feat: VOL-5650 introduce reusable access token provider, switch Trans…

…Xchange to use it
dvsa · Aug 12, 2024 · 266836a · 266836a
1 parent 68eb681
commit 266836a
Show file tree

Hide file tree

Showing 32 changed files with 147 additions and 891 deletions.
diff --git a/config/autoload/config.global.php b/config/autoload/config.global.php
@@ -306,7 +306,16 @@
                 'proxy_host' => 'proxy.%domain%',
                 'proxy_port' => 3128,
                 'timeout' => 30
-            ]
+            ],
+            'consumer_proxy' => 'http://%shd_proxy%',
+            'oauth2' => [
+                'client_id' => '%olcs_txc_client_id%',
+                'client_secret' => '%olcs_txc_client_secret%',
+                'token_url' => '%olcs_txc_token_url%',
+                'scope' => '%olcs_txc_scope%',
+                'proxy' => 'http://%shd_proxy%',
+                'service_name' => 'TransXchange',
+            ],
         ],
         'tmp_extra_path' => '/EBSR', //extra path to ebsr files within /tmp
         //debug only - validation must always be set to true in production
@@ -589,21 +598,6 @@
         'apiKey' => '%dvsa_reports_api_key%',
         'proxy' => 'http://%shd_proxy%',
     ],
-    'app-registrations' => [
-        'secrets' => ['provider' => \Dvsa\Olcs\Api\Service\SecretsManager\LocalSecretsManager::class],
-        'transxchange' => [
-            'token_url' => '%olcs_txc_token_url%',
-            'client_id' => '%olcs_txc_client_id%',
-            'scope' => '%olcs_txc_scope%',
-            'secret_name' => 'txc_client_secret',
-        ],
-
-        'proxy' => 'http://%shd_proxy%',
-        'max_retry_attempts' => 3,
-    ],
-    'localSecretsManager' => [
-        'txc_client_secret' => ['client_secret' => '%olcs_txc_client_secret%'],
-    ],
     'dvsa_address_service' => [
         'client' => [ // Guzzle client options
             'base_uri' => '%address_service_url%',

diff --git a/config/autoload/local.php.dist b/config/autoload/local.php.dist
@@ -137,7 +137,21 @@ return [
   'ebsr' => [
     'transexchange_publisher' => [
       'uri' => 'http://localhost:8080/txc/publisherService',
+      'new_uri' => '',
+      'options' => [
+          'proxy_host' => '',
+      ],
+      'consumer_proxy' => '',
+      'oauth2' => [
+          'client_id' => '',
+          'client_secret' => '',
+          'token_url' => '',
+          'scope' => '',
+          'proxy' => '',
+      ],
     ],
+    // the input bucket for TransXChange, where the xml is placed
+    'input_s3_bucket' => 'txc-local-input',
     // The output bucket for TransXChange. This bucket will container the resulting PDFs.
     'output_s3_bucket' => 'txc-local-output',
     // The cross account role that VOL will assume to access the output bucket and output SQS queue.

diff --git a/module/Api/config/module.config.php b/module/Api/config/module.config.php
@@ -7,15 +7,12 @@
 use Dvsa\Olcs\Api\Entity\Generic\Question;
 use Dvsa\Olcs\Api\Entity\Permits\IrhpPermitType;
 use Dvsa\Olcs\Api\Service as ApiSrv;
-use Dvsa\Olcs\Api\Service\AppRegistration\AppRegistrationServiceFactory;
-use Dvsa\Olcs\Api\Service\AppRegistration\TransXChangeAppRegistrationService;
 use Dvsa\Olcs\Api\Service\Cpms\ApiServiceFactory;
 use Dvsa\Olcs\Api\Service\DvlaSearch\DvlaSearchService;
 use Dvsa\Olcs\Api\Service\DvlaSearch\DvlaSearchServiceFactory;
 use Dvsa\Olcs\Api\Service\Publication\PublicationGenerator;
 use Dvsa\Olcs\Api\Service\Qa\Strategy as QaStrategy;
 use Dvsa\Olcs\Api\Service\Translator;
-use Dvsa\Olcs\AwsSdk\Factories\SecretsManagerFactory;
 
