CCM-12875: Various updates

Author: ScottFullerton-NHSE

lambdas/pdm-mock-lambda/README.md

@@ -78,7 +78,7 @@ curl https://<api-gateway-url>/patient-data-manager/FHIR/R4/DocumentReference/te
 
 - `Authorization: Bearer <token>` - Required authentication token (default: `mock-pdm-token`)
 - `Content-Type: application/fhir+json` - Required content type
-- `X-Request-ID: <uuid>` - Used for request tracking and correlation.
+- `X-Request-ID: <uuid>` - Used for request tracking and correlation. This isn't part of the ID or response that gets returned.
 
 **Response (200 OK):**
 
@@ -134,7 +134,7 @@ Both GET and POST endpoints require the `X-Request-ID` header. If it's missing,
 
 ### Error Scenarios
 
-The mock API supports triggering specific error responses for testing. Use these special resource IDs:
+The mock API supports triggering specific error responses for testing in both endpoints. Use these special resource IDs:
 
 | Resource ID              | Status Code | Error Code          | Description                     |
 | ------------------------ | ----------- | ------------------- | ------------------------------- |
@@ -179,7 +179,7 @@ The lambda is configured via environment variables:
 
 | Variable                | Description                              | Default                    |
 | ----------------------- | ---------------------------------------- | -------------------------- |
-| `MOCK_ACCESS_TOKEN`     | Token to use in local/dev environments   | `mock-token-for-local-dev` |
-| `ACCESS_TOKEN_SSM_PATH` | SSM parameter path for the access token  | `/mock/access-token`       |
+| `MOCK_ACCESS_TOKEN`     | Token to use in local/dev environments   | `mock-pdm-token`           |
+| `ACCESS_TOKEN_SSM_PATH` | SSM parameter path for the access token  | `/dl/main/apim/access_token`|
 | `USE_NON_MOCK_TOKEN`    | Use SSM token instead of mock token      | `false`                    |
 | `LOG_LEVEL`             | Logging level (DEBUG, INFO, WARN, ERROR) | `INFO`                     |

lambdas/pdm-mock-lambda/src/__tests__/config.test.ts

@@ -1,4 +1,4 @@
-import { ParameterStoreService, loadConfig } from 'config';
+import { loadConfig } from 'config';
 
 describe('Config', () => {
   const originalEnv = process.env;
@@ -21,8 +21,8 @@ describe('Config', () => {
 
       const config = loadConfig();
 
-      expect(config.mockAccessToken).toBe('mock-token-for-local-dev');
-      expect(config.accessTokenSsmPath).toBe('/mock/access-token');
+      expect(config.mockAccessToken).toBe('mock-pdm-token');
+      expect(config.accessTokenSsmPath).toBe('/dl/main/apim/access_token');
       expect(config.useNonMockToken).toBe(false);
       expect(config.logLevel).toBe('INFO');
     });
@@ -64,99 +64,4 @@ describe('Config', () => {
       expect(config).toBeDefined();
     });
   });
-
-  describe('ParameterStoreService', () => {
-    let service: ParameterStoreService;
-
-    beforeEach(() => {
-      service = new ParameterStoreService();
-    });
-
-    it('should create an instance', () => {
-      expect(service).toBeInstanceOf(ParameterStoreService);
-    });
-
-    it('should use default AWS region when AWS_REGION not set', () => {
-      delete process.env.AWS_REGION;
-      const serviceWithDefaultRegion = new ParameterStoreService();
-      expect(serviceWithDefaultRegion).toBeInstanceOf(ParameterStoreService);
-      expect(serviceWithDefaultRegion.ssmClient).toBeDefined();
-    });
-
-    it('should use AWS_REGION when set', () => {
-      process.env.AWS_REGION = 'us-east-1';
-      const serviceWithCustomRegion = new ParameterStoreService();
-      expect(serviceWithCustomRegion).toBeInstanceOf(ParameterStoreService);
-      expect(serviceWithCustomRegion.ssmClient).toBeDefined();
-    });
-
-    it('should cache parameter values', async () => {
-      const mockParameter = 'test-value';
-      const mockSend = jest.fn().mockResolvedValue({
-        Parameter: { Value: mockParameter },
-      });
-
-      (service as any).ssmClient = {
-        send: mockSend,
-      };
-
-      const result1 = await service.getParameter('/test/path');
-      expect(result1).toBe(mockParameter);
-      expect(mockSend).toHaveBeenCalledTimes(1);
-
-      const result2 = await service.getParameter('/test/path');
-      expect(result2).toBe(mockParameter);
-      expect(mockSend).toHaveBeenCalledTimes(1);
-    });
-
-    it('should refresh cache after TTL expires', async () => {
-      const mockParameter = 'test-value';
-      const mockSend = jest.fn().mockResolvedValue({
-        Parameter: { Value: mockParameter },
-      });
-
-      (service as any).ssmClient = {
-        send: mockSend,
-      };
-
-      (service as any).cacheTtl = 10;
-
-      await service.getParameter('/test/path');
-      expect(mockSend).toHaveBeenCalledTimes(1);
-
-      await new Promise((resolve) => {
-        setTimeout(resolve, 20);
-      });
-
-      await service.getParameter('/test/path');
-      expect(mockSend).toHaveBeenCalledTimes(2);
-    });
-
-    it('should throw error when parameter is not found', async () => {
-      const mockSend = jest.fn().mockResolvedValue({
-        Parameter: {},
-      });
-
-      (service as any).ssmClient = {
-        send: mockSend,
-      };
-
-      await expect(service.getParameter('/missing/path')).rejects.toThrow(
-        'Parameter /missing/path not found or has no value',
-      );
-    });
-
-    it('should handle SSM errors', async () => {
-      const mockError = new Error('SSM error');
-      const mockSend = jest.fn().mockRejectedValue(mockError);
-
-      (service as any).ssmClient = {
-        send: mockSend,
-      };
-
-      await expect(service.getParameter('/error/path')).rejects.toThrow(
-        'SSM error',
-      );
-    });
-  });
 });

