BCDA-7900: Add integration test validation for opt-out import (#963)

## 🎫 Ticket

https://jira.cms.gov/browse/BCDA-7900

## 🛠 Changes

Integration testing for opt-out lambda has had additional steps added:
- queries the database to see if the opt out file was ingested
- queries the database to see if suppression entries were created from
the ingested file

## ℹ️ Context

Integration testing is required to ensure that future changes will not
break existing functionality and that the opt-out lambda is working as
expected.

<!-- If any of the following security implications apply, this PR must
not be merged without Stephen Walter's approval. Explain in this section
and add @SJWalter11 as a reviewer.
  - Adds a new software dependency or dependencies.
  - Modifies or invalidates one or more of our security controls.
  - Stores or transmits data that was not stored or transmitted before.
- Requires additional review of security implications for other reasons.
-->

## 🧪 Validation

Ran using happy and unhappy paths. Validated that sensitive data is not
printed to stderr or stdout in the event of an issue, and that the file is actually ingested into application database.

.github/workflows/opt-out-import-test-integration.yml

@@ -13,6 +13,7 @@ concurrency:
   group: opt-out-import-test-integration
 
 jobs:
+
   # Deploy first if triggered by pull_request
   deploy:
     if: ${{ github.event_name == 'pull_request' }}
@@ -29,6 +30,8 @@ jobs:
     defaults:
       run:
         working-directory: ./optout
+    outputs:
+      filename: ${{ steps.createfile.outputs.FILENAME }}
     steps:
       - uses: actions/checkout@v4
       - uses: aws-actions/configure-aws-credentials@v4
@@ -43,9 +46,50 @@ jobs:
           role-chaining: true
           role-skip-session-tagging: true
       - name: Upload test file to the BFD bucket to trigger lambda function via SNS message
+        id: createfile
         run: |
-          aws s3 cp --no-progress ../shared_files/synthetic1800MedicareFiles/test/T\#EFT.ON.ACO.NGD1800.DPRF.D181120.T1000009 \
-            s3://bfd-test-eft/bfdeft01/bcda/in/T.NGD.DPC.RSP.D$(date +'%y%m%d').T$(date +'%H%M%S')1.IN
-
-  # TODO Check bucket for response file
-  # TODO Run another job to check database for update
+          fname=T\#EFT.ON.ACO.NGD1800.DPRF.D$(date +'%y%m%d').T$(date +'%H%M%S')1
+          echo "FILENAME=$fname" >> "$GITHUB_OUTPUT"
+          aws s3 cp ../shared_files/synthetic1800MedicareFiles/test/T\#EFT.ON.ACO.NGD1800.DPRF.D181120.T1000009 \
+            s3://bfd-test-eft/bfdeft01/bcda/in/test/$fname
+            
+  verify:
+    needs: trigger
+    runs-on: self-hosted
+    env: 
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
+    steps:
+      - uses: actions/checkout@v3
+      - uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/bcda-test-github-actions
+      - name: Install psql
+        run: |
+            sudo amazon-linux-extras install postgresql14
+      - name: Get database credentials
+        uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            CONNECTION_INFO=/bcda/test/api/DATABASE_URL
+      - name: Verify suppression file was ingested
+        env:
+          FILENAME: ${{needs.trigger.outputs.filename}}
+        # CAUTION: if changing the script below, validate that sensitive information is not printed in the workflow
+        run: |
+          HOST=$(aws rds describe-db-instances --db-instance-identifier bcda-test-rds 2>&1 | jq -r '.DBInstances[0].Endpoint.Address' 2>&1)
+          CONNECTION_URL=$(echo $CONNECTION_INFO 2>&1 | sed -E "s/@.*\/bcda/\@$HOST\/bcda/" 2>&1)
+          SUPPRESSION_FILE=`psql -t "$CONNECTION_URL" -c "SELECT id FROM suppression_files WHERE name = '$FILENAME' LIMIT 1" 2>&1`
+          if [[ $? -ne 0 || -z $SUPPRESSION_FILE ]]; then
+            echo "suppression_file query returned zero results or command failed"
+            exit 1
+          else
+            SUPPRESSIONS=`psql -t "$CONNECTION_URL" -c "SELECT count(mbi) FROM suppressions WHERE file_id = $SUPPRESSION_FILE" 2>&1`
+              if [[ $? -ne 0 || -z $SUPPRESSIONS ]]; then
+                echo "suppressions query returned zero results or command failed"
+                exit 1
+              fi
+          fi
+