B-21322 TPPS ECS Scheduled Task - INT

[traskowskycaci]

https://dp3.atlassian.net/wiki/spaces/MT/pages/1469284485/How+to+create+an+ECS+Scheduled+Task

Agility ticket

Summary

The responsibility of this scheduled task is to grab a TPPS payment file from an S3 bucket, check its ClamAV status to ensure it's CLEAN, and if CLEAN, process the file line by line and store it in our database. Each line in the payment file has an invoice number that will match up to a payment request number.

If no matching payment request number is found, or some error with one line is found, we will continue to process the rest of the entries in the file so that one bad row doesn't keep the rest of the good data in that file from being processed.

This task will run once daily, processing the payment file for the previous day's date. This matches the cadence of the TPPS lambda, which is the service responsible for putting the payment files into the S3 bucket for this new task service to process from that point.

AWS Config

S3 permissions needed in each environment for this task:

- ListBucket
- GetObject
- GetDataAccess

Parameters added for this work to the AWS parameter store:

• Please check that these parameters have been added to the exp at time of int review, and at the time of main review, instg, and prd environments. The below links are for the exp env

1. /app-exp/process_tpps_custom_date_file: Parameter than can be modified if we want to process a custom dated TPPS payment file as opposed to the scheduled daily run where we process the previous day's payment file

2. /app-exp/tpps_s3_bucket: S3 bucket path for the TPPS payment files
   

3. /app-exp/tpps_s3_folder: S3 subfolder inside bucket path for the TPPS payment files

Testing in the exp environment

To test:

1. Run the task locally (it will fail) with go run ./cmd/milmove-tasks process-tpps.

2. Verify that you see that we are trying to process yesterday's date - look for "Starting processing of TPPS data for" the date in the logs.

3. Log in to the experimental environment with aws-vault login transcom-gov-milmove-exp

4. Verify that the /app-exp/process_tpps_custom_date_file, /app-exp/tpps_s3_bucket, and /app-exp/tpps_s3_folder variables exist and have defined values in the AWS parameter store.

5. Review the ECS task revisions, created by pushing changes to exp, here: https://us-gov-west-1.console.amazonaws-us-gov.com/ecs/v2/task-definitions/app-exp-process-tpps?region=us-gov-west-1&status=ACTIVE#

6. Click on the most recent revision, then check the JSON for the task. Scroll down to secrets. Ensure you see that we linked the parameter store values with the valueFrom attribute, similar to this:

  {
      "name": "PROCESS_TPPS_CUSTOM_DATE_FILE",
      "valueFrom": "****:parameter/app-exp/process_tpps_custom_date_file"
  },
  {
      "name": "TPPS_S3_BUCKET",
      "valueFrom": "****:parameter/app-exp/tpps_s3_bucket"
  },
  {
      "name": "TPPS_S3_FOLDER",
      "valueFrom": "****:parameter/app-exp/tpps_s3_folder"
  },

7. Review the (many) process-tpps logs here. This was set to run hourly while we test this, but will be running once a day in prod.

8. It's a little tough to test this without full AWS permissions, but the basic way to test in experimental is to

- ensure we have a payment request created that matches one or more invoice numbers in the payment request file
- run the process-tpps task
- verify that the database has a matching entry in the tpps_paid_invoice_reports table for the payment request number
- verify the status of the payment request is updated to TPPS PAID

9. For a file with some payment data in it, here's a test in exp - screenshot of the file to begin with, we are going to focus on the first 3 lines:

10. For a move that exists in experimental, I had Dre add payment requests with numbers 0002-1388-1, 0015-0514-1, and 0017-3934-1 to move 89WM9H by manually running this script:

insert into payment_requests
-- 1
VALUES ('b064d62a-9576-402a-b806-41933339c741', -- id
false, --is_final
'rejected', -- rejection_reason
'2025-02-06 00:00:00.000', -- created_at
'2024-02-06 00:00:00.000', -- updated_at
'6b16c75c-19cc-4008-acc8-652bddf34b12', -- move_id
'TPPS_RECEIVED', -- status
'2025-02-06 00:00:00.000', -- requested_at
'2025-02-06 00:00:00.000', -- reviewed_at
'2025-02-06 00:00:00.000', -- sent_to_gex_at
'2025-02-06 00:00:00.000', --received_by_gex_at
NULL, -- paid_at
'0002-1388-1', -- payment_request_number
'2'--, -- sequence_number
--'' -- recalculation_of_payment_request_id
);

