NHSDigital
diff --git a/‎frontend/jest.setup.ts‎
Lines changed: 5 additions & 0 deletions b/‎frontend/jest.setup.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/README.md‎
Lines changed: 4 additions & 2 deletions b/‎infrastructure/terraform/modules/backend-api/README.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_virus_scan_failed.tf‎
Lines changed: 2 additions & 2 deletions b/‎infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_virus_scan_failed.tf‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_virus_scan_passed.tf‎
Lines changed: 22 additions & 23 deletions b/‎infrastructure/terraform/modules/backend-api/cloudwatch_event_rule_virus_scan_passed.tf‎
Lines changed: 22 additions & 23 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/locals.tf‎
Lines changed: 7 additions & 7 deletions b/‎infrastructure/terraform/modules/backend-api/locals.tf‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/module_build_template_lambda.tf‎
Lines changed: 1 addition & 1 deletion b/‎infrastructure/terraform/modules/backend-api/module_build_template_lambda.tf‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎infrastructure/terraform/modules/backend-api/module_lambda_copy_scanned_object_to_internal.tf‎
Lines changed: 14 additions & 0 deletions b/‎infrastructure/terraform/modules/backend-api/module_lambda_copy_scanned_object_to_internal.tf‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/module_lambda_delete_failed_scanned_object.tf‎
Lines changed: 2 additions & 1 deletion b/‎infrastructure/terraform/modules/backend-api/module_lambda_delete_failed_scanned_object.tf‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎infrastructure/terraform/modules/backend-api/module_lambda_set_letter_file_virus_scan_status.tf‎
Lines changed: 6 additions & 6 deletions b/‎infrastructure/terraform/modules/backend-api/module_lambda_set_letter_file_virus_scan_status.tf‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎infrastructure/terraform/modules/backend-api/spec.tmpl.json‎
Lines changed: 2 additions & 1 deletion b/‎infrastructure/terraform/modules/backend-api/spec.tmpl.json‎
Lines changed: 2 additions & 1 deletion
@@ -12,6 +12,11 @@ import 'whatwg-fetch';
 
 Object.assign(global, { TextDecoder, TextEncoder });
 
+Object.assign(global, {
+  // eslint-disable-next-line unicorn/prefer-structured-clone
+  structuredClone: (val: unknown) => JSON.parse(JSON.stringify(val)),
+});
+
 createMocks();
 
