Create new Entra events bridge container
Description
Create new service within ucam-faas that bridges Entra ID azure events and publishes them to a pubsub topic.
Service should be generic and support adding more azure in future without breaking changes. E.g. naming topics appropriately and using multiple terraform resource indexing.
Further details
This service should be a new container build output from this repository, that can be configured to accept webhook endpoint requests and publish them to a topic.
It must be configurable with:
- Expected Azure service principal GUID for authentication
- PubSub topic to write events to
It should have a single endpoint that:
- Accepts POST requests
- Validates that the request is a webhook request
- Authenticates that the request came from the expected Azure service principal
- Publishes the request data body to the configured PubSub topic
Azure also does some validation that checks whether the webhook URL we specify is happy that it's being used as a webhook. This service should also be able to handle that:
Log when the OIDC token validation fails, especially distinguishing when a valid token is given but the service principal was wrong.
Task list
Acceptance criteria
-
Webhook serving container exists that: -
Can authenticate incoming webhook calls -
entra webhook events are published to a topic exactly as received
-
Links/references
AWS/SNS -> pubsub
https://gitlab.developers.cam.ac.uk/uis/devops/user-notify/infrastructure/-/blob/main/functions/seseventhandler/main.py?ref_type=heads https://gitlab.developers.cam.ac.uk/uis/devops/user-notify/infrastructure/-/blob/main/ses-events.tf?ref_type=heads