CCM-10547: isolate clients to test suites

Author: bhansell1

infrastructure/terraform/components/sandbox/outputs.tf

@@ -2,6 +2,10 @@ output "api_base_url" {
   value = module.backend_api.api_base_url
 }
 
+output "client_ssm_path_prefix" {
+  value = module.backend_api.client_ssm_path_prefix
+}
+
 output "cognito_user_pool_id" {
   value = aws_cognito_user_pool.sandbox.id
 }

infrastructure/terraform/modules/backend-api/locals.tf

@@ -7,6 +7,8 @@ locals {
   pdfjs_layer_zip         = abspath("${local.lambdas_source_code_dir}/layers/pdfjs/dist/layer/pdfjs-layer.zip")
   pdfjs_layer_lockfile    = abspath("${local.lambdas_source_code_dir}/layers/pdfjs/package-lock.json")
 
+  client_ssm_path_prefix = "/${var.csi}/clients"
+
   openapi_spec = templatefile("${path.module}/spec.tmpl.json", {
     APIG_EXECUTION_ROLE_ARN  = aws_iam_role.api_gateway_execution_role.arn
     AUTHORIZER_LAMBDA_ARN    = module.authorizer_lambda.function_arn
@@ -39,7 +41,7 @@ locals {
   }
 
   backend_lambda_environment_variables = {
-    CLIENT_CONFIG_SSM_KEY_PREFIX     = "${var.csi}/clients"
+    CLIENT_CONFIG_SSM_KEY_PREFIX     = local.client_ssm_path_prefix
     DEFAULT_LETTER_SUPPLIER          = local.default_letter_supplier_name
     ENVIRONMENT                      = var.environment
     NODE_OPTIONS                     = "--enable-source-maps"

infrastructure/terraform/modules/backend-api/module_create_letter_template_lambda.tf

@@ -79,4 +79,15 @@ data "aws_iam_policy_document" "create_letter_template_lambda_policy" {
       "${module.s3bucket_quarantine.arn}/pdf-template/*",
     ]
   }
+
+  statement {
+    sid    = "AllowSSMParameterRead"
+    effect = "Allow"
+    actions = [
+      "ssm:GetParameter",
+    ]
+    resources = [
+       "arn:aws:ssm:${var.region}:${var.aws_account_id}:parameter${local.client_ssm_path_prefix}/*",
+    ]
+  }
 }

infrastructure/terraform/modules/backend-api/module_create_template_lambda.tf

@@ -64,4 +64,15 @@ data "aws_iam_policy_document" "create_template_lambda_policy" {
       var.kms_key_arn
     ]
   }
+
+  statement {
+    sid    = "AllowSSMParameterRead"
+    effect = "Allow"
+    actions = [
+      "ssm:GetParameter",
+    ]
+    resources = [
+       "arn:aws:ssm:${var.region}:${var.aws_account_id}:parameter${local.client_ssm_path_prefix}/*",
+    ]
+  }
 }

infrastructure/terraform/modules/backend-api/module_lambda_request_proof.tf

@@ -77,4 +77,15 @@ data "aws_iam_policy_document" "request_proof_lambda_policy" {
       var.kms_key_arn
     ]
   }
+
+  statement {
+    sid    = "AllowSSMParameterRead"
+    effect = "Allow"
+    actions = [
+      "ssm:GetParameter",
+    ]
+    resources = [
+       "arn:aws:ssm:${var.region}:${var.aws_account_id}:parameter${local.client_ssm_path_prefix}/*",
+    ]
+  }
 }

infrastructure/terraform/modules/backend-api/outputs.tf

@@ -2,6 +2,10 @@ output "api_base_url" {
   value = aws_api_gateway_stage.main.invoke_url
 }
 
+output "client_ssm_path_prefix" {
+  value = local.client_ssm_path_prefix
+}
+
 output "download_bucket_name" {
   value = module.s3bucket_download.id
 }

lambdas/backend-api/src/__tests__/templates/api/create-letter.test.ts

@@ -1,10 +1,6 @@
 import { createHandler } from '@backend-api/templates/api/create-letter';
 import { mock } from 'jest-mock-extended';
-import {
-  CreateUpdateTemplate,
-  ClientConfiguration,
-  TemplateDto,
-} from 'nhs-notify-backend-client';
+import { CreateUpdateTemplate, TemplateDto } from 'nhs-notify-backend-client';
 import {
   APIGatewayProxyEvent,
   APIGatewayProxyResult,
@@ -16,16 +12,12 @@ import {
 } from 'nhs-notify-web-template-management-test-helper-utils';
 import { TemplateClient } from '@backend-api/templates/app/template-client';
 
-jest.mock('nhs-notify-backend-client/src/client-configuration-client');
-
 const setup = () => {
   const templateClient = mock<TemplateClient>();
 
-  const clientConfigurationFetch = jest.mocked(ClientConfiguration.fetch);
-
   const handler = createHandler({ templateClient });
 
-  return { handler, mocks: { templateClient, clientConfigurationFetch } };
+  return { handler, mocks: { templateClient } };
 };
 
 const userId = '8B892046';
@@ -50,12 +42,6 @@ describe('create-letter', () => {
   test('successfully handles multipart form input and forwards PDF and CSV', async () => {
     const { handler, mocks } = setup();
 
