Setup resource migration

Author: devksingh4

onetime/uinHash-migration.py

@@ -0,0 +1,83 @@
+import json
+import boto3
+import logging
+from botocore.exceptions import ClientError
+
+# --- Configuration ---
+SOURCE_TABLE_NAME = "infra-core-api-uin-mapping"
+DESTINATION_TABLE_NAME = "infra-core-api-user-info"
+DESTINATION_ID_SUFFIX = "@illinois.edu"
+
+# --- Logging Setup ---
+logging.basicConfig(
+    level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s"
+)
+
+
+def migrate_uin_hashes():
+    """
+    Scans the source table for netId and uinHash mappings and updates
+    the corresponding user records in the destination table.
+    """
+    try:
+        dynamodb = boto3.resource("dynamodb")
+        destination_table = dynamodb.Table(DESTINATION_TABLE_NAME)
+
+        # A paginator is used to handle scanning tables of any size
+        paginator = dynamodb.meta.client.get_paginator("scan")
+        page_iterator = paginator.paginate(TableName=SOURCE_TABLE_NAME)
+
+        scanned_count = 0
+        updated_count = 0
+        logging.info(
+            f"Starting migration from '{SOURCE_TABLE_NAME}' to '{DESTINATION_TABLE_NAME}'"
+        )
+
+        for page in page_iterator:
+            for item in page.get("Items", []):
+                scanned_count += 1
+                net_id = item.get("netId")
+                uin_hash = item.get("uinHash")
+
+                # Validate that the necessary fields exist
+                if not net_id or not uin_hash:
+                    logging.warning(
+                        f"Skipping item with missing 'netId' or 'uinHash': {item}"
+                    )
+                    continue
+
+                # Construct the primary key and update parameters for the destination table
+                destination_pk_id = f"{net_id}{DESTINATION_ID_SUFFIX}"
+                update_expression = "SET uinHash = :uh"
+                expression_attribute_values = {":uh": uin_hash}
+
+                # Update the item in the destination DynamoDB table
+                try:
+                    destination_table.update_item(
+                        Key={"id": destination_pk_id},
+                        UpdateExpression=update_expression,
+                        ExpressionAttributeValues=expression_attribute_values,
+                    )
+                    updated_count += 1
+                    if updated_count % 100 == 0:
+                        logging.info(
+                            f"Scanned {scanned_count} items, updated {updated_count} so far..."
+                        )
+                except ClientError as e:
+                    logging.error(
+                        f"Failed to update item with id '{destination_pk_id}': {e}"
+                    )
+
+        logging.info("--- Script Finished ---")
+        logging.info(f"Total items scanned from source: {scanned_count}")
+        logging.info(f"Total items updated in destination: {updated_count}")
+
+    except ClientError as e:
+        # This will catch errors like table not found, or credential issues
+        logging.critical(f"A critical AWS error occurred: {e}")
+    except Exception as e:
+        logging.critical(f"An unexpected error occurred: {e}")
+
+
+if __name__ == "__main__":
+    migrate_uin_hashes()

terraform/modules/dynamo/main.tf

@@ -1,3 +1,14 @@
+resource "null_resource" "onetime_sl_expiration" {
+  provisioner "local-exec" {
+    command     = <<-EOT
+      set -e
+      python uinHash-migration.py
+    EOT
+    interpreter = ["bash", "-c"]
+    working_dir = "${path.module}/../../../onetime/"
+  }
+}
+
 resource "aws_dynamodb_table" "app_audit_log" {
   billing_mode                = "PAY_PER_REQUEST"
   name                        = "${var.ProjectId}-audit-log"
@@ -320,7 +331,7 @@ resource "aws_dynamodb_table" "cache" {
 resource "aws_dynamodb_table" "app_uin_records" {
   billing_mode                = "PAY_PER_REQUEST"
   name                        = "${var.ProjectId}-uin-mapping"
-  deletion_protection_enabled = true
+  deletion_protection_enabled = false
   hash_key                    = "uinHash"
   point_in_time_recovery {
     enabled = true

terraform/modules/lambdas/main.tf

@@ -268,16 +268,16 @@ resource "aws_iam_policy" "shared_iam_policy" {
         ]
       },
       {
-        Sid    = "DynamoDBUINAccess",
+        Sid    = "DynamoDBUserInfoAccess",
         Effect = "Allow",
         Action = [
           "dynamodb:PutItem",
           "dynamodb:DescribeTable",
           "dynamodb:Query",
         ],
         Resource = [
-          "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-uin-mapping",
-          "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-uin-mapping/index/*",
+          "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-user-info",
+          "arn:aws:dynamodb:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:table/infra-core-api-user-info/index/*",
         ]
       },
       {