 // set feature flag
 
@@ -28,18 +28,20 @@ No requirements.
 |------|--------|---------|
 | <a name="module_authorizer_build"></a> [authorizer\_build](#module\_authorizer\_build) | ../typescript-build-zip | n/a |
 | <a name="module_authorizer_lambda"></a> [authorizer\_lambda](#module\_authorizer\_lambda) | ../lambda-function | n/a |
-| <a name="module_build_get_s3_object_tags_lambda"></a> [build\_get\_s3\_object\_tags\_lambda](#module\_build\_get\_s3\_object\_tags\_lambda) | ../typescript-build-zip | n/a |
 | <a name="module_build_template_client"></a> [build\_template\_client](#module\_build\_template\_client) | ../typescript-build-zip | n/a |
 | <a name="module_build_template_lambda"></a> [build\_template\_lambda](#module\_build\_template\_lambda) | ../typescript-build-zip | n/a |
+| <a name="module_build_virus_scan_lambdas"></a> [build\_virus\_scan\_lambdas](#module\_build\_virus\_scan\_lambdas) | ../typescript-build-zip | n/a |
 | <a name="module_create_letter_template_lambda"></a> [create\_letter\_template\_lambda](#module\_create\_letter\_template\_lambda) | ../lambda-function | n/a |
 | <a name="module_create_template_lambda"></a> [create\_template\_lambda](#module\_create\_template\_lambda) | ../lambda-function | n/a |
 | <a name="module_get_template_lambda"></a> [get\_template\_lambda](#module\_get\_template\_lambda) | ../lambda-function | n/a |
+| <a name="module_lambda_copy_scanned_object_to_internal"></a> [lambda\_copy\_scanned\_object\_to\_internal](#module\_lambda\_copy\_scanned\_object\_to\_internal) | ../lambda-function | n/a |
+| <a name="module_lambda_delete_failed_scanned_object"></a> [lambda\_delete\_failed\_scanned\_object](#module\_lambda\_delete\_failed\_scanned\_object) | ../lambda-function | n/a |
 | <a name="module_lambda_get_s3_object_tags"></a> [lambda\_get\_s3\_object\_tags](#module\_lambda\_get\_s3\_object\_tags) | ../lambda-function | n/a |
+| <a name="module_lambda_set_file_virus_scan_status"></a> [lambda\_set\_file\_virus\_scan\_status](#module\_lambda\_set\_file\_virus\_scan\_status) | ../lambda-function | n/a |
 | <a name="module_list_template_lambda"></a> [list\_template\_lambda](#module\_list\_template\_lambda) | ../lambda-function | n/a |
 | <a name="module_s3bucket_internal"></a> [s3bucket\_internal](#module\_s3bucket\_internal) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket | v1.0.8 |
 | <a name="module_s3bucket_quarantine"></a> [s3bucket\_quarantine](#module\_s3bucket\_quarantine) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket | v1.0.8 |
 | <a name="module_sqs_quarantine_tags_added"></a> [sqs\_quarantine\_tags\_added](#module\_sqs\_quarantine\_tags\_added) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/sqs | v1.0.8 |
-| <a name="module_sqs_virus_scan_complete"></a> [sqs\_virus\_scan\_complete](#module\_sqs\_virus\_scan\_complete) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/sqs | v1.0.8 |
 | <a name="module_sqs_virus_scan_failed"></a> [sqs\_virus\_scan\_failed](#module\_sqs\_virus\_scan\_failed) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/sqs | v1.0.8 |
 | <a name="module_sqs_virus_scan_passed"></a> [sqs\_virus\_scan\_passed](#module\_sqs\_virus\_scan\_passed) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/sqs | v1.0.8 |
 | <a name="module_update_template_lambda"></a> [update\_template\_lambda](#module\_update\_template\_lambda) | ../lambda-function | n/a |
 
@@ -26,7 +26,7 @@ resource "aws_cloudwatch_event_target" "scan_failed_delete_object" {
 
 resource "aws_cloudwatch_event_target" "scan_failed_set_file_status" {
   rule     = aws_cloudwatch_event_rule.virus_scan_failed.name
-  arn      = module.lambda_set_letter_file_virus_scan_status.function_arn
+  arn      = module.lambda_set_file_virus_scan_status.function_arn
   role_arn = aws_iam_role.handle_scan_failed.arn
 }
 
@@ -50,7 +50,7 @@ data "aws_iam_policy_document" "handle_scan_failed" {
     actions = ["lambda:InvokeFunction"]
     resources = [
       module.lambda_delete_failed_scanned_object.function_arn,
-      module.lambda_set_letter_file_virus_scan_status.function_arn,
+      module.lambda_set_file_virus_scan_status.function_arn,
     ]
   }
 }
@@ -18,40 +18,39 @@ resource "aws_cloudwatch_event_rule" "virus_scan_passed" {
   })
 }
 
-resource "aws_cloudwatch_event_target" "virus_scan_passed" {
+resource "aws_cloudwatch_event_target" "scan_passed_copy_object" {
   rule     = aws_cloudwatch_event_rule.virus_scan_passed.name
-  arn      = module.sqs_virus_scan_passed.sqs_queue_arn
-  role_arn = aws_iam_role.virus_scan_passed_to_sqs.arn
+  arn      = module.lambda_copy_scanned_object_to_internal.function_arn
+  role_arn = aws_iam_role.handle_scan_passed.arn
 }
 
-resource "aws_iam_role" "virus_scan_passed_to_sqs" {
-  name               = "${local.csi}-virus-scan-passed-to-sqs"
+resource "aws_cloudwatch_event_target" "scan_passed_set_file_status" {
+  rule     = aws_cloudwatch_event_rule.virus_scan_passed.name
+  arn      = module.lambda_set_file_virus_scan_status.function_arn
+  role_arn = aws_iam_role.handle_scan_passed.arn
+}
+
+resource "aws_iam_role" "handle_scan_passed" {
+  name               = "${local.csi}-virus-scan-passed"
   assume_role_policy = data.aws_iam_policy_document.events_assume_role.json
 }
 
