VED-386: Handle the new format for supplier permissions on Batch. (#638)

Configurable authorization for Batch Processor

Author: mfjarvis

.github/workflows/sonarcloud.yml

@@ -40,7 +40,7 @@ jobs:
         id: filenameprocessor
         continue-on-error: true
         run: |
-          poetry env use 3.10
+          poetry env use 3.11
           poetry install
           poetry run coverage run -m unittest discover || echo "filenameprocessor tests failed" >> ../failed_tests.txt
           poetry run coverage xml -o ../filenameprocessor-coverage.xml
@@ -50,7 +50,7 @@ jobs:
         id: recordprocessor
         continue-on-error: true
         run: |
-          poetry env use 3.10
+          poetry env use 3.11
           poetry install
           poetry run coverage run -m unittest discover || echo "recordprocessor tests failed" >> ../failed_tests.txt
           poetry run coverage xml -o ../recordprocessor-coverage.xml

filenameprocessor/Dockerfile

@@ -1,4 +1,4 @@
-FROM public.ecr.aws/lambda/python:3.10 AS base
+FROM public.ecr.aws/lambda/python:3.11 AS base
 
 # Create non-root user
 RUN mkdir -p /home/appuser && \

filenameprocessor/batch.Dockerfile

@@ -1,4 +1,4 @@
-FROM public.ecr.aws/lambda/python:3.10 as base
+FROM public.ecr.aws/lambda/python:3.11 as base
 
 RUN pip install "poetry~=1.5.0"
 

filenameprocessor/poetry.lock

@@ -7,7 +7,7 @@ authors = ["Your Name <[email protected]>"]
 packages = [{ include = "src" }]
 
 [tool.poetry.dependencies]
-python = "~3.10"
+python = "~3.11"
 "fhir.resources" = "~7.0.2"
 boto3 = "~1.38.42"
 boto3-stubs-lite = { extras = ["dynamodb"], version = "~1.38.42" }

filenameprocessor/pyproject.toml

@@ -16,7 +16,7 @@
 AUDIT_TABLE_QUEUE_NAME_GSI = "queue_name_index"
 AUDIT_TABLE_FILENAME_GSI = "filename_index"
 
-PERMISSIONS_CONFIG_FILE_KEY = "permissions_config.json"
+SUPPLIER_PERMISSIONS_HASH_KEY = "supplier_permissions"
 VACCINE_TYPE_TO_DISEASES_HASH_KEY = "vacc_to_diseases"
 
 ERROR_TYPE_TO_STATUS_CODE_MAP = {
@@ -60,10 +60,11 @@ class Constants:
         "8J1100001": "PINNACLE",
         "8HK48": "SONAR",
         "YGA": "TPP",
+        "V0V8L": "MAVIS",
+        "X8E5B": "RAVS",
         "0DE": "AGEM-NIVS",
         "0DF": "NIMS",
         "8HA94": "EVA",
-        "X26": "RAVS",
         "YGMYH": "MEDICAL_DIRECTOR",
         "W00": "WELSH_DA_1",
         "W000": "WELSH_DA_2",

filenameprocessor/src/constants.py

@@ -1,21 +1,12 @@
-"Upload the content from a config file in S3 to ElastiCache (Redis)"
-
 import json
-from clients import s3_client, redis_client
-from constants import PERMISSIONS_CONFIG_FILE_KEY, VACCINE_TYPE_TO_DISEASES_HASH_KEY
-
-
-def upload_to_elasticache(file_key: str, bucket_name: str) -> None:
-    """Uploads the config file content from S3 to ElastiCache (Redis)."""
-    config_file = s3_client.get_object(Bucket=bucket_name, Key=file_key)
-    config_file_content = config_file["Body"].read().decode("utf-8")
-    # Use the file_key as the Redis key and file content as the value
-    redis_client.set(file_key, config_file_content)
+from clients import redis_client
+from constants import VACCINE_TYPE_TO_DISEASES_HASH_KEY, SUPPLIER_PERMISSIONS_HASH_KEY
 
