NRL-512 An unsupported content-type will respond with 415, rename terraform file, add more tests

axelkrastek1-nhs · axelkrastek1-nhs · commit 8a3ea48eb477 · 2025-06-30T18:13:30.000+01:00
diff --git a/terraform/infrastructure/modules/api_gateway/api_gateway.tf b/terraform/infrastructure/modules/api_gateway/api_gateway.tf
@@ -53,7 +53,7 @@ resource "aws_api_gateway_deployment" "api_gateway_deployment" {
     redeployment              = sha1(jsonencode(aws_api_gateway_rest_api.api_gateway_rest_api.body))
     resource_change           = "${md5(file("${path.module}/api_gateway.tf"))}"
     capabilities              = sha1(var.capability_statement_content)
-    method_responses_change   = md5(file("${path.module}/method_responses.tf"))
+    head_responses_change     = md5(file("${path.module}/head_responses.tf"))
     parent_api_gateway_change = md5(file("${path.module}/../../api_gateway.tf"))
   }
 
diff --git a/terraform/infrastructure/modules/api_gateway/head_responses.tf b/terraform/infrastructure/modules/api_gateway/head_responses.tf
@@ -20,12 +20,11 @@ resource "aws_api_gateway_method" "head_method" {
 resource "aws_api_gateway_integration" "head_integration" {
   for_each = var.endpoint_allowed_methods
 
-  rest_api_id = aws_api_gateway_rest_api.api_gateway_rest_api.id
-  resource_id = data.aws_api_gateway_resource.resource[each.key].id
-  http_method = aws_api_gateway_method.head_method[each.key].http_method
-  type        = "MOCK"
-  # passthrough_behavior = "WHEN_NO_TEMPLATES"
-  passthrough_behavior = "WHEN_NO_MATCH"
+  rest_api_id          = aws_api_gateway_rest_api.api_gateway_rest_api.id
+  resource_id          = data.aws_api_gateway_resource.resource[each.key].id
+  http_method          = aws_api_gateway_method.head_method[each.key].http_method
+  type                 = "MOCK"
+  passthrough_behavior = "WHEN_NO_TEMPLATES"
 
   request_templates = {
     "application/json"      = <<-EOF
diff --git a/tests/features/consumer/headOnGetEndpoint.feature b/tests/features/consumer/headOnGetEndpoint.feature
@@ -1,15 +1,66 @@
 Feature: Consumer - HEAD Requests
 
-  Scenario: DocumentReference with HEAD fails
+  Scenario Outline: DocumentReference with HEAD fails (Content-Type: <content_type>)
     Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
-    When consumer 'RX898' sends HEAD request to 'DocumentReference' endpoint
+    When consumer 'RX898' sends HEAD request to 'DocumentReference' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
     Then the response status code is 405
     And the response has an empty body
     And the Allow header is 'GET'
+    And the Content-Length header is '0'
 
-  Scenario: DocumentReference/{id} with HEAD fails
+    Examples:
+      | content_type          |
+      | application/json      |
+      | application/json+fhir |
+      | application/fhir+json |
+
+  Scenario Outline: DocumentReference/{id} with HEAD fails (Content-Type: <content_type>)
     Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
-    When consumer 'RX898' sends HEAD request to 'DocumentReference/random-id' endpoint
+    When consumer 'RX898' sends HEAD request to 'DocumentReference/random-id' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
     Then the response status code is 405
     And the response has an empty body
     And the Allow header is 'GET'
+    And the Content-Length header is '0'
+
+    Examples:
+      | content_type          |
+      | application/json      |
+      | application/json+fhir |
+      | application/fhir+json |
+
+  Scenario Outline: DocumentReference with HEAD fails with 415 with unsupported (Content-Type: <content_type>)
+    Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
+    When consumer 'RX898' sends HEAD request to 'DocumentReference' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
+    Then the response status code is 415
+    And the Content-Type header is 'application/json'
+    And the Content-Length header is '0'
+    And the Allow header is not present
+
+    Examples:
+      | content_type             |
+      | application/notsupported |
+      | application/helloworld   |
+      | application/harold       |
+
+  Scenario Outline: DocumentReference/{id} with HEAD fails (Content-Type: <content_type>)
+    Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
+    When consumer 'RX898' sends HEAD request to 'DocumentReference/random-id' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
+    Then the response status code is 415
+    And the response has an empty body
+    And the Content-Type header is 'application/json'
+    And the Content-Length header is '0'
+    And the Allow header is not present
+
+    Examples:
+      | content_type             |
+      | application/notsupported |
+      | application/helloworld   |
+      | application/harold       |
diff --git a/tests/features/producer/headOnGetEndpoint.feature b/tests/features/producer/headOnGetEndpoint.feature
@@ -1,15 +1,63 @@
 Feature: Producer - HEAD Requests
 
-  Scenario: DocumentReference with HEAD fails
+  Scenario Outline: DocumentReference with HEAD fails (Content-Type: <content_type>)
     Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
-    When producer 'RX898' sends HEAD request to 'DocumentReference' endpoint
+    When producer 'RX898' sends HEAD request to 'DocumentReference' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
     Then the response status code is 405
     And the response has an empty body
     And the Allow header is 'GET,POST'
 
