CCM-10432 multi user cleanup (#676)

Author: alexnuttall

infrastructure/terraform/modules/backend-api/module_delete_template_lambda.tf

@@ -48,19 +48,6 @@ data "aws_iam_policy_document" "delete_template_lambda_policy" {
     ]
   }
 
-  statement {
-    sid    = "AllowDynamoGSIAccess"
-    effect = "Allow"
-
-    actions = [
-      "dynamodb:Query",
-    ]
-
-    resources = [
-      "${aws_dynamodb_table.templates.arn}/index/QueryById",
-    ]
-  }
-
   statement {
     sid    = "AllowKMSAccess"
     effect = "Allow"

infrastructure/terraform/modules/backend-api/module_get_template_lambda.tf

@@ -40,7 +40,7 @@ data "aws_iam_policy_document" "get_template_lambda_policy" {
     effect = "Allow"
 
     actions = [
-      "dynamodb:BatchGetItem",
+      "dynamodb:GetItem",
     ]
 
     resources = [

infrastructure/terraform/modules/backend-api/module_lambda_validate_letter_template_files.tf

@@ -55,7 +55,7 @@ data "aws_iam_policy_document" "validate_letter_template_files" {
     effect = "Allow"
 
     actions = [
-      "dynamodb:BatchGetItem",
+      "dynamodb:GetItem",
       "dynamodb:UpdateItem",
     ]
 

infrastructure/terraform/modules/backend-api/module_submit_template_lambda.tf

@@ -48,19 +48,6 @@ data "aws_iam_policy_document" "submit_template_lambda_policy" {
     ]
   }
 
-  statement {
-    sid    = "AllowDynamoGSIAccess"
-    effect = "Allow"
-
-    actions = [
-      "dynamodb:Query",
-    ]
-
-    resources = [
-      "${aws_dynamodb_table.templates.arn}/index/QueryById",
-    ]
-  }
-
   statement {
     sid    = "AllowKMSAccess"
     effect = "Allow"

infrastructure/terraform/modules/backend-api/module_update_template_lambda.tf

@@ -48,19 +48,6 @@ data "aws_iam_policy_document" "update_template_lambda_policy" {
     ]
   }
 
-  statement {
-    sid    = "AllowDynamoGSIAccess"
-    effect = "Allow"
-
-    actions = [
-      "dynamodb:Query",
-    ]
-
-    resources = [
-      "${aws_dynamodb_table.templates.arn}/index/QueryById",
-    ]
-  }
-
   statement {
     sid    = "AllowKMSAccess"
     effect = "Allow"

infrastructure/terraform/modules/backend-api/module_upload_letter_template_lambda.tf

@@ -49,19 +49,6 @@ data "aws_iam_policy_document" "upload_letter_template_lambda_policy" {
     ]
   }
 
-  statement {
-    sid    = "AllowDynamoGSIAccess"
-    effect = "Allow"
-
-    actions = [
-      "dynamodb:Query",
-    ]
-
-    resources = [
-      "${aws_dynamodb_table.templates.arn}/index/QueryById",
-    ]
-  }
-
   statement {
     sid    = "AllowKMSAccess"
     effect = "Allow"

lambdas/backend-api/src/__tests__/templates/api/validate-letter-template-files.test.ts

@@ -103,9 +103,10 @@ describe('guard duty handler', () => {
 
     await handler(event);
 
-    expect(mocks.templateRepository.get).toHaveBeenCalledWith(templateId, {
-      clientId: clientId,
-    });
+    expect(mocks.templateRepository.get).toHaveBeenCalledWith(
+      templateId,
+      clientId
+    );
 
     expect(mocks.letterUploadRepository.download).toHaveBeenCalledWith(
       templateId,
@@ -354,9 +355,10 @@ describe('guard duty handler', () => {
 
     await handler(event);
 
-    expect(mocks.templateRepository.get).toHaveBeenCalledWith(templateId, {
-      clientId,
-    });
+    expect(mocks.templateRepository.get).toHaveBeenCalledWith(
+      templateId,
+      clientId
+    );
 
     expect(mocks.letterUploadRepository.download).toHaveBeenCalledTimes(1);
     expect(mocks.letterUploadRepository.download).toHaveBeenCalledWith(

lambdas/backend-api/src/__tests__/templates/app/template-client.test.ts

@@ -1431,7 +1431,7 @@ describe('templateClient', () => {
 
       expect(mocks.templateRepository.get).toHaveBeenCalledWith(
         templateId,
-        user
+        user.clientId
       );
 
       expect(result).toEqual({
@@ -1472,7 +1472,7 @@ describe('templateClient', () => {
 
       expect(mocks.templateRepository.get).toHaveBeenCalledWith(
         templateId,
-        user
+        user.clientId
       );
 
       expect(result).toEqual({
@@ -1507,7 +1507,7 @@ describe('templateClient', () => {
 
       expect(mocks.templateRepository.get).toHaveBeenCalledWith(
         templateId,
-        user
+        user.clientId
       );
 
       expect(result).toEqual({
@@ -1531,7 +1531,7 @@ describe('templateClient', () => {
 
       const result = await templateClient.listTemplates(user);
 
-      expect(mocks.templateRepository.list).toHaveBeenCalledWith(user);
+      expect(mocks.templateRepository.list).toHaveBeenCalledWith(user.clientId);
 
       expect(result).toEqual({
         error: {
@@ -1576,7 +1576,7 @@ describe('templateClient', () => {
 
       const result = await templateClient.listTemplates(user);
 
-      expect(mocks.templateRepository.list).toHaveBeenCalledWith(user);
+      expect(mocks.templateRepository.list).toHaveBeenCalledWith(user.clientId);
 
       expect(result).toEqual({
         data: [template],
@@ -1603,7 +1603,7 @@ describe('templateClient', () => {
 
       const result = await templateClient.listTemplates(user);
 
-      expect(mocks.templateRepository.list).toHaveBeenCalledWith(user);
+      expect(mocks.templateRepository.list).toHaveBeenCalledWith(user.clientId);
 
       expect(result).toEqual({
         data: [template],