CCM-10548: disable field validation for RTL letters

Author: mark-r-bjss

infrastructure/terraform/components/acct/README.md

@@ -19,7 +19,7 @@
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_initial_cli_secrets_provision_override"></a> [initial\_cli\_secrets\_provision\_override](#input\_initial\_cli\_secrets\_provision\_override) | A map of default value to intialise SSM secret values with. Only useful for initial setup of the account due to lifecycle rules. | `map(string)` | `{}` | no |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
-| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the account (across all environments) | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | `{}` | no |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the account (across all environments) | <pre>map(object({<br>    enable_polling   = bool<br>    default_supplier = optional(bool)<br>  }))</pre> | `{}` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_oam_sink_id"></a> [oam\_sink\_id](#input\_oam\_sink\_id) | The ID of the Cloudwatch OAM sink in the appropriate observability account. | `string` | `""` | no |
 | <a name="input_observability_account_id"></a> [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes |
@@ -28,7 +28,7 @@
 | <a name="input_root_domain_name"></a> [root\_domain\_name](#input\_root\_domain\_name) | The service's root DNS root nameespace, like nonprod.nhsnotify.national.nhs.uk | `string` | `"nonprod.nhsnotify.national.nhs.uk"` | no |
 | <a name="input_support_sandbox_environments"></a> [support\_sandbox\_environments](#input\_support\_sandbox\_environments) | Does this account support dev sandbox environments? | `bool` | `false` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | n/a | `string` | `"10.0.0.0/16"` | no |
-| <a name="input_vpc_subnet_cidr_bits"></a> [vpc\_subnet\_cidr\_bits](#input\_vpc\_subnet\_cidr\_bits) | Number of additional bits to use for subnetting the VPC CIDR block. The bits are evently distributed | <pre>object({<br/>    public  = number<br/>    private = number<br/>  })</pre> | <pre>{<br/>  "private": 3,<br/>  "public": 12<br/>}</pre> | no |
+| <a name="input_vpc_subnet_cidr_bits"></a> [vpc\_subnet\_cidr\_bits](#input\_vpc\_subnet\_cidr\_bits) | Number of additional bits to use for subnetting the VPC CIDR block. The bits are evently distributed | <pre>object({<br>    public  = number<br>    private = number<br>  })</pre> | <pre>{<br>  "private": 3,<br>  "public": 12<br>}</pre> | no |
 ## Modules
 
 | Name | Source | Version |
@@ -51,6 +51,7 @@
 | <a name="output_s3_buckets"></a> [s3\_buckets](#output\_s3\_buckets) | n/a |
 | <a name="output_vpc_nat_ips"></a> [vpc\_nat\_ips](#output\_vpc\_nat\_ips) | n/a |
 | <a name="output_vpc_subnets"></a> [vpc\_subnets](#output\_vpc\_subnets) | n/a |
+
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->

infrastructure/terraform/components/app/README.md

@@ -36,7 +36,7 @@
 | <a name="input_event_delivery_logging_success_sample_percentage"></a> [event\_delivery\_logging\_success\_sample\_percentage](#input\_event\_delivery\_logging\_success\_sample\_percentage) | Enable caching of events to an S3 bucket | `number` | `0` | no |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
-| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | `{}` | no |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br>    enable_polling   = bool<br>    default_supplier = optional(bool)<br>  }))</pre> | `{}` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_observability_account_id"></a> [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes |
 | <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |
@@ -62,6 +62,7 @@
 |------|-------------|
 | <a name="output_amplify"></a> [amplify](#output\_amplify) | n/a |
 | <a name="output_deployment"></a> [deployment](#output\_deployment) | Deployment details used for post-deployment scripts |
+
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->

infrastructure/terraform/components/branch/README.md

@@ -29,6 +29,7 @@
 ## Outputs
 
 No outputs.
+
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->

infrastructure/terraform/components/sandbox/README.md

@@ -15,7 +15,7 @@ No requirements.
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonymous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
-| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | <pre>{<br/>  "WTMMOCK": {<br/>    "default_supplier": true,<br/>    "enable_polling": true<br/>  }<br/>}</pre> | no |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br>    enable_polling   = bool<br>    default_supplier = optional(bool)<br>  }))</pre> | <pre>{<br>  "WTMMOCK": {<br>    "default_supplier": true,<br>    "enable_polling": true<br>  }<br>}</pre> | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
@@ -40,6 +40,7 @@ No requirements.
 | <a name="output_sftp_mock_credential_path"></a> [sftp\_mock\_credential\_path](#output\_sftp\_mock\_credential\_path) | n/a |
 | <a name="output_sftp_poll_lambda_name"></a> [sftp\_poll\_lambda\_name](#output\_sftp\_poll\_lambda\_name) | n/a |
 | <a name="output_templates_table_name"></a> [templates\_table\_name](#output\_templates\_table\_name) | n/a |
+
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->

