CCM-10429: Templates and S3 migration

Author: m-salaudeen

data-migration/user-transfer/package.json

@@ -1,5 +1,6 @@
 {
   "dependencies": {
+    "@aws-sdk/client-cognito-identity-provider": "^3.879.0",
     "@aws-sdk/client-dynamodb": "^3.864.0",
     "@aws-sdk/client-s3": "^3.864.0",
     "@aws-sdk/client-sts": "^3.864.0",

data-migration/user-transfer/src/user-transfer.ts

@@ -2,21 +2,24 @@
 import yargs from 'yargs/yargs';
 import { hideBin } from 'yargs/helpers';
 import { AttributeValue } from '@aws-sdk/client-dynamodb';
-import { retrieveTemplates, updateItem } from '@/src/utils/ddb-utils';
+import {
+  deleteItem,
+  retrieveAllTemplates,
+  updateItem,
+} from '@/src/utils/ddb-utils';
 import { backupData } from '@/src/utils/backup-utils';
 import { Parameters } from '@/src/utils/constants';
+import { findCognitoUser, getUserGroup } from './utils/cognito-utils';
+import {
+  backupObject,
+  copyObjects,
+  deleteObjects,
+  getItemObjects,
+} from './utils/s3-utils';
 
 function getParameters(): Parameters {
   return yargs(hideBin(process.argv))
     .options({
-      sourceOwner: {
-        type: 'string',
-        demandOption: true,
-      },
-      destinationOwner: {
-        type: 'string',
-        demandOption: true,
-      },
       environment: {
         type: 'string',
         demandOption: true,
@@ -29,18 +32,73 @@ async function updateItems(
   items: Record<string, AttributeValue>[],
   parameters: Parameters
 ): Promise<void> {
-  for (let i = 0; i < items.length; i++) {
-    const item = items[i];
-    await updateItem(item, parameters);
-    console.log(
-      `Updated ${item.id.S}: ${i + 1}/${items.length} (${(100.0 * (i + 1)) / items.length}%)`
-    );
+  for (const item of items) {
+    console.log(item.owner.S);
+
+    // Get owner id of this item
+    const { owner, id, templateType, clientId } = item;
+
+    //check if owner doesn't have CLIENT#
+    if (owner.S && !owner.S?.includes('CLIENT#')) {
+      // check the user in cognito, if it exist then pull the client id
+      const cognitoUser = await findCognitoUser(owner.S);
+
+      // check and get user groups - this is used when migrating for production
+      const userClientIdFromGroup = await getUserGroup({
+        Username: cognitoUser?.username,
+        UserPoolId: cognitoUser?.poolId,
+      });
+
+      // resolve client id
+      const newClientId = (userClientIdFromGroup ??
+        cognitoUser?.clientIdAttr) as string;
+
+      // check if this item has a client id, if yes check it matches the client id above. If it doesn't, throw error!
+      if (item.clientId && item.clientId.S !== newClientId) {
+        console.log({
+          templateClientId: item.clientId,
+          cognitoClientId: newClientId,
+        });
+
+        throw new Error('Invalid ids');
+      }
+      // if it matches make the required swaps (clientId, createdby and updatedby)
+      // if item doesn't have a client id then create one and do the above
+      // update the item and delete the previous one
+      await Promise.all([
+        updateItem(item, parameters, newClientId),
+        deleteItem(item, parameters),
+      ]);
+    }
+
+    //
+    if (templateType.S === 'LETTER') {
+      //Retrieve item S3 object(s)
+      const itemObjects = await getItemObjects(id.S as string);
+
+      //migrate to a new s3 location
+      for (const itemObject of itemObjects) {
+        const versionId = itemObject['Key'].split('/').reverse();
+        await Promise.all([
+          copyObjects(
+            owner.S as string,
+            itemObject['Key'],
+            id.S as string,
+            versionId[0],
+            clientId.S as string
+          ),
+          // delete previous objects
+          deleteObjects(itemObject['Key']),
+        ]).then(() => console.log('Object moved'));
+      }
+    }
   }
 }
 
