[NDR-28] new search document ref lambda

Author: NogaNHS

infrastructure/README.md

@@ -43,7 +43,6 @@
 | <a name="module_cloudfront-distribution-lg"></a> [cloudfront-distribution-lg](#module\_cloudfront-distribution-lg) | ./modules/cloudfront | n/a |
 | <a name="module_cloudfront_edge_dynamodb_table"></a> [cloudfront\_edge\_dynamodb\_table](#module\_cloudfront\_edge\_dynamodb\_table) | ./modules/dynamo_db | n/a |
 | <a name="module_cloudfront_firewall_waf_v2"></a> [cloudfront\_firewall\_waf\_v2](#module\_cloudfront\_firewall\_waf\_v2) | ./modules/firewall_waf_v2 | n/a |
-| <a name="module_create-doc-ref-gateway"></a> [create-doc-ref-gateway](#module\_create-doc-ref-gateway) | ./modules/gateway | n/a |
 | <a name="module_create-doc-ref-lambda"></a> [create-doc-ref-lambda](#module\_create-doc-ref-lambda) | ./modules/lambda | n/a |
 | <a name="module_create-token-gateway"></a> [create-token-gateway](#module\_create-token-gateway) | ./modules/gateway | n/a |
 | <a name="module_create-token-lambda"></a> [create-token-lambda](#module\_create-token-lambda) | ./modules/lambda | n/a |
@@ -66,6 +65,7 @@
 | <a name="module_document_manifest_alarm"></a> [document\_manifest\_alarm](#module\_document\_manifest\_alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_document_manifest_alarm_topic"></a> [document\_manifest\_alarm\_topic](#module\_document\_manifest\_alarm\_topic) | ./modules/sns | n/a |
 | <a name="module_document_reference_dynamodb_table"></a> [document\_reference\_dynamodb\_table](#module\_document\_reference\_dynamodb\_table) | ./modules/dynamo_db | n/a |
+| <a name="module_document_reference_gateway"></a> [document\_reference\_gateway](#module\_document\_reference\_gateway) | ./modules/gateway | n/a |
 | <a name="module_edge-presign-lambda"></a> [edge-presign-lambda](#module\_edge-presign-lambda) | ./modules/lambda_edge | n/a |
 | <a name="module_edge_presign_alarm"></a> [edge\_presign\_alarm](#module\_edge\_presign\_alarm) | ./modules/lambda_alarms | n/a |
 | <a name="module_edge_presign_alarm_topic"></a> [edge\_presign\_alarm\_topic](#module\_edge\_presign\_alarm\_topic) | ./modules/sns | n/a |
@@ -127,6 +127,7 @@
 | <a name="module_pdf-stitching-lambda"></a> [pdf-stitching-lambda](#module\_pdf-stitching-lambda) | ./modules/lambda | n/a |
 | <a name="module_pdf-stitching-lambda-alarms"></a> [pdf-stitching-lambda-alarms](#module\_pdf-stitching-lambda-alarms) | ./modules/lambda_alarms | n/a |
 | <a name="module_route53_fargate_ui"></a> [route53\_fargate\_ui](#module\_route53\_fargate\_ui) | ./modules/route53 | n/a |
+| <a name="module_search-document-references-fhir-lambda"></a> [search-document-references-fhir-lambda](#module\_search-document-references-fhir-lambda) | ./modules/lambda | n/a |
 | <a name="module_search-document-references-gateway"></a> [search-document-references-gateway](#module\_search-document-references-gateway) | ./modules/gateway | n/a |
 | <a name="module_search-document-references-lambda"></a> [search-document-references-lambda](#module\_search-document-references-lambda) | ./modules/lambda | n/a |
 | <a name="module_search-patient-details-gateway"></a> [search-patient-details-gateway](#module\_search-patient-details-gateway) | ./modules/gateway | n/a |
@@ -185,6 +186,7 @@
 | [aws_api_gateway_integration_response.get_document_reference_mock_403_response](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration_response) | resource |
 | [aws_api_gateway_integration_response.get_document_reference_mock_404_response](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_integration_response) | resource |
 | [aws_api_gateway_method.get_document_reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
+| [aws_api_gateway_method.get_document_references_fhir](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
 | [aws_api_gateway_method.login_proxy_method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
 | [aws_api_gateway_method.sandbox_get_document_reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method) | resource |
 | [aws_api_gateway_method_response.response_200](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_response) | resource |
@@ -346,6 +348,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_audit_dynamodb_table_name"></a> [access\_audit\_dynamodb\_table\_name](#input\_access\_audit\_dynamodb\_table\_name) | The name of the dynamodb table to store the audit of access to deceased patient records | `string` | `"AccessAudit"` | no |
+| <a name="input_apim_environment"></a> [apim\_environment](#input\_apim\_environment) | n/a | `any` | n/a | yes |
 | <a name="input_auth_session_dynamodb_table_name"></a> [auth\_session\_dynamodb\_table\_name](#input\_auth\_session\_dynamodb\_table\_name) | The name of the dynamodb table to store user login sessions | `string` | `"AuthSessionReferenceMetadata"` | no |
 | <a name="input_auth_state_dynamodb_table_name"></a> [auth\_state\_dynamodb\_table\_name](#input\_auth\_state\_dynamodb\_table\_name) | The name of the dynamodb table to store the state values (for CIS2 authorisation) | `string` | `"AuthStateReferenceMetadata"` | no |
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | This is a list that specifies all the Availability Zones that will have a pair of public and private subnets | `list(string)` | <pre>[<br/>  "eu-west-2a",<br/>  "eu-west-2b",<br/>  "eu-west-2c"<br/>]</pre> | no |

infrastructure/api.tf

@@ -47,7 +47,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.access-audit-lambda,
     module.back-channel-logout-gateway,
     module.back_channel_logout_lambda,
-    module.create-doc-ref-gateway,
+    module.document_reference_gateway,
     module.create-doc-ref-lambda,
     module.create-token-gateway,
     module.create-token-lambda,

infrastructure/dev.tfvars

@@ -8,4 +8,6 @@ cloudwatch_alarm_evaluation_periods = 5
 poll_frequency                      = "3600"
 
 standalone_vpc_tag    = "ndr-dev"
-standalone_vpc_ig_tag = "ndr-dev"
+standalone_vpc_ig_tag = "ndr-dev"
+
+apim_environment = "internal-dev."