-    mocks.clientConfigurationFetch.mockResolvedValueOnce(
-      mock<ClientConfiguration>({
-        campaignId: 'campaignId',
-      })
-    );
-
     const pdfFilename = 'template.pdf';
     const csvFilename = 'data.csv';
     const pdfType = 'application/pdf';
@@ -130,11 +116,8 @@ describe('create-letter', () => {
       initialTemplate,
       { userId, clientId },
       new File([pdf], pdfFilename, { type: pdfType }),
-      new File([csv], csvFilename, { type: csvType }),
-      'campaignId'
+      new File([csv], csvFilename, { type: csvType })
     );
-
-    expect(mocks.clientConfigurationFetch).toHaveBeenCalledWith('example');
   });
 
   test('successfully handles multipart form input without test data', async () => {
@@ -270,7 +253,6 @@ describe('create-letter', () => {
       initialTemplate,
       { userId, clientId: undefined },
       new File([pdf], pdfFilename, { type: pdfType }),
-      undefined,
       undefined
     );
   });
@@ -452,7 +434,6 @@ describe('create-letter', () => {
       initialTemplate,
       { userId, clientId },
       new File([pdf], pdfFilename, { type: pdfType }),
-      undefined,
       undefined
     );
   });

lambdas/backend-api/src/__tests__/templates/api/create.test.ts

@@ -1,23 +1,15 @@
 import type { APIGatewayProxyEvent, Context } from 'aws-lambda';
 import { mock } from 'jest-mock-extended';
-import {
-  TemplateDto,
-  CreateUpdateTemplate,
-  ClientConfiguration,
-} from 'nhs-notify-backend-client';
+import { TemplateDto, CreateUpdateTemplate } from 'nhs-notify-backend-client';
 import { createHandler } from '@backend-api/templates/api/create';
 import { TemplateClient } from '@backend-api/templates/app/template-client';
 
-jest.mock('nhs-notify-backend-client/src/client-configuration-client');
-
 const setup = () => {
   const templateClient = mock<TemplateClient>();
 
-  const clientConfigurationFetch = jest.mocked(ClientConfiguration.fetch);
-
   const handler = createHandler({ templateClient });
 
-  return { handler, mocks: { templateClient, clientConfigurationFetch } };
+  return { handler, mocks: { templateClient } };
 };
 
 describe('Template API - Create', () => {
@@ -80,8 +72,7 @@ describe('Template API - Create', () => {
 
     expect(mocks.templateClient.createTemplate).toHaveBeenCalledWith(
       {},
-      { userId: 'sub', clientId: 'nhs-notify-client-id' },
-      undefined
+      { userId: 'sub', clientId: 'nhs-notify-client-id' }
     );
   });
 
@@ -114,20 +105,13 @@ describe('Template API - Create', () => {
 
     expect(mocks.templateClient.createTemplate).toHaveBeenCalledWith(
       { id: 1 },
-      { userId: 'sub', clientId: 'nhs-notify-client-id' },
-      undefined
+      { userId: 'sub', clientId: 'nhs-notify-client-id' }
     );
   });
 
   test('should return template', async () => {
     const { handler, mocks } = setup();
 
-    mocks.clientConfigurationFetch.mockResolvedValueOnce(
-      mock<ClientConfiguration>({
-        campaignId: 'campaignId',
-      })
-    );
-
     const create: CreateUpdateTemplate = {
       name: 'updated-name',
       message: 'message',
@@ -159,14 +143,10 @@ describe('Template API - Create', () => {
       body: JSON.stringify({ statusCode: 201, template: response }),
     });
 
-    expect(mocks.templateClient.createTemplate).toHaveBeenCalledWith(
-      create,
-      {
-        userId: 'sub',
-        clientId: 'notify-client-id',
-      },
-      'campaignId'
-    );
+    expect(mocks.templateClient.createTemplate).toHaveBeenCalledWith(create, {
+      userId: 'sub',
+      clientId: 'notify-client-id',
+    });
   });
 
   test('should return template when no clientId in auth context', async () => {

lambdas/backend-api/src/__tests__/templates/infra/client-config-repository.test.ts

@@ -23,7 +23,7 @@ function setup() {
 
 const mockCSI = 'test-csi';
 const mockClientId = 'test-client-123';
-const mockKey = `${mockCSI}/clients/${mockClientId}`;
+const mockKey = `${mockCSI}/${mockClientId}`;
 
 const validNotifyClient: NotifyClient = {
   campaignId: 'campaign-123',
@@ -254,7 +254,7 @@ describe('ClientConfigRepository', () => {
         expect(result).toBeUndefined();
       });
 
-      it('should propagate SSM client errors', async () => {
+      it('should return undefined SSM client errors', async () => {
         const {
           mocks: { ssmClient, cache, logger },
         } = setup();
@@ -270,9 +270,9 @@ describe('ClientConfigRepository', () => {
 
         ssmClient.on(GetParameterCommand).rejectsOnce(ssmError);
 
-        await expect(repository.get(mockClientId)).rejects.toThrow(
-          'SSM service unavailable'
-        );
+        const client = await repository.get(mockClientId);
+
+        expect(client).toBeUndefined();
       });
     });
 

lambdas/backend-api/src/templates/infra/client-config-repository.ts

@@ -27,18 +27,28 @@ export class ClientConfigRepository {
       return notifyClient;
     }
 
-    const config = await this.ssmClient.send(
-      new GetParameterCommand({
-        Name: key,
-      })
-    );
+    let config: string | undefined;
+
+    try {
+      const response = await this.ssmClient.send(
+        new GetParameterCommand({
+          Name: key,
+        })
+      );
+      config = response.Parameter?.Value;
+    } catch (error) {
+      this.logger.error('failed to obtain client configuration', {
+        error,
+        clientId,
+        key,
+      });
+      return;
+    }
 
-    const { data, error, success } = $NotifyClientProcessed.safeParse(
-      config.Parameter?.Value
-    );
+    const { data, error, success } = $NotifyClientProcessed.safeParse(config);
 
     if (!success) {
-      this.logger.error('failed to obtain client configuration', error, {
+      this.logger.error('Failed to parse client configuration', error, {
         clientId,
       });
       return;