insert into payment_requests
-- 1
VALUES ('b064d62a-9576-402a-b806-41933339c746', -- id
false, --is_final
'rejected', -- rejection_reason
'2025-02-06 00:00:00.000', -- created_at
'2024-02-06 00:00:00.000', -- updated_at
'6b16c75c-19cc-4008-acc8-652bddf34b12', -- move_id
'TPPS_RECEIVED', -- status
'2025-02-06 00:00:00.000', -- requested_at
'2025-02-06 00:00:00.000', -- reviewed_at
'2025-02-06 00:00:00.000', -- sent_to_gex_at
'2025-02-06 00:00:00.000', --received_by_gex_at
NULL, -- paid_at
'0015-0514-1', -- payment_request_number
'3'--, -- sequence_number
--'' -- recalculation_of_payment_request_id
);

insert into payment_requests
-- 1
VALUES ('b064d62a-9576-402a-b806-41933339c742', -- id
fals
```e, --is_final
'rejected', -- rejection_reason
'2025-02-06 00:00:00.000', -- created_at
'2024-02-06 00:00:00.000', -- updated_at
'6b16c75c-19cc-4008-acc8-652bddf34b12', -- move_id
'TPPS_RECEIVED', -- status
'2025-02-06 00:00:00.000', -- requested_at
'2025-02-06 00:00:00.000', -- reviewed_at
'2025-02-06 00:00:00.000', -- sent_to_gex_at
'2025-02-06 00:00:00.000', --received_by_gex_at
NULL, -- paid_at
'0017-3934-1', -- payment_request_number
'4'--, -- sequence_number
--'' -- recalculation_of_payment_request_id
);

11. Exp logs from processing a hard-coded date file of 20250802 since I knew there was data in that file. I'll draw your attention to a specific few spots in the logs, since there are tons of logs here while we test. They will be nowhere near as excessive in prod since we will have matching payment requests already so we shouldn't very many, if any at all, errors saving entries to the DB:
    https://us-gov-west-1.console.amazonaws-us-gov.com/cloudwatch/home?region=us-gov-west-1#logsV2:log-groups/log-group/ecs-tasks-app-exp/log-events/app-tasks$252Fapp-tasks-process-tpps-exp$252F6641579e32df4ba98f7061581425af26

{
    "level": "info",
    "ts": "2025-02-11T05:16:17.458Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:76",
    "msg": "Successfully parsed data from the TPPS paid invoice report: /tmp/MILMOVE-en20250208.csv"
}
{
    "level": "info",
    "ts": "2025-02-11T05:16:17.555Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0002-1388-1"
}
{
    "level": "info",
    "ts": "2025-02-11T05:16:17.563Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0015-0514-1"
}
{
    "level": "info",
    "ts": "2025-02-11T05:16:17.568Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0017-3934-1"
}
{
    "level": "warn",
    "ts": "2025-02-11T05:16:17.576Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:282",
    "msg": "Skipping entry due to missing foreign key reference for invoice number 0057-0177-1"
}

12. Note that the logs show that we are processing the MILMOVE-en20250208.csv file, and inserted 3 rows into the database from that file (since there were matching payment requests for that file).

13. Verify that the tpps_paid_invoice_reports table contains these three rows (Cameron, Dre, or someone with elevated permissions may need to assist here):

14. Checking out the move that had the payment requests added to it (which is in sort of a weird state because before adding the payment request to it, was only in Service Counseling Completed status) we can see that the payment request is now:

• in the TPPS paid status and
• Has an amount paid that matches the dollar amount from the .csv file for the one service item we processed

* Ignore the 0013-8814-3 payment request number on this move, that's from a previous test with a payment file from a different day - MILMOVE-en20250116.

Another test case, testing out the AC:

Given MilMove can connect to the TPPS SFTP server
When a file in app-transfer-usbank-exp-us-gov-west-1/connector-files needs to be processed outside of the scheduled daily task run of the previous day's payment file
Then the file can be processed by setting a date for the AWS parameter value, and manually rerunning the process-tpps scheduled task.

1. I created a move in experimental, move GG6BG8 with move id 3c282057-b14a-48a7-aaf8-e4b81237fd10

2. I looked at the payment file of CSFTP1771/Pickup/MILMOVE-en20250122.csv, and picked 3 payment requests I wanted to process from the file:

• 0010-1257-1
• 0060-1754-1
• 0185-2099-2
  

3. I asked Cameron to insert payment requests matching those numbers into the exp DB for me with this script:

insert into payment_requests
-- 1
VALUES ('b064d62a-9576-402a-b806-41933339c713', -- id
false, --is_final
