[NDR-50] Refactor Get document reference (#296)

* [NDR-50] rename retrieve document reference endpoint

Author: NogaNHS

infrastructure/README.md

@@ -8,7 +8,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.86.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.84.0 |
 
 ## Modules
 
@@ -80,7 +80,7 @@
 | <a name="module_generate-lloyd-george-stitch-alarm"></a> [generate-lloyd-george-stitch-alarm](#module\_generate-lloyd-george-stitch-alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_generate-lloyd-george-stitch-alarm-topic"></a> [generate-lloyd-george-stitch-alarm-topic](#module\_generate-lloyd-george-stitch-alarm-topic) | ./modules/sns | n/a |
 | <a name="module_generate-lloyd-george-stitch-lambda"></a> [generate-lloyd-george-stitch-lambda](#module\_generate-lloyd-george-stitch-lambda) | ./modules/lambda | n/a |
-| <a name="module_get-doc-nrl-lambda"></a> [get-doc-nrl-lambda](#module\_get-doc-nrl-lambda) | ./modules/lambda | n/a |
+| <a name="module_get-doc-fhir-lambda"></a> [get-doc-fhir-lambda](#module\_get-doc-fhir-lambda) | ./modules/lambda | n/a |
 | <a name="module_get-report-by-ods-alarm"></a> [get-report-by-ods-alarm](#module\_get-report-by-ods-alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_get-report-by-ods-alarm-topic"></a> [get-report-by-ods-alarm-topic](#module\_get-report-by-ods-alarm-topic) | ./modules/sns | n/a |
 | <a name="module_get-report-by-ods-gateway"></a> [get-report-by-ods-gateway](#module\_get-report-by-ods-gateway) | ./modules/gateway | n/a |
@@ -250,8 +250,8 @@
 | [aws_iam_role.cross_account_backup_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.data_collection_ecs_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.data_collection_task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.get_fhir_doc_presign_url_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.manifest_presign_url_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role.nrl_get_doc_presign_url_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.ods_report_presign_url_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.s3_backup_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.splunk_sqs_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -274,9 +274,9 @@
 | [aws_iam_role_policy_attachment.data_collection_ssm_access_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.data_collection_statistical_reports_store](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.data_collection_statistics_dynamodb_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.get_doc_presign_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.lambda_stitch-lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.manifest_presign_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.nrl_get_doc_presign_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.ods_report_presign_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.policy_audit_get-report-by-ods-lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.policy_audit_search-patient-details-lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

infrastructure/api.tf

@@ -57,6 +57,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.document-manifest-job-lambda,
     module.feature-flags-gateway,
     module.feature-flags-lambda,
+    module.get-doc-fhir-lambda,
     module.get-report-by-ods-gateway,
     module.get-report-by-ods-lambda,
     module.lloyd-george-stitch-gateway,

infrastructure/iam.tf

@@ -115,7 +115,7 @@ resource "aws_iam_role_policy_attachment" "manifest_presign_url" {
 
 
 resource "aws_iam_policy" "s3_document_data_policy_for_get_doc_ref_lambda" {
-  name = "${terraform.workspace}_get_document_only_policy_for_nrl_get_doc_lambda"
+  name = "${terraform.workspace}_get_document_only_policy_for_get_doc_lambda"
 
   policy = jsonencode({
     "Version" : "2012-10-17",
@@ -132,23 +132,27 @@ resource "aws_iam_policy" "s3_document_data_policy_for_get_doc_ref_lambda" {
 }
 
 data "aws_iam_policy_document" "assume_role_policy_for_get_doc_ref_lambda" {
+  count = local.is_production ? 0 : 1
   statement {
     actions = ["sts:AssumeRole"]
 
     principals {
       type        = "AWS"
-      identifiers = [module.get-doc-nrl-lambda.lambda_execution_role_arn]
+      identifiers = [module.get-doc-fhir-lambda[0].lambda_execution_role_arn]
     }
   }
 }
 