 
-def get_permissions_config_json_from_cache() -> dict:
+def get_supplier_permissions_from_cache(supplier_system: str) -> list[str]:
     """Gets and returns the permissions config file content from ElastiCache (Redis)."""
-    return json.loads(redis_client.get(PERMISSIONS_CONFIG_FILE_KEY))
+    permissions_str = redis_client.hget(SUPPLIER_PERMISSIONS_HASH_KEY, supplier_system)
+    return json.loads(permissions_str) if permissions_str else []
 
 
 def get_valid_vaccine_types_from_cache() -> list[str]:

filenameprocessor/src/elasticache.py

@@ -14,7 +14,6 @@
 from make_and_upload_ack_file import make_and_upload_the_ack_file
 from audit_table import upsert_audit_table, get_next_queued_file_details, ensure_file_is_not_a_duplicate
 from clients import logger
-from elasticache import upload_to_elasticache
 from logging_decorator import logging_decorator
 from supplier_permissions import validate_vaccine_type_permissions
 from errors import (
@@ -140,17 +139,6 @@ def handle_record(record) -> dict:
                 "supplier": supplier
             }
 
-    elif "config" in bucket_name:
-        try:
-            upload_to_elasticache(file_key, bucket_name)
-            logger.info("%s content successfully uploaded to cache", file_key)
-            message = "File content successfully uploaded to cache"
-            return {"statusCode": 200, "message": message, "file_key": file_key}
-        except Exception as error:  # pylint: disable=broad-except
-            logger.error("Error uploading to cache for file '%s': %s", file_key, error)
-            message = "Failed to upload file content to cache"
-            return {"statusCode": 500, "message": message, "file_key": file_key, "error": str(error)}
-
     else:
         try:
             vaccine_type, supplier = validate_file_key(file_key)

filenameprocessor/src/file_name_processor.py

@@ -27,7 +27,12 @@ def send_to_supplier_queue(message_body: dict, vaccine_type: str, supplier: str)
 
 
 def make_and_send_sqs_message(
-    file_key: str, message_id: str, permission: str, vaccine_type: str, supplier: str, created_at_formatted_string: str
+    file_key: str,
+    message_id: str,
+    permission: list[str],
+    vaccine_type: str,
+    supplier: str,
+    created_at_formatted_string: str
 ) -> None:
     """Attempts to send a message to the SQS queue. Raises an exception if the message is not successfully sent."""
     message_body = {

filenameprocessor/src/send_sqs_message.py

@@ -2,27 +2,18 @@
 
 from clients import logger
 from errors import VaccineTypePermissionsError
-from elasticache import get_permissions_config_json_from_cache
-
-
-def get_supplier_permissions(supplier: str) -> list:
-    """
-    Returns the permissions for the given supplier.
-    Defaults return value is an empty list, including when the supplier has no permissions.
-    """
-    permissions_config = get_permissions_config_json_from_cache()
-    return permissions_config.get("all_permissions", {}).get(supplier, [])
+from elasticache import get_supplier_permissions_from_cache
 
 
 def validate_vaccine_type_permissions(vaccine_type: str, supplier: str) -> list:
     """
     Returns the list of permissions for the given supplier.
     Raises an exception if the supplier does not have at least one permission for the vaccine type.
     """
-    supplier_permissions = get_supplier_permissions(supplier)
+    supplier_permissions = get_supplier_permissions_from_cache(supplier)
 
     # Validate that supplier has at least one permissions for the vaccine type
-    if not any(vaccine_type in permission for permission in supplier_permissions):
+    if not any(permission.split(".")[0] == vaccine_type for permission in supplier_permissions):
         error_message = f"Initial file validation failed: {supplier} does not have permissions for {vaccine_type}"
         logger.error(error_message)
         raise VaccineTypePermissionsError(error_message)