lambdas/pdm-mock-lambda/src/__tests__/container.test.ts

@@ -1,5 +1,5 @@
-import { SSMClient } from '@aws-sdk/client-ssm';
 import { createContainer } from 'container';
+import { parameterStore } from 'utils';
 
 jest.mock('utils', () => {
   const actual = jest.requireActual('utils');
@@ -12,16 +12,19 @@ jest.mock('utils', () => {
       error: jest.fn(),
       child: jest.fn(),
     },
+    parameterStore: {
+      getParameter: jest.fn(),
+    },
   };
 });
 
-jest.mock('@aws-sdk/client-ssm');
-
 describe('Container', () => {
   let container: ReturnType<typeof createContainer>;
+  const originalEnv = process.env;
 
   beforeEach(() => {
     jest.clearAllMocks();
+    process.env = { ...originalEnv };
     process.env.MOCK_ACCESS_TOKEN = 'test-token';
     process.env.ACCESS_TOKEN_SSM_PATH = '/test/path';
     process.env.USE_NON_MOCK_TOKEN = 'false';
@@ -30,6 +33,10 @@ describe('Container', () => {
     container = createContainer();
   });
 
+  afterEach(() => {
+    process.env = originalEnv;
+  });
+
   it('should create a container with all required dependencies', () => {
     expect(container).toBeDefined();
     expect(container.authenticator).toBeDefined();
@@ -94,50 +101,38 @@ describe('Container', () => {
   it('should wire getAccessToken to authenticator when using SSM token', async () => {
     const mockTokenValue = JSON.stringify({
       access_token: 'ssm-stored-token',
-      expires_at: 1765187843,
+      expires_at: 1_765_187_843,
       token_type: 'Bearer',
     });
 
-    const mockSend = jest.fn().mockResolvedValue({
-      Parameter: { Value: mockTokenValue },
+    (parameterStore.getParameter as jest.Mock).mockResolvedValue({
+      Value: mockTokenValue,
     });
 
     process.env.USE_NON_MOCK_TOKEN = 'true';
     process.env.ACCESS_TOKEN_SSM_PATH = '/test/token/path';
     process.env.MOCK_ACCESS_TOKEN = 'unused-mock-token';
 
-    (SSMClient as jest.MockedClass<typeof SSMClient>).mockImplementation(
-      () =>
-        ({
-          send: mockSend,
-        }) as any,
-    );
-
     const testContainer = createContainer();
 
     const result = await testContainer.authenticator({
       headers: { Authorization: 'Bearer ssm-stored-token' },
     });
 
     expect(result.isValid).toBe(true);
-    expect(mockSend).toHaveBeenCalled();
+    expect(parameterStore.getParameter).toHaveBeenCalledWith(
+      '/test/token/path',
+    );
   });
 
   it('should handle invalid JSON format in SSM parameter', async () => {
-    const mockSend = jest.fn().mockResolvedValue({
-      Parameter: { Value: 'invalid-json' },
+    (parameterStore.getParameter as jest.Mock).mockResolvedValue({
+      Value: 'invalid-json',
     });
 
     process.env.USE_NON_MOCK_TOKEN = 'true';
     process.env.ACCESS_TOKEN_SSM_PATH = '/test/token/path';
 
