feat: [DTOSS-12154] disabled shared access key for storage account and enabled use managed identity for storage account

Author: nc-shahidazim

.azuredevops/pipelines/cd-infrastructure-dev-core.yaml

@@ -9,7 +9,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 0abead1e42da2bb60cbc85054ac2452746679d29
+      ref: feat/DTOSS-12154-disable-sas
       endpoint: NHSDigital
 
 parameters:

.github/workflows/stage-3-build-images-devtest.yaml

@@ -65,7 +65,7 @@ jobs:
         with:
           repository: NHSDigital/dtos-devops-templates
           path: templates
-          ref: main
+          ref: feat/DTOSS-12154-disable-sas
 
       - name: Determine which Docker container(s) to build
         id: get-function-names
@@ -193,7 +193,7 @@ jobs:
         with:
           repository: NHSDigital/dtos-devops-templates
           path: templates
-          ref: main
+          ref: feat/DTOSS-12154-disable-sas
 
       - name: Az CLI login
         uses: azure/login@v2

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/Program.cs

@@ -68,7 +68,7 @@
         services.AddSingleton<IBlobStorageHelper, BlobStorageHelper>();
         services.AddTransient<IMeshToBlobTransferHandler, MeshToBlobTransferHandler>();
         // Register health checks
-        services.AddBlobStorageHealthCheck("RetrieveMeshFile");
+        services.AddBlobStorageHealthCheck("RetrieveMeshFile", config.AzureWebJobsStorage);
     })
     .AddTelemetry()
     .AddExceptionHandler();

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/RetrieveMeshFile.cs

@@ -1,17 +1,15 @@
 namespace NHS.Screening.RetrieveMeshFile;
 
-using System;
-using System.Diagnostics.CodeAnalysis;
-using System.Globalization;
-using System.Text;
-using System.Text.Json;
-using System.Threading.Tasks;
 using Common;
 using Microsoft.Azure.Functions.Worker;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Model;
 using NHS.MESH.Client.Models;
+using System;
+using System.Globalization;
+using System.Text.Json;
+using System.Threading.Tasks;
 
 
 public class RetrieveMeshFile
@@ -20,7 +18,8 @@ public class RetrieveMeshFile
 
     private readonly IMeshToBlobTransferHandler _meshToBlobTransferHandler;
     private readonly string _mailboxId;
-    private readonly string _blobConnectionString;
+    private readonly string? _blobConnectionString;
+    private readonly Uri? _blobServiceUri;
     private readonly IBlobStorageHelper _blobStorageHelper;
     private readonly RetrieveMeshFileConfig _config;
     private const string NextHandShakeTimeConfigKey = "NextHandShakeTime";
@@ -33,7 +32,14 @@ public RetrieveMeshFile(ILogger<RetrieveMeshFile> logger, IMeshToBlobTransferHan
         _blobStorageHelper = blobStorageHelper;
         _mailboxId = options.Value.BSSMailBox;
         _config = options.Value;
-        _blobConnectionString = _config.caasfolder_STORAGE;
+        if (_config.nemsmeshfolder_STORAGE != null)
+        {
+            _blobServiceUri = new Uri(_config.nemsmeshfolder_STORAGE.BlobServiceUri);
+        }
+        else
+        {
+            _blobConnectionString = Environment.GetEnvironmentVariable("nemsmeshfolder_STORAGE");
+        }
     }
     /// <summary>
     /// This function polls the MESH Mailbox every 5 minutes, if there is a file posted to the mailbox.
@@ -51,8 +57,7 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
         try
         {
             var shouldExecuteHandShake = await ShouldExecuteHandShake();
-            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobConnectionString, "inbound", shouldExecuteHandShake);
-
+            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobServiceUri, _blobConnectionString, "inbound", shouldExecuteHandShake);
             if (!result)
             {
                 _logger.LogError("An error was encountered while moving files from Mesh to Blob");
@@ -74,10 +79,18 @@ private async Task<bool> ShouldExecuteHandShake()
 
         Dictionary<string, string> configValues;
         TimeSpan handShakeInterval = new TimeSpan(0, 23, 54, 0);
-        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, "config", ConfigFileName);
-        if (meshState == null)
+        BlobFile meshState = null;
+        if (_blobServiceUri != null)
         {
+            meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobServiceUri, "config", ConfigFileName);
+        }
+        else if (_blobConnectionString != null)
+        {
+            meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, "config", ConfigFileName);
+        }
 
