From 00dde47e50b473b1e60340f11ec7cb1167af8cdc Mon Sep 17 00:00:00 2001
From: Jo Humphrey <31373245+jamdelion@users.noreply.github.com>
Date: Mon, 27 Jan 2025 15:30:32 +0000
Subject: [PATCH] chore: set up power automate tokens for Gloucester and
 Tewkesbury (#4214)

---
 .env.example                                      | 3 +++
 api.planx.uk/.env.test.example                    | 2 ++
 api.planx.uk/modules/auth/middleware.ts           | 8 ++++++++
 docker-compose.yml                                | 2 ++
 infrastructure/application/Pulumi.production.yaml | 6 +++++-
 infrastructure/application/Pulumi.staging.yaml    | 6 +++++-
 infrastructure/application/index.ts               | 8 ++++++++
 7 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 1705520ff2..918866c50b 100644
--- a/.env.example
+++ b/.env.example
@@ -36,6 +36,9 @@ FILE_API_KEY_EPSOM_EWELL=👻
 FILE_API_KEY_MEDWAY=👻
 FILE_API_KEY_GATESHEAD=👻
 FILE_API_KEY_DONCASTER=👻
+FILE_API_KEY_GLOUCESTER=👻
+FILE_API_KEY_TEWKESBURY=👻
+
 
 # Editor
 EDITOR_URL_EXT=http://localhost:3000
diff --git a/api.planx.uk/.env.test.example b/api.planx.uk/.env.test.example
index 7c6ac49f51..ef905caf22 100644
--- a/api.planx.uk/.env.test.example
+++ b/api.planx.uk/.env.test.example
@@ -26,6 +26,8 @@ FILE_API_KEY_EPSOM_EWELL=👻
 FILE_API_KEY_MEDWAY=👻
 FILE_API_KEY_GATESHEAD=👻
 FILE_API_KEY_DONCASTER=👻
+FILE_API_KEY_GLOUCESTER=👻
+FILE_API_KEY_TEWKESBURY=👻
 