-    (SSMClient as jest.MockedClass<typeof SSMClient>).mockImplementation(
-      () =>
-        ({
-          send: mockSend,
-        }) as any,
-    );
-
     const testContainer = createContainer();
 
     await expect(
@@ -146,4 +141,23 @@ describe('Container', () => {
       }),
     ).rejects.toThrow('Invalid access token format in SSM parameter');
   });
+
+  it('should handle missing SSM parameter', async () => {
+    (parameterStore.getParameter as jest.Mock).mockResolvedValue({
+      Value: undefined,
+    });
+
+    process.env.USE_NON_MOCK_TOKEN = 'true';
+    process.env.ACCESS_TOKEN_SSM_PATH = '/test/token/path';
+
+    const testContainer = createContainer();
+
+    await expect(
+      testContainer.authenticator({
+        headers: { Authorization: 'Bearer any-token' },
+      }),
+    ).rejects.toThrow(
+      'Access token parameter "/test/token/path" not found in SSM',
+    );
+  });
 });

lambdas/pdm-mock-lambda/src/__tests__/handlers.test.ts

@@ -79,7 +79,8 @@ describe('GET Resource Handler', () => {
     );
     expect(body.subject.identifier.value).toBe('9912003071');
     expect(body.content[0].attachment.contentType).toBe('application/pdf');
-    expect(body.content[0].attachment.data).toBe('XYZ');
+    expect(body.content[0].attachment.data).toBeDefined();
+    expect(body.content[0].attachment.data).toMatch(/^[A-Za-z0-9+/=]+$/);
     expect(body.content[0].attachment.title).toBe('Dummy PDF');
   });
 
@@ -97,7 +98,7 @@ describe('GET Resource Handler', () => {
     expect(response.statusCode).toBe(400);
     const body = JSON.parse(response.body);
     expect(body.resourceType).toBe('OperationOutcome');
-    expect(body.issue[0].details.coding[0].code).toBe('INVALID_REQUEST');
+    expect(body.issue[0].details.text).toBe('INVALID_REQUEST');
   });
 
   it('should return empty response for empty-response scenario', async () => {
@@ -116,7 +117,7 @@ describe('GET Resource Handler', () => {
   });
 
   describe('error scenarios', () => {
-    const errorCases = [
+    it.each([
       {
         id: 'error-400-invalid',
         expectedStatus: 400,
@@ -152,10 +153,9 @@ describe('GET Resource Handler', () => {
         expectedStatus: 503,
         expectedCode: 'SERVICE_UNAVAILABLE',
       },
-    ];
-
-    for (const { expectedCode, expectedStatus, id } of errorCases) {
-      it(`should return ${expectedStatus} error for ${id}`, async () => {
+    ])(
+      'should return $expectedStatus error for $id',
+      async ({ expectedCode, expectedStatus, id }) => {
         const handler = createGetResourceHandler(mockLogger);
         const event = createMockEvent({
           pathParameters: { id },
@@ -169,9 +169,9 @@ describe('GET Resource Handler', () => {
         expect(response.statusCode).toBe(expectedStatus);
         const body = JSON.parse(response.body);
         expect(body.resourceType).toBe('OperationOutcome');
-        expect(body.issue[0].details.coding[0].code).toBe(expectedCode);
-      });
-    }
+        expect(body.issue[0].details.text).toBe(expectedCode);
+      },
+    );
   });
 
   it('should return 400 error when X-Request-ID header is missing', async () => {
@@ -274,31 +274,13 @@ describe('POST Create Resource Handler', () => {
     expect(body.id).toBe(xRequestId);
   });
 
-  it('should return 400 error for invalid JSON', async () => {
+  it('should return empty response when X-Request-ID is empty-response', async () => {
     const handler = createCreateResourceHandler(mockLogger);
     const event = createMockEvent({
       httpMethod: 'POST',
-      body: 'invalid-json{',
-      headers: {
-        'X-Request-ID': 'invalid-json-test-1234-5678-9abc-def012345678',
-      },
-    });
-
-    const response = await handler(event);
-
-    expect(response.statusCode).toBe(400);
-    const body = JSON.parse(response.body);
-    expect(body.resourceType).toBe('OperationOutcome');
-    expect(body.issue[0].details.coding[0].code).toBe('INVALID_REQUEST');
-  });
-
-  it('should return empty response when emptyResponse flag is set', async () => {
-    const handler = createCreateResourceHandler(mockLogger);
-    const event = createMockEvent({
-      httpMethod: 'POST',
-      body: JSON.stringify({ emptyResponse: true }),
+      body: JSON.stringify({}),
       headers: {
-        'X-Request-ID': 'empty-test-1234-5678-9abc-def012345678',
+        'X-Request-ID': 'empty-response',
       },
     });
 
@@ -308,20 +290,20 @@ describe('POST Create Resource Handler', () => {
     expect(response.body).toBe('{}');
   });
 
-  it('should trigger error scenarios via triggerError field', async () => {
+  it('should trigger error scenarios via X-Request-ID', async () => {
     const handler = createCreateResourceHandler(mockLogger);
     const event = createMockEvent({
       httpMethod: 'POST',
-      body: JSON.stringify({ triggerError: 'error-409-conflict' }),
+      body: JSON.stringify({}),
       headers: {
-        'X-Request-ID': 'error-test-1234-5678-9abc-def012345678',
+        'X-Request-ID': 'error-409-conflict',
       },
     });
 
     const response = await handler(event);
 
     expect(response.statusCode).toBe(409);
     const body = JSON.parse(response.body);
-    expect(body.issue[0].details.coding[0].code).toBe('CONFLICT');
+    expect(body.issue[0].details.text).toBe('CONFLICT');
   });
 });