feat: [DTOSS-12154] disabled shared access key for storage account and enabled use managed identity for storage account

Author: nc-shahidazim

.github/workflows/stage-3-build-images-devtest.yaml

@@ -65,7 +65,7 @@ jobs:
         with:
           repository: NHSDigital/dtos-devops-templates
           path: templates
-          ref: main
+          ref: feat/DTOSS-12154-disable-sas
 
       - name: Determine which Docker container(s) to build
         id: get-function-names

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/RetrieveMeshFile.cs

@@ -20,7 +20,7 @@ public class RetrieveMeshFile
 
     private readonly IMeshToBlobTransferHandler _meshToBlobTransferHandler;
     private readonly string _mailboxId;
-    private readonly string _blobConnectionString;
+    private Uri _blobServiceUri;
     private readonly IBlobStorageHelper _blobStorageHelper;
     private readonly RetrieveMeshFileConfig _config;
     private const string NextHandShakeTimeConfigKey = "NextHandShakeTime";
@@ -33,7 +33,7 @@ public RetrieveMeshFile(ILogger<RetrieveMeshFile> logger, IMeshToBlobTransferHan
         _blobStorageHelper = blobStorageHelper;
         _mailboxId = options.Value.BSSMailBox;
         _config = options.Value;
-        _blobConnectionString = _config.caasfolder_STORAGE;
+        _blobServiceUri = new Uri(_config.nemsmeshfolder_STORAGE__blobServiceUri);
     }
     /// <summary>
     /// This function polls the MESH Mailbox every 5 minutes, if there is a file posted to the mailbox.
@@ -51,7 +51,7 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
         try
         {
             var shouldExecuteHandShake = await ShouldExecuteHandShake();
-            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobConnectionString, "inbound", shouldExecuteHandShake);
+            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobServiceUri, "inbound", shouldExecuteHandShake);
 
             if (!result)
             {
@@ -74,7 +74,7 @@ private async Task<bool> ShouldExecuteHandShake()
 
         Dictionary<string, string> configValues;
         TimeSpan handShakeInterval = new TimeSpan(0, 23, 54, 0);
-        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, "config", ConfigFileName);
+        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobServiceUri, "config", ConfigFileName);
         if (meshState == null)
         {
 
@@ -140,7 +140,7 @@ private async Task<bool> SetConfigState(Dictionary<string, string> state)
             using (var stream = GenerateStreamFromString(jsonString))
             {
                 var blobFile = new BlobFile(stream, ConfigFileName);
-                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, "config", blobFile, true);
+                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobServiceUri, "config", blobFile, true);
                 return result;
             }
         }

application/CohortManager/src/Functions/CaasIntegration/RetrieveMeshFile/RetrieveMeshFileConfig.cs

@@ -15,7 +15,7 @@ public class RetrieveMeshFileConfig
     public string? MeshKeyName { get; set; }
     public string KeyVaultConnectionString { get; set; }
     [Required]
-    public string caasfolder_STORAGE { get; set; }
+    public string nemsmeshfolder_STORAGE__blobServiceUri { get; set; }
     public string? ServerSideCerts { get; set; }
     public string? MeshCertName { get; set; }
     public bool? BypassServerCertificateValidation { get; set; }

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/ProcessFileClasses/CopyFailedBatchToBlob.cs

@@ -29,7 +29,7 @@ public async Task<bool> writeBatchToBlob(string jsonFromBatch, InvalidOperationE
         {
             // we do this so that we do not have files with the same names either failing to be added or over writing another failed batch
             var blobFile = new BlobFile(stream, $"failedBatch-{Guid.NewGuid()}.json");
-            var copied = await _blobStorageHelper.UploadFileToBlobStorage(_config.caasfolder_STORAGE, "failed-batch", blobFile);
+            var copied = await _blobStorageHelper.UploadFileToBlobStorage(new Uri(_config.caasfolder_STORAGE__blobServiceUri), "failed-batch", blobFile);
 
             if (copied)
             {

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/receiveCaasFile.cs

@@ -100,7 +100,7 @@ public async Task Run([BlobTrigger("inbound/{name}", Connection = "caasfolder_ST
         {
             _logger.LogError(ex, "There was a system exception in receive-caas-file");
             await _exceptionHandler.CreateSystemExceptionLogFromNhsNumber(ex, "", name, screeningName, "");
-            await _blobStorageHelper.CopyFileToPoisonAsync(_config.caasfolder_STORAGE, name, _config.inboundBlobName);
+            await _blobStorageHelper.CopyFileToPoisonAsync(new Uri(_config.caasfolder_STORAGE__blobServiceUri), name, _config.inboundBlobName);
         }
         finally
         {

application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/receiveCaasFileConfig.cs

@@ -16,7 +16,7 @@ public class ReceiveCaasFileConfig
     [Required]
     public int maxNumberOfChecks { get; set; }
     [Required]
-    public string caasfolder_STORAGE { get; set; }
+    public string caasfolder_STORAGE__blobServiceUri { get; set; }
     [Required]
     public string inboundBlobName { get; set; }
     [Required]

application/CohortManager/src/Functions/NemsSubscriptionService/NemsMeshRetrieval/NemsMeshRetrieval.cs

