Merge pull request #189 from NHSDigital/feature/CCM-7251_lambda-authoriser

CCM-7251: Implement lambda authoriser

Author: chris-elliott-nhsd

.eslintrc.json

@@ -88,7 +88,8 @@
     {
       "files": ["*.test.{ts,tsx}"],
       "rules": {
-        "unicorn/no-useless-undefined": "off"
+        "unicorn/no-useless-undefined": "off",
+        "unicorn/consistent-function-scoping": "off"
       }
     }
   ]

.github/workflows/stage-2-test.yaml

@@ -51,6 +51,7 @@ jobs:
       - name: "Repo setup"
         run: |
           npm ci
+          (cd lambdas/authorizer && npm ci)
       - name: "Generate dependencies"
         run: |
           npm run generate-dependencies
@@ -80,6 +81,7 @@ jobs:
         run: |
           npm ci
           npm ci tests/test-team
+          (cd lambdas/authorizer && npm ci)
       - name: "Generate dependencies"
         run: |
           npm run generate-dependencies
@@ -97,6 +99,7 @@ jobs:
         run: |
           npm ci
           npm ci tests/test-team
+          (cd lambdas/authorizer && npm ci)
       - name: "Generate dependencies"
         run: |
           npm run generate-dependencies

.github/workflows/stage-4-acceptance.yaml

@@ -96,6 +96,7 @@ jobs:
       - name: "Repo setup"
         run: |
           npm ci
+          (cd lambdas/authorizer && npm ci)
       - name: "Generate dependencies"
         run: |
           npm run generate-dependencies
@@ -128,6 +129,7 @@ jobs:
         run: |
           npm ci
           npm ci tests/test-team
+          (cd lambdas/authorizer && npm ci)
       - name: "Generate dependencies"
         run: |
           npm run generate-dependencies

infrastructure/terraform/components/app/module_templates_api.tf

@@ -8,4 +8,6 @@ module "templates_api" {
   group                 = var.group
   csi                   = local.csi
   log_retention_in_days = var.log_retention_in_days
+
+  cognito_config        = jsondecode(data.aws_ssm_parameter.cognito_config.value)
 }

infrastructure/terraform/components/app/ssm_parameter_cognito_config.tf

@@ -0,0 +1,3 @@
+data "aws_ssm_parameter" "cognito_config" {
+  name        = "/${local.csi}/cognito_config"
+}

infrastructure/terraform/modules/templates-api/api_gateway_method_settings.tf

@@ -0,0 +1,11 @@
+resource "aws_api_gateway_method_settings" "main" {
+  rest_api_id = aws_api_gateway_rest_api.main.id
+  stage_name  = aws_api_gateway_stage.main.stage_name
+  method_path = "*/*"
+
+  settings {
+    metrics_enabled    = true
+    logging_level      = "INFO"
+    data_trace_enabled = true
+  }
+}

infrastructure/terraform/modules/templates-api/cloudwatch_log_group_api_gateway_execution.tf

@@ -0,0 +1,7 @@
+resource "aws_cloudwatch_log_group" "api_gateway_execution" {
+  name = format("API-Gateway-Execution-Logs_%s/%s",
+    aws_api_gateway_rest_api.main.id,
+    var.environment,
+  )
+  retention_in_days = var.log_retention_in_days
+}

infrastructure/terraform/modules/templates-api/module_authorizer_lambda.tf

@@ -9,6 +9,8 @@ module "authorizer_lambda" {
   handler          = "index.handler"
 
   log_retention_in_days = var.log_retention_in_days
+
+  environment_variables = var.cognito_config
 }
 
 module "authorizer_build" {

infrastructure/terraform/modules/templates-api/variables.tf

@@ -52,3 +52,11 @@ variable "log_retention_in_days" {
   description = "The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite"
   default     = 0
 }
+
+variable "cognito_config" {
+  type = object({
+    USER_POOL_ID: string,
+    USER_POOL_CLIENT_ID: string
+  })
+  description = "Cognito config"
+}

jest.config.ts

@@ -78,7 +78,7 @@ const config: Config = {
     'fixture',
     'helpers.ts',
     '/tests/test-team/',
-    '.build'
+    '.build',
   ],
 
   // Set the absolute path for imports