add us-east provider

Author: alexnuttall

infrastructure/terraform/components/app/module_download_authorizer_lambda.tf

@@ -12,9 +12,9 @@ module "download_authorizer_lambda" {
   log_retention_in_days = var.log_retention_in_days
   # source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda?ref=v2.0.2"
 
-  # providers = {
-  #   aws = aws.us-east-1
-  # }
+  providers = {
+    aws = aws.us-east-1
+  }
 
   # function_name = "download-authorizer"
   # description   = "Download authorizer for s3 download bucket"

lambdas/authorizer/src/__tests__/index.test.ts

@@ -3,6 +3,7 @@ import { mock } from 'jest-mock-extended';
 import { logger } from 'nhs-notify-web-template-management-utils/logger';
 import { handler } from '../index';
 import { LambdaCognitoAuthorizer } from 'nhs-notify-web-template-management-utils/lambda-cognito-authorizer';
+import { CognitoIdentityProviderClient } from '@aws-sdk/client-cognito-identity-provider';
 
 const requestContext = {
   accountId: '000000000000',
@@ -12,15 +13,21 @@ const requestContext = {
 
 const methodArn = 'arn:aws:execute-api:eu-west-2:000000000000:api-id/stage/*';
 
-const warnMock = jest.spyOn(logger, 'warn');
-const errorMock = jest.spyOn(logger, 'error');
+jest.mock('nhs-notify-web-template-management-utils/logger');
+const mockLogger = jest.mocked(logger);
 
 jest.mock('nhs-notify-web-template-management-utils/lambda-cognito-authorizer');
-
 const lambdaCognitoAuthorizer = mock<LambdaCognitoAuthorizer>();
+jest
+  .mocked(LambdaCognitoAuthorizer)
+  .mockImplementation(() => lambdaCognitoAuthorizer);
+
+jest.mock('@aws-sdk/client-cognito-identity-provider');
+const cognitoClientMock = mock<CognitoIdentityProviderClient>();
 
-const authorizerConstructorMock = jest.mocked(LambdaCognitoAuthorizer);
-// .mockReturnValue(lambdaCognitoAuthorizer);
+jest
+  .mocked(CognitoIdentityProviderClient)
+  .mockImplementation(() => cognitoClientMock);
 
 const allowPolicy = {
   principalId: 'api-caller',
@@ -56,7 +63,7 @@ const denyPolicy = {
 const originalEnv = { ...process.env };
 
 beforeEach(() => {
-  jest.resetAllMocks();
+  jest.clearAllMocks();
   process.env.USER_POOL_ID = 'user-pool-id';
   process.env.USER_POOL_CLIENT_ID = 'user-pool-client-id';
 });
@@ -65,6 +72,33 @@ afterEach(() => {
   process.env = originalEnv;
 });
 
+test('returns Allow policy on valid token', async () => {
+  lambdaCognitoAuthorizer.authorize.mockResolvedValue({
+    success: true,
+    subject: 'sub',
+  });
+
+  const res = await handler(
+    mock<APIGatewayRequestAuthorizerEvent>({
+      requestContext,
+      headers: { Authorization: 'jwt' },
+      type: 'REQUEST',
+    }),
+    mock<Context>(),
+    jest.fn()
+  );
+
+  expect(res).toEqual(allowPolicy);
+  expect(mockLogger.warn).not.toHaveBeenCalled();
+  expect(mockLogger.error).not.toHaveBeenCalled();
+
+  expect(lambdaCognitoAuthorizer.authorize).toHaveBeenCalledWith(
+    'user-pool-id',
+    'user-pool-client-id',
+    'jwt'
+  );
+});
+
 test('returns Deny policy on lambda misconfiguration', async () => {
   process.env.USER_POOL_ID = '';
 
@@ -79,7 +113,7 @@ test('returns Deny policy on lambda misconfiguration', async () => {
   );
 
   expect(res).toEqual(denyPolicy);
-  expect(errorMock).toHaveBeenCalledWith('Lambda misconfiguration');
+  expect(mockLogger.error).toHaveBeenCalledWith('Lambda misconfiguration');
 });
 
 test('returns Deny policy if no Authorization token in header', async () => {
@@ -96,10 +130,9 @@ test('returns Deny policy if no Authorization token in header', async () => {
   expect(res).toEqual(denyPolicy);
 });
 
-test.only('returns Allow policy on valid token', async () => {
+test('returns Deny policy when authorization fails', async () => {
   lambdaCognitoAuthorizer.authorize.mockResolvedValue({
-    success: true,
-    subject: 'sub',
+    success: false,
   });
 
   const res = await handler(
@@ -112,39 +145,5 @@ test.only('returns Allow policy on valid token', async () => {
     jest.fn()
   );
 
-  expect(res).toEqual(allowPolicy);
-  expect(warnMock).not.toHaveBeenCalled();
-  expect(errorMock).not.toHaveBeenCalled();
+  expect(res).toEqual(denyPolicy);
 });
-
-// test('returns Deny policy on expired token', async () => {
-//   const jwt = sign(
-//     {
-//       token_use: 'access',
-//       client_id: 'user-pool-client-id',
-//       iss: 'https://cognito-idp.eu-west-2.amazonaws.com/user-pool-id',
-//       exp: 1_640_995_200,
-//     },
-//     'key',
-//     {
-//       keyid: 'key-id',
-//     }
-//   );
-
-//   const res = await handler(
-//     mock<APIGatewayRequestAuthorizerEvent>({
-//       requestContext,
-//       headers: { Authorization: jwt },
-//       type: 'REQUEST',
-//     }),
-//     mock<Context>(),
-//     jest.fn()
-//   );
-
-//   expect(res).toEqual(denyPolicy);
-//   expect(errorMock).toHaveBeenCalledWith(
-//     expect.objectContaining({
-//       message: 'jwt expired',
-//     })
-//   );
-// });

lambdas/authorizer/src/index.ts

@@ -60,9 +60,6 @@ export const handler: APIGatewayRequestAuthorizerHandler = async ({
     logger
   );
 
-  console.log(lambdaCognitoAuthorizer);
-  
-
   const authResult = await lambdaCognitoAuthorizer.authorize(
     userPoolId,
     userPoolClientId,