update paths to sops compatible

Author: bhagatparwinder

.github/workflows/deploy-all.yml

@@ -163,7 +163,7 @@ jobs:
         with:
           params: |
             GITHUB_TOKEN=/ci/github/token
-            DATABASE_URL=/bcda/${{ env.RELEASE_ENV }}/api/DATABASE_URL
+            DATABASE_URL=/bcda/${{ env.RELEASE_ENV }}/sensitive/api/DATABASE_URL
       - name: Checkout bcda-ops
         uses: actions/checkout@v4
         with:
@@ -324,7 +324,7 @@ jobs:
         with:
           params: |
             NEWRELIC_API_KEY=/bcda/all/new-relic/api-key
-            NEWRELIC_APP_ID=/bcda/${{ env.ENV_MODIFIER }}/new-relic/app-id
+            NEWRELIC_APP_ID=/bcda/${{ env.ENV_MODIFIER }}/sensitive/new-relic/app-id
       - name: Download notify scripts
         uses: actions/download-artifact@v4
         with:

.github/workflows/migrate-db.yml

@@ -53,7 +53,7 @@ jobs:
           AWS_REGION: ${{ vars.AWS_REGION }}
         with:
           params: |
-            DB_URL=/bcda/${{ inputs.env }}/api/DATABASE_URL
+            DB_URL=/bcda/${{ inputs.env }}/sensitive/api/DATABASE_URL
       - name: Get Go
         uses: actions/setup-go@v5
         with:

bcda/lambda/admin_aco_deny/main.go

@@ -99,7 +99,7 @@ func getAWSParams(ctx context.Context) (awsParams, error) {
 	}
 	ssmClient := ssm.NewFromConfig(cfg)
 
-	dbURLName := fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env)
+	dbURLName := fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env)
 	slackParamName := "/slack/token/workflow-alerts"
 	paramNames := []string{slackParamName, dbURLName}
 	params, err := bcdaaws.GetParameters(ctx, ssmClient, paramNames)

bcda/lambda/admin_create_aco/main.go

@@ -143,7 +143,7 @@ func getAWSParams(ctx context.Context) (awsParams, error) {
 	}
 	ssmClient := ssm.NewFromConfig(cfg)
 
-	dbURLName := fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env)
+	dbURLName := fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env)
 	slackParamName := "/slack/token/workflow-alerts"
 	paramNames := []string{slackParamName, dbURLName}
 	params, err := bcdaaws.GetParameters(ctx, ssmClient, paramNames)

bcda/lambda/admin_create_aco/main_test.go

@@ -144,7 +144,7 @@ func (c *HandleCreateACOTestSuite) TestHandleCreateACOMissingCMSID() {
 func TestGetAWSParams(t *testing.T) {
 	env := conf.GetEnv("ENV")
 
-	cleanupParam1 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env), "test-db-url")
+	cleanupParam1 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env), "test-db-url")
 	t.Cleanup(func() { cleanupParam1() })
 	cleanupParam2 := testUtils.SetParameter(t, "/slack/token/workflow-alerts", "test-slack-token")
 	t.Cleanup(func() { cleanupParam2() })

bcda/lambda/admin_create_aco_creds/aws.go

@@ -23,12 +23,12 @@ func getAWSParams(ctx context.Context) (awsParams, error) {
 	env := adjustedEnv()
 
 	slackParamName := "/slack/token/workflow-alerts"
-	dbURLName := fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env)
-	ssasURLName := fmt.Sprintf("/bcda/%s/api/SSAS_URL", env)
-	clientIDName := fmt.Sprintf("/bcda/%s/api/BCDA_SSAS_CLIENT_ID", env)
-	clientSecretName := fmt.Sprintf("/bcda/%s/api/BCDA_SSAS_SECRET", env)
-	ssasPEMName := fmt.Sprintf("/bcda/%s/api/BCDA_CA_FILE.pem", env)
-	credsBucketName := fmt.Sprintf("/bcda/%s/aco_creds_bucket", env)
+	dbURLName := fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env)
+	ssasURLName := fmt.Sprintf("/bcda/%s/sensitive/api/SSAS_URL", env)
+	clientIDName := fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_SSAS_CLIENT_ID", env)
+	clientSecretName := fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_SSAS_SECRET", env)
+	ssasPEMName := fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_CA_FILE.pem", env)
+	credsBucketName := fmt.Sprintf("/bcda/%s/sensitive/aco_creds_bucket", env)
 
