Merge branch 'main' of https://github.com/NHSDigital/eps-assist-me into AEA-5671-trigger-document-ingestion

Author: kris-szlapa

.devcontainer/devcontainer.json

@@ -28,6 +28,7 @@
         "AmazonWebServices.aws-toolkit-vscode",
         "redhat.vscode-yaml",
         "ms-python.python",
+        "ms-python.black-formatter",
         "ms-python.flake8",
         "eamodio.gitlens",
         "github.vscode-pull-request-github",
@@ -51,9 +52,18 @@
         "python.analysis.extraPaths": [],
         "python.testing.unittestEnabled": false,
         "python.testing.pytestEnabled": true,
+        "python.testing.pytestArgs": [
+          "packages/slackBotFunction",
+          "packages/createIndexFunction"
+        ],
         "python.linting.pylintEnabled": false,
         "python.linting.flake8Enabled": true,
         "python.linting.enabled": true, // required to format on save
+        "python.formatting.provider": "black",
+        "black-formatter.args": ["--line-length=120"],
+        "[python]": {
+          "editor.defaultFormatter": "ms-python.black-formatter"
+        },
         "editor.defaultFormatter": "dbaeumer.vscode-eslint",
         "editor.formatOnPaste": false, // required
         "editor.formatOnType": false, // required
@@ -62,7 +72,7 @@
         "cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
         "eslint.useFlatConfig": true,
         "eslint.format.enable": true
-          }
+      }
     }
   },
   "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-assist-me; make install; direnv allow ."

.flake8

@@ -1,5 +1,5 @@
 [flake8]
 max-line-length = 120
-exclude = .*,venv,node_modules
+exclude = .*,venv,node_modules,cdk.out
 max-complexity = 10
-ignore = F821
+ignore = F821,E203

.gitignore

@@ -4,6 +4,7 @@
 **/newman/
 **/public/
 **/coverage/
+.coverage
 **/node_modules/
 .#*
 __pycache__/

.pre-commit-config.yaml

@@ -21,6 +21,13 @@ repos:
     hooks:
       - id: flake8
 
+  - repo: https://github.com/psf/black
+    rev: "24.10.0"
+    hooks:
+      - id: black
+        language_version: python3
+        args: [--line-length=120]
+
   - repo: local
     hooks:
       - id: lint-githubactions

Makefile

@@ -10,6 +10,8 @@ install: install-python install-hooks install-node
 
 install-python:
 	poetry install
+	cd packages/slackBotFunction && pip install -r requirements.txt && pip install -r requirements-test.txt
+	cd packages/createIndexFunction && pip install -r requirements.txt && pip install -r requirements-test.txt
 
 install-hooks: install-python
 	poetry run pre-commit install --install-hooks --overwrite
@@ -27,7 +29,7 @@ git-secrets-docker-setup:
 	export LOCAL_WORKSPACE_FOLDER=$(pwd)
 	docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets .
 
-lint: lint-githubactions lint-githubaction-scripts
+lint: lint-githubactions lint-githubaction-scripts lint-black lint-flake8
 
 lint-githubactions:
 	actionlint
@@ -36,12 +38,23 @@ lint-githubaction-scripts:
 	shellcheck ./scripts/*.sh
 	shellcheck .github/scripts/*.sh
 
-test: compile-node
-	npm run test --workspace packages/cdk
+lint-black:
+	poetry run black .
+
+lint-flake8:
+	poetry run flake8 .
+
+test:
+	cd packages/slackBotFunction && PYTHONPATH=. COVERAGE_FILE=coverage/.coverage python -m pytest
+	cd packages/createIndexFunction && PYTHONPATH=. COVERAGE_FILE=coverage/.coverage python -m pytest
 
 clean:
 	rm -rf packages/cdk/coverage
 	rm -rf packages/cdk/lib
+	rm -rf packages/slackBotFunction/coverage
+	rm -rf packages/slackBotFunction/.coverage
+	rm -rf packages/createIndexFunction/coverage
+	rm -rf packages/createIndexFunction/.coverage
 	rm -rf cdk.out
 	rm -rf .build
 