infrastructure/terraform/modules/backend-api/README.md

@@ -11,7 +11,7 @@ No requirements.
 |------|-------------|------|---------|:--------:|
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_cloudfront_distribution_arn"></a> [cloudfront\_distribution\_arn](#input\_cloudfront\_distribution\_arn) | ARN of the cloudfront distribution to serve files from | `string` | `null` | no |
-| <a name="input_cognito_config"></a> [cognito\_config](#input\_cognito\_config) | Cognito config | <pre>object({<br/>    USER_POOL_ID : string,<br/>    USER_POOL_CLIENT_ID : string<br/>  })</pre> | n/a | yes |
+| <a name="input_cognito_config"></a> [cognito\_config](#input\_cognito\_config) | Cognito config | <pre>object({<br>    USER_POOL_ID : string,<br>    USER_POOL_CLIENT_ID : string<br>  })</pre> | n/a | yes |
 | <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | n/a | yes |
 | <a name="input_csi"></a> [csi](#input\_csi) | CSI from the parent component | `string` | n/a | yes |
 | <a name="input_enable_backup"></a> [enable\_backup](#input\_enable\_backup) | Enable Backups for the DynamoDB table? | `bool` | `true` | no |
@@ -20,7 +20,7 @@ No requirements.
 | <a name="input_function_s3_bucket"></a> [function\_s3\_bucket](#input\_function\_s3\_bucket) | Name of S3 bucket to upload lambda artefacts to | `string` | n/a | yes |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | KMS Key ARN | `string` | n/a | yes |
-| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | n/a | yes |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br>    enable_polling   = bool<br>    default_supplier = optional(bool)<br>  }))</pre> | n/a | yes |
 | <a name="input_log_destination_arn"></a> [log\_destination\_arn](#input\_log\_destination\_arn) | Destination ARN to use for the log subscription filter | `string` | `""` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_log_subscription_role_arn"></a> [log\_subscription\_role\_arn](#input\_log\_subscription\_role\_arn) | The ARN of the IAM role to use for the log subscription filter | `string` | `""` | no |
@@ -68,6 +68,7 @@ No requirements.
 | <a name="output_sftp_mock_credential_path"></a> [sftp\_mock\_credential\_path](#output\_sftp\_mock\_credential\_path) | n/a |
 | <a name="output_sftp_poll_lambda_name"></a> [sftp\_poll\_lambda\_name](#output\_sftp\_poll\_lambda\_name) | n/a |
 | <a name="output_templates_table_name"></a> [templates\_table\_name](#output\_templates\_table\_name) | n/a |
+
 <!-- vale on -->
 <!-- markdownlint-enable -->
 <!-- END_TF_DOCS -->

lambdas/backend-api/src/__tests__/templates/api/validate-letter-template-files.test.ts

@@ -77,6 +77,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -138,6 +139,164 @@ describe('guard duty handler', () => {
     );
   });
 
