NHSDigital
diff --git a/‎infrastructure/terraform/components/dl/module_lambda_pdm_mock.tf‎
Lines changed: 0 additions & 6 deletions b/‎infrastructure/terraform/components/dl/module_lambda_pdm_mock.tf‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎lambdas/pdm-mock-lambda/README.md‎
Lines changed: 19 additions & 21 deletions b/‎lambdas/pdm-mock-lambda/README.md‎
Lines changed: 19 additions & 21 deletions
diff --git a/‎lambdas/pdm-mock-lambda/src/__tests__/authenticator.test.ts‎
Lines changed: 0 additions & 111 deletions b/‎lambdas/pdm-mock-lambda/src/__tests__/authenticator.test.ts‎
Lines changed: 0 additions & 111 deletions
diff --git a/‎lambdas/pdm-mock-lambda/src/__tests__/config.test.ts‎
Lines changed: 0 additions & 67 deletions b/‎lambdas/pdm-mock-lambda/src/__tests__/config.test.ts‎
Lines changed: 0 additions & 67 deletions
diff --git a/‎lambdas/pdm-mock-lambda/src/__tests__/container.test.ts‎
Lines changed: 0 additions & 76 deletions b/‎lambdas/pdm-mock-lambda/src/__tests__/container.test.ts‎
Lines changed: 0 additions & 76 deletions
@@ -35,12 +35,6 @@ module "pdm_mock" {
   send_to_firehose          = true
   log_destination_arn       = local.log_destination_arn
   log_subscription_role_arn = local.acct.log_subscription_role_arn
-
-  lambda_env_vars = {
-    MOCK_ACCESS_TOKEN     = var.pdm_mock_access_token
-    ACCESS_TOKEN_SSM_PATH = local.apim_access_token_ssm_parameter_name
-    USE_NON_MOCK_TOKEN    = var.pdm_use_non_mock_token
-  }
 }
 
 data "aws_iam_policy_document" "pdm_mock" {
 
@@ -27,8 +27,8 @@ curl -X POST https://<api-gateway-url>/patient-data-manager/FHIR/R4/DocumentRefe
 
 **Headers:**
 
-- `Authorization: Bearer <token>` - Required authentication token (default: `mock-pdm-token`)
-- `Content-Type: application/fhir+json` - Required content type
+- `Authorization: Bearer <token>` - Authentication token is not validated and can be any string value.
+- `Content-Type: application/fhir+json` - Required content type.
 - `X-Request-ID: <UUID>` - This uuid will be used as the DocumentReference `id` in the response.
 
 **Response (201 Created):**
@@ -76,8 +76,8 @@ curl https://<api-gateway-url>/patient-data-manager/FHIR/R4/DocumentReference/te
 
 **Headers:**
 
-- `Authorization: Bearer <token>` - Required authentication token (default: `mock-pdm-token`)
-- `Content-Type: application/fhir+json` - Required content type
+- `Authorization: Bearer <token>` - Authentication token is not validated and can be any string value.
+- `Content-Type: application/fhir+json` - Required content type.
 - `X-Request-ID: <uuid>` - Used for request tracking and correlation. This isn't part of the ID or response that gets returned.
 
 **Response (200 OK):**
@@ -136,17 +136,18 @@ Both GET and POST endpoints require the `X-Request-ID` header. If it's missing,
 
 The mock API supports triggering specific error responses for testing in both endpoints. Use these special resource IDs:
 
-| Resource ID              | Status Code | Error Code          | Description                     |
-| ------------------------ | ----------- | ------------------- | ------------------------------- |
-| `error-400-invalid`      | 400         | INVALID_VALUE       | Invalid resource value          |
-| `error-401-unauthorized` | 401         | UNAUTHORISED        | Unauthorized access             |
-| `error-403-forbidden`    | 403         | FORBIDDEN           | Access forbidden                |
-| `error-404-notfound`     | 404         | RESOURCE_NOT_FOUND  | Resource not found              |
-| `error-409-conflict`     | 409         | CONFLICT            | Resource already exists         |
-| `error-429-ratelimit`    | 429         | TOO_MANY_REQUESTS   | Rate limit exceeded             |
-| `error-500-internal`     | 500         | INTERNAL_ERROR      | Internal server error           |
-| `error-503-unavailable`  | 503         | SERVICE_UNAVAILABLE | Service temporarily unavailable |
-| `empty-response`         | 200         | -                   | Empty success response          |
+| Resource ID              | Status Code | Error Code          | Description                              |
+| ------------------------ | ----------- | ------------------- | ---------------------------------------- |
+| `error-400-invalid`      | 400         | INVALID_VALUE       | Invalid resource value                   |
+| `error-401-unauthorized` | 401         | UNAUTHORISED        | Unauthorized access                      |
+| `error-403-forbidden`    | 403         | FORBIDDEN           | Access forbidden                         |
+| `error-404-notfound`     | 404         | RESOURCE_NOT_FOUND  | Resource not found                       |
+| `error-409-conflict`     | 409         | CONFLICT            | Resource already exists                  |
+| `error-429-ratelimit`    | 429         | TOO_MANY_REQUESTS   | Rate limit exceeded                      |
+| `error-500-internal`     | 500         | INTERNAL_ERROR      | Internal server error                    |
+| `error-503-unavailable`  | 503         | SERVICE_UNAVAILABLE | Service temporarily unavailable          |
+| `empty-response`         | 200         | -                   | Empty success response                   |
+| `unavailable-response`   | 200         | -                   | Success response with no attachment.data |
 