 # Editor
 EDITOR_URL_EXT=https://www.example.com
diff --git a/api.planx.uk/modules/auth/middleware.ts b/api.planx.uk/modules/auth/middleware.ts
index d527cdb97b..9b31ab3f71 100644
--- a/api.planx.uk/modules/auth/middleware.ts
+++ b/api.planx.uk/modules/auth/middleware.ts
@@ -111,6 +111,14 @@ export const useFilePermission: RequestHandler = (req, _res, next): void => {
       req.headers["api-key"] as string,
       process.env.FILE_API_KEY_EPSOM_EWELL!,
     ) ||
+    isEqual(
+      req.headers["api-key"] as string,
+      process.env.FILE_API_KEY_GLOUCESTER!,
+    ) ||
+    isEqual(
+      req.headers["api-key"] as string,
+      process.env.FILE_API_KEY_TEWKESBURY!,
+    ) ||
     isEqual(
       req.headers["api-key"] as string,
       process.env.FILE_API_KEY_DONCASTER!,
diff --git a/docker-compose.yml b/docker-compose.yml
index a329e4ff78..b92e2aa3d2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -131,6 +131,8 @@ services:
       FILE_API_KEY_MEDWAY: ${FILE_API_KEY_MEDWAY}
       FILE_API_KEY_GATESHEAD: ${FILE_API_KEY_GATESHEAD}
       FILE_API_KEY_DONCASTER: ${FILE_API_KEY_DONCASTER}
+      FILE_API_KEY_GLOUCESTER: ${FILE_API_KEY_GLOUCESTER}
+      FILE_API_KEY_TEWKESBURY: ${FILE_API_KEY_TEWKESBURY}
       FILE_API_KEY_NEXUS: ${FILE_API_KEY_NEXUS}
       FILE_API_KEY: ${FILE_API_KEY}
       GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
diff --git a/infrastructure/application/Pulumi.production.yaml b/infrastructure/application/Pulumi.production.yaml
index d422794fb2..36b26e436c 100644
--- a/infrastructure/application/Pulumi.production.yaml
+++ b/infrastructure/application/Pulumi.production.yaml
@@ -22,6 +22,8 @@ config:
     secure: AAABANvwhiVRBq8NH7ZqcToUzYn4X+KfC5Wm8WjWUKXT5TuVXqC6zHhVVKFBbmdtKjC4j5M4+bWsLiFO9dO0MLobxLpK7YCE
   application:file-api-key-gateshead:
     secure: AAABAIIeEiX2htVth4Obb5JMQ3fcezHG/utwUsPikaLNmX+rSmMpGQgcG3LM1pN7XDeaO8J/eZHMilG5OvxGyz7Yo+RxVZV0
+  application:file-api-key-gloucester:
+    secure: AAABADXXkyrzbTU7FroS71nVLEGH2rQI63hqcAnm2hLdZYnTEJs/bcUPJU7t/hx1HY5qEmFKpKKhhiO3v5QVXUhwqO0C6BaD
   application:file-api-key-lambeth:
     secure: AAABAMNhdCTlFx3fZH/nO71ildypZB2JR5NixlQCENsS1VqwdiOX17q/Gi1UFrCQi2qaY2sZFG4=
   application:file-api-key-medway:
@@ -30,6 +32,8 @@ config:
     secure: AAABAB2cv4GAf8RqN1hHbRbO68p8o4kLJYWsip9BoPdobrNtQB787M3s+gJnKKl9DfyXRHOXHGc=
   application:file-api-key-southwark:
     secure: AAABAL5G2cNl6XIQA0vcP6El4Us7Vk8Cz9JViRon25crc8MC0ix4ox2mE+XawsxYbLRwGfaRIJo=
+  application:file-api-key-tewkesbury:
+    secure: AAABAA1cz4BbfrTaXhcERQD0MaMSky0fC6ej9/N0n1IBB2w4iBd3S2hNi0T39VEiAB6CNouB+yElaoR7ZWg1xaIIJX2K6TGl
   application:google-client-id: 987324067365-vpsk3kgeq5n32ihjn760ihf8l7m5rhh8.apps.googleusercontent.com
   application:google-client-secret:
     secure: AAABAN5E+De3A3HtpLVaSNTDwk9Uz4r2d5g8SIRVbNOd2fj3eU+lGJXjVbEAnxezr14hwabbfwW2ptjcFzqkhG7OmQ==
@@ -43,8 +47,8 @@ config:
     secure: AAABAExsXFL7HabeK0Z1oSUJzI2NqVqEmKJ1ojYXyX4Hi8Sbt1Ht9QJc/Yn3cPBAB2r32HKa4HtqqLmfGjS+04lFB/I=
   application:hasura-proxy-cpu: "512"
   application:hasura-proxy-memory: "1024"
-  application:hasura-service-scaling-minimum: "1"
   application:hasura-service-scaling-maximum: "4"
+  application:hasura-service-scaling-minimum: "1"
   application:idox-nexus-client:
     secure: AAABACdm6IyRjfVPrHLCS5eKQD0ixA2lFC5h04HULwcCXx3j
   application:idox-nexus-submission-url: todo
diff --git a/infrastructure/application/Pulumi.staging.yaml b/infrastructure/application/Pulumi.staging.yaml
index 6f755a47d4..4a827bc349 100644
--- a/infrastructure/application/Pulumi.staging.yaml
+++ b/infrastructure/application/Pulumi.staging.yaml
@@ -23,6 +23,8 @@ config:
     secure: AAABAD1/nlJ2EOEglLiiNsOLbOd3KWCONhNhJAIdZQVnrSRsNIzX2luszOreQf20EYl8AZ4L1TiheqUHSt22e5z1FiLWoCtY
   application:file-api-key-gateshead:
     secure: AAABAC40pz4+QnXhA2QOYP2F33dc4bCnpL0Njd6hgxR4sTtzt1xF4+2HJpMGdptL2zVrbmdH+cMzrizu6cTmGELrsAoUIEvB
+  application:file-api-key-gloucester:
+    secure: AAABAEGJ0WyUrlevwy3gZV058bHabSBNItu//nWvzRVlIjGMaJ8X//DmEDtYFvdMC+RqCUkUXlo7zh3tap9Zz9/8wWQpXsQR
   application:file-api-key-lambeth:
     secure: AAABALQTeIf/uScxASJkhmoPRhewQT94Guad4iJ7GRk0DcND8wDUG0eNxDU4+XwUQZqCnL2DP+E=
   application:file-api-key-medway:
@@ -31,6 +33,8 @@ config:
     secure: AAABAJFgaBoTWNmZyXDkGRngwU8KpOt6CeBLxGBgBG0JFMsKK7rWT39TsjJ9pL1wZaBoT0YZhCg=
   application:file-api-key-southwark:
     secure: AAABAK8LsYKKNgIS4fepW5Sh6+WKxNopxsos51eBttT7O8E8K0HYOswgrIWuYJ0R1eJHDLKRHqQ=
+  application:file-api-key-tewkesbury:
+    secure: AAABALlStpxyNG5SRQFVYJMGmCyteUkoU9XBTBJn2kcf6APdqO1JwxU4jiU9Qo6a6aZQXK60an7xbkuD2hla/UvjR7Wu7cXY
   application:google-client-id: 987324067365-vpsk3kgeq5n32ihjn760ihf8l7m5rhh8.apps.googleusercontent.com
   application:google-client-secret:
     secure: AAABAGQuqQDU4S+vR+cQaFoa6xAeWU9clVaNonQ/dq0R8Dke+o0y7ALOmYMy4fOX4Pa6HiZl85npU/cbwy8HdMYaiA==
@@ -44,8 +48,8 @@ config:
     secure: AAABANHLs3ItPxkteh0chwMP2bKuHO3ovuRLi4FsIrCqerzXVIaTLFDqNR+4KBTeMPz4cnF5tCTwsrJv9GruZdXU+lg=
   application:hasura-proxy-cpu: "512"
   application:hasura-proxy-memory: "1024"
-  application:hasura-service-scaling-minimum: "1"
   application:hasura-service-scaling-maximum: "2"
+  application:hasura-service-scaling-minimum: "1"
   application:idox-nexus-client:
     secure: AAABABprDQomVM9wJQkTMTVtUKvj9lVVVJLdpEBR5p3ibZYvSMedTOb2jztPa0vm6UCH2hilyOV2fsd+akYd3sP8Up5G26mkEKSLSSN4Nc9fu/Hi3Apn1rXHnw==
   application:idox-nexus-submission-url: https://dev.identity.idoxgroup.com/agw/submission-api
diff --git a/infrastructure/application/index.ts b/infrastructure/application/index.ts
index 21bc1ab2bf..27d85d41c2 100644
--- a/infrastructure/application/index.ts
+++ b/infrastructure/application/index.ts
@@ -384,6 +384,14 @@ export = async () => {
             name: "FILE_API_KEY_DONCASTER",
             value: config.requireSecret("file-api-key-doncaster"),
           },
+          {
+            name: "FILE_API_KEY_GLOUCESTER",
+            value: config.requireSecret("file-api-key-gloucester"),
+          },
+          {
+            name: "FILE_API_KEY_TEWKESBURY",
+            value: config.requireSecret("file-api-key-tewkesbury"),
+          },
           {
             name: "GOOGLE_CLIENT_ID",
             value: config.require("google-client-id"),