-  Scenario: DocumentReference/{id} with HEAD fails
+    Examples:
+      | content_type          |
+      | application/json      |
+      | application/json+fhir |
+      | application/fhir+json |
+
+  Scenario Outline: DocumentReference/{id} with HEAD fails (Content-Type: <content_type>)
     Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
-    When producer 'RX898' sends HEAD request to 'DocumentReference/random-id' endpoint
+    When producer 'RX898' sends HEAD request to 'DocumentReference/random-id' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
     Then the response status code is 405
     And the response has an empty body
     And the Allow header is 'GET,PUT,DELETE'
+
+    Examples:
+      | content_type          |
+      | application/json      |
+      | application/json+fhir |
+      | application/fhir+json |
+
+  Scenario Outline: DocumentReference with HEAD fails with 415 with unsupported (Content-Type: <content_type>)
+    Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
+    When producer 'RX898' sends HEAD request to 'DocumentReference' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
+    Then the response status code is 415
+    And the Content-Type header is 'application/json'
+    And the response has an empty body
+    And the Allow header is not present
+
+    Examples:
+      | content_type             |
+      | application/notsupported |
+      | application/helloworld   |
+      | application/harold       |
+
+  Scenario Outline: DocumentReference/{id} with HEAD fails with 415 with unsupported (Content-Type: <content_type>)
+    Given the application 'DataShare' (ID 'z00z-y11y-x22x') is registered to access the API
+    When producer 'RX898' sends HEAD request to 'DocumentReference/random-id' endpoint with headers:
+      | header       | value          |
+      | Content-Type | <content_type> |
+    Then the response status code is 415
+    And the Content-Type header is 'application/json'
+    And the response has an empty body
+    And the Allow header is not present
+
+    Examples:
+      | content_type             |
+      | application/notsupported |
+      | application/helloworld   |
+      | application/harold       |
diff --git a/tests/features/steps/2_request.py b/tests/features/steps/2_request.py
@@ -249,12 +249,19 @@ def producer_search_document_reference_step(context: Context, ods_code: str):
     )
 
 
-@when("{consumer_or_producer} '{ods_code}' sends HEAD request to '{endpoint}' endpoint")
+@when(
+    "{consumer_or_producer} '{ods_code}' sends HEAD request to '{endpoint}' endpoint with headers"
+)
 def consumer_head_request_step(
     context: Context, consumer_or_producer: str, ods_code: str, endpoint: str
 ):
+    if not context.table:
+        raise ValueError("No headers table provided")
+
+    headers = {row["header"]: row["value"] for row in context.table}
+
     if consumer_or_producer == "producer":
         client = producer_client_from_context(context, ods_code)
     elif consumer_or_producer == "consumer":
         client = consumer_client_from_context(context, ods_code)
-    context.response = client.head(endpoint)
+    context.response = client.head(endpoint, headers=headers)
diff --git a/tests/features/steps/3_assert.py b/tests/features/steps/3_assert.py
@@ -347,6 +347,17 @@ def assert_location_header(context: Context, header_name: str):
     context.pointer_id = generated_id
 
 
+@then("the {header_name} header is not present")
+def assert_header_not_present(context: Context, header_name: str):
+    header_value = context.response.headers.get(header_name)
+    assert header_value is None, format_error(
+        f"Header {header_name} should not be present",
+        "not present",
+        header_value,
+        context.response.text,
+    )
+
+
 @then("the {header_name} header starts with '{starts_with}'")
 def assert_header_starts_with(context: Context, header_name: str, starts_with: str):
     header_value = context.response.headers.get(header_name)
diff --git a/tests/utilities/api_clients.py b/tests/utilities/api_clients.py
@@ -196,11 +196,12 @@ def search_post(
     def head(
         self,
         endpoint: str,
+        headers: dict[str, str] | None = None,
         extra_params: dict[str, str] | None = None,
     ) -> Response:
+        headers = {**(headers or {}), **self.request_headers}
         params = {**(extra_params or {})}
         url = f"{self.api_url}/{endpoint}"
-        headers = {**self.request_headers, "Content-Type": "application/json"}
         return requests.head(
             url,
             params=params,
@@ -381,11 +382,12 @@ def read_capability_statement(self) -> Response:
     def head(
         self,
         endpoint: str,
+        headers: dict[str, str] | None = None,
         extra_params: dict[str, str] | None = None,
     ) -> Response:
+        headers = {**(headers or {}), **self.request_headers}
         params = {**(extra_params or {})}
         url = f"{self.api_url}/{endpoint}"
-        headers = {**self.request_headers, "Content-Type": "application/json"}
         return requests.head(
             url,
             params=params,

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ resource "aws_api_gateway_deployment" "api_gateway_deployment" {`
`53`	`53`	`redeployment = sha1(jsonencode(aws_api_gateway_rest_api.api_gateway_rest_api.body))`
`54`	`54`	`resource_change = "${md5(file("${path.module}/api_gateway.tf"))}"`
`55`	`55`	`capabilities = sha1(var.capability_statement_content)`
`56`		`- method_responses_change = md5(file("${path.module}/method_responses.tf"))`
	`56`	`+ head_responses_change = md5(file("${path.module}/head_responses.tf"))`
`57`	`57`	`parent_api_gateway_change = md5(file("${path.module}/../../api_gateway.tf"))`
`58`	`58`	`}`
`59`	`59`