+  test('skips personalisation field validation for RTL languages', async () => {
+    // arrange
+    const { handler, mocks } = setup();
+
+    const event = makeGuardDutyMalwareScanResultNotificationEvent({
+      detail: {
+        s3ObjectDetails: {
+          bucketName: 'quarantine-bucket',
+          objectKey: `pdf-template/${owner}/${templateId}/${versionId}.pdf`,
+        },
+        scanResultDetails: {
+          scanResultStatus: 'NO_THREATS_FOUND',
+        },
+      },
+    });
+
+    mocks.templateRepository.get.mockResolvedValueOnce({
+      data: mock<DatabaseTemplate>({
+        files: {
+          pdfTemplate: {
+            fileName: '',
+            virusScanStatus: 'PASSED',
+            currentVersion: versionId,
+          },
+          testDataCsv: {
+            fileName: '',
+            virusScanStatus: 'PASSED',
+            currentVersion: versionId,
+          },
+        },
+        templateStatus: 'PENDING_VALIDATION',
+        language: 'fa',
+      }),
+    });
+
+    const pdfData = Uint8Array.from('pdf');
+    const csvData = Uint8Array.from('csv');
+
+    mocks.letterUploadRepository.download
+      .mockResolvedValueOnce(pdfData)
+      .mockResolvedValueOnce(csvData);
+
+    const pdf = {
+      personalisationParameters: [
+        'firstName',
+        'parameter_1',
+        'unknown_parameter',
+      ],
+      parse: jest.fn(),
+    } as unknown as TemplatePdf;
+    mocks.TemplatePdf.mockImplementation(() => pdf);
+
+    const csv = {
+      parameters: ['parameter_1', 'missing_parameter'],
+      parse: jest.fn(),
+    } as unknown as TestDataCsv;
+    mocks.TestDataCsv.mockImplementation(() => csv);
+
+    // act
+    await handler(event);
+
+    // assert
+    expect(mocks.TemplatePdf).toHaveBeenCalledWith(
+      { id: templateId, owner },
+      pdfData
+    );
+    expect(mocks.TestDataCsv).toHaveBeenCalledWith(csvData);
+    expect(pdf.parse).toHaveBeenCalled();
+    expect(csv.parse).toHaveBeenCalled();
+    expect(mocks.validateLetterTemplateFiles).not.toHaveBeenCalled();
+    expect(
+      mocks.templateRepository.setLetterValidationResult
+    ).toHaveBeenCalledWith(
+      { id: templateId, owner },
+      versionId,
+      true,
+      ['firstName', 'parameter_1', 'unknown_parameter'],
+      ['parameter_1', 'missing_parameter']
+    );
+  });
+
+  test('handles missing language', async () => {
+    // arrange
+    const { handler, mocks } = setup();
+
+    const event = makeGuardDutyMalwareScanResultNotificationEvent({
+      detail: {
+        s3ObjectDetails: {
+          bucketName: 'quarantine-bucket',
+          objectKey: `pdf-template/${owner}/${templateId}/${versionId}.pdf`,
+        },
+        scanResultDetails: {
+          scanResultStatus: 'NO_THREATS_FOUND',
+        },
+      },
+    });
+
+    mocks.templateRepository.get.mockResolvedValueOnce({
+      data: mock<DatabaseTemplate>({
+        files: {
+          pdfTemplate: {
+            fileName: '',
+            virusScanStatus: 'PASSED',
+            currentVersion: versionId,
+          },
+          testDataCsv: {
+            fileName: '',
+            virusScanStatus: 'PASSED',
+            currentVersion: versionId,
+          },
+        },
+        templateStatus: 'PENDING_VALIDATION',
+        language: undefined,
+      }),
+    });
+
+    const pdfData = Uint8Array.from('pdf');
+    const csvData = Uint8Array.from('csv');
+
+    mocks.letterUploadRepository.download
+      .mockResolvedValueOnce(pdfData)
+      .mockResolvedValueOnce(csvData);
+
+    const pdf = {
+      personalisationParameters: [
+        'firstName',
+        'parameter_1',
+        'unknown_parameter',
+      ],
+      parse: jest.fn(),
+    } as unknown as TemplatePdf;
+    mocks.TemplatePdf.mockImplementation(() => pdf);
+
+    const csv = {
+      parameters: ['parameter_1', 'missing_parameter'],
+      parse: jest.fn(),
+    } as unknown as TestDataCsv;
+    mocks.TestDataCsv.mockImplementation(() => csv);
+    mocks.validateLetterTemplateFiles.mockReturnValueOnce(false);
+
+    // act
+    await handler(event);
+
+    // assert
+    expect(pdf.parse).toHaveBeenCalled();
+    expect(csv.parse).toHaveBeenCalled();
+    expect(mocks.validateLetterTemplateFiles).toHaveBeenCalled();
+    expect(
+      mocks.templateRepository.setLetterValidationResult
+    ).toHaveBeenCalledWith(
+      { id: templateId, owner },
+      versionId,
+      false,
+      ['firstName', 'parameter_1', 'unknown_parameter'],
+      ['parameter_1', 'missing_parameter']
+    );
+  });
+
   test('loads the template data and associated files (pdf only), validates the file contents and saves the result to the database', async () => {
     const { handler, mocks } = setup();
 
@@ -164,6 +323,7 @@ describe('guard duty handler', () => {
           testDataCsv: undefined,
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -403,6 +563,7 @@ describe('guard duty handler', () => {
       data: mock<DatabaseTemplate>({
         files: undefined,
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -443,6 +604,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -483,6 +645,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -523,6 +686,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'NOT_YET_SUBMITTED',
+        language: 'en',
       }),
     });
 
@@ -563,6 +727,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'VALIDATION_FAILED',
+        language: 'en',
       }),
     });
 
@@ -603,6 +768,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -643,6 +809,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -683,6 +850,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -725,6 +893,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -767,6 +936,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -813,6 +983,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -859,6 +1030,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -909,6 +1081,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });
 
@@ -963,6 +1136,7 @@ describe('guard duty handler', () => {
           },
         },
         templateStatus: 'PENDING_VALIDATION',
+        language: 'en',
       }),
     });