+        if (meshState == null)
+        {
             _logger.LogInformation("MeshState File did not exist, Creating new MeshState File in blob Storage");
             configValues = new Dictionary<string, string>
             {
@@ -140,7 +153,15 @@ private async Task<bool> SetConfigState(Dictionary<string, string> state)
             using (var stream = GenerateStreamFromString(jsonString))
             {
                 var blobFile = new BlobFile(stream, ConfigFileName);
-                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, "config", blobFile, true);
+                var result = false;
+                if (_blobServiceUri != null)
+                {
+                    result = await _blobStorageHelper.UploadFileToBlobStorage(_blobServiceUri, "config", blobFile, true);
+                }
+                else if (_blobConnectionString != null)
+                {
+                    result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, "config", blobFile, true);
+                }
                 return result;
             }
         }

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/RetrieveMeshFileConfig.cs

@@ -1,5 +1,6 @@
 namespace NHS.Screening.RetrieveMeshFile;
 
+using Common;
 using System.ComponentModel.DataAnnotations;
 
 public class RetrieveMeshFileConfig
@@ -14,8 +15,8 @@ public class RetrieveMeshFileConfig
     public string? MeshKeyPassphrase { get; set; }
     public string? MeshKeyName { get; set; }
     public string KeyVaultConnectionString { get; set; }
-    [Required]
-    public required string caasfolder_STORAGE { get; set; }
+    public BlobStorageConfig? AzureWebJobsStorage { get; set; }
+    public BlobStorageConfig? nemsmeshfolder_STORAGE { get; set; }
     public string? ServerSideCerts { get; set; }
     public string? MeshCertName { get; set; }
     public bool? BypassServerCertificateValidation { get; set; }

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/ProcessFileClasses/CopyFailedBatchToBlob.cs

@@ -29,7 +29,19 @@ public async Task<bool> writeBatchToBlob(string jsonFromBatch, InvalidOperationE
         {
             // we do this so that we do not have files with the same names either failing to be added or over writing another failed batch
             var blobFile = new BlobFile(stream, $"failedBatch-{Guid.NewGuid()}.json");
-            var copied = await _blobStorageHelper.UploadFileToBlobStorage(_config.caasfolder_STORAGE, "failed-batch", blobFile);
+            bool copied = false;
+            if (_config.caasfolder_STORAGE != null)
+            {
+                copied = await _blobStorageHelper.UploadFileToBlobStorage(new Uri(_config.caasfolder_STORAGE.BlobServiceUri), "failed-batch", blobFile);
+            }
+            else
+            {
+                var connectionString = Environment.GetEnvironmentVariable("caasfolder_STORAGE");
+                if (connectionString != null)
+                {
+                    copied = await _blobStorageHelper.UploadFileToBlobStorage(connectionString, "failed-batch", blobFile);
+                }
+            }
 
             if (copied)
             {

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/Program.cs

@@ -39,7 +39,7 @@
         services.AddTransient<ICopyFailedBatchToBlob, CopyFailedBatchToBlob>();
         services.AddScoped<IValidateDates, ValidateDates>();
         // Register health checks
-        services.AddBlobStorageHealthCheck("receiveCaasFile");
+        services.AddBlobStorageHealthCheck("receiveCaasFile", config.AzureWebJobsStorage!);
     })
     .AddTelemetry()
     .AddHttpClient()

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/receiveCaasFile.cs

@@ -99,7 +99,18 @@ public async Task Run([BlobTrigger("inbound/{name}", Connection = "caasfolder_ST
         {
             _logger.LogError(ex, "There was a system exception in receive-caas-file");
             await _exceptionHandler.CreateSystemExceptionLogFromNhsNumber(ex, "", name, screeningName, "");
-            await _blobStorageHelper.CopyFileToPoisonAsync(_config.caasfolder_STORAGE, name, _config.inboundBlobName);
+            if (_config.caasfolder_STORAGE != null)
+            {
+                await _blobStorageHelper.CopyFileToPoisonAsync(new Uri(_config.caasfolder_STORAGE.BlobServiceUri), name, _config.inboundBlobName);
+            }
+            else
+            {
+                var connectionString = Environment.GetEnvironmentVariable("caasfolder_STORAGE");
+                if (connectionString != null)
+                {
+                    await _blobStorageHelper.CopyFileToPoisonAsync(connectionString, name, _config.inboundBlobName);
+                }
+            }
         }
         finally
         {

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/receiveCaasFileConfig.cs

@@ -1,5 +1,6 @@
 namespace NHS.Screening.ReceiveCaasFile;
 
