzureCredential);
         var destinationContainerClient = destinationBlobServiceClient.GetBlobContainerClient(poisonContainerName);
 
         // Conditionally add timestamp to prevent collisions and maintain audit trail
@@ -62,9 +64,9 @@ public async Task CopyFileToPoisonAsync(string connectionString, string fileName
         }
     }
 
-    public async Task<bool> UploadFileToBlobStorage(string connectionString, string containerName, BlobFile blobFile, bool overwrite = false)
+    public async Task<bool> UploadFileToBlobStorage(Uri serviceUri, string containerName, BlobFile blobFile, bool overwrite = false)
     {
-        var sourceBlobServiceClient = new BlobServiceClient(connectionString);
+        var sourceBlobServiceClient = new BlobServiceClient(serviceUri, new DefaultAzureCredential());
         var sourceContainerClient = sourceBlobServiceClient.GetBlobContainerClient(containerName);
         var sourceBlobClient = sourceContainerClient.GetBlobClient(blobFile.FileName);
 
@@ -83,12 +85,12 @@ public async Task<bool> UploadFileToBlobStorage(string connectionString, string
         return true;
     }
 
-    public async Task<BlobFile> GetFileFromBlobStorage(string connectionString, string containerName, string fileName)
+    public async Task<BlobFile> GetFileFromBlobStorage(Uri serviceUri, string containerName, string fileName)
     {
 
         _logger.LogInformation("Downloading File: {FileName} From blobStorage Container: {ContainerName}", fileName, containerName);
 
-        var blobServiceClient = new BlobServiceClient(connectionString);
+        var blobServiceClient = new BlobServiceClient(serviceUri, new DefaultAzureCredential());
         var containerClient = blobServiceClient.GetBlobContainerClient(containerName);
         var blobClient = containerClient.GetBlobClient(fileName);