@@ -66,7 +79,7 @@ aws-login:
 cfn-guard:
 	./scripts/run_cfn_guard.sh
 
-cdk-deploy: guard-stack_name
+cdk-deploy: guard-STACK_NAME
 	REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \
 	VERSION_NUMBER="$${VERSION_NUMBER:-undefined}" && \
 	COMMIT_ID="$${COMMIT_ID:-undefined}" && \
@@ -76,7 +89,7 @@ cdk-deploy: guard-stack_name
 		--ci true \
 		--require-approval $${REQUIRE_APPROVAL} \
 		--context accountId=$$ACCOUNT_ID \
-		--context stackName=$$stack_name \
+		--context stackName=$$STACK_NAME \
 		--context versionNumber=$$VERSION_NUMBER \
 		--context commitId=$$COMMIT_ID \
 		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS \
@@ -100,12 +113,12 @@ cdk-diff:
 	npx cdk diff \
 		--app "npx ts-node --prefer-ts-exts packages/cdk/bin/EpsAssistMeApp.ts" \
 		--context accountId=$$ACCOUNT_ID \
-		--context stackName=$$stack_name \
+		--context stackName=$$STACK_NAME \
 		--context versionNumber=$$VERSION_NUMBER \
 		--context commitId=$$COMMIT_ID \
 		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS
 
-cdk-watch: guard-stack_name
+cdk-watch: guard-STACK_NAME
 	REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \
 	VERSION_NUMBER="$${VERSION_NUMBER:-undefined}" && \
 	COMMIT_ID="$${COMMIT_ID:-undefined}" && \
@@ -116,7 +129,7 @@ cdk-watch: guard-stack_name
 		--ci true \
 		--require-approval $${REQUIRE_APPROVAL} \
 		--context accountId=$$ACCOUNT_ID \
-		--context stackName=$$stack_name \
+		--context stackName=$$STACK_NAME \
 		--context versionNumber=$$VERSION_NUMBER \
 		--context commitId=$$COMMIT_ID \
 		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS \

README.md

@@ -105,7 +105,7 @@ When the token expires, you may need to reauthorise using `make aws-login`
 For deployment, the following environment variables are required:
 
 - `ACCOUNT_ID`: AWS Account ID
-- `stack_name`: Name of the CloudFormation stack
+- `STACK_NAME`: Name of the CloudFormation stack
 - `VERSION_NUMBER`: Version number for the deployment
 - `COMMIT_ID`: Git commit ID
 - `LOG_RETENTION_IN_DAYS`: CloudWatch log retention period
@@ -139,10 +139,10 @@ There are `make` commands that are run as part of the CI pipeline and help alias
 #### CDK targets
 These are used to do common commands related to cdk
 
-- `cdk-deploy` Builds and deploys the code to AWS. Requires `stack_name` environment variable.
+- `cdk-deploy` Builds and deploys the code to AWS. Requires `STACK_NAME` environment variable.
 - `cdk-synth` Converts the CDK code to cloudformation templates.
 - `cdk-diff` Runs cdk diff, comparing the deployed stack with the local CDK code to identify differences.
-- `cdk-watch` Syncs the code and CDK templates to AWS. This keeps running and automatically uploads changes to AWS. Requires `stack_name` environment variable.
+- `cdk-watch` Syncs the code and CDK templates to AWS. This keeps running and automatically uploads changes to AWS. Requires `STACK_NAME` environment variable.
 
 #### Clean and deep-clean targets
 
@@ -152,9 +152,11 @@ These are used to do common commands related to cdk
 #### Linting and testing
 
 - `lint` Runs lint for GitHub Actions and scripts.
+- `lint-black` Runs black formatter on Python code.
+- `lint-flake8` Runs flake8 linter on Python code.
 - `lint-githubactions` Lints the repository's GitHub Actions workflows.
 - `lint-githubaction-scripts` Lints all shell scripts in `.github/scripts` using ShellCheck.
-- `test` Runs unit tests for CDK code.
+- `test` Runs unit tests for Lambda functions.
 - `cfn-guard` Runs cfn-guard against CDK resources.
 - `pre-commit` Runs pre-commit hooks on all files.
 

