Merge pull request #2420 from NHSDigital/feature/ERSSUP-86798

adds EuoAllowListVerify functionality

Author: pca-nhs

macros/manifest_macros.yml

@@ -3,12 +3,14 @@
     products:
 {% endmacro %}
 
-{%- macro product(ENV, MODE, TITLE, product_name, display_name) -%}
+{%- macro product(ENV, MODE, TITLE, product_name, display_name, euo_allowlist_required) -%}
       - name: e-referrals-service-api-{{ product_name }}{{ MODE.nameSuffix }}
         approvalType: {{ ENV.approval_type | default('auto') }}
         attributes:
           - name: access
             value: public
+          - name: EUOAllowlistRequired
+            value: {{ euo_allowlist_required }}
           - name: ratelimiting
             value:
               e-referrals-service-api-{{ product_name }}:

manifest_template.yml

@@ -16,23 +16,31 @@ APIGEE_ENVIRONMENTS:
   variants:
   - name: rc-internal-dev
     display_name: Internal Development - rc
+    euo_allowlist_required: false
   - name: fix-internal-dev
     display_name: Internal Development - fix
+    euo_allowlist_required: false
   - name: fti-internal-dev
     display_name: Internal Development - ft01
+    euo_allowlist_required: false
   - name: ftiv-internal-dev
     display_name: Internal Development - ft04
+    euo_allowlist_required: false
   - name: ftv-internal-dev
     display_name: Internal Development - ft05
+    euo_allowlist_required: false
   - name: ftix-internal-dev
     display_name: Internal Development - ft09
+    euo_allowlist_required: false
   - name: ftxxii-internal-dev
     display_name: Internal Development - ft22
+    euo_allowlist_required: false
 
 - name: internal-dev-sandbox
   variants:
     - name: internal-dev-sandbox
       display_name: Internal Development Sandbox
+      euo_allowlist_required: false
 
 - name: int
   additional_proxies:
@@ -41,6 +49,7 @@ APIGEE_ENVIRONMENTS:
   variants:
     - name: int
       display_name: Integration Testing
+      euo_allowlist_required: false
 
 - name: internal-qa
   additional_proxies:
@@ -49,29 +58,34 @@ APIGEE_ENVIRONMENTS:
   variants:
     - name: internal-qa
       display_name: Internal QA
+      euo_allowlist_required: false
 
 - name: internal-qa-sandbox
   variants:
     - name: internal-qa-sandbox
       display_name: Internal QA Sandbox
+      euo_allowlist_required: false
 
 - name: sandbox
   variants:
     - name: sandbox
       display_name: Sandbox
+      euo_allowlist_required: false
 
 - name: dev
   additional_proxies:
     - identity-service-dep-dev
   variants:
   - name: dep-dev
     display_name: Dev - dep
+    euo_allowlist_required: false
 
 - name: prod
   approval_type: manual
   variants:
     - name: prod
       display_name: Production
+      euo_allowlist_required: false
 
 ACCESS_MODES:
   - name: healthcare-worker
@@ -104,7 +118,7 @@ apigee:
 
 {%    for VARIANT in ENV.variants %}
 {%      for MODE in ACCESS_MODES %}
-      {{ macros.product(ENV, MODE, TITLE, VARIANT.name, VARIANT.display_name) }}
+      {{ macros.product(ENV, MODE, TITLE, VARIANT.name, VARIANT.display_name, VARIANT.euo_allowlist_required) }}
 {%      endfor %}
 {%    endfor %}
 

proxies/live/apiproxy/policies/AssignMessage.InternalServerError.xml

@@ -0,0 +1,7 @@
+<AssignMessage continueOnError="false" enabled="true" name="AssignMessage.InternalServerError">
+    <DisplayName>AssignMessage.InternalServerError</DisplayName>
+    <Remove>
+        <Payload>Internal Server Error</Payload>
+    </Remove>
+    <AssignTo createNew="false" type="response"/>
+</AssignMessage>

proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingPreR4.xml

@@ -0,0 +1,18 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderMissingPreR4">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>400</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>required</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Missing or Empty NHSD-End-User-Organisation-ODS header.</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_details_coding_code</Name>
+        <Value>MISSING_HEADER</Value>
+    </AssignVariable>
+</AssignMessage>

proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingR4.xml

@@ -0,0 +1,19 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderMissingR4">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>400</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>required</Value>
+    </AssignVariable>
+    <!-- Overrides OutcomeVariablesR4-->
+    <AssignVariable>
+        <Name>op_outcome_issue_details_coding_code</Name>
+        <Value>MISSING_HEADER</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Missing or Empty NHSD-End-User-Organisation-ODS header.</Value>
+    </AssignVariable>
+</AssignMessage>

proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListPreR4.xml

@@ -0,0 +1,18 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListPreR4">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>403</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>forbidden</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Unauthorised ODS code provided in NHSD-End-User-Organisation-ODS header</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_details_coding_code</Name>
+        <Value>NO_ACCESS</Value>
+    </AssignVariable>
+</AssignMessage>

proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListR4.xml

@@ -0,0 +1,18 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderValueNotInPartnerListR4">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>403</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>forbidden</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Unauthorised ODS code provided in NHSD-End-User-Organisation-ODS header</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_details_coding_code</Name>
+        <Value>ACCESS_DENIED</Value>
+    </AssignVariable>
+</AssignMessage>

proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeServiceError.xml

@@ -0,0 +1,19 @@
+<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeServiceError">
+    <AssignVariable>
+        <Name>status_code</Name>
+        <Value>500</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>op_outcome_issue_code</Name>
+        <Value>exception</Value>
+    </AssignVariable>
+    <!-- Overrides OutcomeVariablesR4-->
+    <AssignVariable>
+        <Name>op_outcome_issue_details_coding_code</Name>
+        <Value>SERVICE_ERROR</Value>
+    </AssignVariable>
+    <AssignVariable>
+        <Name>faultstring</Name>
+        <Value>Internal Server Error</Value>
+    </AssignVariable>
+</AssignMessage>

proxies/live/apiproxy/policies/FlowCallout.EUOAllowlistVerify.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<FlowCallout async="false" continueOnError="false" enabled="true" name="FlowCallout.EUOAllowlistVerify">
+    <DisplayName>EUOAllowlistVerify</DisplayName>
+    <SharedFlowBundle>EUOAllowlistVerify</SharedFlowBundle>
+</FlowCallout>

proxies/live/apiproxy/policies/FlowCallout.ExtendedAttributes.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<FlowCallout async="false" continueOnError="false" enabled="true" name="FlowCallout.ExtendedAttributes">
+    <DisplayName>Extract extended attribute</DisplayName>
+    <SharedFlowBundle>ExtendedAttributes</SharedFlowBundle>
+</FlowCallout>