CCM-11492 Merge in main

Author: nicki-nhs

infrastructure/terraform/modules/backend-api/README.md

@@ -41,6 +41,7 @@ No requirements.
 | <a name="module_count_routing_configs_lambda"></a> [count\_routing\_configs\_lambda](#module\_count\_routing\_configs\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_create_routing_config_lambda"></a> [create\_routing\_config\_lambda](#module\_create\_routing\_config\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_create_template_lambda"></a> [create\_template\_lambda](#module\_create\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
+| <a name="module_delete_routing_config_lambda"></a> [delete\_routing\_config\_lambda](#module\_delete\_routing\_config\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_delete_template_lambda"></a> [delete\_template\_lambda](#module\_delete\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_get_client_lambda"></a> [get\_client\_lambda](#module\_get\_client\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_get_routing_config_lambda"></a> [get\_routing\_config\_lambda](#module\_get\_routing\_config\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |

infrastructure/terraform/modules/backend-api/iam_role_api_gateway_execution_role.tf

@@ -53,6 +53,7 @@ data "aws_iam_policy_document" "api_gateway_execution_policy" {
       module.count_routing_configs_lambda.function_arn,
       module.create_template_lambda.function_arn,
       module.create_routing_config_lambda.function_arn,
+      module.delete_routing_config_lambda.function_arn,
       module.delete_template_lambda.function_arn,
       module.get_client_lambda.function_arn,
       module.get_routing_config_lambda.function_arn,

infrastructure/terraform/modules/backend-api/locals.tf

@@ -18,6 +18,7 @@ locals {
     CREATE_LAMBDA_ARN                = module.create_template_lambda.function_arn
     CREATE_ROUTING_CONFIG_LAMBDA_ARN = module.create_routing_config_lambda.function_arn
     DELETE_LAMBDA_ARN                = module.delete_template_lambda.function_arn
+    DELETE_ROUTING_CONFIG_LAMBDA_ARN = module.delete_routing_config_lambda.function_arn
     GET_CLIENT_LAMBDA_ARN            = module.get_client_lambda.function_arn
     GET_LAMBDA_ARN                   = module.get_template_lambda.function_arn
     GET_ROUTING_CONFIG_LAMBDA_ARN    = module.get_routing_config_lambda.function_arn

infrastructure/terraform/modules/backend-api/module_delete_routing_config_lambda.tf

@@ -0,0 +1,68 @@
+module "delete_routing_config_lambda" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip"
+
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+  aws_account_id = var.aws_account_id
+  region         = var.region
+
+  kms_key_arn = var.kms_key_arn
+
+  function_name = "delete-routing-config"
+
+  function_module_name  = "delete-routing-config"
+  handler_function_name = "handler"
+  description           = "Delete Routing Config API endpoint"
+
+  memory  = 512
+  timeout = 3
+  runtime = "nodejs20.x"
+
+  log_retention_in_days = var.log_retention_in_days
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.delete_routing_config_lambda_policy.json
+  }
+
+  lambda_env_vars         = local.backend_lambda_environment_variables
+  function_s3_bucket      = var.function_s3_bucket
+  function_code_base_path = local.lambdas_dir
+  function_code_dir       = "backend-api/dist/delete-routing-config"
+
+  send_to_firehose          = var.send_to_firehose
+  log_destination_arn       = var.log_destination_arn
+  log_subscription_role_arn = var.log_subscription_role_arn
+}
+
+data "aws_iam_policy_document" "delete_routing_config_lambda_policy" {
+  statement {
+    sid    = "AllowDynamoAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:UpdateItem",
+    ]
+
+    resources = [
+      aws_dynamodb_table.routing_configuration.arn,
+    ]
+  }
+
+  statement {
+    sid    = "AllowKMSAccess"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:Encrypt",
+      "kms:GenerateDataKey*",
+      "kms:ReEncrypt*",
+    ]
+
+    resources = [
+      var.kms_key_arn
+    ]
+  }
+}