-resource "aws_iam_role_policy" "virus_scan_passed_to_sqs" {
-  name   = "${local.csi}-virus-scan-passed-to-sqs"
-  role   = aws_iam_role.virus_scan_passed_to_sqs.id
-  policy = data.aws_iam_policy_document.virus_scan_passed_to_sqs.json
+resource "aws_iam_role_policy" "handle_scan_passed" {
+  name   = "${local.csi}-virus-scan-passed"
+  role   = aws_iam_role.handle_scan_passed.id
+  policy = data.aws_iam_policy_document.handle_scan_passed.json
 }
 
-data "aws_iam_policy_document" "virus_scan_passed_to_sqs" {
+data "aws_iam_policy_document" "handle_scan_passed" {
   version = "2012-10-17"
 
   statement {
-    sid       = "AllowSQSSendMessage"
-    effect    = "Allow"
-    actions   = ["sqs:SendMessage"]
-    resources = [module.sqs_virus_scan_passed.sqs_queue_arn]
-  }
-
-  statement {
-    sid    = "AllowKMS"
-    effect = "Allow"
-    actions = [
-      "kms:Decrypt",
-      "kms:GenerateDataKey"
+    sid     = "AllowLambdaInvoke"
+    effect  = "Allow"
+    actions = ["lambda:InvokeFunction"]
+    resources = [
+      module.lambda_copy_scanned_object_to_internal.function_arn,
+      module.lambda_set_file_virus_scan_status.function_arn,
     ]
-    resources = [var.kms_key_arn]
   }
 }
@@ -15,13 +15,13 @@ locals {
   })
 
   backend_lambda_entrypoints = {
-    create_template                   = "src/templates/create.ts"
-    create_letter_template            = "src/templates/create-letter.ts"
-    get_template                      = "src/templates/get.ts"
-    update_template                   = "src/templates/update.ts"
-    list_template                     = "src/templates/list.ts"
-    template_client                   = "src/index.ts"
-    set_letter_file_virus_scan_status = "src/set-letter-file-virus-scan-status.ts"
+    create_template            = "src/templates/create.ts"
+    create_letter_template     = "src/templates/create-letter.ts"
+    get_template               = "src/templates/get.ts"
+    update_template            = "src/templates/update.ts"
+    list_template              = "src/templates/list.ts"
+    set_file_virus_scan_status = "src/templates/set-letter-file-virus-scan-status.ts"
+    template_client            = "src/index.ts"
   }
 
   dynamodb_kms_key_arn = var.dynamodb_kms_key_arn == "" ? aws_kms_key.dynamo[0].arn : var.dynamodb_kms_key_arn
 
@@ -8,7 +8,7 @@ module "build_template_lambda" {
     local.backend_lambda_entrypoints.get_template,
     local.backend_lambda_entrypoints.update_template,
     local.backend_lambda_entrypoints.list_template,
-    local.backend_lambda_entrypoints.set_letter_file_virus_scan_status,
+    local.backend_lambda_entrypoints.set_file_virus_scan_status,
   ]
 }
 
 
@@ -56,4 +56,18 @@ data "aws_iam_policy_document" "copy_scanned_object_to_internal" {
 
     resources = ["${module.s3bucket_internal.arn}/*"]
   }
+
+  statement {
+    sid    = "AllowKMSAccess"
+    effect = "Allow"
+
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey",
+    ]
+
+    resources = [
+      var.kms_key_arn
+    ]
+  }
 }
@@ -18,7 +18,8 @@ data "aws_iam_policy_document" "delete_failed_scanned_object" {
     effect = "Allow"
 
     actions = [
-      "s3:DeleteObject"
+      "s3:DeleteObject",
+      "s3:DeleteObjectVersion"
     ]
 
     resources = ["${module.s3bucket_quarantine.arn}/*"]
 