'rejected', -- rejection_reason
'2025-02-06 00:00:00.000', -- created_at
'2024-02-06 00:00:00.000', -- updated_at
'3c282057-b14a-48a7-aaf8-e4b81237fd10', -- move_id
'TPPS_RECEIVED', -- status
'2025-02-06 00:00:00.000', -- requested_at
'2025-02-06 00:00:00.000', -- reviewed_at
'2025-02-06 00:00:00.000', -- sent_to_gex_at
'2025-02-06 00:00:00.000', --received_by_gex_at
NULL, -- paid_at
'0010-1257-1', -- payment_request_number
'1'--, -- sequence_number
--'' -- recalculation_of_payment_request_id
);

insert into payment_requests
-- 1
VALUES ('b064d62a-9576-402a-b806-41933339c714', -- id
false, --is_final
'rejected', -- rejection_reason
'2025-02-06 00:00:00.000', -- created_at
'2024-02-06 00:00:00.000', -- updated_at
'3c282057-b14a-48a7-aaf8-e4b81237fd10', -- move_id
'TPPS_RECEIVED', -- status
'2025-02-06 00:00:00.000', -- requested_at
'2025-02-06 00:00:00.000', -- reviewed_at
'2025-02-06 00:00:00.000', -- sent_to_gex_at
'2025-02-06 00:00:00.000', --received_by_gex_at
NULL, -- paid_at
'0060-1754-1', -- payment_request_number
'2'--, -- sequence_number
--'' -- recalculation_of_payment_request_id
);

insert into payment_requests
-- 1
VALUES ('b064d62a-9576-402a-b806-41933339c715', -- id
false, --is_final
'rejected', -- rejection_reason
'2025-02-06 00:00:00.000', -- created_at
'2024-02-06 00:00:00.000', -- updated_at
'3c282057-b14a-48a7-aaf8-e4b81237fd10', -- move_id
'TPPS_RECEIVED', -- status
'2025-02-06 00:00:00.000', -- requested_at
'2025-02-06 00:00:00.000', -- reviewed_at
'2025-02-06 00:00:00.000', -- sent_to_gex_at
'2025-02-06 00:00:00.000', --received_by_gex_at
NULL, -- paid_at
'0185-2099-2', -- payment_request_number
'3'--, -- sequence_number
--'' -- recalculation_of_payment_request_id
);

5. I asked Bright Stars to update the /app-exp/process_tpps_custom_date_file parameter store value to be MILMOVE-en20250122.csv.
   

6. I asked Bright Stars to manually run the task and verified in the logs that:

• The task processed the expected file

{
    "level": "info",
    "ts": "2025-02-11T17:10:57.467Z",
    "caller": "milmove-tasks/process_tpps.go:153",
    "msg": "Starting transfer of TPPS data file: MILMOVE-en20250122.csv"
}

• The av-status was clean

{
    "level": "info",
    "ts": "2025-02-11T17:10:57.514Z",
    "caller": "milmove-tasks/process_tpps.go:178",
    "msg": "av-status is CLEAN for TPPS file: MILMOVE-en20250122.csv"
}

• I successfully stored data in the database for the expected rows with invoice numbers matching existing payment requests:

{
    "level": "info",
    "ts": "2025-02-11T17:10:57.777Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0010-1257-1"
}
{
    "level": "info",
    "ts": "2025-02-11T17:10:57.783Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0060-1754-1"
}
{
    "level": "info",
    "ts": "2025-02-11T17:10:57.815Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0185-2099-2"
}
{
    "level": "info",
    "ts": "2025-02-11T17:10:57.822Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:292",
    "msg": "Successfully saved entry in DB for invoice number: 0185-2099-2"
}

• The other entries were skipped, as expected, since no payment request matched the invoice number
• I stored 4 rows total in the DB:

{
    "level": "info",
    "ts": "2025-02-11T17:11:00.823Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:84",
    "msg": "Rows successfully stored in DB: 4"
}

• I updated 3 payment request statuses to paid (the last payment request, 0185-2099-2, had two corresponding TPPS file rows for it which is where the 3 payment requests but 4 rows comes from)

{
    "level": "info",
    "ts": "2025-02-11T17:11:00.869Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:146",
    "msg": "Updated payment request status to PAID",
    "TPPSPaidInvoiceReportEntry.InvoiceNumber": "0010-1257-1",
    "PaymentRequestNumber": "0010-1257-1",
    "PaymentRequest.Status": "PAID",
    "PaymentRequest.ID": "b064d62a-9576-402a-b806-41933339c713"
}
{
    "level": "info",
    "ts": "2025-02-11T17:11:00.878Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:146",
    "msg": "Updated payment request status to PAID",
    "TPPSPaidInvoiceReportEntry.InvoiceNumber": "0060-1754-1",
    "PaymentRequestNumber": "0060-1754-1",
    "PaymentRequest.Status": "PAID",
    "PaymentRequest.ID": "b064d62a-9576-402a-b806-41933339c714"
}
{
    "level": "info",
    "ts": "2025-02-11T17:11:00.900Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:146",
