diff --git a/.github/workflows/full-lambdas-dispatch-deploy.yml b/.github/workflows/full-lambdas-dispatch-deploy.yml index 47ee5091a..61676a257 100644 --- a/.github/workflows/full-lambdas-dispatch-deploy.yml +++ b/.github/workflows/full-lambdas-dispatch-deploy.yml @@ -4,7 +4,6 @@ on: repository_dispatch: types: lambda-dispatch-deploy - permissions: pull-requests: write id-token: write # This is required for requesting the JWT @@ -13,8 +12,7 @@ permissions: jobs: view_action_parameters: runs-on: ubuntu-latest - steps: - + steps: - name: Display client passed variables run: | echo Environement Equals: ${{ github.event.client_payload.environment }} @@ -37,9 +35,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environment - run: | + run: | make env - + - name: Start virtual environment run: | source ./lambdas/venv/bin/activate @@ -58,7 +56,7 @@ jobs: environment: ${{ github.event.client_payload.environment }} strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] needs: ["python_lambdas_test"] steps: @@ -71,7 +69,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environment - run: | + run: | make env - name: Configure AWS Credentials @@ -84,21 +82,21 @@ jobs: - name: Create release package for Create Document Reference run: | make lambda_name=create_document_reference_handler zip - + - name: Upload Lambda Function for CreateDocRefLambda uses: appleboy/lambda-action@master with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.client_payload.sandbox }}_CreateDocRefLambda zip_file: package_lambdas_create_document_reference_handler.zip - + python_deploy_search_patient_details_lambda: runs-on: ubuntu-latest environment: ${{ github.event.client_payload.environment }} strategy: matrix: - python-version: [ "3.11" ] - needs: [ "python_lambdas_test" ] + python-version: ["3.11"] + needs: ["python_lambdas_test"] steps: - name: Checkout @@ -138,8 +136,8 @@ jobs: environment: ${{ github.event.client_payload.environment }} strategy: matrix: - python-version: [ "3.11" ] - needs: [ "python_lambdas_test" ] + python-version: ["3.11"] + needs: ["python_lambdas_test"] steps: - name: Checkout @@ -211,4 +209,43 @@ jobs: with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.client_payload.sandbox }}_LloydGeorgeStitchLambda - zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip \ No newline at end of file + zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test"] + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ github.event.inputs.sandboxWorkspace}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/lambdas-deploy-feature-to-sandbox.yml b/.github/workflows/lambdas-deploy-feature-to-sandbox.yml index f5290fc7f..f8b03d365 100644 --- a/.github/workflows/lambdas-deploy-feature-to-sandbox.yml +++ b/.github/workflows/lambdas-deploy-feature-to-sandbox.yml @@ -37,9 +37,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environment - run: | + run: | make env - + - name: Start virtual environment run: | source ./lambdas/venv/bin/activate @@ -58,7 +58,7 @@ jobs: environment: development strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] needs: ["python_lambdas_test"] steps: @@ -73,7 +73,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environment - run: | + run: | make env - name: Configure AWS Credentials @@ -86,21 +86,21 @@ jobs: - name: Create release package for Create Document Reference run: | make lambda_name=create_document_reference_handler zip - + - name: Upload Lambda Function for CreateDocRefLambda uses: appleboy/lambda-action@master with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.inputs.sandboxWorkspace}}_CreateDocRefLambda zip_file: package_lambdas_create_document_reference_handler.zip - + python_deploy_search_patient_details_lambda: runs-on: ubuntu-latest environment: development strategy: matrix: - python-version: [ "3.11" ] - needs: [ "python_lambdas_test" ] + python-version: ["3.11"] + needs: ["python_lambdas_test"] steps: - name: Checkout @@ -140,8 +140,8 @@ jobs: environment: development strategy: matrix: - python-version: [ "3.11" ] - needs: [ "python_lambdas_test" ] + python-version: ["3.11"] + needs: ["python_lambdas_test"] steps: - name: Checkout @@ -254,7 +254,6 @@ jobs: function_name: ${{ github.event.inputs.sandboxWorkspace}}_LoginRedirectHandler zip_file: package_lambdas_login_redirect_handler.zip - python_deploy_authoriser_lambda: runs-on: ubuntu-latest environment: test @@ -294,7 +293,6 @@ jobs: function_name: ${{ github.event.inputs.sandboxWorkspace}}_AuthoriserLambda zip_file: package_lambdas_authoriser_handler.zip - python_deploy_token_request_lambda: runs-on: ubuntu-latest environment: test @@ -411,7 +409,6 @@ jobs: function_name: ${{ github.event.inputs.sandboxWorkspace}}_LloydGeorgeStitchLambda zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip - python_deploy_bulk_upload_metadata_lambda: runs-on: ubuntu-latest environment: development @@ -488,4 +485,43 @@ jobs: with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.inputs.sandboxWorkspace}}_BulkUploadLambda - zip_file: package_lambdas_bulk_upload_handler.zip \ No newline at end of file + zip_file: package_lambdas_bulk_upload_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test"] + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ github.event.inputs.sandboxWorkspace}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/lambdas-deploy-to-perf-manual.yml b/.github/workflows/lambdas-deploy-to-perf-manual.yml index ab183e50a..9aa6c87c9 100644 --- a/.github/workflows/lambdas-deploy-to-perf-manual.yml +++ b/.github/workflows/lambdas-deploy-to-perf-manual.yml @@ -28,7 +28,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - fetch-depth: '0' + fetch-depth: "0" ref: ${{ github.event.inputs.buildBranch}} - name: Set up Python ${{ matrix.python-version }} @@ -37,9 +37,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - + - name: Start virtual environement run: | source ./lambdas/venv/bin/activate @@ -60,21 +60,21 @@ jobs: strategy: matrix: python-version: ["3.11"] - + steps: - name: Checkout uses: actions/checkout@v3 with: - fetch-depth: '0' + fetch-depth: "0" ref: ${{ github.event.inputs.buildBranch}} - + - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -87,14 +87,14 @@ jobs: - name: Create release package for Create Document Reference run: | make lambda_name=create_document_reference_handler zip - + - name: Upload Lambda Function for CreateDocRefLambda uses: appleboy/lambda-action@master with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ vars.BUILD_ENV }}_CreateDocRefLambda zip_file: package_lambdas_create_document_reference_handler.zip - + python_deploy_search_patient_details_lambda: runs-on: ubuntu-latest environment: perf @@ -108,14 +108,14 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.buildBranch}} - + - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -128,7 +128,7 @@ jobs: - name: Create release package for Search Patient Details Reference run: | make lambda_name=search_patient_details_handler zip - + - name: Upload Lambda Function for SearchPatientDetailsHandler uses: appleboy/lambda-action@master with: @@ -139,7 +139,7 @@ jobs: python_deploy_document_reference_search_lambda: runs-on: ubuntu-latest environment: perf - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -176,11 +176,11 @@ jobs: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.inputs.sandboxWorkspace}}_SearchDocumentReferencesLambda zip_file: package_lambdas_document_reference_search_handler.zip - + python_deploy_document_manifest_by_nhs_number_lambda: runs-on: ubuntu-latest environment: perf - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -221,7 +221,7 @@ jobs: python_deploy_login_redirect_lambda: runs-on: ubuntu-latest environment: perf - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -262,7 +262,7 @@ jobs: python_deploy_authoriser_lambda: runs-on: ubuntu-latest environment: perf - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -303,7 +303,7 @@ jobs: python_deploy_token_lambda: runs-on: ubuntu-latest environment: perf - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -344,7 +344,7 @@ jobs: python_deploy_logout_handler_lambda: runs-on: ubuntu-latest environment: perf - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -419,4 +419,43 @@ jobs: with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.inputs.sandboxWorkspace}}_LloydGeorgeStitchLambda - zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip \ No newline at end of file + zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test"] + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ github.event.inputs.sandboxWorkspace}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/lambdas-deploy-to-pre-prod-manual.yml b/.github/workflows/lambdas-deploy-to-pre-prod-manual.yml index c4282742e..0d966b66a 100644 --- a/.github/workflows/lambdas-deploy-to-pre-prod-manual.yml +++ b/.github/workflows/lambdas-deploy-to-pre-prod-manual.yml @@ -9,7 +9,6 @@ permissions: contents: read # This is required for actions/checkout jobs: - tag_and_release: runs-on: ubuntu-latest environment: pre-prod @@ -22,29 +21,28 @@ jobs: permissions: write-all steps: + - uses: actions/checkout@v3 + with: + ref: main + fetch-depth: "0" - - uses: actions/checkout@v3 - with: - ref: main - fetch-depth: '0' - - - name: Bump version and push tag - id: versioning - uses: anothrNick/github-tag-action@1.64.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: false - DEFAULT_BUMP: patch - - - name: View outputs - run: | - echo Current tag: ${{steps.versioning.outputs.tag}} - echo New tag: ${{steps.versioning.outputs.new_tag}} + - name: Bump version and push tag + id: versioning + uses: anothrNick/github-tag-action@1.64.