 **Example - Trigger 404 Error:**
 
@@ -177,9 +178,6 @@ curl https://<api-gateway-url>/resource/error-404-notfound \
 
 The lambda is configured via environment variables:
 
-| Variable                | Description                              | Default                    |
-| ----------------------- | ---------------------------------------- | -------------------------- |
-| `MOCK_ACCESS_TOKEN`     | Token to use in local/dev environments   | `mock-pdm-token`           |
-| `ACCESS_TOKEN_SSM_PATH` | SSM parameter path for the access token  | `/dl/main/apim/access_token`|
-| `USE_NON_MOCK_TOKEN`    | Use SSM token instead of mock token      | `false`                    |
-| `LOG_LEVEL`             | Logging level (DEBUG, INFO, WARN, ERROR) | `INFO`                     |
+| Variable                | Description                              | Default                  |
+| ----------------------- | ---------------------------------------- | ------------------------ |
+| `LOG_LEVEL`             | Logging level (DEBUG, INFO, WARN, ERROR) | `INFO`                   |
@@ -10,21 +10,14 @@ const mockLogger: Logger = {
 } as any;
 
 describe('Authenticator', () => {
-  let mockGetAccessToken: jest.Mock;
 
   beforeEach(() => {
     jest.clearAllMocks();
-    mockGetAccessToken = jest.fn();
   });
 
   describe('with mock token', () => {
     it('should authenticate successfully with valid Bearer token', async () => {
       const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: false,
-          getAccessToken: mockGetAccessToken,
-        },
         mockLogger,
       );
 
@@ -33,16 +26,10 @@ describe('Authenticator', () => {
       });
 
       expect(result.isValid).toBe(true);
-      expect(mockGetAccessToken).not.toHaveBeenCalled();
     });
 
     it('should reject request with missing Authorization header', async () => {
       const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: false,
-          getAccessToken: mockGetAccessToken,
-        },
         mockLogger,
       );
 
@@ -64,11 +51,6 @@ describe('Authenticator', () => {
 
     it('should reject request with invalid token type', async () => {
       const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: false,
-          getAccessToken: mockGetAccessToken,
-        },
         mockLogger,
       );
 
@@ -86,37 +68,8 @@ describe('Authenticator', () => {
       );
     });
 
-    it('should reject request with invalid token value', async () => {
-      const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: false,
-          getAccessToken: mockGetAccessToken,
-        },
-        mockLogger,
-      );
-
-      const result = await authenticator({
-        headers: { Authorization: 'Bearer wrong-token' },
-      });
-
-      expect(result.isValid).toBe(false);
-      expect(result).toHaveProperty('error');
-      expect((result as { isValid: false; error: any }).error.statusCode).toBe(
-        401,
-      );
-      expect((result as { isValid: false; error: any }).error.body).toContain(
-        'Invalid Access Token',
-      );
-    });
-
     it('should handle lowercase authorization header', async () => {
       const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: false,
-          getAccessToken: mockGetAccessToken,
-        },
         mockLogger,
       );
 
