added permissons and given token id

Author: Karthikeyannhs

.github/workflows/cicd-4b-preprod-seed-users.yml

@@ -4,9 +4,17 @@ on:
   push:
     branches:
       - ELI-417-preprod-db-seeding
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Target environment
+        required: true
+        type: choice
+        options:
+          - dev
 
 jobs:
-  seed:
+  seed-dynamodb:
     runs-on: ubuntu-latest
     environment: "dev"
     permissions:
@@ -37,7 +45,7 @@ jobs:
 
       - name: Run seed script
         run: |
-          python .github/scripts/seed_dynamodb.py \
+          python scripts/seed_users/seed_dynamodb.py \
             --table-name "${{ env.DYNAMODB_TABLE }}" \
             --region "${{ env.AWS_REGION }}" \
             --data-folder "${{ env.DATA_FOLDER }}"

infrastructure/stacks/iams-developer-roles/github_actions_policies.tf

@@ -109,16 +109,18 @@ resource "aws_iam_policy" "dynamodb_management" {
         }
       ],
       # to create test users in preprod
-      var.environment == "preprod" ? [
+      var.environment == "dev" ? [
         {
           Effect = "Allow",
           Action = [
             "dynamodb:GetItem",
             "dynamodb:PutItem",
             "dynamodb:DeleteItem",
+            "dynamodb:Scan",
+            "dynamodb:BatchWriteItem"
           ],
           Resource = [
-            "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-preprod-eligibility_datastore"
+            "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
           ]
         }
       ] : []

infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf

@@ -40,6 +40,8 @@ data "aws_iam_policy_document" "permissions_boundary" {
       "dynamodb:GetItem",
       "dynamodb:PutItem",
       "dynamodb:DeleteItem",
+      "dynamodb:Scan",
+      "dynamodb:BatchWriteItem",
 
       # EC2 - networking infrastructure
       "ec2:Describe*",

scripts/seed_users/seed_dynamodb.py

@@ -14,25 +14,33 @@ def parse_args():
     return parser.parse_args()
 
 
-def clear_table(table):
-    scan = table.scan(
-        ProjectionExpression="#nhs, #type", ExpressionAttributeNames={"#nhs": "NHS_NUMBER", "#type": "ATTRIBUTE_TYPE"}
-    )
+def get_keys_from_folder(data_folder):
+    keys_to_delete = []
+    json_files = glob.glob(os.path.join(data_folder, "*.json"))
+    for file_path in json_files:
+        with open(file_path) as f:
+            payload = json.load(f)
+            items = payload.get("data", [])
+            for item in items:
+                nhs_number = item.get("NHS_NUMBER")
+                attr_type = item.get("ATTRIBUTE_TYPE")
+                if nhs_number and attr_type:
+                    keys_to_delete.append({"NHS_NUMBER": nhs_number, "ATTRIBUTE_TYPE": attr_type})
+    return keys_to_delete
+
+
+def delete_specific_items(table, keys):
     with table.batch_writer() as batch:
-        for item in scan["Items"]:
-            batch.delete_item(Key={"NHS_NUMBER": item["NHS_NUMBER"], "ATTRIBUTE_TYPE": item["ATTRIBUTE_TYPE"]})
+        for key in keys:
+            batch.delete_item(Key=key)
 
 
 def insert_data_from_folder(table, data_folder):
     json_files = glob.glob(os.path.join(data_folder, "*.json"))
     for file_path in json_files:
         with open(file_path) as f:
-            try:
-                payload = json.load(f)
-                items = payload.get("data", [])
-            except Exception as e:
-                print(f"Skipping {file_path}: {e}")
-                continue
+            payload = json.load(f)
+            items = payload.get("data", [])
 
         with table.batch_writer() as batch:
             for item in items:
@@ -48,7 +56,8 @@ def main():
     dynamodb = boto3.resource("dynamodb", region_name=args.region)
     table = dynamodb.Table(args.table_name)
 
-    clear_table(table)
+    keys_to_delete = get_keys_from_folder(args.data_folder)
+    delete_specific_items(table, keys_to_delete)
     insert_data_from_folder(table, args.data_folder)