adds EUOAllowlistRequired to test product

kevinmason-nhs · kevinmason-nhs · commit 06e1738a9730 · 2025-09-05T10:34:17.000+01:00
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -251,6 +251,7 @@ async def _make_product(product_scopes):
         product_name = f"apim-auto-{uuid4()}"
         attributes = [
             {"name": "access", "value": "public"},
+            {"name": "EUOAllowlistRequired", "value": "false"},
             {"name": "ratelimit", "value": "10ps"},
         ]
         body = {
diff --git a/tests/integration/test_headers.py b/tests/integration/test_headers.py
@@ -25,6 +25,9 @@
 
 _SPECIALTY_REF_DATA_URL = "/FHIR/STU3/CodeSystem/SPECIALTY"
 _SEARCH_HEALTHCARE_SERVICE_R4_URL = "/FHIR/R4/HealthcareService"
+_APIM_APP_FLOW_VARS = (
+    '{"ers": {"allowListodsCode": [ ' + app_restricted_ods_code + "]}}"
+)
 
 
 @pytest.mark.integration_test
@@ -34,44 +37,47 @@ class TestHeaders:
     async def test_headers_on_echo_target(
         self, authenticate_user, service_url, user: Actor, asid
     ):
-        access_code = await authenticate_user(user)
+        with update_user_restricted_app_attr("apim-app-flow-vars", _APIM_APP_FLOW_VARS):
+            access_code = await authenticate_user(user)
 
-        client_request_headers = {
-            _HEADER_ECHO: "",  # enable echo target
-            _HEADER_AUTHORIZATION: "Bearer " + access_code,
-            _HEADER_REQUEST_ID: "DUMMY-VALUE",
-            RenamedHeader.REFERRAL_ID.original: _EXPECTED_REFERRAL_ID,
-            RenamedHeader.CORRELATION_ID.original: _EXPECTED_CORRELATION_ID,
-            RenamedHeader.BUSINESS_FUNCTION.original: user.business_function,
-            RenamedHeader.ODS_CODE.original: user.org_code,
-            RenamedHeader.FILENAME.original: _EXPECTED_FILENAME,
-            RenamedHeader.COMM_RULE_ORG.original: _EXPECTED_COMM_RULE_ORG,
-            RenamedHeader.OBO_USER_ID.original: _EXPECTED_OBO_USER_ID,
-        }
+            print(f"new attribute apim-app-flow-vars: {_APIM_APP_FLOW_VARS}")
 
-        # Make the API call
-        response = requests.get(service_url, headers=client_request_headers)
+            client_request_headers = {
+                _HEADER_ECHO: "",  # enable echo target
+                _HEADER_AUTHORIZATION: "Bearer " + access_code,
+                _HEADER_REQUEST_ID: "DUMMY-VALUE",
+                RenamedHeader.REFERRAL_ID.original: _EXPECTED_REFERRAL_ID,
+                RenamedHeader.CORRELATION_ID.original: _EXPECTED_CORRELATION_ID,
+                RenamedHeader.BUSINESS_FUNCTION.original: user.business_function,
+                RenamedHeader.ODS_CODE.original: user.org_code,
+                RenamedHeader.FILENAME.original: _EXPECTED_FILENAME,
+                RenamedHeader.COMM_RULE_ORG.original: _EXPECTED_COMM_RULE_ORG,
+                RenamedHeader.OBO_USER_ID.original: _EXPECTED_OBO_USER_ID,
+            }
 
-        expected_aal = (
-            "3"
-            if user.authentication_assurance_level == UserAuthenticationLevel.AAL3
-            else "2"
-        )
-        expected_amr = (
-            "[N3_SMARTCARD]"
-            if user.authentication_assurance_level == UserAuthenticationLevel.AAL3
-            else "[TOTP]"
-        )
+            # Make the API call
+            response = requests.get(service_url, headers=client_request_headers)
 
-        self.assert_ok_echo_response(
-            response,
-            service_url,
-            user,
-            asid,
-            _EXPECTED_FILENAME,
-            expected_aal,
-            expected_amr,
-        )
+            expected_aal = (
+                "3"
+                if user.authentication_assurance_level == UserAuthenticationLevel.AAL3
+                else "2"
+            )
+            expected_amr = (
+                "[N3_SMARTCARD]"
+                if user.authentication_assurance_level == UserAuthenticationLevel.AAL3
+                else "[TOTP]"
+            )
+
+            self.assert_ok_echo_response(
+                response,
+                service_url,
+                user,
+                asid,
+                _EXPECTED_FILENAME,
+                expected_aal,
+                expected_amr,
+            )
 
     @pytest.mark.asyncio
     @pytest.mark.parametrize(
@@ -475,7 +481,7 @@ def test_unknown_access_code(
             assert renamed_header.renamed not in client_response_headers
 
     @pytest.mark.asyncio
-    @pytest.mark.parametrize("service_name", [(None)])
+    @pytest.mark.parametrize("service_name", [None])
     async def test_access_code_not_supported(
         self, referring_clinician, authenticate_user, service_url
     ):

Original file line number	Diff line number	Diff line change
`@@ -251,6 +251,7 @@ async def _make_product(product_scopes):`
`251`	`251`	`product_name = f"apim-auto-{uuid4()}"`
`252`	`252`	`attributes = [`
`253`	`253`	`{"name": "access", "value": "public"},`
	`254`	`+ {"name": "EUOAllowlistRequired", "value": "false"},`
`254`	`255`	`{"name": "ratelimit", "value": "10ps"},`
`255`	`256`	`]`
`256`	`257`	`body = {`