PR comment updates

Author: pca-nhs

manifest_template.yml

@@ -14,9 +14,6 @@ APIGEE_ENVIRONMENTS:
   additional_proxies:
     - identity-service-mock-internal-dev
   variants:
-  - name: alpha-internal-dev
-    display_name: Internal Development - alpha
-    euo_allowlist_required: false
   - name: rc-internal-dev
     display_name: Internal Development - rc
     euo_allowlist_required: false

proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingR4.xml

@@ -5,7 +5,7 @@
     </AssignVariable>
     <AssignVariable>
         <Name>op_outcome_issue_code</Name>
-        <Value>REC_BAD_REQUEST</Value>
+        <Value>SECURITY</Value>
     </AssignVariable>
     <AssignVariable>
         <Name>faultstring</Name>

proxies/live/apiproxy/targets/ers-target.xml

@@ -106,7 +106,7 @@
             </Step>
             <Condition>(raisefault.RaiseFault.MissingAsid.failed = true)</Condition>
         </FaultRule>
-        <FaultRule name="single_asid_ods_header_not_in_partner_list_error">
+        <FaultRule name="ods_header_not_in_partner_list_error">
             <Step>
                 <Condition>(isFhirR4Path = false)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeVariablesPreR4</Name>
@@ -115,6 +115,10 @@
                 <Condition>(isFhirR4Path = false)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListPreR4</Name>
             </Step>
+            <Step>
+                <Condition>(isFhirR4Path = true)</Condition>
+                <Name>AssignMessage.SetOperationOutcomeVariablesR4</Name>
+            </Step>
             <Step>
                 <Condition>(isFhirR4Path = true)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListR4</Name>
@@ -124,7 +128,7 @@
             </Step>
             <Condition>(raisefault.RaiseFault.CheckAllowlistFailed.failed = true) and (validation.errorDescription ~~ ".*Invalid ODS code.*")</Condition>
         </FaultRule>
-        <FaultRule name="single_asid_ods_header_missing_error">
+        <FaultRule name="ods_header_missing_error">
             <Step>
                 <Condition>(isFhirR4Path = false)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeVariablesPreR4</Name>
@@ -133,6 +137,10 @@
                 <Condition>(isFhirR4Path = false)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeODSHeaderMissingPreR4</Name>
             </Step>
+            <Step>
+                <Condition>(isFhirR4Path = true)</Condition>
+                <Name>AssignMessage.SetOperationOutcomeVariablesR4</Name>
+            </Step>
             <Step>
                 <Condition>(isFhirR4Path = true)</Condition>
                 <Name>AssignMessage.SetOperationOutcomeODSHeaderMissingR4</Name>
@@ -163,11 +171,11 @@
             <!-- Must be placed after Authentication -->
             <Step>
                 <Name>FlowCallout.ExtendedAttributes</Name>
-                <Condition>(accesstoken.auth_type == "user")</Condition>
+                <Condition>(accesstoken.auth_type == "user") and (proxy.pathsuffix != "/FHIR/R4/PractitionerRole")</Condition>
             </Step>
             <Step>
                 <Name>FlowCallout.EUOAllowlistVerify</Name>
-                <Condition>(accesstoken.auth_type == "user")</Condition>
+                <Condition>(accesstoken.auth_type == "user") and (proxy.pathsuffix != "/FHIR/R4/PractitionerRole")</Condition>
             </Step>
             <Step>
                 <Name>RaiseFault.MissingAsid</Name>
@@ -210,41 +218,41 @@
                     <Condition>(request.header.nhsd-ers-business-function == "AUTHORISED_APPLICATION")</Condition>
                 </Step><Step>
                     <Name>AssignMessage.Set.x-ers-access-mode-header-user-restricted</Name>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Set.x-ers-user-id-header-user-restricted</Name>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Swap.NHSD-eRS-On-Behalf-Of-User-ID</Name>
                     <Condition>(request.header.NHSD-eRS-On-Behalf-Of-User-ID ~~ ".+")</Condition>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Swap.nhsd-end-user-organisation-ods</Name>
                     <Condition>(request.header.nhsd-end-user-organisation-ods ~~ ".+")</Condition>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Swap.nhsd-ers-business-function</Name>
                     <Condition>(request.header.nhsd-ers-business-function ~~ ".+")</Condition>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Swap.nhsd-ers-comm-rule-org</Name>
                     <Condition>(request.header.nhsd-ers-comm-rule-org ~~ ".+")</Condition>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Swap.nhsd-ers-file-name</Name>
                     <Condition>(request.header.nhsd-ers-file-name ~~ ".+")</Condition>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Swap.nhsd-ers-referral-id</Name>
                     <Condition>(request.header.nhsd-ers-referral-id ~~ ".+")</Condition>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Remove.x-request-id-header</Name>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Set.x-ers-authentication-assurance-level-header</Name>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Set.x-ers-amr-header</Name>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Set.x-ers-id-assurance-level-header</Name>
                 </Step> <Step>
                     <Condition>(request.header.x-ers-id-assurance-level LesserThan 3)</Condition>
                     <Name>RaiseFault.401InsufficientIal</Name>
-                </Step> {% if ALLOW_ECHO_TARGET | default(false) == true %} <Step>
+                </Step> {% if ALLOW_ECHO_TARGET | default(false) == true %}<Step>
                     <Name>AssignMessage.SetEchoTarget</Name>
                     <Condition>(request.header.echo)</Condition>
-                </Step> {% endif %} {% if '--ft-' in (ERS_TARGET_SERVER | default('e-referrals-service-api')) %} <Step>
+                </Step> {% endif %} {% if '--ft-' in (ERS_TARGET_SERVER | default('e-referrals-service-api')) %}<Step>
                     <Name>AssignMessage.SetTruststore</Name>
                     <!--Condition is implemented this way around to account for isEchoCall being null (https://docs.apigee.com/api-platform/reference/conditions-reference#behaviorofnulloperandsinconditionalstatements)-->
                     <Condition>(isEchoCall != true )</Condition>

tests/integration/test_headers.py

@@ -37,8 +37,6 @@ async def test_headers_on_echo_target(
         service_url,
         user: Actor,
         asid,
-        update_user_restricted_app_attr,
-        app_restricted_ods_code,
     ):
         access_code = await authenticate_user(user)