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + + - name: View outputs + run: | + echo Current tag: ${{steps.versioning.outputs.tag}} + echo New tag: ${{steps.versioning.outputs.new_tag}} python_lambdas_test: runs-on: ubuntu-latest environment: pre-prod - needs: ['tag_and_release'] + needs: ["tag_and_release"] strategy: matrix: python-version: ["3.11"] @@ -54,7 +52,7 @@ jobs: uses: actions/checkout@v3 with: ref: ${{needs.tag_and_release.outputs.tag}} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 @@ -64,7 +62,7 @@ jobs: - name: Make virtual environement run: | make env - + - name: Start virtual environement run: | source ./lambdas/venv/bin/activate @@ -81,7 +79,7 @@ jobs: python_deploy_create_document_reference_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: ["python_lambdas_test", 'tag_and_release'] + needs: ["python_lambdas_test", "tag_and_release"] strategy: matrix: python-version: ["3.11"] @@ -91,7 +89,7 @@ jobs: uses: actions/checkout@v3 with: ref: ${{needs.tag_and_release.outputs.tag}} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 @@ -101,7 +99,7 @@ jobs: - name: Make virtual environment run: | make env - + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: @@ -112,14 +110,14 @@ jobs: - name: Create release package for Create Document Reference run: | make lambda_name=create_document_reference_handler zip - + - name: Upload Lambda Function for CreateDocRefLambda uses: appleboy/lambda-action@master with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ vars.BUILD_ENV }}_CreateDocRefLambda zip_file: package_lambdas_create_document_reference_handler.zip - + python_deploy_search_patient_details_lambda: runs-on: ubuntu-latest environment: pre-prod @@ -133,7 +131,7 @@ jobs: uses: actions/checkout@v3 with: ref: ${{needs.tag_and_release.outputs.tag}} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 @@ -141,7 +139,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -154,7 +152,7 @@ jobs: - name: Create release package for Search Patient Details Reference run: | make lambda_name=search_patient_details_handler zip - + - name: Upload Lambda Function for SearchPatientDetailsHandler uses: appleboy/lambda-action@master with: @@ -165,7 +163,7 @@ jobs: python_deploy_document_reference_search_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -206,7 +204,7 @@ jobs: python_deploy_document_manifest_by_nhs_number_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -244,11 +242,10 @@ jobs: function_name: ${{ vars.BUILD_ENV }}_DocumentManifestByNHSNumberLambda zip_file: package_lambdas_document_manifest_by_nhs_number_handler.zip - python_deploy_login_redirect_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -289,7 +286,7 @@ jobs: python_deploy_authoriser_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -330,7 +327,7 @@ jobs: python_deploy_token_request_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -371,7 +368,7 @@ jobs: python_deploy_logout_handler_lambda: runs-on: ubuntu-latest environment: pre-prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -412,10 +409,10 @@ jobs: python_deploy_lloyd_george_record_stitch_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] steps: - name: Checkout @@ -448,4 +445,43 @@ jobs: with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ vars.BUILD_ENV }}_LloydGeorgeStitchLambda - zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip \ No newline at end of file + zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test"] + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ github.event.inputs.sandboxWorkspace}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/lambdas-deploy-to-prod-manual.yml b/.github/workflows/lambdas-deploy-to-prod-manual.yml index f0d5f491b..5cdf8ff91 100644 --- a/.github/workflows/lambdas-deploy-to-prod-manual.yml +++ b/.github/workflows/lambdas-deploy-to-prod-manual.yml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.tagVersion}} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 @@ -34,9 +34,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - + - name: Start virtual environement run: | source ./lambdas/venv/bin/activate @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.tagVersion}} - fetch-depth: '0' + fetch-depth: "0" - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 @@ -76,15 +76,15 @@ jobs: uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - + - name: Make virtual environement - run: | + run: | make env - name: Create release package for Create Document Reference run: | make lambda_name=create_document_reference_handler zip - + - name: Upload Lambda Function for CreateDocRefLambda uses: appleboy/lambda-action@master with: @@ -105,7 +105,7 @@ jobs: uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.tagVersion}} - fetch-depth: '0' + fetch-depth: "0" - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 @@ -113,9 +113,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: @@ -126,7 +126,7 @@ jobs: - name: Create release package for Create Document Reference run: | make lambda_name=search_patient_details_handler zip - + - name: Upload Lambda Function for SearchPatientDetailsHandler uses: appleboy/lambda-action@master with: @@ -137,7 +137,7 @@ jobs: python_deploy_document_reference_search_lambda: runs-on: ubuntu-latest environment: prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -178,7 +178,7 @@ jobs: python_deploy_document_manifest_by_nhs_number_lambda: runs-on: ubuntu-latest environment: prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -219,7 +219,7 @@ jobs: python_deploy_login_redirect_lambda: runs-on: ubuntu-latest environment: prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -257,11 +257,10 @@ jobs: function_name: ${{ github.event.inputs.sandboxWorkspace}}_LoginRedirectHandler zip_file: package_lambdas_login_redirect_handler.zip - python_deploy_authoriser_lambda: runs-on: ubuntu-latest environment: prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -302,10 +301,10 @@ jobs: python_deploy_token_lambda: runs-on: ubuntu-latest environment: prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] steps: - name: Checkout @@ -343,10 +342,10 @@ jobs: python_deploy_logout_handler_lambda: runs-on: ubuntu-latest environment: prod - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] steps: - name: Checkout @@ -420,4 +419,43 @@ jobs: with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ github.event.inputs.sandboxWorkspace}}_LloydGeorgeStitchLambda - zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip \ No newline at end of file + zip_file: package_lambdas_lloyd_george_record_stitch_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test"] + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ github.event.inputs.sandboxWorkspace}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/lambdas-deploy-to-test-manual.yml b/.github/workflows/lambdas-deploy-to-test-manual.yml index f83a45079..b79f8eea4 100644 --- a/.github/workflows/lambdas-deploy-to-test-manual.yml +++ b/.github/workflows/lambdas-deploy-to-test-manual.yml @@ -33,9 +33,9 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - + - name: Start virtual environement run: | source ./lambdas/venv/bin/activate @@ -69,7 +69,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -82,7 +82,7 @@ jobs: - name: Create release package for Create Document Reference run: | make lambda_name=create_document_reference_handler zip - + - name: Upload Lambda Function for CreateDocRefLambda uses: appleboy/lambda-action@master with: @@ -110,7 +110,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -123,7 +123,7 @@ jobs: - name: Create release package for Search Patient Details Reference run: | make lambda_name=search_patient_details_handler zip - + - name: Upload Lambda Function for SearchPatientDetailsHandler uses: appleboy/lambda-action@master with: @@ -134,11 +134,11 @@ jobs: python_deploy_document_reference_search_lambda: runs-on: ubuntu-latest environment: test - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] - + steps: - name: Checkout uses: actions/checkout@v3 @@ -151,7 +151,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -175,11 +175,11 @@ jobs: python_deploy_document_manifest_by_nhs_number_lambda: runs-on: ubuntu-latest environment: test - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] - + steps: - name: Checkout uses: actions/checkout@v3 @@ -192,7 +192,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -216,7 +216,7 @@ jobs: python_deploy_login_redirect_lambda: runs-on: ubuntu-latest environment: test - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: python-version: ["3.11"] @@ -233,7 +233,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Make virtual environement - run: | + run: | make env - name: Configure AWS Credentials @@ -257,10 +257,10 @@ jobs: python_deploy_authoriser_lambda: runs-on: ubuntu-latest environment: test - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] steps: - name: Checkout @@ -298,10 +298,10 @@ jobs: python_deploy_token_lambda: runs-on: ubuntu-latest environment: test - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] steps: - name: Checkout @@ -339,10 +339,10 @@ jobs: python_deploy_logout_handler_lambda: runs-on: ubuntu-latest environment: test - needs: [ "python_lambdas_test" ] + needs: ["python_lambdas_test"] strategy: matrix: - python-version: [ "3.11" ] + python-version: ["3.11"] steps: - name: Checkout @@ -498,4 +498,43 @@ jobs: with: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ vars.BUILD_ENV}}_BulkUpload Lambda - zip_file: package_lambdas_bulk_upload_handler.zip \ No newline at end of file + zip_file: package_lambdas_bulk_upload_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test"] + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ github.event.inputs.sandboxWorkspace}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/lambdas-dev-to-main-ci.yml b/.github/workflows/lambdas-dev-to-main-ci.yml index 174d6cc86..d1e786b0b 100644 --- a/.github/workflows/lambdas-dev-to-main-ci.yml +++ b/.github/workflows/lambdas-dev-to-main-ci.yml @@ -36,6 +36,7 @@ jobs: logout_changed: ${{steps.filter.outputs.logout}} lloyd_george_stitch_changed: ${{steps.filter.outputs.lloyd_george_stitch}} bulk_upload_metadata_changed: ${{steps.filter.outputs.bulk_upload_metadata}} + back_channel_logout_changed: ${{steps.filter.outputs.back_channel_logout}} steps: - name: Checkout uses: actions/checkout@v3 @@ -73,9 +74,8 @@ jobs: - 'lambdas/handlers/lloyd_george_record_stitch_handler.py' bulk_upload_metadata: - 'lambdas/handlers/bulk_upload_metadata_handler.py' - - - + back_channel_logout: + - 'lambdas/handlers/back_channel_logout_handler.py' python_lambdas_test: runs-on: ubuntu-latest @@ -209,7 +209,7 @@ jobs: python_deploy_document_reference_search_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -256,7 +256,7 @@ jobs: python_deploy_document_manifest_by_nhs_number_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -300,11 +300,10 @@ jobs: function_name: ${{ vars.BUILD_ENV }}_DocumentManifestByNHSNumberLambda zip_file: package_lambdas_document_manifest_by_nhs_number_handler.zip - python_deploy_login_redirect_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -351,7 +350,7 @@ jobs: python_deploy_authoriser_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -398,7 +397,7 @@ jobs: python_deploy_token_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -445,7 +444,7 @@ jobs: python_deploy_logout_handler_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -489,11 +488,10 @@ jobs: function_name: ${{ vars.BUILD_ENV }}_LogoutHandler zip_file: package_lambdas_logout_handler.zip - python_deploy_lloyd_george_record_stitch_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -540,7 +538,7 @@ jobs: python_deploy_bulk_upload_metadata_lambda: runs-on: ubuntu-latest environment: development - needs: [ "python_lambdas_test", "identify_changed_functions" ] + needs: ["python_lambdas_test", "identify_changed_functions"] if: | (github.ref == 'refs/heads/main') && (needs.identify_changed_functions.outputs.utils_changed == 'true' @@ -583,3 +581,50 @@ jobs: aws_region: ${{ vars.AWS_REGION }} function_name: ${{ vars.BUILD_ENV}}_BulkUploadMetadataLambda zip_file: package_lambdas_bulk_upload_metadata_handler.zip + + python_deploy_back_channel_logout_lambda: + runs-on: ubuntu-latest + environment: development + needs: ["python_lambdas_test", "identify_changed_functions"] + if: | + (github.ref == 'refs/heads/main') + && (needs.identify_changed_functions.outputs.utils_changed == 'true' + || needs.identify_changed_functions.outputs.enums_changed == 'true' + || needs.identify_changed_functions.outputs.services_changed == 'true' + || needs.identify_changed_functions.outputs.models_changed == 'true' + || needs.identify_changed_functions.outputs.back_channel_logout_changed == 'true' + ) + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Make virtual environment + run: | + make env + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-skip-session-tagging: true + aws-region: ${{ vars.AWS_REGION }} + + - name: Create release package for Back Channel Logout Lambda + run: | + make lambda_name=back_channel_logout_handler zip + + - name: Upload Lambda Function for Back Channel Logout Lambda + uses: appleboy/lambda-action@master + with: + aws_region: ${{ vars.AWS_REGION }} + function_name: ${{ vars.BUILD_ENV}}_BackChannelLogoutHandler + zip_file: package_lambdas_back_channel_logout_handler.zip diff --git a/.github/workflows/new_base-lambdas-reusable-deploy-all.yml b/.github/workflows/new_base-lambdas-reusable-deploy-all.yml index 60d0564af..42a1c9590 100644 --- a/.github/workflows/new_base-lambdas-reusable-deploy-all.yml +++ b/.github/workflows/new_base-lambdas-reusable-deploy-all.yml @@ -117,7 +117,7 @@ jobs: lambda_aws_name: TokenRequestHandler secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_login_redirect_lambda: name: Deploy LoginRedirectHandler uses: ./.github/workflows/new_base-lambdas-reusable-deploy.yml @@ -130,7 +130,7 @@ jobs: lambda_aws_name: LoginRedirectHandler secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_authoriser_lambda: name: Deploy AuthoriserLambda uses: ./.github/workflows/new_base-lambdas-reusable-deploy.yml @@ -139,11 +139,11 @@ jobs: python_version: ${{ inputs.python_version }} build_branch: ${{ inputs.build_branch}} sandbox: ${{ inputs.sandbox }} - lambda_handler_name: authoriser_handler + lambda_handler_name: authoriser_handler lambda_aws_name: AuthoriserLambda secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_lloyd_george_record_stitch_lambda: name: Deploy LloydGeorgeStitchLambda uses: ./.github/workflows/new_base-lambdas-reusable-deploy.yml @@ -156,7 +156,7 @@ jobs: lambda_aws_name: LloydGeorgeStitchLambda secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} - + deploy_logout_handler_lambda: name: Deploy LogoutHandler uses: ./.github/workflows/new_base-lambdas-reusable-deploy.yml @@ -182,3 +182,16 @@ jobs: lambda_aws_name: BulkUploadLambda secrets: AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} + + deploy_back_channel_logout_lambda: + name: Deploy back_channel_logout_lambda + uses: ./.github/workflows/new_base-lambdas-reusable-deploy.yml + with: + environment: ${{ inputs.environment}} + python_version: ${{ inputs.python_version }} + build_branch: ${{ inputs.build_branch}} + sandbox: ${{ inputs.sandbox }} + lambda_handler_name: back_channel_logout_handler + lambda_aws_name: BackChannelLogoutHandler + secrets: + AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 234a2f94e..f69a6754d 100644 --- a/.gitignore +++ b/.gitignore @@ -96,4 +96,5 @@ node_modules/ .idea/ .vscode/ -lambdas/tests/unit/helpers/data/pdf/tmp \ No newline at end of file +lambdas/tests/unit/helpers/data/pdf/tmp +/lambdas/package_/ diff --git a/lambdas/handlers/back_channel_logout_handler.py b/lambdas/handlers/back_channel_logout_handler.py new file mode 100644 index 000000000..bfa6504f7 --- /dev/null +++ b/lambdas/handlers/back_channel_logout_handler.py @@ -0,0 +1,62 @@ +import json +import logging +import os +from botocore.exceptions import ClientError +from services.oidc_service import OidcService +from utils.decorators.ensure_env_var import ensure_environment_variables +from utils.exceptions import AuthorisationException +from services.dynamo_service import DynamoDBService +from utils.lambda_response import ApiGatewayResponse + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + + +@ensure_environment_variables( + names=["OIDC_CALLBACK_URL", "AUTH_DYNAMODB_NAME"] +) +def lambda_handler(event, context): + logger.info(f"event = {event}") + try: + body = json.loads(event["body"]) + token = body["logout_token"] + except KeyError as e: + return ApiGatewayResponse(400, f"An error occurred due to missing key: {str(e)}", + "POST").create_api_gateway_response() + return logout_handler(token) + + +def logout_handler(token): + try: + logger.info("decoding token") + oidc_service = OidcService() + decoded_token = oidc_service.validate_and_decode_token(token) + session_id = decoded_token["sid"] + remove_session_from_dynamo_db(session_id) + + except ClientError as e: + logger.error(f"Error logging out user: {e}") + return ApiGatewayResponse( + 500, """{ "error":"Internal error logging user out"}""", "POST" + ).create_api_gateway_response() + except AuthorisationException as e: + logger.error(f"error while decoding JWT: {e}") + return ApiGatewayResponse( + 400, """{ "error":"JWT was invalid"}""", "POST" + ).create_api_gateway_response() + except KeyError as e: + logger.error(f"No field 'sid' in decoded token: {e}") + return ApiGatewayResponse( + 400, """{ "error":"No sid field in decoded token"}""", "POST" + ).create_api_gateway_response() + + return ApiGatewayResponse(200, "", "POST").create_api_gateway_response() + + +def remove_session_from_dynamo_db(session_id): + logger.info(f"Session to be removed: {session_id}") + dynamodb_name = os.environ["AUTH_DYNAMODB_NAME"] + dynamodb_service = DynamoDBService() + dynamodb_service.delete_item( + key={"NDRSessionId": session_id}, table_name=dynamodb_name + ) diff --git a/lambdas/handlers/logout_handler.py b/lambdas/handlers/logout_handler.py index 3d5aef086..d4b286553 100644 --- a/lambdas/handlers/logout_handler.py +++ b/lambdas/handlers/logout_handler.py @@ -56,4 +56,4 @@ def remove_session_from_dynamo_db(session_id): dynamodb_service = DynamoDBService() dynamodb_service.delete_item( key={"NDRSessionId": session_id}, table_name=dynamodb_name - ) + ) \ No newline at end of file diff --git a/lambdas/tests/unit/handlers/conftest.py b/lambdas/tests/unit/handlers/conftest.py index 52d103260..3f2abb309 100755 --- a/lambdas/tests/unit/handlers/conftest.py +++ b/lambdas/tests/unit/handlers/conftest.py @@ -6,6 +6,7 @@ @pytest.fixture def valid_id_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009"}, } return api_gateway_proxy_event @@ -14,6 +15,7 @@ def valid_id_event(): @pytest.fixture def valid_id_and_both_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "LG,ARF"}, } return api_gateway_proxy_event @@ -22,6 +24,7 @@ def valid_id_and_both_doctype_event(): @pytest.fixture def valid_id_and_arf_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "ARF"}, } return api_gateway_proxy_event @@ -30,6 +33,7 @@ def valid_id_and_arf_doctype_event(): @pytest.fixture def valid_id_and_lg_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "LG"}, } return api_gateway_proxy_event @@ -38,6 +42,7 @@ def valid_id_and_lg_doctype_event(): @pytest.fixture def valid_id_and_invalid_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "MANGO"}, } return api_gateway_proxy_event @@ -46,6 +51,7 @@ def valid_id_and_invalid_doctype_event(): @pytest.fixture def invalid_id_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "900000000900"}, } return api_gateway_proxy_event @@ -54,6 +60,7 @@ def invalid_id_event(): @pytest.fixture def missing_id_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"invalid": ""}, } return api_gateway_proxy_event diff --git a/lambdas/tests/unit/handlers/test_back_channel_logout_handler.py b/lambdas/tests/unit/handlers/test_back_channel_logout_handler.py new file mode 100644 index 000000000..912f82b4d --- /dev/null +++ b/lambdas/tests/unit/handlers/test_back_channel_logout_handler.py @@ -0,0 +1,136 @@ +import json + +from botocore.exceptions import ClientError +import pytest +from handlers.back_channel_logout_handler import lambda_handler +from services.oidc_service import OidcService +from utils.exceptions import AuthorisationException +from utils.lambda_response import ApiGatewayResponse + + +@pytest.fixture +def mock_oidc_service(mocker): + mocker.patch.object( + OidcService, + "__init__", + return_value=None) + mock_oidc_service = mocker.patch.object( + OidcService, + "validate_and_decode_token") + yield mock_oidc_service + + +def test_returns_500_when_env_vars_not_set(): + mock_token = "mock_token" + expected = ApiGatewayResponse( + 500, + "An error occurred due to missing key: 'OIDC_CALLBACK_URL'", + "POST", + ).create_api_gateway_response() + actual = lambda_handler(build_event_from_token(mock_token), None) + + assert actual == expected + + +def test_back_channel_logout_handler_valid_jwt_returns_200_if_session_exists(mocker, mock_oidc_service, monkeypatch, + context): + monkeypatch.setenv("OIDC_CALLBACK_URL", "mock_url") + monkeypatch.setenv("AUTH_DYNAMODB_NAME", "mock_dynamo_name") + mock_token = "mock_token" + mock_session_id = "mock_session_id" + mock_decoded_token = {"sid": mock_session_id} + mock_oidc_service.return_value = mock_decoded_token + mock_dynamo_service = mocker.patch( + "handlers.back_channel_logout_handler.remove_session_from_dynamo_db" + ) + + expected = ApiGatewayResponse(200, "", "POST").create_api_gateway_response() + + actual = lambda_handler(build_event_from_token(mock_token), context) + + assert expected == actual + mock_oidc_service.asset_called_with(mock_token) + mock_dynamo_service.assert_called_with(mock_session_id) + + +def test_back_channel_logout_handler_missing_jwt_returns_400(mocker, mock_oidc_service, monkeypatch, + context): + monkeypatch.setenv("OIDC_CALLBACK_URL", "mock_url") + monkeypatch.setenv("AUTH_DYNAMODB_NAME", "mock_dynamo_name") + event = { + "httpMethod": "POST", + "body": "{}" + } + expected = ApiGatewayResponse(400, "An error occurred due to missing key: 'logout_token'", + "POST").create_api_gateway_response() + + actual = lambda_handler(event, context) + + assert expected == actual + + +def test_back_channel_logout_handler_jwt_without_session_id_returns_400(mock_oidc_service, monkeypatch): + monkeypatch.setenv("OIDC_CALLBACK_URL", "mock_url") + monkeypatch.setenv("AUTH_DYNAMODB_NAME", "mock_dynamo_name") + mock_token = "mock_token" + mock_session_id = "mock_session_id" + mock_decoded_token = {"not_an_sid": mock_session_id} + mock_oidc_service.return_value = mock_decoded_token + + expected = ApiGatewayResponse( + 400, """{ "error":"No sid field in decoded token"}""", "POST" + ).create_api_gateway_response() + + actual = lambda_handler(build_event_from_token(mock_token), None) + + assert expected == actual + mock_oidc_service.asset_called_with(mock_token) + + +def test_back_channel_logout_handler_invalid_jwt_returns_400(mock_oidc_service, monkeypatch): + monkeypatch.setenv("OIDC_CALLBACK_URL", "mock_url") + monkeypatch.setenv("AUTH_DYNAMODB_NAME", "mock_dynamo_name") + mock_token = "mock_token" + mock_oidc_service.side_effect = AuthorisationException + + expected = ApiGatewayResponse( + 400, """{ "error":"JWT was invalid"}""", "POST" + ).create_api_gateway_response() + + actual = lambda_handler(build_event_from_token(mock_token), None) + + assert expected == actual + mock_oidc_service.asset_called_with(mock_token) + + +def test_back_channel_logout_handler_boto_error_returns_500(mocker, mock_oidc_service, monkeypatch): + monkeypatch.setenv("OIDC_CALLBACK_URL", "mock_url") + monkeypatch.setenv("AUTH_DYNAMODB_NAME", "mock_dynamo_name") + mock_token = "mock_token" + mock_session_id = "mock_session_id" + mock_decoded_token = {"sid": mock_session_id} + mock_oidc_service.return_value = mock_decoded_token + mock_dynamo_service = mocker.patch( + "handlers.back_channel_logout_handler.remove_session_from_dynamo_db", + side_effect=ClientError( + {"Error": {"Code": "500", "Message": "mocked error"}}, "test" + ), + ) + + expected = ApiGatewayResponse( + 500, """{ "error":"Internal error logging user out"}""", "POST" + ).create_api_gateway_response() + + actual = lambda_handler(build_event_from_token(mock_token), None) + + assert expected == actual + mock_oidc_service.asset_called_with(mock_token) + mock_dynamo_service.assert_called_with(mock_session_id) + + +def build_event_from_token(token: str) -> dict: + body_string = {"logout_token": token} + return { + "httpMethod": "POST", + "body": json.dumps(body_string) + } diff --git a/lambdas/tests/unit/handlers/test_lloyd_george_record_stitch_handler.py b/lambdas/tests/unit/handlers/test_lloyd_george_record_stitch_handler.py index ddd11e6c4..95dd4c721 100755 --- a/lambdas/tests/unit/handlers/test_lloyd_george_record_stitch_handler.py +++ b/lambdas/tests/unit/handlers/test_lloyd_george_record_stitch_handler.py @@ -229,6 +229,7 @@ def mock_tempfile(): @pytest.fixture def joe_bloggs_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "1234567890"}, } return api_gateway_proxy_event diff --git a/lambdas/tests/unit/handlers/test_logout_request_handler.py b/lambdas/tests/unit/handlers/test_logout_handler.py similarity index 98% rename from lambdas/tests/unit/handlers/test_logout_request_handler.py rename to lambdas/tests/unit/handlers/test_logout_handler.py index ab81ec711..1729bce2b 100644 --- a/lambdas/tests/unit/handlers/test_logout_request_handler.py +++ b/lambdas/tests/unit/handlers/test_logout_handler.py @@ -103,4 +103,4 @@ def test_logout_handler_boto_error_returns_500(mocker, monkeypatch): def build_event_from_token(token: str) -> dict: - return {"headers": {"x-auth": token}} + return {"headers": {"x-auth": token}} \ No newline at end of file diff --git a/lambdas/tests/unit/services/test_ssm_service.py b/lambdas/tests/unit/services/test_ssm_service.py old mode 100644 new mode 100755 diff --git a/lambdas/tests/unit/utils/decorators/conftest.py b/lambdas/tests/unit/utils/decorators/conftest.py index ed6145228..d872ac35a 100644 --- a/lambdas/tests/unit/utils/decorators/conftest.py +++ b/lambdas/tests/unit/utils/decorators/conftest.py @@ -6,6 +6,7 @@ @pytest.fixture def valid_id_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009"}, } return api_gateway_proxy_event @@ -14,6 +15,7 @@ def valid_id_event(): @pytest.fixture def invalid_id_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "900000000900"}, } return api_gateway_proxy_event @@ -22,6 +24,7 @@ def invalid_id_event(): @pytest.fixture def missing_id_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"invalid": ""}, } return api_gateway_proxy_event @@ -43,6 +46,7 @@ class LambdaContext: @pytest.fixture def valid_id_and_arf_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "ARF"}, } return api_gateway_proxy_event @@ -51,6 +55,7 @@ def valid_id_and_arf_doctype_event(): @pytest.fixture def valid_id_and_lg_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "LG"}, } return api_gateway_proxy_event @@ -59,6 +64,7 @@ def valid_id_and_lg_doctype_event(): @pytest.fixture def valid_id_and_both_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "LG,ARF"}, } return api_gateway_proxy_event @@ -67,6 +73,7 @@ def valid_id_and_both_doctype_event(): @pytest.fixture def valid_id_and_invalid_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": "MANGO"}, } return api_gateway_proxy_event @@ -75,6 +82,7 @@ def valid_id_and_invalid_doctype_event(): @pytest.fixture def valid_id_and_nonsense_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": { "patientId": "9000000009", "docType": "sdfjfvsjhfvsukjARFfjdhtgdkjughLG", @@ -86,6 +94,7 @@ def valid_id_and_nonsense_doctype_event(): @pytest.fixture def valid_id_and_empty_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": ""}, } return api_gateway_proxy_event @@ -94,6 +103,7 @@ def valid_id_and_empty_doctype_event(): @pytest.fixture def valid_id_and_none_doctype_event(): api_gateway_proxy_event = { + "httpMethod": "GET", "queryStringParameters": {"patientId": "9000000009", "docType": None}, } return api_gateway_proxy_event diff --git a/lambdas/utils/decorators/ensure_env_var.py b/lambdas/utils/decorators/ensure_env_var.py index 341ef171c..bc4fc1bd1 100644 --- a/lambdas/utils/decorators/ensure_env_var.py +++ b/lambdas/utils/decorators/ensure_env_var.py @@ -25,7 +25,7 @@ def interceptor(event, context): if name not in os.environ: logger.info(f"missing env var: '{name}'") return ApiGatewayResponse( - 500, f"An error occurred due to missing key: '{name}'", "GET" + 500, f"An error occurred due to missing key: '{name}'", event["httpMethod"] ).create_api_gateway_response() # Validation done. Return control flow to original lambda handler diff --git a/lambdas/utils/decorators/validate_document_type.py b/lambdas/utils/decorators/validate_document_type.py index 46447a0fb..39fd25c4b 100755 --- a/lambdas/utils/decorators/validate_document_type.py +++ b/lambdas/utils/decorators/validate_document_type.py @@ -20,15 +20,15 @@ def interceptor(event, context): doc_type = event["queryStringParameters"]["docType"] if doc_type is None: return ApiGatewayResponse( - 400, "docType not supplied", "GET" + 400, "docType not supplied", event["httpMethod"] ).create_api_gateway_response() if not doc_type_is_valid(doc_type): return ApiGatewayResponse( - 400, "Invalid document type requested", "GET" + 400, "Invalid document type requested", event["httpMethod"] ).create_api_gateway_response() except KeyError as e: return ApiGatewayResponse( - 400, f"An error occurred due to missing key: {str(e)}", "GET" + 400, f"An error occurred due to missing key: {str(e)}", event["httpMethod"] ).create_api_gateway_response() # Validation done. Return control flow to original lambda handler diff --git a/lambdas/utils/decorators/validate_patient_id.py b/lambdas/utils/decorators/validate_patient_id.py index 285de552a..464d6850a 100644 --- a/lambdas/utils/decorators/validate_patient_id.py +++ b/lambdas/utils/decorators/validate_patient_id.py @@ -27,11 +27,11 @@ def interceptor(event, context): validate_id(nhs_number) except InvalidResourceIdException: return ApiGatewayResponse( - 400, "Invalid NHS number", "GET" + 400, "Invalid NHS number", event["httpMethod"] ).create_api_gateway_response() except KeyError as e: return ApiGatewayResponse( - 400, f"An error occurred due to missing key: {str(e)}", "GET" + 400, f"An error occurred due to missing key: {str(e)}", event["httpMethod"] ).create_api_gateway_response() # Validation done. Return control flow to original lambda handler