Merge pull request #696 from NHSDigital/feature/eema1-NRL-820-addNewPointerTypes

NRL-820 add new pointer types to constants

Author: eesa456

api/producer/createDocumentReference/create_document_reference.py

@@ -4,6 +4,7 @@
 from nrlf.core.constants import (
     PERMISSION_AUDIT_DATES_FROM_PAYLOAD,
     PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL,
+    TYPE_CATEGORIES,
 )
 from nrlf.core.decorators import request_handler
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
@@ -90,6 +91,19 @@ def _check_permissions(
             expression="type.coding[0].code",
         )
 
+    type_category = TYPE_CATEGORIES.get(core_model.type)
+    if type_category != core_model.category:
+        logger.log(
+            LogReference.PROCREATE005a,
+            ods_code=metadata.ods_code,
+            type=core_model.type,
+            category=core_model.category,
+        )
+        return SpineErrorResponse.BAD_REQUEST(
+            diagnostics=f"The Category code of the provided document '{core_model.category}' must match the allowed category for pointer type '{core_model.type}' with a category value of '{type_category}'",
+            expression="category.coding[0].code",
+        )
+
 
 def _get_document_ids_to_supersede(
     resource: DocumentReference,

api/producer/createDocumentReference/tests/test_create_document_reference.py

@@ -424,6 +424,51 @@ def test_create_document_reference_invalid_pointer_type():
     }
 
 
+def test_create_document_reference_invalid_category_type():
+    doc_ref = load_document_reference("Y05868-736253002-Valid")
+
+    assert doc_ref.category and doc_ref.category[0].coding
+    doc_ref.category[0].coding[0].code = "1102421000000108"
+    doc_ref.category[0].coding[0].display = "Observations"
+
+    event = create_test_api_gateway_event(
+        headers=create_headers(),
+        body=doc_ref.json(exclude_none=True),
+    )
+
+    result = handler(event, create_mock_context())
+    body = result.pop("body")
+
+    assert result == {
+        "statusCode": "400",
+        "headers": {},
+        "isBase64Encoded": False,
+    }
+
+    parsed_body = json.loads(body)
+
+    assert parsed_body == {
+        "resourceType": "OperationOutcome",
+        "issue": [
+            {
+                "severity": "error",
+                "code": "invalid",
+                "details": {
+                    "coding": [
+                        {
+                            "code": "BAD_REQUEST",
+                            "display": "Bad request",
+                            "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
+                        }
+                    ]
+                },
+                "diagnostics": "The Category code of the provided document 'http://snomed.info/sct|1102421000000108' must match the allowed category for pointer type 'http://snomed.info/sct|736253002' with a category value of 'http://snomed.info/sct|734163000'",
+                "expression": ["category.coding[0].code"],
+            }
+        ],
+    }
+
+
 def test_create_document_reference_no_relatesto_target():
     doc_ref = load_document_reference("Y05868-736253002-Valid")
     doc_ref.relatesTo = [

api/producer/upsertDocumentReference/tests/test_upsert_document_reference.py

@@ -142,6 +142,51 @@ def test_create_document_reference_happy_path_with_ssp(
     }
 
 
+def test_create_document_reference_invalid_category_type():
+    doc_ref = load_document_reference("Y05868-736253002-Valid")
+
+    assert doc_ref.category and doc_ref.category[0].coding
+    doc_ref.category[0].coding[0].code = "1102421000000108"
+    doc_ref.category[0].coding[0].display = "Observations"
+
+    event = create_test_api_gateway_event(
+        headers=create_headers(),
+        body=doc_ref.json(exclude_none=True),
+    )
+
+    result = handler(event, create_mock_context())
+    body = result.pop("body")
+
+    assert result == {
+        "statusCode": "400",
+        "headers": {},
+        "isBase64Encoded": False,
+    }
+
+    parsed_body = json.loads(body)
+
+    assert parsed_body == {
+        "resourceType": "OperationOutcome",
+        "issue": [
+            {
+                "severity": "error",
+                "code": "invalid",
+                "details": {
+                    "coding": [
+                        {
+                            "code": "BAD_REQUEST",
+                            "display": "Bad request",
+                            "system": "https://fhir.nhs.uk/ValueSet/Spine-ErrorOrWarningCode-1",
+                        }
+                    ]
+                },
+                "diagnostics": "The Category code of the provided document 'http://snomed.info/sct|1102421000000108' must match the allowed category for pointer type 'http://snomed.info/sct|736253002' with a category value of 'http://snomed.info/sct|734163000'",
+                "expression": ["category.coding[0].code"],
+            }
+        ],
+    }
+
+
 def test_create_document_reference_no_body():
     event = create_test_api_gateway_event(
         headers=create_headers(),

api/producer/upsertDocumentReference/upsert_document_reference.py

@@ -2,6 +2,7 @@
 from nrlf.core.constants import (
     PERMISSION_AUDIT_DATES_FROM_PAYLOAD,
     PERMISSION_SUPERSEDE_IGNORE_DELETE_FAIL,
+    TYPE_CATEGORIES,
 )
 from nrlf.core.decorators import request_handler
 from nrlf.core.dynamodb.repository import DocumentPointer, DocumentPointerRepository
@@ -88,6 +89,19 @@ def _check_permissions(
             expression="type.coding[0].code",
         )
 
