patient-care-aggregator-reporting/tests/test_endpoints.py at 94aee32ccd5fb7c41c9b0b324535dd73cdfad0eb · NHSDigital/patient-care-aggregator-reporting · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import pytest
from api_test_utils.apigee_api_apps import ApigeeApiDeveloperApps
from api_test_utils.apigee_api_products import ApigeeApiProducts
import uuid
from time import time
import jwt
import requests
from .configuration import config
import json

SESSION = requests.Session()


class TestEndpoints:

    @pytest.fixture()
    async def test_app_and_product(self):
        """Create a fresh test app and product consuming the patient-care-aggregator-reporting proxy
        The app and products are destroyed at the end of the test
        """
        print("\nCreating Default App and Product..")
        apigee_product = ApigeeApiProducts()
        await apigee_product.create_new_product()
        await apigee_product.update_proxies(
            [config.PROXY_NAME, f"identity-service-{config.ENVIRONMENT}"]
        )
        await apigee_product.update_scopes(
            ["urn:nhsd:apim:app:level3:patient-care-aggregator-reporting"]
        )
        # Product ratelimit
        product_ratelimit = {
            f"{config.PROXY_NAME}": {
                "quota": {
                    "limit": "300",
                    "enabled": True,
                    "interval": 1,
                    "timeunit": "minute",
                },
                "spikeArrest": {"ratelimit": "100ps", "enabled": True},
            }
        }
        await apigee_product.update_attributes({"ratelimiting": json.dumps(product_ratelimit)})

        await apigee_product.update_environments([config.ENVIRONMENT])

        apigee_app = ApigeeApiDeveloperApps()
        await apigee_app.create_new_app()

        # Set default JWT Testing resource url and app ratelimit
        app_ratelimit = {
            f"{config.PROXY_NAME}": {
                "quota": {
                    "limit": "300",
                    "enabled": True,
                    "interval": 1,
                    "timeunit": "minute",
                },
                "spikeArrest": {"ratelimit": "100ps", "enabled": True},
            }
        }
        await apigee_app.set_custom_attributes(
            {
                "jwks-resource-url": "https://raw.githubusercontent.com/NHSDigital/"
                "identity-service-jwks/main/jwks/internal-dev/"
                "9baed6f4-1361-4a8e-8531-1f8426e3aba8.json",
                "ratelimiting": json.dumps(app_ratelimit),
            }
        )

        await apigee_app.add_api_product(api_products=[apigee_product.name])

        yield apigee_product, apigee_app

        # Teardown
        print("\nDestroying Default App and Product..")
        await apigee_app.destroy_app()
        await apigee_product.destroy_product()

    @pytest.fixture()
    async def get_token(self, test_app_and_product):
        test_product, test_app = test_app_and_product

        """Call identity server to get an access token"""

        # Create jwt for client assertion (APIM-authentication)
        client_assertion_private_key = config.ENV["client_assertion_private_key"]
        with open(client_assertion_private_key, "r") as f:
            private_key = f.read()
        url = "https://internal-dev.api.service.nhs.uk/oauth2/token"
        claims = {
            "sub": test_app.client_id,  # TODO:save this on secrets manager or create app on the fly
            "iss": test_app.client_id,
            "jti": str(uuid.uuid4()),
            "aud": url,
            "exp": int(time()) + 300,  # 5mins in the future
        }

        additional_headers = {"kid": "test-1"}
        client_assertion = jwt.encode(
            claims, private_key, algorithm="RS512", headers=additional_headers
        )

        # Get token using token client credentials with signed JWT
        resp = SESSION.post(
            url,
            headers={"foo": "bar"},
            data={
                "grant_type": "client_credentials",
                "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
                "clientId": test_app.client_id,
                "client_assertion": client_assertion,
                "header": additional_headers,
                "algorithm": "RS512"
            }
        )

        print(f'Auth server response: {resp.json()}')

        return resp.json()["access_token"]

    def test_happy_path(self, get_token):
        # Given I have a token
        token = get_token
        expected_status_code = 200
        proxy_url = f"https://internal-dev.api.service.nhs.uk/{config.ENV['base_path']}"
        print(f'Proxy URL: {proxy_url}')
        # When calling the proxy
        headers = {
            "Authorization": f"Bearer {token}",
            "X-Correlation-ID": "apim-unit-test",
            "client-id": "apim-unit-test"
        }
        payload = [
            {
                "EventCode": "APPT-VIEW",
                "Timestamp": "2023-08-22T11:00:00+00:00",
                "SessionId": "apim-unit-test",
                "AppointmentId": "apim-unit-test"
            }
        ]
        resp = SESSION.post(url=proxy_url, headers=headers, json=payload)
        print(f'Proxy response: {resp.json()}')
        # Then
        assert resp.status_code == expected_status_code