 	paramNames := []string{
 		slackParamName,

bcda/lambda/admin_create_group/main.go

@@ -149,13 +149,14 @@ func setupEnv(ctx context.Context) (string, error) {
 	ssmClient := ssm.NewFromConfig(cfg)
 
 	slackParamName := "/slack/token/workflow-alerts"
-	dbURLName := fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env)
-	ssasURLName := fmt.Sprintf("/bcda/%s/api/SSAS_URL", env)
-	ssasClientName := fmt.Sprintf("/bcda/%s/api/BCDA_SSAS_CLIENT_ID", env)
-	ssasSecretName := fmt.Sprintf("/bcda/%s/api/BCDA_SSAS_SECRET", env)
-	caFileName := fmt.Sprintf("/bcda/%s/api/BCDA_CA_FILE.pem", env)
+	dbURLName := fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env)
+	ssasURLName := fmt.Sprintf("/bcda/%s/sensitive/api/SSAS_URL", env)
+	ssasClientName := fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_SSAS_CLIENT_ID", env)
+	ssasSecretName := fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_SSAS_SECRET", env)
+	caFileName := fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_CA_FILE.pem", env)
 	paramNames := []string{
 		slackParamName,
+		dbURLName,
 		ssasURLName,
 		ssasClientName,
 		ssasSecretName,

bcda/lambda/admin_create_group/main_test.go

@@ -92,15 +92,15 @@ func TestSetupEnvironment(t *testing.T) {
 
 	cleanupParam1 := testUtils.SetParameter(t, "/slack/token/workflow-alerts", "slack-val")
 	t.Cleanup(func() { cleanupParam1() })
-	cleanupParam2 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env), "test-DB_URL")
+	cleanupParam2 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env), "test-DB_URL")
 	t.Cleanup(func() { cleanupParam2() })
-	cleanupParam3 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/api/SSAS_URL", env), "test-SSAS_URL")
+	cleanupParam3 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/sensitive/api/SSAS_URL", env), "test-SSAS_URL")
 	t.Cleanup(func() { cleanupParam3() })
-	cleanupParam4 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/api/BCDA_SSAS_CLIENT_ID", env), "test-BCDA_SSAS_CLIENT_ID")
+	cleanupParam4 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_SSAS_CLIENT_ID", env), "test-BCDA_SSAS_CLIENT_ID")
 	t.Cleanup(func() { cleanupParam4() })
-	cleanupParam5 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/api/BCDA_SSAS_SECRET", env), "test-BCDA_SSAS_SECRET")
+	cleanupParam5 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_SSAS_SECRET", env), "test-BCDA_SSAS_SECRET")
 	t.Cleanup(func() { cleanupParam5() })
-	cleanupParam6 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/api/BCDA_CA_FILE.pem", env), "test-BCDA_CA_FILE")
+	cleanupParam6 := testUtils.SetParameter(t, fmt.Sprintf("/bcda/%s/sensitive/api/BCDA_CA_FILE.pem", env), "test-BCDA_CA_FILE")
 	t.Cleanup(func() { cleanupParam6() })
 
 	slackName, err := setupEnv(context.Background())

bcda/lambda/cclf/main.go

@@ -64,7 +64,7 @@ func attributionImportHandler(ctx context.Context, sqsEvent events.SQSEvent) (st
 		o.Credentials = appCreds
 	})
 
-	dbURL, err := bcdaaws.GetParameter(ctx, ssmClient, fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env))
+	dbURL, err := bcdaaws.GetParameter(ctx, ssmClient, fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env))
 	if err != nil {
 		logger.Error("failed to load DB URL")
 		return "", err

bcda/lambda/cclf/main_test.go

@@ -48,7 +48,7 @@ func (s *AttributionImportMainSuite) TestImportCCLFDirectory() {
 	})
 	defer cleanupEnv()
 
-	cleanupParam := testUtils.SetParameter(s.T(), fmt.Sprintf("/bcda/%s/api/DATABASE_URL", env), "postgresql://postgres:toor@db-unit-test:5432/bcda_test?sslmode=disable")
+	cleanupParam := testUtils.SetParameter(s.T(), fmt.Sprintf("/bcda/%s/sensitive/api/DATABASE_URL", env), "postgresql://postgres:toor@db-unit-test:5432/bcda_test?sslmode=disable")
 	defer cleanupParam()
 
 	type test struct {