+using Common;
 using System.ComponentModel.DataAnnotations;
 
 public class ReceiveCaasFileConfig
@@ -16,7 +17,9 @@ public class ReceiveCaasFileConfig
     [Required]
     public required int maxNumberOfChecks { get; set; }
     [Required]
-    public required string caasfolder_STORAGE { get; set; }
+    public BlobStorageConfig? AzureWebJobsStorage { get; set; }
+    [Required]
+    public BlobStorageConfig? caasfolder_STORAGE { get; set; }
     [Required]
     public required string inboundBlobName { get; set; }
     [Required]

application/CohortManager/src/Functions/NemsSubscriptionService/NemsMeshRetrieval/NemsMeshRetrieval.cs

@@ -1,15 +1,15 @@
 namespace NHS.Screening.NemsMeshRetrieval;
 
-using System;
-using System.Globalization;
-using System.Text.Json;
-using System.Threading.Tasks;
 using Common;
 using Microsoft.Azure.Functions.Worker;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Model;
 using NHS.MESH.Client.Models;
+using System;
+using System.Globalization;
+using System.Text.Json;
+using System.Threading.Tasks;
 
 
 public class NemsMeshRetrieval
@@ -18,7 +18,8 @@ public class NemsMeshRetrieval
 
     private readonly IMeshToBlobTransferHandler _meshToBlobTransferHandler;
     private readonly string _mailboxId;
-    private readonly string _blobConnectionString;
+    private readonly string? _blobConnectionString;
+    private readonly Uri? _blobServiceUri;
     private readonly IBlobStorageHelper _blobStorageHelper;
     private readonly NemsMeshRetrievalConfig _config;
     private const string NextHandShakeTimeConfigKey = "NextHandShakeTime";
@@ -31,7 +32,14 @@ public NemsMeshRetrieval(ILogger<NemsMeshRetrieval> logger, IMeshToBlobTransferH
         _blobStorageHelper = blobStorageHelper;
         _mailboxId = options.Value.NemsMeshMailBox;
         _config = options.Value;
-        _blobConnectionString = _config.nemsmeshfolder_STORAGE;
+        if (_config.nemsmeshfolder_STORAGE != null)
+        {
+            _blobServiceUri = new Uri(_config.nemsmeshfolder_STORAGE.BlobServiceUri);
+        }
+        else
+        {
+            _blobConnectionString = Environment.GetEnvironmentVariable("nemsmeshfolder_STORAGE");
+        }
     }
     /// <summary>
     /// This function polls the MESH Mailbox every 5 minutes, if there is a file posted to the mailbox.
@@ -49,7 +57,7 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
         try
         {
             var shouldExecuteHandShake = await ShouldExecuteHandShake();
-            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobConnectionString, _config.NemsMeshInboundContainer, shouldExecuteHandShake);
+            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobServiceUri, _blobConnectionString, _config.NemsMeshInboundContainer, shouldExecuteHandShake);
 
             if (!result)
             {
@@ -69,13 +77,19 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
 
     private async Task<bool> ShouldExecuteHandShake()
     {
-
         Dictionary<string, string> configValues;
         TimeSpan handShakeInterval = new TimeSpan(0, 23, 54, 0);
-        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, ConfigFileName);
+        BlobFile meshState = null;
+        if (_blobServiceUri != null)
+        {
+            meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobServiceUri, _config.NemsMeshConfigContainer, ConfigFileName);
+        }
+        else if (_blobConnectionString != null)
+        {
+            meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, ConfigFileName);
+        }
         if (meshState == null)
         {
-
             _logger.LogInformation("MeshState File did not exist, Creating new MeshState File in blob Storage");
             configValues = new Dictionary<string, string>
             {
@@ -84,8 +98,8 @@ private async Task<bool> ShouldExecuteHandShake()
             await SetConfigState(configValues);
 
             return true;
-
         }
+
         using (StreamReader reader = new StreamReader(meshState.Data))
         {
             meshState.Data.Seek(0, SeekOrigin.Begin);
@@ -101,8 +115,6 @@ private async Task<bool> ShouldExecuteHandShake()
             configValues.Add(NextHandShakeTimeConfigKey, DateTime.UtcNow.Add(handShakeInterval).ToString());
             await SetConfigState(configValues);
             return true;
-
-
         }
         DateTime nextHandShakeDateTime;
         //date cannot be parsed
@@ -138,7 +150,15 @@ private async Task<bool> SetConfigState(Dictionary<string, string> state)
             using (var stream = GenerateStreamFromString(jsonString))
             {
                 var blobFile = new BlobFile(stream, ConfigFileName);
-                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, blobFile, true);
+                var result = false;
+                if (_blobServiceUri != null)
+                {
+                    result = await _blobStorageHelper.UploadFileToBlobStorage(_blobServiceUri, _config.NemsMeshConfigContainer, blobFile, true);
+                }
+                else if (_blobConnectionString != null)
+                {
+                    result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, blobFile, true);
+                }
                 return result;
             }
         }