infrastructure/terraform/modules/backend-api/spec.tmpl.json

@@ -1093,6 +1093,55 @@
       }
     },
     "/v1/routing-configuration/{routingConfigId}": {
+      "delete": {
+        "description": "Delete a routing configuration by Id",
+        "parameters": [
+          {
+            "description": "ID of routing configuration to delete",
+            "in": "path",
+            "name": "routingConfigId",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "No content"
+          },
+          "default": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Failure"
+                }
+              }
+            },
+            "description": "Error"
+          }
+        },
+        "security": [
+          {
+            "authorizer": []
+          }
+        ],
+        "summary": "Delete a routing configuration",
+        "x-amazon-apigateway-integration": {
+          "contentHandling": "CONVERT_TO_TEXT",
+          "credentials": "${APIG_EXECUTION_ROLE_ARN}",
+          "httpMethod": "POST",
+          "passthroughBehavior": "WHEN_NO_TEMPLATES",
+          "responses": {
+            ".*": {
+              "statusCode": "200"
+            }
+          },
+          "timeoutInMillis": 29000,
+          "type": "AWS_PROXY",
+          "uri": "arn:aws:apigateway:${AWS_REGION}:lambda:path/2015-03-31/functions/${DELETE_ROUTING_CONFIG_LAMBDA_ARN}/invocations"
+        }
+      },
       "get": {
         "description": "Get a routing configuration by ID",
         "parameters": [
@@ -1504,22 +1553,8 @@
           }
         ],
         "responses": {
-          "200": {
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/TemplateSuccess"
-                }
-              }
-            },
-            "description": "200 response",
-            "headers": {
-              "Content-Type": {
-                "schema": {
-                  "type": "string"
-                }
-              }
-            }
+          "204": {
+            "description": "No content"
           },
           "default": {
             "content": {

lambdas/backend-api/README.md

@@ -1,3 +1,4 @@
+<!-- vale off -->
 # Backend-api
 
 <!-- vale off -->
@@ -201,12 +202,20 @@ curl -X PUT --location "${APIG_STAGE}/v1/routing-configuration/${ROUTING_CONFIG_
 }'
 ```
 
-### PATCH - /v1/template/:templateId/submit - Submit a routing configuration
+### PATCH - /v1/routing-configuration/:routingConfigId/submit - Submit a routing configuration
 
