Merge remote-tracking branch 'origin/main' into PRMT-462

Author: PedroSoaresNHS

infrastructure/README.md

@@ -51,6 +51,7 @@
 | <a name="module_create-token-lambda"></a> [create-token-lambda](#module\_create-token-lambda) | ./modules/lambda | n/a |
 | <a name="module_create_doc_alarm"></a> [create\_doc\_alarm](#module\_create\_doc\_alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_create_doc_alarm_topic"></a> [create\_doc\_alarm\_topic](#module\_create\_doc\_alarm\_topic) | ./modules/sns | n/a |
+| <a name="module_create_document_reference_gateway"></a> [create\_document\_reference\_gateway](#module\_create\_document\_reference\_gateway) | ./modules/gateway | n/a |
 | <a name="module_create_token-alarm"></a> [create\_token-alarm](#module\_create\_token-alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_create_token-alarm_topic"></a> [create\_token-alarm\_topic](#module\_create\_token-alarm\_topic) | ./modules/sns | n/a |
 | <a name="module_data-collection-alarm"></a> [data-collection-alarm](#module\_data-collection-alarm) | ./modules/lambda_alarms | n/a |
@@ -130,6 +131,7 @@
 | <a name="module_pdf-stitching-alarm-topic"></a> [pdf-stitching-alarm-topic](#module\_pdf-stitching-alarm-topic) | ./modules/sns | n/a |
 | <a name="module_pdf-stitching-lambda"></a> [pdf-stitching-lambda](#module\_pdf-stitching-lambda) | ./modules/lambda | n/a |
 | <a name="module_pdf-stitching-lambda-alarms"></a> [pdf-stitching-lambda-alarms](#module\_pdf-stitching-lambda-alarms) | ./modules/lambda_alarms | n/a |
+| <a name="module_post-document-references-fhir-lambda"></a> [post-document-references-fhir-lambda](#module\_post-document-references-fhir-lambda) | ./modules/lambda | n/a |
 | <a name="module_pdm-document-store"></a> [pdm-document-store](#module\_pdm-document-store) | ./modules/s3/ | n/a |
 | <a name="module_pdm_dynamodb_table"></a> [pdm\_dynamodb\_table](#module\_pdm\_dynamodb\_table) | ./modules/dynamo_db | n/a |
 | <a name="module_route53_fargate_ui"></a> [route53\_fargate\_ui](#module\_route53\_fargate\_ui) | ./modules/route53 | n/a |
@@ -196,7 +198,6 @@
 | [aws_api_gateway_integration_response.get_document_reference_mock_403_response](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration_response) | resource |
 | [aws_api_gateway_integration_response.get_document_reference_mock_404_response](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration_response) | resource |
 | [aws_api_gateway_method.get_document_reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
-| [aws_api_gateway_method.get_document_references_fhir](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
 | [aws_api_gateway_method.login_proxy_method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
 | [aws_api_gateway_method.sandbox_get_document_reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
 | [aws_api_gateway_method_response.response_200](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_response) | resource |

infrastructure/api.tf

@@ -47,8 +47,8 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.access-audit-lambda,
     module.back-channel-logout-gateway,
     module.back_channel_logout_lambda,
-    module.document_reference_gateway,
     module.create-doc-ref-lambda,
+    module.create_document_reference_gateway,
     module.create-token-gateway,
     module.create-token-lambda,
     module.delete-doc-ref-gateway,
@@ -57,6 +57,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.document-manifest-job-lambda,
     module.feature-flags-gateway,
     module.feature-flags-lambda,
+    module.fhir_document_reference_gateway,
     module.get-doc-fhir-lambda,
     module.get-report-by-ods-gateway,
     module.get-report-by-ods-lambda,
@@ -74,6 +75,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.update-upload-state-lambda,
     module.upload_confirm_result_gateway,
     module.upload_confirm_result_lambda,
+    module.post-document-references-fhir-lambda,
     module.virus_scan_result_gateway,
     module.virus_scan_result_lambda
   ]

infrastructure/gateway-document-reference.tf

@@ -0,0 +1,11 @@
+module "fhir_document_reference_gateway" {
+  count               = local.is_production ? 0 : 1
+  source              = "./modules/gateway"
+  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api.root_resource_id
+  http_methods        = ["POST", "GET"]
+  authorization       = "NONE"
+  api_key_required    = true
+  gateway_path        = "FhirDocumentReference"
+  require_credentials = true
+}

infrastructure/iam.tf

@@ -20,8 +20,11 @@ data "aws_iam_policy_document" "assume_role_policy_for_create_lambda" {
     actions = ["sts:AssumeRole"]
 
     principals {
-      type        = "AWS"
-      identifiers = [module.create-doc-ref-lambda.lambda_execution_role_arn]
+      type = "AWS"
+      identifiers = compact([
+        module.create-doc-ref-lambda.lambda_execution_role_arn,
+        local.is_production ? null : module.post-document-references-fhir-lambda[0].lambda_execution_role_arn
+      ])
     }
   }
 }

infrastructure/lambda-create-doc-ref.tf

@@ -1,10 +1,10 @@
-module "document_reference_gateway" {
+module "create_document_reference_gateway" {
   source              = "./modules/gateway"
   api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
   parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api.root_resource_id
   http_methods        = ["POST"]
   authorization       = "CUSTOM"
-  gateway_path        = "DocumentReference"
+  gateway_path        = "CreateDocumentReference"
   authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
   require_credentials = true
   origin              = contains(["prod"], terraform.workspace) ? "'https://${var.domain}'" : "'https://${terraform.workspace}.${var.domain}'"
@@ -73,7 +73,7 @@ module "create-doc-ref-lambda" {
     module.ndr-app-config.app_config_policy,
   ]
   rest_api_id  = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id  = module.document_reference_gateway.gateway_resource_id
+  resource_id  = module.create_document_reference_gateway.gateway_resource_id
   http_methods = ["POST"]
   memory_size  = 512
 