 return [
     'router' => [
@@ -519,11 +516,7 @@
             'EventHistoryCreator' =>
                 ApiSrv\EventHistory\CreatorFactory::class,
             ApiSrv\EventHistory\Creator::class => ApiSrv\EventHistory\CreatorFactory::class,
-
-            TransXChangeAppRegistrationService::class => AppRegistrationServiceFactory::class,
-            ApiSrv\SecretsManager\SecretsManager::class => SecretsManagerFactory::class,
-            ApiSrv\SecretsManager\LocalSecretsManager::class => ApiSrv\SecretsManager\LocalSecretsManagerFactory::class,
-            ApiSrv\AppRegistration\Adapter\AppRegistrationSecret::class => Dvsa\Olcs\Api\Service\AppRegistration\Adapter\AppRegistrationSecretFactory::class,
+            ApiSrv\AccessToken\Provider::class => ApiSrv\AccessToken\ProviderFactory::class,
             ApiSrv\Ebsr\S3Processor::class => ApiSrv\Ebsr\S3ProcessorFactory::class,
 
             ApiSrv\GovUkAccount\GovUkAccountService::class => ApiSrv\GovUkAccount\GovUkAccountServiceFactory::class,

diff --git a/module/Api/src/Service/AccessToken/Provider.php b/module/Api/src/Service/AccessToken/Provider.php
@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Dvsa\Olcs\Api\Service\AccessToken;
+
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Token\AccessTokenInterface;
+
+class Provider
+{
+    public function __construct(private readonly AccessToken|AccessTokenInterface $accessToken)
+    {
+    }
+
+    public function getToken(): string
+    {
+        return $this->accessToken->getToken();
+    }
+}
diff --git a/module/Api/src/Service/AccessToken/ProviderFactory.php b/module/Api/src/Service/AccessToken/ProviderFactory.php
@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Dvsa\Olcs\Api\Service\AccessToken;
+
+use Laminas\ServiceManager\Factory\FactoryInterface;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Provider\GenericProvider;
+use Olcs\Logging\Log\Logger;
+use Psr\Container\ContainerInterface;
+
+class ProviderFactory implements FactoryInterface
+{
+    public const MSG_ERROR = 'Failed to retrieve access token for %s: %s';
+
+    public function __invoke(ContainerInterface $container, $requestedName, array $options = null): Provider
+    {
+        $providerConfig = [
+            'clientId' => $options['client_id'],
+            'clientSecret' => $options['client_secret'],
+            'urlAccessToken' => $options['token_url'],
+            'urlAuthorize' => $options['token_url'],
+            'urlResourceOwnerDetails' => $options['token_url'],
+        ];
+
+        if (isset($options['proxy'])) {
+            $providerConfig['proxy'] = $options['proxy'];
+        }
+
+        $provider = new GenericProvider($providerConfig);
+
+        try {
+            $accessToken = $provider->getAccessToken('client_credentials', ['scope' => $options['scope']]);
+            return new Provider($accessToken);
+        } catch (IdentityProviderException $e) {
+            $message = sprintf(self::MSG_ERROR, $options['service_name'], $e->getMessage());
+            Logger::err($message);
+            throw $e;
+        }
+    }
+}
diff --git a/module/Api/src/Service/AppRegistration/Adapter/AppRegistrationSecret.php b/module/Api/src/Service/AppRegistration/Adapter/AppRegistrationSecret.php
diff --git a/module/Api/src/Service/AppRegistration/Adapter/AppRegistrationSecretFactory.php b/module/Api/src/Service/AppRegistration/Adapter/AppRegistrationSecretFactory.php
diff --git a/module/Api/src/Service/AppRegistration/AppRegistrationInterface.php b/module/Api/src/Service/AppRegistration/AppRegistrationInterface.php
diff --git a/module/Api/src/Service/AppRegistration/AppRegistrationServiceFactory.php b/module/Api/src/Service/AppRegistration/AppRegistrationServiceFactory.php
diff --git a/module/Api/src/Service/AppRegistration/GetAccessTokenTrait.php b/module/Api/src/Service/AppRegistration/GetAccessTokenTrait.php