    "msg": "Updated payment request status to PAID",
    "TPPSPaidInvoiceReportEntry.InvoiceNumber": "0185-2099-2",
    "PaymentRequestNumber": "0185-2099-2",
    "PaymentRequest.Status": "PAID",
    "PaymentRequest.ID": "b064d62a-9576-402a-b806-41933339c715"
}
{
    "level": "info",
    "ts": "2025-02-11T17:11:02.098Z",
    "caller": "invoice/process_tpps_paid_invoice_report.go:131",
    "msg": "Payment requests that had status updated to PAID in DB: 3"
}

7. I asked Bright Stars to set the /app-exp/process_tpps_custom_date_file parameter store value back to MILMOVE-enYYYYMMDD.csv

8. I asked Cameron to check the exp DB for me to confirm that those payment requests were inserted:

app=> select * from tpps_paid_invoice_reports where invoice_number = '0010-1257-1' or invoice_number = '0060-1754-1' or invoice_number = '0185-2099-2';
-[ RECORD 1 ]-----------------------+-------------------------------------
id                                  | adb47e59-0573-44cc-abde-db59b926df01
invoice_number                      | 0010-1257-1
tpps_created_doc_date               | 2025-01-17 00:00:00
seller_paid_date                    | 2025-01-21 00:00:00
invoice_total_charges_in_millicents | 56255000
line_description                    | MS
product_description                 | MS
line_billing_units                  | 1
line_unit_price_in_millicents       | 56255000
line_net_charge_in_millicents       | 56255000
po_tcn                              | 0010-1257-17bfe657
line_number                         | 1
first_note_code                     |
first_note_description              |
first_note_to                       |
first_note_message                  |
second_note_code                    |
second_note_description             |
second_note_to                      |
second_note_message                 |
third_note_code                     |
third_note_code_description         |
third_note_code_to                  |
third_note_code_message             |
created_at                          | 2025-02-11 17:10:57.770502
updated_at                          | 2025-02-11 17:10:57.770502
-[ RECORD 2 ]-----------------------+-------------------------------------
id                                  | e531d4d0-9506-4521-90aa-70dfc7f18c8b
invoice_number                      | 0060-1754-1
tpps_created_doc_date               | 2025-01-17 00:00:00
seller_paid_date                    | 2025-01-21 00:00:00
invoice_total_charges_in_millicents | 56255000
line_description                    | MS
product_description                 | MS
line_billing_units                  | 1
line_unit_price_in_millicents       | 56255000
line_net_charge_in_millicents       | 56255000
po_tcn                              | 0060-1754-87efc711
line_number                         | 1
first_note_code                     |
first_note_description              |
first_note_to                       |
first_note_message                  |
second_note_code                    |
second_note_description             |
second_note_to                      |
second_note_message                 |
third_note_code                     |
third_note_code_description         |
third_note_code_to                  |
third_note_code_message             |
created_at                          | 2025-02-11 17:10:57.781226
updated_at                          | 2025-02-11 17:10:57.781226
-[ RECORD 3 ]-----------------------+-------------------------------------
id                                  | 6dab73f2-ce3e-44e9-a9c1-ec3ccca04e4f
invoice_number                      | 0185-2099-2
tpps_created_doc_date               | 2025-01-17 00:00:00
seller_paid_date                    | 2025-01-21 00:00:00
invoice_total_charges_in_millicents | 48908000
line_description                    | DOP
product_description                 | DOP
line_billing_units                  | 1765
line_unit_price_in_millicents       | 1250
line_net_charge_in_millicents       | 2206000
po_tcn                              | 0185-2099-73677537
line_number                         | 1
first_note_code                     |
first_note_description              |
first_note_to                       |
first_note_message                  |
second_note_code                    |
second_note_description             |
second_note_to                      |
second_note_message                 |
third_note_code                     |
third_note_code_description         |