@@ -92,11 +92,11 @@ module "create-doc-ref-lambda" {
     PRESIGNED_ASSUME_ROLE         = aws_iam_role.create_post_presign_url_role.arn
   }
   depends_on = [
+    module.create_document_reference_gateway,
     aws_api_gateway_rest_api.ndr_doc_store_api,
     module.document_reference_dynamodb_table,
     module.lloyd_george_reference_dynamodb_table,
     module.ndr-bulk-staging-store,
-    module.document_reference_gateway,
     module.ndr-app-config,
     module.lloyd_george_reference_dynamodb_table,
     module.document_reference_dynamodb_table,

infrastructure/lambda-get-document-fhir.tf

@@ -1,12 +1,12 @@
 resource "aws_api_gateway_resource" "get_document_reference" {
-  count       = 1
+  count       = local.is_production ? 0 : 1
   rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  parent_id   = module.document_reference_gateway.gateway_resource_id
+  parent_id   = module.fhir_document_reference_gateway[0].gateway_resource_id
   path_part   = "{id}"
 }
 
 resource "aws_api_gateway_method" "get_document_reference" {
-  count            = 1
+  count            = local.is_production ? 0 : 1
   rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
   resource_id      = aws_api_gateway_resource.get_document_reference[0].id
   http_method      = "GET"
@@ -19,7 +19,7 @@ resource "aws_api_gateway_method" "get_document_reference" {
 
 
 module "get-doc-fhir-lambda" {
-  count   = 1
+  count   = local.is_production ? 0 : 1
   source  = "./modules/lambda"
   name    = "GetDocumentReference"
   handler = "handlers.get_fhir_document_reference_handler.lambda_handler"

infrastructure/lambda-post-document-fhir.tf

@@ -0,0 +1,29 @@
+module "post-document-references-fhir-lambda" {
+  count   = local.is_production ? 0 : 1
+  source  = "./modules/lambda"
+  name    = "PostDocumentReferencesFHIR"
+  handler = "handlers.post_fhir_document_reference_handler.lambda_handler"
+  iam_role_policy_documents = [
+    module.document_reference_dynamodb_table.dynamodb_write_policy_document,
+    module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
+    module.ndr-bulk-staging-store.s3_write_policy_document,
+    module.ndr-app-config.app_config_policy,
+    aws_iam_policy.ssm_access_policy.policy
+  ]
+  rest_api_id       = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  resource_id       = module.fhir_document_reference_gateway[0].gateway_resource_id
+  http_methods      = ["POST"]
+  api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  lambda_environment_variables = {
+    APPCONFIG_APPLICATION           = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT           = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION         = module.ndr-app-config.app_config_configuration_profile_id
+    DOCUMENT_STORE_DYNAMODB_NAME    = "${terraform.workspace}_${var.docstore_dynamodb_table_name}"
+    LLOYD_GEORGE_DYNAMODB_NAME      = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
+    STAGING_STORE_BUCKET_NAME       = "${terraform.workspace}-${var.staging_store_bucket_name}"
+    DOCUMENT_RETRIEVE_ENDPOINT_APIM = "${local.apim_api_url}/DocumentReference"
+    PDS_FHIR_IS_STUBBED             = local.is_sandbox
+    WORKSPACE                       = terraform.workspace
+    PRESIGNED_ASSUME_ROLE           = aws_iam_role.create_post_presign_url_role.arn
+  }
+}

infrastructure/lambda-search-document-references-fhir.tf

@@ -1,13 +1,3 @@
-resource "aws_api_gateway_method" "get_document_references_fhir" {
-  count            = local.is_production ? 0 : 1
-  rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id      = module.document_reference_gateway.gateway_resource_id
-  http_method      = "GET"
-  authorization    = "NONE"
-  api_key_required = true
-}
-
-
 module "search-document-references-fhir-lambda" {
   count   = local.is_production ? 0 : 1
   source  = "./modules/lambda"
@@ -23,7 +13,7 @@ module "search-document-references-fhir-lambda" {
     module.ndr-app-config.app_config_policy
   ]
   rest_api_id       = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id       = module.document_reference_gateway.gateway_resource_id
+  resource_id       = module.fhir_document_reference_gateway[0].gateway_resource_id
   http_methods      = ["GET"]
   api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {

infrastructure/modules/gateway/outputs.tf

@@ -1,3 +1,3 @@
-output "gateway_resource_id" {
-  value = aws_api_gateway_resource.gateway_resource.id
+output "gateway_resource_id" {
+  value = aws_api_gateway_resource.gateway_resource.id
 }

infrastructure/modules/gateway/variable.tf

@@ -30,7 +30,8 @@ variable "require_credentials" {
 }
 
 variable "origin" {
-  type = string
+  type    = string
+  default = "'*'"
 }
 
 variable "api_key_required" {