infrastructure/lambda-create-doc-ref.tf

@@ -1,4 +1,4 @@
-module "create-doc-ref-gateway" {
+module "document_reference_gateway" {
   source              = "./modules/gateway"
   api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
   parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api.root_resource_id
@@ -73,7 +73,7 @@ module "create-doc-ref-lambda" {
     module.ndr-app-config.app_config_policy,
   ]
   rest_api_id  = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id  = module.create-doc-ref-gateway.gateway_resource_id
+  resource_id  = module.document_reference_gateway.gateway_resource_id
   http_methods = ["POST"]
   memory_size  = 512
 
@@ -96,7 +96,7 @@ module "create-doc-ref-lambda" {
     module.document_reference_dynamodb_table,
     module.lloyd_george_reference_dynamodb_table,
     module.ndr-bulk-staging-store,
-    module.create-doc-ref-gateway,
+    module.document_reference_gateway,
     module.ndr-app-config,
     module.lloyd_george_reference_dynamodb_table,
     module.document_reference_dynamodb_table,

infrastructure/lambda-get-document-nrl.tf

@@ -1,6 +1,6 @@
 resource "aws_api_gateway_resource" "get_document_reference" {
   rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  parent_id   = module.create-doc-ref-gateway.gateway_resource_id
+  parent_id   = module.document_reference_gateway.gateway_resource_id
   path_part   = "{id}"
 }
 

infrastructure/lambda-search-document-references-fhir.tf

@@ -0,0 +1,42 @@
+resource "aws_api_gateway_method" "get_document_references_fhir" {
+  count            = local.is_production ? 0 : 1
+  rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  resource_id      = module.document_reference_gateway.gateway_resource_id
+  http_method      = "GET"
+  authorization    = "NONE"
+  api_key_required = true
+}
+
+
+module "search-document-references-fhir-lambda" {
+  count   = local.is_production ? 0 : 1
+  source  = "./modules/lambda"
+  name    = "SearchDocumentReferencesFHIRLambda"
+  handler = "handlers.fhir_document_reference_search_handler.lambda_handler"
+  iam_role_policy_documents = [
+    module.document_reference_dynamodb_table.dynamodb_read_policy_document,
+    module.document_reference_dynamodb_table.dynamodb_write_policy_document,
+    module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
+    module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
+    module.ndr-lloyd-george-store.s3_read_policy_document,
+    module.ndr-document-store.s3_read_policy_document,
+    module.ndr-app-config.app_config_policy
+  ]
+  rest_api_id       = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  resource_id       = module.document_reference_gateway.gateway_resource_id
+  http_methods      = ["GET"]
+  api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  lambda_environment_variables = {
+    APPCONFIG_APPLICATION           = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT           = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION         = module.ndr-app-config.app_config_configuration_profile_id
+    DYNAMODB_TABLE_LIST             = "[\u0022${terraform.workspace}_${var.docstore_dynamodb_table_name}\u0022, \u0022${terraform.workspace}_${var.lloyd_george_dynamodb_table_name}\u0022]"
+    DOCUMENT_RETRIEVE_ENDPOINT_APIM = "${local.apim_api_url}/DocumentReference"
+    WORKSPACE                       = terraform.workspace
+  }
+  depends_on = [
+    aws_api_gateway_rest_api.ndr_doc_store_api,
+    module.search-document-references-gateway,
+    module.ndr-app-config
+  ]
+}

infrastructure/moved-resources.tf

@@ -0,0 +1,6 @@
+# PRM-28
+
+moved {
+  from = module.create-doc-ref-gateway
+  to   = module.document_reference_gateway
+}

infrastructure/preprod.tfvars

@@ -8,4 +8,6 @@ cloudwatch_alarm_evaluation_periods = 30
 poll_frequency                      = "60"
 
 standalone_vpc_tag    = "ndr-pre-prod"
-standalone_vpc_ig_tag = "ndr-pre-prod"
+standalone_vpc_ig_tag = "ndr-pre-prod"
+
+apim_environment = "int."

infrastructure/prod.tfvars

@@ -8,4 +8,6 @@ cloudwatch_alarm_evaluation_periods = 30
 poll_frequency                      = "60"
 
 standalone_vpc_tag    = "ndr-prod"
-standalone_vpc_ig_tag = "ndr-prod"
+standalone_vpc_ig_tag = "ndr-prod"
+
+apim_environment = ""

infrastructure/test.tfvars

@@ -8,4 +8,6 @@ cloudwatch_alarm_evaluation_periods = 5
 poll_frequency                      = "10"
 
 standalone_vpc_tag    = "ndr-test"
-standalone_vpc_ig_tag = "ndr-test"
+standalone_vpc_ig_tag = "ndr-test"
+
+apim_environment = "internal-qa."