packages/cdk/constructs/DynamoDbTable.ts

@@ -0,0 +1,44 @@
+import {Construct} from "constructs"
+import {RemovalPolicy} from "aws-cdk-lib"
+import {
+  TableV2,
+  AttributeType,
+  Billing,
+  TableEncryptionV2
+} from "aws-cdk-lib/aws-dynamodb"
+import {Key} from "aws-cdk-lib/aws-kms"
+
+export interface DynamoDbTableProps {
+  readonly tableName: string
+  readonly partitionKey: {
+    name: string
+    type: AttributeType
+  }
+  readonly timeToLiveAttribute?: string
+}
+
+export class DynamoDbTable extends Construct {
+  public readonly table: TableV2
+  public readonly kmsKey: Key
+
+  constructor(scope: Construct, id: string, props: DynamoDbTableProps) {
+    super(scope, id)
+
+    this.kmsKey = new Key(this, "TableKey", {
+      enableKeyRotation: true,
+      description: `KMS key for ${props.tableName} DynamoDB table encryption`,
+      removalPolicy: RemovalPolicy.DESTROY
+    })
+    this.kmsKey.addAlias(`alias/${props.tableName}-dynamodb-key`)
+
+    this.table = new TableV2(this, props.tableName, {
+      tableName: props.tableName,
+      partitionKey: props.partitionKey,
+      billing: Billing.onDemand(),
+      timeToLiveAttribute: props.timeToLiveAttribute,
+      pointInTimeRecovery: true,
+      removalPolicy: RemovalPolicy.DESTROY,
+      encryption: TableEncryptionV2.customerManagedKey(this.kmsKey)
+    })
+  }
+}

packages/cdk/constructs/OpenSearchCollection.ts

@@ -2,8 +2,8 @@ import {Construct} from "constructs"
 import {CfnCollection, CfnSecurityPolicy, CfnAccessPolicy} from "aws-cdk-lib/aws-opensearchserverless"
 
 export interface OpenSearchCollectionProps {
-  collectionName: string
-  principals: Array<string>
+  readonly collectionName: string
+  readonly principals: Array<string>
 }
 
 export class OpenSearchCollection extends Construct {

packages/cdk/constructs/S3Bucket.ts

@@ -9,29 +9,33 @@ import {
 import {Key} from "aws-cdk-lib/aws-kms"
 
 export interface S3BucketProps {
-  bucketName: string
-  kmsKey: Key
-  versioned: boolean
+  readonly bucketName: string
+  readonly versioned: boolean
 }
 
 export class S3Bucket extends Construct {
   public readonly bucket: Bucket
-  public readonly kmsKey?: Key
+  public readonly kmsKey: Key
 
   constructor(scope: Construct, id: string, props: S3BucketProps) {
     super(scope, id)
 
+    this.kmsKey = new Key(this, "BucketKey", {
+      enableKeyRotation: true,
+      description: `KMS key for ${props.bucketName} S3 bucket encryption`,
+      removalPolicy: RemovalPolicy.DESTROY
+    })
+    this.kmsKey.addAlias(`alias/${props.bucketName}-s3-key`)
+
     this.bucket = new Bucket(this, props.bucketName, {
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
       encryption: BucketEncryption.KMS,
-      encryptionKey: props.kmsKey,
+      encryptionKey: this.kmsKey,
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteObjects: true,
       enforceSSL: true,
       versioned: props.versioned ?? false,
       objectOwnership: ObjectOwnership.BUCKET_OWNER_ENFORCED
     })
-
-    this.kmsKey = props.kmsKey
   }
 }

packages/cdk/constructs/SecretWithParameter.ts

@@ -4,10 +4,10 @@ import {StringParameter, ParameterTier} from "aws-cdk-lib/aws-ssm"
 import {Secret} from "aws-cdk-lib/aws-secretsmanager"
 
 export interface SecretWithParameterProps {
-  secretName: string
-  parameterName: string
-  description: string
-  secretValue: string
+  readonly secretName: string
+  readonly parameterName: string
+  readonly description: string
+  readonly secretValue: string
 }
 
 export class SecretWithParameter extends Construct {