ncr: TM-597: add automation scripts for nomis reporting (#1063)

* add helper script for querying restful api * - * add scripts
ministryofjustice · Oct 21, 2024 · 8fd2330 · 8fd2330
1 parent c1c502f
commit 8fd2330
Show file tree

Hide file tree

Showing 8 changed files with 913 additions and 0 deletions.
diff --git a/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml b/ansible/group_vars/environment_name_nomis_combined_reporting_preproduction.yml
@@ -102,6 +102,7 @@ sap_bip_confs:
     sap_web_java_mem: "22528"
     sap_webadmin_java_mem: "8192"
     sap_bip_sso_url: "https://preproduction.reporting.nomis.service.justice.gov.uk/BrowserCheck.jsp?t="
+    sap_bip_rws_url: "https://admin.preproduction.reporting.nomis.service.justice.gov.uk/biprws"
     sap_provisioning_database_hostname: "ppnomis.preproduction.nomis.service.justice.gov.uk"
 
 sap_bip_conf: "{{ sap_bip_confs[ncr_environment] }}"

diff --git a/ansible/group_vars/server_type_ncr_webadmin.yml b/ansible/group_vars/server_type_ncr_webadmin.yml
@@ -113,3 +113,5 @@ sap_web_apps:
   - clientapi
   - dswsbobje
   - webi-websetup
+
+sap_bip_rws_url: "{{ sap_bip_conf.sap_bip_rws_url }}"
diff --git a/ansible/roles/ncr-bip/defaults/main.yml b/ansible/roles/ncr-bip/defaults/main.yml
@@ -11,6 +11,7 @@ sap_bip_extraction_directory: "/u02/software/{{ sap_bip_rar_base }}"
 sap_bip_responsefiles_directory: "/u02/software/ResponseFiles"
 sap_bip_installation_directory: /u01/app/bobj/BIP4
 sap_web_archived_logs_directory: /u02/Archived_Logs
+sap_promotion_management_directory: /u02/tmpAJS
 
 sap_bip_rar_base: BIPLATS4301P_1200-70002683 # without _P1.EXE and _P2.RAR extension
 sap_host_agent_sar_base: SAPHOSTAGENT56_56-80004822 # without .SAR extension
@@ -92,3 +93,4 @@ sap_web_server_7777_minsparethreads: 500
 sap_web_java_opts: "-Dbobje.disable_audit_ip_lookup"
 # sap_web_apps:  # define list of apps to deploy in group vars
 # sap_bip_sso_url:  # set in group vars, e.g. https://reporting.nomis.az.justice.gov.uk/BrowserCheck.jsp?t= to enable BIPSSO setup
+# sap_bip_rws_url:  # set in group vars, e.g. https://admin.preproduction.reporting.nomis.service.justice.gov.uk/biprws to enable biprws helper script
diff --git a/ansible/roles/ncr-bip/tasks/setup_bobj.yml b/ansible/roles/ncr-bip/tasks/setup_bobj.yml
@@ -8,6 +8,18 @@
   loop:
     - home/bobj/.bash_profile
 
+- name: Copy bobj biprws helper scripts
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/{{ item }}"
+    owner: bobj
+    group: binstall
+    mode: 0750
+  loop:
+    - home/bobj/biprws.sh
+    - home/bobj/get_cmsobjects.sh
+  when: sap_bip_rws_url is defined
+
 # See https://help.sap.com/doc/46b1602a6e041014910aba7db0e91070/4.3/en-US/sbo43_bip_inst_unix_en.pdf
 # Section 2.9 Set ulimit to unlimited
 - name: Add bobj user limits

diff --git a/ansible/roles/ncr-bip/tasks/update_ccm_config.yml b/ansible/roles/ncr-bip/tasks/update_ccm_config.yml
@@ -11,5 +11,15 @@
         regexp: "^FIPSModeValue=.*"
         replace: 'FIPSModeValue="true"'
 