 export async function performTransfer() {
   const parameters = getParameters();
-  const items = await retrieveTemplates(parameters);
+  const items = await retrieveAllTemplates(parameters);
   await backupData(items, parameters);
+  await backupObject(parameters);
   await updateItems(items, parameters);
 }

data-migration/user-transfer/src/utils/backup-utils.ts

@@ -1,4 +1,5 @@
 /* eslint-disable security/detect-non-literal-fs-filename */
+import fs from 'node:fs';
 import { AttributeValue } from '@aws-sdk/client-dynamodb';
 import { Parameters } from '@/src/utils/constants';
 import { getAccountId } from '@/src/utils/sts-utils';
@@ -13,12 +14,36 @@ export async function backupData(
     return;
   }
 
-  const { environment, sourceOwner, destinationOwner } = parameters;
+  const { environment } = parameters;
   const accountId = await getAccountId();
   const bucketName = `nhs-notify-${accountId}-eu-west-2-main-acct-migration-backup`;
 
   const timestamp = new Date().toISOString().replaceAll(/[.:T-]/g, '_');
-  const filePath = `user-transfer/${environment}/${timestamp}-source-${sourceOwner}-destination-${destinationOwner}.json`;
+  const filePath = `ownership-transfer/templates/templates-list/${environment}/${timestamp}.json`;
   await writeJsonToFile(filePath, JSON.stringify(items), bucketName);
   console.log(`Backed up data to s3://${bucketName}/${filePath}`);
 }
+
+export async function backupDataLocal(
+  items: Record<string, AttributeValue>[]
+): Promise<void> {
+  console.log(`Found ${items.length} results`);
+  if (items.length <= 0) {
+    return;
+  }
+
+  const timestamp = new Date().toISOString().replaceAll(/[.:T-]/g, '_');
+
+  fs.writeFile(
+    `new-data-${timestamp}-templates.json`,
+    JSON.stringify(items),
+    (err) => {
+      if (err) {
+        console.log('Error writing file:', err);
+      } else {
+        console.log('Successfully wrote file');
+      }
+    }
+  );
+  console.log(`Data downloaded`);
+}

data-migration/user-transfer/src/utils/cognito-utils.ts

@@ -0,0 +1,78 @@
+import {
+  CognitoIdentityProviderClient,
+  ListUsersCommand,
+  AdminListGroupsForUserCommand,
+  AdminListGroupsForUserCommandInput,
+  UserType,
+  GroupType,
+} from '@aws-sdk/client-cognito-identity-provider';
+
+const cognito = new CognitoIdentityProviderClient({
+  region: 'eu-west-2',
+});
+const USER_POOL_ID = 'eu-west-2_OX5mAA0VI';
+
+interface CognitoUserBasics {
+  username: string;
+  sub?: string;
+  clientIdAttr?: string;
+  poolId: string;
+  user?: UserType;
+}
+
+export async function findCognitoUser(
+  ownerId: string
+): Promise<CognitoUserBasics | undefined> {
+  console.log('owner', ownerId);
+  const listUser = new ListUsersCommand({
+    UserPoolId: USER_POOL_ID,
+    Filter: `"sub"="${ownerId}"`,
+  });
+  const res = await cognito.send(listUser);
+  const user = res.Users?.[0];
+  if (user) {
+    const sub = user.Attributes?.find((a) => a.Name === 'sub')?.Value;
+    const clientIdAttr = user.Attributes?.find(
+      (a) => a.Name === 'custom:sbx_client_id' // this would be removed when migrating for production
+    )?.Value;
+    return {
+      username: user.Username!,
+      sub,
+      clientIdAttr,
+      poolId: USER_POOL_ID,
+      user,
+    };
+  }
+  return undefined;
+}
+
+export async function getUserGroup(
+  input: AdminListGroupsForUserCommandInput
+): Promise<string | undefined> {
+  const { Username, UserPoolId } = input;
+
+  const userGroups = await cognito.send(
+    new AdminListGroupsForUserCommand({
+      UserPoolId,
+      Username,
+    })
+  );
+
+  return userGroups.Groups && userGroups.Groups?.length === 0
+    ? undefined
+    : await getUserClientId(userGroups.Groups);
+}
+
+async function getUserClientId(
+  userGroups: GroupType[] | undefined
+): Promise<string | undefined> {
+  if (userGroups && userGroups.length > 0) {
+    const clientIdGroup = userGroups?.filter((group) =>
+      group.GroupName?.includes('client')
+    );
+
+    return clientIdGroup[0].GroupName?.split(':')[0];
+  }
+
+  return undefined;
+}