@@ -1,10 +1,10 @@
-module "lambda_set_letter_file_virus_scan_status" {
+module "lambda_set_file_virus_scan_status" {
   source      = "../lambda-function"
   description = "Sets virus scan status on letter files"
 
-  function_name    = "${local.csi}-set-letter-file-virus-scan-status"
-  filename         = module.build_template_lambda.zips[local.backend_lambda_entrypoints.set_letter_file_virus_scan_status].path
-  source_code_hash = module.build_template_lambda.zips[local.backend_lambda_entrypoints.set_letter_file_virus_scan_status].base64sha256
+  function_name    = "${local.csi}-set-file-virus-scan-status"
+  filename         = module.build_template_lambda.zips[local.backend_lambda_entrypoints.set_file_virus_scan_status].path
+  source_code_hash = module.build_template_lambda.zips[local.backend_lambda_entrypoints.set_file_virus_scan_status].base64sha256
   handler          = "set-letter-file-virus-scan-status.handler"
 
   environment_variables = {
@@ -14,10 +14,10 @@ module "lambda_set_letter_file_virus_scan_status" {
 
   log_retention_in_days = var.log_retention_in_days
 
-  execution_role_policy_document = data.aws_iam_policy_document.set_letter_file_virus_scan_status.json
+  execution_role_policy_document = data.aws_iam_policy_document.set_file_virus_scan_status.json
 }
 
-data "aws_iam_policy_document" "set_letter_file_virus_scan_status" {
+data "aws_iam_policy_document" "set_file_virus_scan_status" {
   statement {
     sid    = "AllowDynamoAccess"
     effect = "Allow"
 
@@ -377,7 +377,8 @@
           "SUBMITTED",
           "DELETED",
           "PENDING_UPLOAD",
-          "PENDING_VALIDATION"
+          "PENDING_VALIDATION",
+          "VIRUS_SCAN_FAILED"
         ]
       },
       "Language": {
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ resource "aws_cloudwatch_event_target" "scan_failed_delete_object" {`
`26`	`26`
`27`	`27`	`resource "aws_cloudwatch_event_target" "scan_failed_set_file_status" {`
`28`	`28`	`rule = aws_cloudwatch_event_rule.virus_scan_failed.name`
`29`		`- arn = module.lambda_set_letter_file_virus_scan_status.function_arn`
	`29`	`+ arn = module.lambda_set_file_virus_scan_status.function_arn`
`30`	`30`	`role_arn = aws_iam_role.handle_scan_failed.arn`
`31`	`31`	`}`
`32`	`32`
`@@ -50,7 +50,7 @@ data "aws_iam_policy_document" "handle_scan_failed" {`
`50`	`50`	`actions = ["lambda:InvokeFunction"]`
`51`	`51`	`resources = [`
`52`	`52`	`module.lambda_delete_failed_scanned_object.function_arn,`
`53`		`- module.lambda_set_letter_file_virus_scan_status.function_arn,`
	`53`	`+ module.lambda_set_file_virus_scan_status.function_arn,`
`54`	`54`	`]`
`55`	`55`	`}`
`56`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ module "build_template_lambda" {`
`8`	`8`	`local.backend_lambda_entrypoints.get_template,`
`9`	`9`	`local.backend_lambda_entrypoints.update_template,`
`10`	`10`	`local.backend_lambda_entrypoints.list_template,`
`11`		`- local.backend_lambda_entrypoints.set_letter_file_virus_scan_status,`
	`11`	`+ local.backend_lambda_entrypoints.set_file_virus_scan_status,`
`12`	`12`	`]`
`13`	`13`	`}`
`14`	`14`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,8 @@ data "aws_iam_policy_document" "delete_failed_scanned_object" {`
`18`	`18`	`effect = "Allow"`
`19`	`19`
`20`	`20`	`actions = [`
`21`		`- "s3:DeleteObject"`
	`21`	`+ "s3:DeleteObject",`
	`22`	`+ "s3:DeleteObjectVersion"`
`22`	`23`	`]`
`23`	`24`
`24`	`25`	`resources = ["${module.s3bucket_quarantine.arn}/*"]`