+    type_category = TYPE_CATEGORIES.get(core_model.type)
+    if type_category != core_model.category:
+        logger.log(
+            LogReference.PROUPSERT005a,
+            ods_code=metadata.ods_code,
+            type=core_model.type,
+            category=core_model.category,
+        )
+        return SpineErrorResponse.BAD_REQUEST(
+            diagnostics=f"The Category code of the provided document '{core_model.category}' must match the allowed category for pointer type '{core_model.type}' with a category value of '{type_category}'",
+            expression="category.coding[0].code",
+        )
+
 
 def _get_document_ids_to_supersede(
     resource: DocumentReference,

layer/nrlf/core/constants.py

@@ -46,6 +46,8 @@ class PointerTypes(Enum):
     CONTINGENCY_PLAN = "http://snomed.info/sct|325691000000100"
     EOL_CARE_PLAN = "http://snomed.info/sct|736373009"
     LLOYD_GEORGE_FOLDER = "http://snomed.info/sct|16521000000101"
+    ADVANCED_CARE_PLAN = "http://snomed.info/sct|736366004"
+    TREATMENT_ESCALATION_PLAN = "http://snomed.info/sct|735324008"
 
     @staticmethod
     def list():
@@ -66,6 +68,8 @@ class Categories(Enum):
     PointerTypes.EOL_CARE_PLAN.value: Categories.CARE_PLAN.value,
     PointerTypes.LLOYD_GEORGE_FOLDER.value: Categories.CARE_PLAN.value,
     PointerTypes.NEWS2_CHART.value: Categories.OBSERVATIONS.value,
+    PointerTypes.ADVANCED_CARE_PLAN.value: Categories.CARE_PLAN.value,
+    PointerTypes.TREATMENT_ESCALATION_PLAN.value: Categories.CARE_PLAN.value,
 }
 
 

layer/nrlf/core/dynamodb/tests/test_repository.py

@@ -0,0 +1,33 @@
+import pytest
+
+from nrlf.core.constants import PointerTypes
+from nrlf.core.dynamodb.repository import _get_sk_ids_for_type
+
+
+def test_get_sk_ids_for_type_exception_thrown_for_invalid_type():
+    with pytest.raises(ValueError) as error:
+        _get_sk_ids_for_type("invalid_type")
+
+    assert str(error.value) == "Cannot find category for pointer type: invalid_type"
+
+
+def test_get_sk_ids_for_type_returns_type_and_category_for_every_type():
+    for each in PointerTypes.list():
+        category, pointer_type = _get_sk_ids_for_type(each)
+        assert category and pointer_type
+
+
+def test_get_sk_ids_for_type_exception_thrown_if_new_type_has_no_category():
+    pointer_types = PointerTypes.list()
+    pointer_types.append("some_pointer_type")
+    with pytest.raises(ValueError) as error:
+        for each in pointer_types:
+            category, pointer_type = _get_sk_ids_for_type(each)
+            assert category and pointer_type
+
+    assert (
+        str(error.value) == "Cannot find category for pointer type: some_pointer_type"
+    )
+
+
+# TODO: Add unit tests for Repository Class

layer/nrlf/core/log_references.py

@@ -210,6 +210,10 @@ class LogReference(Enum):
     PROCREATE005 = _Reference(
         "WARN", "Organisation is not allowed to create pointer type"
     )  #
+    PROCREATE005a = _Reference(
+        "WARN",
+        "Organisation is not allowed to create pointer type with incorrect category",
+    )  #
     PROCREATE006 = _Reference("DEBUG", "Performing relatesTo validation on resource")
     PROCREATE007a = _Reference(
         "WARN", "RelatesTo validation failed - no target identifier value"
@@ -256,6 +260,10 @@ class LogReference(Enum):
     PROUPSERT005 = _Reference(
         "WARN", "Organisation is not allowed to upsert pointer type for upsert"
     )  #
+    PROUPSERT005a = _Reference(
+        "WARN",
+        "Organisation is not allowed to upsert pointer type with incorrect category code",
+    )  #
     PROUPSERT006 = _Reference(
         "DEBUG", "Performing relatesTo validation on resource for upsert"
     )

scripts/get_s3_permissions.py

@@ -14,6 +14,8 @@
     "http://snomed.info/sct|736373009",
     "http://snomed.info/sct|861421000000109",
     "http://snomed.info/sct|887701000000100",
+    "http://snomed.info/sct|736366004",
+    "http://snomed.info/sct|735324008",
 ]
 
 

terraform/account-wide-infrastructure/modules/lambda-errors-metric-alarm/iam.tf

@@ -13,9 +13,43 @@ resource "aws_iam_policy" "lambda-errors-topic-kms-read-write" {
         ]
         Effect = "Allow"
         Resource = [
-          aws_kms_key.lambda-errors-topic-key.arn
+          aws_kms_key.lambda-errors-topic-key.arn,
+          aws_cloudwatch_metric_alarm.metric_alarm.arn
         ]
       }
     ]
   })
 }
+
+data "aws_caller_identity" "current" {}
+
+data "aws_iam_policy_document" "sns_kms_key_policy" {
+  policy_id = "CloudWatchEncryptUsingKey"
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "kms:*"
+    ]
+    resources = ["*"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
+    }
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey"
+    ]
+    resources = ["*"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudwatch.amazonaws.com"]
+    }
+  }
+}

terraform/account-wide-infrastructure/modules/lambda-errors-metric-alarm/kms.tf

@@ -1,6 +1,7 @@
 resource "aws_kms_key" "lambda-errors-topic-key" {
   description             = "Lambda errors SNS topic table KMS key"
   deletion_window_in_days = var.kms_deletion_window_in_days
+  policy                  = data.aws_iam_policy_document.sns_kms_key_policy.json
 
 }