data-migration/user-transfer/src/utils/constants.ts

@@ -1,5 +1,5 @@
 export type Parameters = {
-  sourceOwner: string;
-  destinationOwner: string;
+  sourceOwner?: string;
+  destinationOwner?: string;
   environment: string;
 };

data-migration/user-transfer/src/utils/ddb-utils.ts

@@ -1,16 +1,42 @@
 import {
   AttributeValue,
+  DeleteItemCommand,
   DynamoDBClient,
+  PutItemCommand,
   QueryCommand,
   QueryCommandInput,
+  ScanCommand,
+  ScanCommandInput,
   TransactWriteItemsCommand,
 } from '@aws-sdk/client-dynamodb';
 import { Parameters } from '@/src/utils/constants';
 
 const client = new DynamoDBClient({ region: 'eu-west-2' });
 
+// change 'sandbox' back to 'app' when testing on prod environment
 function getTableName(environment: string) {
-  return `nhs-notify-${environment}-app-api-templates`;
+  return `nhs-notify-${environment}-sandbox-api-templates`;
+}
+
+export async function retrieveAllTemplates(
+  parameters: Parameters
+): Promise<Record<string, AttributeValue>[]> {
+  let allItems: Record<string, AttributeValue>[] = [];
+  let lastEvaluatedKey = undefined;
+  do {
+    const query: ScanCommandInput = {
+      TableName: getTableName(parameters.environment),
+      FilterExpression:
+        'attribute_exists(#owner) AND NOT contains(#owner, :subString)',
+      ExpressionAttributeNames: { '#owner': 'owner' },
+      ExpressionAttributeValues: { ':subString': { S: 'CLIENT#' } },
+    };
+
+    const queryResult = await client.send(new ScanCommand(query));
+    lastEvaluatedKey = queryResult.LastEvaluatedKey;
+    allItems = [...allItems, ...(queryResult.Items ?? [])];
+  } while (lastEvaluatedKey);
+  return allItems;
 }
 
 export async function retrieveTemplates(
@@ -26,7 +52,7 @@ export async function retrieveTemplates(
         '#owner': 'owner',
       },
       ExpressionAttributeValues: {
-        ':owner': { S: parameters.sourceOwner },
+        ':owner': { S: parameters.sourceOwner as string },
       },
       ExclusiveStartKey: lastEvaluatedKey,
     };
@@ -40,32 +66,37 @@ export async function retrieveTemplates(
 
 export async function updateItem(
   item: Record<string, AttributeValue>,
-  parameters: Parameters
+  parameters: Parameters,
+  newClientId: string
 ): Promise<void> {
+  const tableName = getTableName(parameters.environment);
+  console.log({ item, parameters, newClientId, tableName });
+  await client.send(
+    new PutItemCommand({
+      Item: {
+        ...item,
+        owner: { S: `CLIENT#${newClientId}` },
+        clientId: { S: newClientId },
+        createdBy: item.owner,
+        updatedBy: item.owner,
+      },
+      TableName: tableName,
+    })
+  );
+}
+
+export async function deleteItem(
+  item: Record<string, AttributeValue>,
+  parameters: Parameters
+) {
   const tableName = getTableName(parameters.environment);
   await client.send(
-    new TransactWriteItemsCommand({
-      TransactItems: [
-        {
-          Put: {
-            Item: {
-              ...item,
-              owner: { S: parameters.destinationOwner },
-              updatedAt: { S: new Date().toISOString() },
-            },
-            TableName: tableName,
-          },
-        },
-        {
-          Delete: {
-            Key: {
-              owner: item.owner,
-              id: item.id,
-            },
-            TableName: tableName,
-          },
-        },
-      ],
+    new DeleteItemCommand({
+      Key: {
+        owner: item.owner,
+      },
+      TableName: tableName,
     })
   );
+  console.log('Item deleted');
 }