-resource "aws_iam_role" "nrl_get_doc_presign_url_role" {
-  name               = "${terraform.workspace}_nrl_get_doc_presign_url_role"
-  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_for_get_doc_ref_lambda.json
+resource "aws_iam_role" "get_fhir_doc_presign_url_role" {
+  count              = local.is_production ? 0 : 1
+  name               = "${terraform.workspace}_get_fhir_doc_presign_url_role"
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy_for_get_doc_ref_lambda[0].json
 }
 
-resource "aws_iam_role_policy_attachment" "nrl_get_doc_presign_url" {
-  role       = aws_iam_role.nrl_get_doc_presign_url_role.name
+
+resource "aws_iam_role_policy_attachment" "get_doc_presign_url" {
+  count      = local.is_production ? 0 : 1
+  role       = aws_iam_role.get_fhir_doc_presign_url_role[0].name
   policy_arn = aws_iam_policy.s3_document_data_policy_for_get_doc_ref_lambda.arn
 }
 

infrastructure/lambda-get-document-nrl.tf …frastructure/lambda-get-document-fhir.tfinfrastructure/lambda-get-document-nrl.tf renamed to infrastructure/lambda-get-document-fhir.tf infrastructure/lambda-get-document-nrl.tf renamed to infrastructure/lambda-get-document-fhir.tf

@@ -1,12 +1,14 @@
 resource "aws_api_gateway_resource" "get_document_reference" {
+  count       = local.is_production ? 0 : 1
   rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
   parent_id   = module.create-doc-ref-gateway.gateway_resource_id
   path_part   = "{id}"
 }
 
 resource "aws_api_gateway_method" "get_document_reference" {
+  count            = local.is_production ? 0 : 1
   rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id      = aws_api_gateway_resource.get_document_reference.id
+  resource_id      = aws_api_gateway_resource.get_document_reference[0].id
   http_method      = "GET"
   authorization    = "NONE"
   api_key_required = true
@@ -15,17 +17,20 @@ resource "aws_api_gateway_method" "get_document_reference" {
   }
 }
 
-module "get-doc-nrl-lambda" {
+
+module "get-doc-fhir-lambda" {
+  count   = local.is_production ? 0 : 1
   source  = "./modules/lambda"
   name    = "GetDocumentReference"
-  handler = "handlers.nrl_get_document_reference_handler.lambda_handler"
+  handler = "handlers.get_fhir_document_reference_handler.lambda_handler"
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
+    module.ndr-lloyd-george-store.s3_read_policy_document,
   ]
   rest_api_id       = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id       = aws_api_gateway_resource.get_document_reference.id
+  resource_id       = aws_api_gateway_resource.get_document_reference[0].id
   http_methods      = ["GET"]
   api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
@@ -34,8 +39,9 @@ module "get-doc-nrl-lambda" {
     APPCONFIG_CONFIGURATION    = module.ndr-app-config.app_config_configuration_profile_id
     WORKSPACE                  = terraform.workspace
     ENVIRONMENT                = var.environment
-    PRESIGNED_ASSUME_ROLE      = aws_iam_role.nrl_get_doc_presign_url_role.arn
+    PRESIGNED_ASSUME_ROLE      = aws_iam_role.get_fhir_doc_presign_url_role[0].arn
     LLOYD_GEORGE_DYNAMODB_NAME = "${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}"
+    OIDC_CALLBACK_URL          = contains(["prod"], terraform.workspace) ? "https://${var.domain}/auth-callback" : "https://${terraform.workspace}.${var.domain}/auth-callback"
     CLOUDFRONT_URL             = module.cloudfront-distribution-lg.cloudfront_url
     PDS_FHIR_IS_STUBBED        = local.is_sandbox
   }

infrastructure/moved-resources.tf

@@ -0,0 +1,16 @@
+# NDR-50
+
+moved {
+  from = module.get-doc-nrl-lambda
+  to   = module.get-doc-fhir-lambda[0]
+}
+
+moved {
+  from = aws_iam_role.nrl_get_doc_presign_url_role
+  to   = aws_iam_role.get_fhir_doc_presign_url_role[0]
+}
+
+moved {
+  from = aws_iam_role_policy_attachment.nrl_get_doc_presign_url
+  to   = aws_iam_role_policy_attachment.get_doc_presign_url[0]
+}