+    - name: Create directory
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: 0775
+        owner: bobj
+        group: binstall
+      with_items:
+        - "{{ sap_promotion_management_directory }}"
+
   # block
   when: ccm_config_check.stat.exists
diff --git a/ansible/roles/ncr-bip/templates/home/bobj/biprws.sh b/ansible/roles/ncr-bip/templates/home/bobj/biprws.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+# Wrapper for logging in and querying biprws endpoint
+
+set -e
+
+BIPRWS='{{ sap_bip_rws_url }}'
+AUTH=secEnterprise
+USERNAME=Administrator
+DEBUG=${DEBUG:-0}
+
+usage() {
+  echo "Usage: $0 <query>"
+  echo
+  echo "e.g. $0 'SELECT * FROM CI_SYSTEMOBJECTS'"
+}
+
+login() {
+  local logon
+  local token
+
+  logon='{"username": "'$USERNAME'", "password": "'$PASSWORD'", "auth": "'$AUTH'"}'
+  [[ $DEBUG != 0 ]] && echo "logon: $logon" >&2
+  token=$(curl -Ss -H "Content-Type: application/json" -H "Accept: application/json" --data "$logon" "$BIPRWS/v1/logon/long")
+  jq -r ".logontoken" <<< "$token"
+}
+
+cms_query() {
+  local query
+  local token
+  local uri
+  local query_debug
+
+  token="$1"
+  query_escaped=$(jq -R <<< "$2")
+  query='{"query":'$query_escaped'}'
+  uri="$3"
+  query_debug="$4"
+  [[ $query_debug != 0 ]] && echo "query: $query" >&2
+  curl -Ss -H "Content-Type: application/json" -H "Accept: application/json" -H "X-SAP-LogonToken: $token" --data "$query" "$uri"
+}
+
+join_cms_queries() {
+  local query_debug
+  local token
+  local query
+  local uri
+  local page
+  local json
+  local nexturi
+  local lasturi
+
+  token="$1"
+  query="$2"
+  uri="$3"
+  protocol=$(cut -d: -f1 <<< "$uri")
+  query_debug=$DEBUG
+  page=1
+
+  while true; do
+    echo "uri $page: $uri" >&2
+    json=$(cms_query "$token" "$query" "$uri" "$query_debug")
+    query_debug=0
+    [[ $DEBUG == 2 ]] && echo "$json" > debug.$page.json
+    error_code=$(jq -r .error_code <<< "$json")
+    message=$(jq -r .message <<< "$json")
+    if [[ $error_code != 'null' ]]; then
+        echo "error: $error_code: $message" >&2
+        exit 2
+    fi
+    nexturi=$(jq -r .next.__deferred.uri <<< "$json" | sed "s/http:/${protocol}:/g")
+    lasturi=$(jq -r .last.__deferred.uri <<< "$json" | sed "s/http:/${protocol}:/g")
+    jq '.entries[]' <<< "$json"
+    if [[ "$uri" == "$lasturi" || "$nexturi" == "null" ]]; then
+      break
+    fi
+    if [[ "$uri" == "$nexturi" ]]; then
+      echo "error: unexpected nexturi: $nexturi" >&2
+      exit 2
+    fi
+    if (( page == 1000 )); then
+      echo "error: reached page 1000"
+      exit 2
+    fi
+    uri="$nexturi"
+    page=$((page + 1))
+  done
+}
+
+if [[ -z $1 ]]; then
+  usage >&2
+  exit 1
+fi
+
+if [[ -z $PASSWORD ]]; then
+  echo "Please enter password for $USERNAME: " >&2
+  read -rs PASSWORD
+fi
+
+query="$1"
+uri="$BIPRWS/v1/cmsquery"
+token="\"$(login)\""
+[[ $DEBUG != 0 ]] && echo "token: $token" >&2
+
+join_cms_queries "$token" "$query" "$uri" | jq -s