CCM-11164: create RC (#709)

Co-authored-by: Michael Harrison <[email protected]>

Author: alexnuttall

infrastructure/terraform/modules/backend-api/README.md

@@ -39,6 +39,7 @@ No requirements.
 |------|--------|---------|
 | <a name="module_authorizer_lambda"></a> [authorizer\_lambda](#module\_authorizer\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_count_routing_configs_lambda"></a> [count\_routing\_configs\_lambda](#module\_count\_routing\_configs\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
+| <a name="module_create_routing_config_lambda"></a> [create\_routing\_config\_lambda](#module\_create\_routing\_config\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_create_template_lambda"></a> [create\_template\_lambda](#module\_create\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_delete_template_lambda"></a> [delete\_template\_lambda](#module\_delete\_template\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |
 | <a name="module_get_client_lambda"></a> [get\_client\_lambda](#module\_get\_client\_lambda) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip | n/a |

infrastructure/terraform/modules/backend-api/iam_role_api_gateway_execution_role.tf

@@ -52,6 +52,7 @@ data "aws_iam_policy_document" "api_gateway_execution_policy" {
       module.upload_letter_template_lambda.function_arn,
       module.count_routing_configs_lambda.function_arn,
       module.create_template_lambda.function_arn,
+      module.create_routing_config_lambda.function_arn,
       module.delete_template_lambda.function_arn,
       module.get_client_lambda.function_arn,
       module.get_routing_config_lambda.function_arn,

infrastructure/terraform/modules/backend-api/locals.tf

@@ -16,6 +16,7 @@ locals {
     AWS_REGION                       = var.region
     COUNT_ROUTING_CONFIGS_LAMBDA_ARN = module.count_routing_configs_lambda.function_arn
     CREATE_LAMBDA_ARN                = module.create_template_lambda.function_arn
+    CREATE_ROUTING_CONFIG_LAMBDA_ARN = module.create_routing_config_lambda.function_arn
     DELETE_LAMBDA_ARN                = module.delete_template_lambda.function_arn
     GET_CLIENT_LAMBDA_ARN            = module.get_client_lambda.function_arn
     GET_LAMBDA_ARN                   = module.get_template_lambda.function_arn

infrastructure/terraform/modules/backend-api/module_create_routing_config_lambda.tf

@@ -0,0 +1,68 @@
+module "create_routing_config_lambda" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.22/terraform-lambda.zip"
+
+  project        = var.project
+  environment    = var.environment
+  component      = var.component
+  aws_account_id = var.aws_account_id
+  region         = var.region
+
+  kms_key_arn = var.kms_key_arn
+
+  function_name = "create-routing-config"
+
+  function_module_name  = "create-routing-config"
+  handler_function_name = "handler"
+  description           = "Create Routing Config API endpoint"
+
+  memory  = 512
+  timeout = 3
+  runtime = "nodejs20.x"
+
+  log_retention_in_days = var.log_retention_in_days
+
+  iam_policy_document = {
+    body = data.aws_iam_policy_document.create_routing_config_lambda_policy.json
+  }
+
+  lambda_env_vars         = local.backend_lambda_environment_variables
+  function_s3_bucket      = var.function_s3_bucket
+  function_code_base_path = local.lambdas_dir
+  function_code_dir       = "backend-api/dist/create-routing-config"
+
+  send_to_firehose          = var.send_to_firehose
+  log_destination_arn       = var.log_destination_arn
+  log_subscription_role_arn = var.log_subscription_role_arn
+}
+
+data "aws_iam_policy_document" "create_routing_config_lambda_policy" {
+  statement {
+    sid    = "AllowDynamoAccess"
+    effect = "Allow"
+
+    actions = [
+      "dynamodb:PutItem",
+    ]
+
+    resources = [
+      aws_dynamodb_table.routing_configuration.arn,
+    ]
+  }
+
+  statement {
+    sid    = "AllowKMSAccess"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:Encrypt",
+      "kms:GenerateDataKey*",
+      "kms:ReEncrypt*",
+    ]
+
+    resources = [
+      var.kms_key_arn
+    ]
+  }
+}