@@ -20,7 +20,7 @@ public class NemsMeshRetrieval
 
     private readonly IMeshToBlobTransferHandler _meshToBlobTransferHandler;
     private readonly string _mailboxId;
-    private readonly string _blobConnectionString;
+    private readonly Uri _blobServiceUri;
     private readonly IBlobStorageHelper _blobStorageHelper;
     private readonly NemsMeshRetrievalConfig _config;
     private const string NextHandShakeTimeConfigKey = "NextHandShakeTime";
@@ -33,7 +33,7 @@ public NemsMeshRetrieval(ILogger<NemsMeshRetrieval> logger, IMeshToBlobTransferH
         _blobStorageHelper = blobStorageHelper;
         _mailboxId = options.Value.NemsMeshMailBox;
         _config = options.Value;
-        _blobConnectionString = _config.nemsmeshfolder_STORAGE;
+        _blobServiceUri = new Uri(_config.nemsmeshfolder_STORAGE__blobServiceUri);
     }
     /// <summary>
     /// This function polls the MESH Mailbox every 5 minutes, if there is a file posted to the mailbox.
@@ -51,7 +51,7 @@ public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer)
         try
         {
             var shouldExecuteHandShake = await ShouldExecuteHandShake();
-            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobConnectionString, _config.NemsMeshInboundContainer, shouldExecuteHandShake);
+            var result = await _meshToBlobTransferHandler.MoveFilesFromMeshToBlob(messageFilter, fileNameFunction, _mailboxId, _blobServiceUri, _config.NemsMeshInboundContainer, shouldExecuteHandShake);
 
             if (!result)
             {
@@ -74,7 +74,7 @@ private async Task<bool> ShouldExecuteHandShake()
 
         Dictionary<string, string> configValues;
         TimeSpan handShakeInterval = new TimeSpan(0, 23, 54, 0);
-        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, ConfigFileName);
+        var meshState = await _blobStorageHelper.GetFileFromBlobStorage(_blobServiceUri, _config.NemsMeshConfigContainer, ConfigFileName);
         if (meshState == null)
         {
 
@@ -140,7 +140,7 @@ private async Task<bool> SetConfigState(Dictionary<string, string> state)
             using (var stream = GenerateStreamFromString(jsonString))
             {
                 var blobFile = new BlobFile(stream, ConfigFileName);
-                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobConnectionString, _config.NemsMeshConfigContainer, blobFile, true);
+                var result = await _blobStorageHelper.UploadFileToBlobStorage(_blobServiceUri, _config.NemsMeshConfigContainer, blobFile, true);
                 return result;
             }
         }

application/CohortManager/src/Functions/NemsSubscriptionService/NemsMeshRetrieval/NemsMeshRetrievalConfig.cs

@@ -15,7 +15,7 @@ public class NemsMeshRetrievalConfig
     public string NemsMeshKeyName {get; set;}
     public string KeyVaultConnectionString {get; set;}
     [Required]
-    public string nemsmeshfolder_STORAGE {get; set;}
+    public string nemsmeshfolder_STORAGE__blobServiceUri { get; set;}
     public string NemsMeshInboundContainer { get; set; } = "nems-updates";
     public string NemsMeshConfigContainer { get; set; } = "nems-config";
     public string NemsMeshServerSideCerts { get; set; }

application/CohortManager/src/Functions/NemsSubscriptionService/ProcessNemsUpdate/ProcessNemsUpdate.cs

@@ -1,4 +1,4 @@
-namespace NHS.Screening.ProcessNemsUpdate;
+namespace NHS.Screening.ProcessNemsUpdate;
 
 using System.Collections.Concurrent;
 using System.Collections.Specialized;
@@ -119,7 +119,7 @@ public async Task Run([BlobTrigger("nems-updates/{name}", Connection = "nemsmesh
 
     private async Task CopyToPoisonContainer(string fileName)
     {
-        await _blobStorageHelper.CopyFileToPoisonAsync(_config.nemsmeshfolder_STORAGE, fileName, _config.NemsMessages, _config.NemsPoisonContainer, addTimestamp: true);
+        await _blobStorageHelper.CopyFileToPoisonAsync(new Uri(_config.nemsmeshfolder_STORAGE__blobServiceUri), fileName, _config.NemsMessages, _config.NemsPoisonContainer, addTimestamp: true);
         _logger.LogInformation("Copied failed NEMS file {FileName} to poison container with timestamp.", fileName);
     }
 

application/CohortManager/src/Functions/NemsSubscriptionService/ProcessNemsUpdate/ProcessNemsUpdateConfig.cs

@@ -23,6 +23,6 @@ public class ProcessNemsUpdateConfig
     public required string DemographicDataServiceURL { get; set; }
 
     [Required]
-    public required string nemsmeshfolder_STORAGE { get; set; }
+    public required string nemsmeshfolder_STORAGE__blobServiceUri { get; set; }
     public string NemsPoisonContainer { get; set; } = "nems-poison";
 }