 ```bash
 curl -X PATCH --location "${APIG_STAGE}/v1/routing-configuration/${ROUTING_CONFIG_ID}/submit" \
 --header 'Accept: application/json' \
 --header "Authorization: $SANDBOX_TOKEN"
 ```
 
+### DELETE - /v1/routing-configuration/:routingConfigId - Delete a routing configuration
+
+```bash
+curl -X DELETE --location "${APIG_STAGE}/v1/routing-configuration/${ROUTING_CONFIG_ID}" \
+--header 'Accept: application/json' \
+--header "Authorization: $SANDBOX_TOKEN"
+```
+
 <!-- vale on -->

lambdas/backend-api/build.sh

@@ -20,6 +20,7 @@ npx esbuild \
     src/templates/create.ts \
     src/templates/delete-failed-scanned-object.ts \
     src/templates/delete.ts \
+    src/templates/delete-routing-config.ts \
     src/templates/get-client.ts \
     src/templates/get-routing-config.ts \
     src/templates/get.ts \

lambdas/backend-api/src/__tests__/templates/api/delete-routing-config.test.ts

@@ -0,0 +1,140 @@
+import type { APIGatewayProxyEvent, Context } from 'aws-lambda';
+import { mock } from 'jest-mock-extended';
+import { createHandler } from '@backend-api/templates/api/delete-routing-config';
+import { RoutingConfigClient } from '@backend-api/templates/app/routing-config-client';
+
+const setup = () => {
+  const routingConfigClient = mock<RoutingConfigClient>();
+  const mocks = { routingConfigClient };
+  const handler = createHandler(mocks);
+
+  return { handler, mocks };
+};
+
+describe('Delete Routing Config Handler', () => {
+  beforeEach(jest.resetAllMocks);
+
+  test.each([
+    ['undefined', undefined],
+    ['missing user', { clientId: 'client-id', user: undefined }],
+    ['missing client', { clientId: undefined, user: 'user-id' }],
+  ])(
+    'should return 400 - Invalid request when requestContext is %s',
+    async (_, ctx) => {
+      const { handler, mocks } = setup();
+
+      const event = mock<APIGatewayProxyEvent>({
+        requestContext: { authorizer: ctx },
+        pathParameters: { templateId: 'id' },
+      });
+
+      const result = await handler(event, mock<Context>(), jest.fn());
+
+      expect(result).toEqual({
+        statusCode: 400,
+        body: JSON.stringify({
+          statusCode: 400,
+          technicalMessage: 'Invalid request',
+        }),
+      });
+
+      expect(
+        mocks.routingConfigClient.deleteRoutingConfig
+      ).not.toHaveBeenCalled();
+    }
+  );
+
+  test('should return 400 - Invalid request when, no routingConfigId', async () => {
+    const { handler, mocks } = setup();
+
+    const event = mock<APIGatewayProxyEvent>({
+      requestContext: {
+        authorizer: { user: 'sub', clientId: 'nhs-notify-client-id' },
+      },
+      body: JSON.stringify({ name: 'test' }),
+      pathParameters: { routingConfigId: undefined },
+    });
+
+    const result = await handler(event, mock<Context>(), jest.fn());
+
+    expect(result).toEqual({
+      statusCode: 400,
+      body: JSON.stringify({
+        statusCode: 400,
+        technicalMessage: 'Invalid request',
+      }),
+    });
+
+    expect(
+      mocks.routingConfigClient.deleteRoutingConfig
+    ).not.toHaveBeenCalled();
+  });
+
+  test('should return error when deleting routing config fails', async () => {
+    const { handler, mocks } = setup();
+
+    mocks.routingConfigClient.deleteRoutingConfig.mockResolvedValueOnce({
+      error: {
+        errorMeta: {
+          code: 500,
+          description: 'Internal server error',
+        },
+      },
+    });
+
+    const event = mock<APIGatewayProxyEvent>({
+      requestContext: {
+        authorizer: { user: 'sub', clientId: 'nhs-notify-client-id' },
+      },
+      pathParameters: { routingConfigId: '1-2-3' },
+    });
+
+    const result = await handler(event, mock<Context>(), jest.fn());
+
+    expect(result).toEqual({
+      statusCode: 500,
+      body: JSON.stringify({
+        statusCode: 500,
+        technicalMessage: 'Internal server error',
+      }),
+    });
+
+    expect(mocks.routingConfigClient.deleteRoutingConfig).toHaveBeenCalledWith(
+      '1-2-3',
+      {
+        userId: 'sub',
+        clientId: 'nhs-notify-client-id',
+      }
+    );
+  });
+
+  test('should return 204 no content response after deleting routing config', async () => {
+    const { handler, mocks } = setup();
+
+    mocks.routingConfigClient.deleteRoutingConfig.mockResolvedValueOnce({
+      data: undefined,
+    });
+
+    const event = mock<APIGatewayProxyEvent>({
+      requestContext: {
+        authorizer: { user: 'sub', clientId: 'nhs-notify-client-id' },
+      },
+      pathParameters: { routingConfigId: '1-2-3' },
+    });
+
+    const result = await handler(event, mock<Context>(), jest.fn());
+
+    expect(result).toEqual({
+      statusCode: 204,
+      body: JSON.stringify({ statusCode: 204, data: undefined }),
+    });
+
+    expect(mocks.routingConfigClient.deleteRoutingConfig).toHaveBeenCalledWith(
+      '1-2-3',
+      {
+        userId: 'sub',
+        clientId: 'nhs-notify-client-id',
+      }
+    );
+  });
+});