infrastructure/terraform/modules/backend-api/spec.tmpl.json

@@ -297,7 +297,7 @@
       "ClientConfiguration": {
         "properties": {
           "campaignId": {
-            "deprecared": true,
+            "deprecated": true,
             "type": "string"
           },
           "campaignIds": {
@@ -399,6 +399,35 @@
         ],
         "type": "object"
       },
+      "CreateUpdateRoutingConfig": {
+        "properties": {
+          "campaignId": {
+            "type": "string"
+          },
+          "cascade": {
+            "items": {
+              "$ref": "#/components/schemas/CascadeItem"
+            },
+            "type": "array"
+          },
+          "cascadeGroupOverrides": {
+            "items": {
+              "$ref": "#/components/schemas/CascadeGroup"
+            },
+            "type": "array"
+          },
+          "name": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "campaignId",
+          "cascadeGroupOverrides",
+          "cascade",
+          "name"
+        ],
+        "type": "object"
+      },
       "CreateUpdateTemplate": {
         "allOf": [
           {
@@ -617,28 +646,19 @@
             "format": "date-time",
             "type": "string"
           },
-          "createdBy": {
-            "type": "string"
-          },
           "id": {
             "format": "uuid",
             "type": "string"
           },
           "name": {
             "type": "string"
           },
-          "owner": {
-            "type": "string"
-          },
           "status": {
             "$ref": "#/components/schemas/RoutingConfigStatus"
           },
           "updatedAt": {
             "format": "date-time",
             "type": "string"
-          },
-          "updatedBy": {
-            "type": "string"
           }
         },
         "required": [
@@ -647,14 +667,10 @@
           "cascade",
           "clientId",
           "createdAt",
-          "createdBy",
-          "displayCategory",
           "id",
           "name",
-          "owner",
           "status",
-          "updatedAt",
-          "updatedBy"
+          "updatedAt"
         ],
         "type": "object"
       },
@@ -1011,6 +1027,71 @@
         }
       }
     },
+    "/v1/routing-configuration": {
+      "post": {
+        "description": "Create a routing configuration",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/CreateUpdateRoutingConfig"
+              }
+            }
+          },
+          "description": "Routing configuration to create",
+          "required": true
+        },
+        "responses": {
+          "201": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/RoutingConfigSuccess"
+                }
+              }
+            },
+            "description": "201 response",
+            "headers": {
+              "Content-Type": {
+                "schema": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "default": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/Failure"
+                }
+              }
+            },
+            "description": "Error"
+          }
+        },
+        "security": [
+          {
+            "authorizer": []
+          }
+        ],
+        "summary": "Create a routing configuration by ID",
+        "x-amazon-apigateway-integration": {
+          "contentHandling": "CONVERT_TO_TEXT",
+          "credentials": "${APIG_EXECUTION_ROLE_ARN}",
+          "httpMethod": "POST",
+          "passthroughBehavior": "WHEN_NO_TEMPLATES",
+          "responses": {
+            ".*": {
+              "statusCode": "200"
+            }
+          },
+          "timeoutInMillis": 29000,
+          "type": "AWS_PROXY",
+          "uri": "arn:aws:apigateway:${AWS_REGION}:lambda:path/2015-03-31/functions/${CREATE_ROUTING_CONFIG_LAMBDA_ARN}/invocations"
+        }
+      }
+    },
     "/v1/routing-configuration/{routingConfigId}": {
       "get": {
         "description": "Get a routing configuration by ID",

lambdas/backend-api/README.md

@@ -16,16 +16,10 @@ Setup an authenticated AWS terminal and run
 ./scripts/sandbox_auth.sh <email> <password>
 ```
 
-Grab the `AccessToken` from `sandbox_cognito_auth_token.json`
+Grab the `AccessToken` and `api_base_url` from `sandbox_cognito_auth_token.json`
 
 ```bash
-SANDBOX_TOKEN=$(jq -r .AccessToken sandbox_cognito_auth_token.json)
-```
-
-Set APIG stage. The following extracts the value from `sandbox_tf_outputs.tf`. Values resemble `https://cc5p8d4l3b.execute-api.eu-west-2.amazonaws.com/main`
-
-```bash
-APIG_STAGE=$(jq -r .api_base_url.value ./sandbox_tf_outputs.json)
+SANDBOX_TOKEN=$(jq -r .AccessToken sandbox_cognito_auth_token.json) && APIG_STAGE=$(jq -r .api_base_url.value ./sandbox_tf_outputs.json)
 ```
 
 ### GET - /v1/template/:templateId - Get a single template by id
@@ -153,7 +147,26 @@ curl --location "${APIG_STAGE}/v1/routing-configuration/${ROUTING_CONFIG_ID}" \
 ### GET - /v1/routing-configurations - List routing configurations
 
 ```bash
-curl --location "${APIG_STAGE}/v1/routing-configurations \
+curl --location "${APIG_STAGE}/v1/routing-configurations" \
 --header 'Accept: application/json' \
 --header "Authorization: $SANDBOX_TOKEN"
 ```
+
+### POST - /v1/routing-configuration - Create a routing configuration
+
+```bash
+curl -X POST --location "${APIG_STAGE}/v1/routing-configuration" \
+--header 'Content-Type: application/json' \
+--header 'Accept: application/json' \
+--header "Authorization: $SANDBOX_TOKEN" \
+--data '{
+  "campaignId": "campaign",
+  "cascade": [{
+      "cascadeGroups": ["standard"],
+      "channel": "EMAIL",
+      "channelType": "primary",
+      "defaultTemplateId": "email_id"
+   }],
+  "cascadeGroupOverrides": [{ "name": "standard" }],
+  "name": "RC name"
+}'

lambdas/backend-api/build.sh

@@ -16,14 +16,15 @@ npx esbuild \
     --external:pdfjs-dist \
     src/templates/copy-scanned-object-to-internal.ts \
     src/templates/count-routing-configs.ts \
+    src/templates/create-routing-config.ts \
     src/templates/create.ts \
-    src/templates/delete.ts \
     src/templates/delete-failed-scanned-object.ts \
-    src/templates/get.ts \
+    src/templates/delete.ts \
     src/templates/get-client.ts \
     src/templates/get-routing-config.ts \
-    src/templates/list.ts \
+    src/templates/get.ts \
     src/templates/list-routing-configs.ts \
+    src/templates/list.ts \
     src/templates/process-proof.ts \
     src/templates/proof.ts \
     src/templates/set-letter-upload-virus-scan-status.ts \

lambdas/backend-api/src/__tests__/templates/api/count-routing-configs.test.ts

@@ -81,7 +81,7 @@ describe('CountRoutingConfigs handler', () => {
     });
 
     expect(mocks.routingConfigClient.countRoutingConfigs).toHaveBeenCalledWith(
-      'nhs-notify-client-id',
+      { userId: 'sub', clientId: 'nhs-notify-client-id' },
       { status: 'DRAFT' }
     );
   });
@@ -110,7 +110,7 @@ describe('CountRoutingConfigs handler', () => {
     });
 
     expect(mocks.routingConfigClient.countRoutingConfigs).toHaveBeenCalledWith(
-      'nhs-notify-client-id',
+      { userId: 'sub', clientId: 'nhs-notify-client-id' },
       { status: 'COMPLETED' }
     );
   });