adds EuoAllowListVerify functionality

Author: kevinmason-nhs

proxies/live/apiproxy/policies/FlowCallout.EUOAllowlistVerify.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<FlowCallout async="false" continueOnError="false" enabled="true" name="FlowCallout.EUOAllowlistVerify">
+    <DisplayName>EUOAllowlistVerify</DisplayName>
+    <SharedFlowBundle>EUOAllowlistVerify</SharedFlowBundle>
+</FlowCallout>

proxies/live/apiproxy/policies/FlowCallout.ExtendedAttributes.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<FlowCallout async="false" continueOnError="false" enabled="true" name="FlowCallout.ExtendedAttributes">
+    <DisplayName>Extract extended attribute</DisplayName>
+    <SharedFlowBundle>ExtendedAttributes</SharedFlowBundle>
+</FlowCallout>

proxies/live/apiproxy/proxies/default.xml

@@ -1,57 +1,54 @@
 <ProxyEndpoint name="default">
     <Flows>
-      <Flow name="AddPayloadToPing">
-        <Description/>
-        <Request/>
-        <Response>
-          <Step>
-            <Name>AssignMessage.AddPayloadToPing</Name>
-          </Step>
-        </Response>
-        <Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
-      </Flow>
-      <Flow name="StatusEndpoint">
-        <Description/>
-        <Request>
-          <Step>
-            <Name>KeyValueMapOperations.GetSharedSecureVariables</Name>
-          </Step>
-          <Step>
-            <Condition>(private.apigee.status-endpoint-api-key NotEquals request.header.apikey) or (private.apigee.status-endpoint-api-key Is null)</Condition>
-            <Name>RaiseFault.401Unauthorized</Name>
-          </Step>
-          <Step>
-            <Name>ServiceCallout.CallHealthcheckEndpoint</Name>
-          </Step>
-        </Request>
-        <Response>
-          <Step>
-            <Name>javascript.SetStatusResponse</Name>
-          </Step>
-        </Response>
-        <Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
-      </Flow>
+        <Flow name="AddPayloadToPing">
+            <Description/>
+            <Request/>
+            <Response>
+                <Step>
+                    <Name>AssignMessage.AddPayloadToPing</Name>
+                </Step>
+            </Response>
+            <Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
+        </Flow>
+        <Flow name="StatusEndpoint">
+            <Description/>
+            <Request>
+                <Step>
+                    <Name>KeyValueMapOperations.GetSharedSecureVariables</Name>
+                </Step>
+                <Step>
+                    <Condition>(private.apigee.status-endpoint-api-key NotEquals request.header.apikey) or (private.apigee.status-endpoint-api-key Is null)</Condition>
+                    <Name>RaiseFault.401Unauthorized</Name>
+                </Step>
+                <Step>
+                    <Name>ServiceCallout.CallHealthcheckEndpoint</Name>
+                </Step>
+            </Request>
+            <Response>
+                <Step>
+                    <Name>javascript.SetStatusResponse</Name>
+                </Step>
+            </Response>
+            <Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
+        </Flow>
     </Flows>
-    
     <PreFlow/>
-
     <PostClientFlow>
         <Response>
             <Step>
                 <Name>FlowCallout.LogToSplunk</Name>
             </Step>
         </Response>
     </PostClientFlow>
-
     <HTTPProxyConnection>
         <BasePath>{{ SERVICE_BASE_PATH }}</BasePath>
         <VirtualHost>secure</VirtualHost>
     </HTTPProxyConnection>
     <RouteRule name="NoRoutePing">
-      <Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
+        <Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
     </RouteRule>
     <RouteRule name="NoRouteStatus">
-      <Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
+        <Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
     </RouteRule>
     <RouteRule name="e-referrals-service-api-target">
         <TargetEndpoint>e-referrals-service-api-target</TargetEndpoint>

proxies/live/apiproxy/targets/ers-target.xml

@@ -154,7 +154,14 @@
     <Flows>
         <Flow name="user-restricted-flow">
             <Condition>(accesstoken.auth_type == "user")</Condition>
-            <Request><!--AUTHORISED_APPLICATION business function is not supported in user restricted flow --><Step>
+            <Response/>
+            <Request><Step>
+                    <Name>FlowCallout.ExtendedAttributes</Name>
+                </Step> <Step>
+                    <Name>FlowCallout.EUOAllowlistVerify</Name>
+                    <!--                    Change this to be inline using the app attribute -->
+                    <Condition>(verifyapikey.Verify‑API‑Key.app.EUOAllowlistEnabled == true)</Condition>
+                </Step> <!--AUTHORISED_APPLICATION business function is not supported in user restricted flow --><Step>
                     <Name>RaiseFault.403Forbidden</Name>
                     <Condition>(request.header.nhsd-ers-business-function == "AUTHORISED_APPLICATION")</Condition>
                 </Step> <Step>
@@ -181,31 +188,30 @@
                     <Condition>(request.header.nhsd-ers-referral-id ~~ ".+")</Condition>
                 </Step> <Step>
                     <Name>AssignMessage.Remove.x-request-id-header</Name>
-                </Step><Step>
+                </Step> <Step>
                     <Name>AssignMessage.Set.x-ers-authentication-assurance-level-header</Name>
-                </Step><Step>
+                </Step> <Step>
                     <Name>AssignMessage.Set.x-ers-amr-header</Name>
-                </Step><Step>
+                </Step> <Step>
                     <Name>AssignMessage.Set.x-ers-id-assurance-level-header</Name>
-                </Step><Step>
+                </Step> <Step>
                     <Condition>(request.header.x-ers-id-assurance-level LesserThan 3)</Condition>
                     <Name>RaiseFault.401InsufficientIal</Name>
-                </Step> {% if ALLOW_ECHO_TARGET | default(false) == true %}<Step>
+                </Step> {% if ALLOW_ECHO_TARGET | default(false) == true %} <Step>
                     <Name>AssignMessage.SetEchoTarget</Name>
                     <Condition>(request.header.echo)</Condition>
                 </Step> {% endif %} {% if '--ft-' in (ERS_TARGET_SERVER | default('e-referrals-service-api')) %} <Step>
                     <Name>AssignMessage.SetTruststore</Name>
                     <!--Condition is implemented this way around to account for isEchoCall being null (https://docs.apigee.com/api-platform/reference/conditions-reference#behaviorofnulloperandsinconditionalstatements)-->
                     <Condition>(isEchoCall != true )</Condition>
-                </Step><Step>
+                </Step> <Step>
                     <Name>AssignMessage.SetEchoTruststore</Name>
                     <Condition>(isEchoCall == true)</Condition>
                 </Step> {% endif %} <Step>
                     <!--This should always be the last Step - as it is just before the message is sent - so the initial request stays intact for as long as possible.
             The Swapping of the Request Headers converts X-Correlation-ID to NHSD-Correlation-ID before sending to backend. -->
                     <Name>AssignMessage.Swap.CorrelationHeader</Name>
                 </Step></Request>
-            <Response/>
         </Flow>
         <Flow name="app-restricted-flow">
             <Condition>(accesstoken.auth_type == "app")</Condition>