@@ -127,68 +80,4 @@ describe('Authenticator', () => {
       expect(result.isValid).toBe(true);
     });
   });
-
-  describe('with non-mock token', () => {
-    it('should authenticate successfully with SSM token', async () => {
-      mockGetAccessToken.mockResolvedValue('ssm-token');
-
-      const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: true,
-          getAccessToken: mockGetAccessToken,
-        },
-        mockLogger,
-      );
-
-      const result = await authenticator({
-        headers: { Authorization: 'Bearer ssm-token' },
-      });
-
-      expect(result.isValid).toBe(true);
-      expect(mockGetAccessToken).toHaveBeenCalledTimes(1);
-    });
-
-    it('should reject request with mock token when non-mock token is required', async () => {
-      mockGetAccessToken.mockResolvedValue('ssm-token');
-
-      const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: true,
-          getAccessToken: mockGetAccessToken,
-        },
-        mockLogger,
-      );
-
-      const result = await authenticator({
-        headers: { Authorization: 'Bearer test-token' },
-      });
-
-      expect(result.isValid).toBe(false);
-      expect(result).toHaveProperty('error');
-      expect((result as { isValid: false; error: any }).error.statusCode).toBe(
-        401,
-      );
-    });
-
-    it('should handle SSM token retrieval errors gracefully', async () => {
-      mockGetAccessToken.mockRejectedValue(new Error('SSM error'));
-
-      const authenticator = createAuthenticator(
-        {
-          mockAccessToken: 'test-token',
-          useNonMockToken: true,
-          getAccessToken: mockGetAccessToken,
-        },
-        mockLogger,
-      );
-
-      await expect(
-        authenticator({
-          headers: { Authorization: 'Bearer test-token' },
-        }),
-      ).rejects.toThrow('SSM error');
-    });
-  });
 });
@@ -1,5 +1,4 @@
 import { createContainer } from 'container';
-import { parameterStore } from 'utils';
 
 jest.mock('utils', () => {
   const actual = jest.requireActual('utils');
@@ -25,9 +24,6 @@ describe('Container', () => {
   beforeEach(() => {
     jest.clearAllMocks();
     process.env = { ...originalEnv };
-    process.env.MOCK_ACCESS_TOKEN = 'test-token';
-    process.env.ACCESS_TOKEN_SSM_PATH = '/test/path';
-    process.env.USE_NON_MOCK_TOKEN = 'false';
     process.env.LOG_LEVEL = 'INFO';
 
     container = createContainer();
@@ -88,76 +84,4 @@ describe('Container', () => {
     expect(result).toBeDefined();
     expect(result.isValid).toBeDefined();
   });
-
-  it('should handle USE_NON_MOCK_TOKEN configuration', () => {
-    process.env.USE_NON_MOCK_TOKEN = 'true';
-    const containerWithSSM = createContainer();
-
-    expect(containerWithSSM).toBeDefined();
-    expect(containerWithSSM.authenticator).toBeDefined();
-    expect(typeof containerWithSSM.authenticator).toBe('function');
-  });
-
-  it('should wire getAccessToken to authenticator when using SSM token', async () => {
-    const mockTokenValue = JSON.stringify({
-      access_token: 'ssm-stored-token',
-      expires_at: 1_765_187_843,
-      token_type: 'Bearer',
-    });
-
-    (parameterStore.getParameter as jest.Mock).mockResolvedValue({
-      Value: mockTokenValue,
-    });
-
-    process.env.USE_NON_MOCK_TOKEN = 'true';
-    process.env.ACCESS_TOKEN_SSM_PATH = '/test/token/path';
-    process.env.MOCK_ACCESS_TOKEN = 'unused-mock-token';
-
-    const testContainer = createContainer();
-
-    const result = await testContainer.authenticator({
-      headers: { Authorization: 'Bearer ssm-stored-token' },
-    });
-
-    expect(result.isValid).toBe(true);
-    expect(parameterStore.getParameter).toHaveBeenCalledWith(
-      '/test/token/path',
-    );
-  });
-
-  it('should handle invalid JSON format in SSM parameter', async () => {
-    (parameterStore.getParameter as jest.Mock).mockResolvedValue({
-      Value: 'invalid-json',
-    });
-
-    process.env.USE_NON_MOCK_TOKEN = 'true';
-    process.env.ACCESS_TOKEN_SSM_PATH = '/test/token/path';
-
-    const testContainer = createContainer();
-
-    await expect(
-      testContainer.authenticator({
-        headers: { Authorization: 'Bearer any-token' },
-      }),
-    ).rejects.toThrow('Invalid access token format in SSM parameter');
-  });
-
-  it('should handle missing SSM parameter', async () => {
-    (parameterStore.getParameter as jest.Mock).mockResolvedValue({
-      Value: undefined,
-    });
-
-    process.env.USE_NON_MOCK_TOKEN = 'true';
-    process.env.ACCESS_TOKEN_SSM_PATH = '/test/token/path';
-
-    const testContainer = createContainer();
-
-    await expect(
-      testContainer.authenticator({
-        headers: { Authorization: 'Bearer any-token' },
-      }),
-    ).rejects.toThrow(
-      'Access token parameter "/test/token/path" not found in SSM',
-    );
-  });
 });