third_note_code_to                  |
third_note_code_message             |
created_at                          | 2025-02-11 17:10:57.812671
updated_at                          | 2025-02-11 17:10:57.812671
-[ RECORD 4 ]-----------------------+-------------------------------------
id                                  | 89b2b8c7-bfad-4adb-be7b-b6cf4d57ef26
invoice_number                      | 0185-2099-2
tpps_created_doc_date               | 2025-01-17 00:00:00
seller_paid_date                    | 2025-01-21 00:00:00
invoice_total_charges_in_millicents | 48908000
line_description                    | DPK
product_description                 | DPK
line_billing_units                  | 1765
line_unit_price_in_millicents       | 26460
line_net_charge_in_millicents       | 46702000
po_tcn                              | 0185-2099-355b5ccc
line_number                         | 2
first_note_code                     |
first_note_description              |
first_note_to                       |
first_note_message                  |
second_note_code                    |
second_note_description             |
second_note_to                      |
second_note_message                 |
third_note_code                     |
third_note_code_description         |
third_note_code_to                  |
third_note_code_message             |
created_at                          | 2025-02-11 17:10:57.819923
updated_at                          | 2025-02-11 17:10:57.819923

Next steps after testing in exp

Higher environment to-dos after this works in experimental:

• Make sure S3 bucket is created and pulled in files on the daily run of the lambda

• Check that the retention policy is set to 30 days for the TPPS files (see proof of 30 day retention policy for exp below)

• Add the two parameter store values

• Set both of those as environment variables keys in the ecs task

• Add this to .gitlab-ci.yml under deploy_tasks_stg and deploy_tasks_prd (was already added to deploy_tasks_dp3 for exp work):

- echo "Deploying process TPPS task service"
- ./scripts/ecs-deploy-task-container process-tpps "${ECR_REPOSITORY_URI}/app-tasks@${ECR_DIGEST}" "${APP_ENVIRONMENT}"

• add this to config.yml under deploy_tasks_steps (was already added to deploy_dp3_tasks_steps for exp work):

- run:
          name: Deploy process TPPS files service
          command: scripts/do-exclusively --job-name ${CIRCLE_JOB} scripts/ecs-deploy-task-container process-tpps "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/app-tasks@${ECR_DIGEST}" "${APP_ENVIRONMENT}"
          no_output_timeout: 20m
      - announce_failure

• add this to Dockerfile.tasks ( was already added to Dockerfile.tasks_dp3):

# Mount mutable tmp for process-tpps
# hadolint ignore=DL3007
VOLUME ["/tmp"]

Bright Stars work that enables the work here:

In the terraform-aws-app-environment repo:

• https://github.com/transcom/terraform-aws-app-environment/pull/517

In the transcom-infrasec-gov-nonato repo:

• https://github.com/transcom/transcom-infrasec-gov-nonato/pull/1256
• https://github.com/transcom/transcom-infrasec-gov-nonato/pull/1257

POA Notes:

Proof of 30 day file retention on the S3 bucket in the exp environment:

[traskowskycaci]

Also re-requesting @cameroncaci since I added a commit to deploy latest 21322 int branch to exp

[cameroncaci]

reapproving

[traskowskycaci]

Leaving higher level env script updates as commented out/not added yet. Will have a follow up PR when necessary higher level AWS changes are in place to pull in the script updates to this file.

[deandreJones]

changes in this file is unnecessary
circle no more

[traskowskycaci]

Removed those changes here

[traskowskycaci]

Leaving higher level env script updates as commented out/not added yet. Will have a follow up PR when necessary higher level AWS changes are in place to pull in the script updates to this file.

[traskowskycaci]

Parameters added to loadtest environment:
/app-loadtest/process_tpps_custom_date_file: Parameter than can be modified if we want to process a custom dated TPPS payment file as opposed to the scheduled daily run where we process the previous day's payment file
/app-loadtest/tpps_s3_bucket: S3 bucket path for the TPPS payment files
/app-loadtest/tpps_s3_folder: S3 subfolder inside bucket path for the TPPS payment files

[traskowskycaci]

Re-requesting reviews from @cameroncaci and @deandreJones, removed changes from config.yml

[cameroncaci]

📮