ONSdigital
diff --git a/‎README.md‎
Lines changed: 21 additions & 14 deletions b/‎README.md‎
Lines changed: 21 additions & 14 deletions
diff --git a/‎api/policies_test.go‎
Lines changed: 9 additions & 9 deletions b/‎api/policies_test.go‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎features/delete_policies.feature‎
Lines changed: 3 additions & 5 deletions b/‎features/delete_policies.feature‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎features/get_permissions_bundle.feature‎
Lines changed: 2 additions & 6 deletions b/‎features/get_permissions_bundle.feature‎
Lines changed: 2 additions & 6 deletions
diff --git a/‎features/get_policies.feature‎
Lines changed: 4 additions & 8 deletions b/‎features/get_policies.feature‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎features/post_policies.feature‎
Lines changed: 6 additions & 18 deletions b/‎features/post_policies.feature‎
Lines changed: 6 additions & 18 deletions
@@ -13,27 +13,34 @@ API for managing access control permissions for Digital Publishing API resources
 
 ### Configuration
 
-| Environment variable              | Default   | Description
-| ----------------------------      | --------- | -----------
-| BIND_ADDR                         | :25400    | The host and port to bind to
-| GRACEFUL_SHUTDOWN_TIMEOUT         | 5s        | The graceful shutdown timeout in seconds (`time.Duration` format)
-| HEALTHCHECK_INTERVAL              | 30s       | Time between self-healthchecks (`time.Duration` format)
-| HEALTHCHECK_CRITICAL_TIMEOUT      | 90s       | Time to wait until an unhealthy dependent propagates its state to make this app unhealthy (`time.Duration` format)
-| MOGODB_BIND_ADDR                  | localhost:27017 | The MongoDB bind address
-| MONGODB_PERMISSIONS_DATABASE      | permissions     | The MongoDB permissions database
-| MONGODB_ROLES_COLLECTION          | roles     | The MongoDB roles collection
-| MONGODB_POLICIES_COLLECTION       | policies  | The MongoDB policies collection
-| DEFAULT_LIMIT                     | 20        | Default limit for pagination
-| DEFAULT_OFFSET                    | 0         | Default offset for pagination
-| DEFAULT_MAXIMUM_LIMIT             | 1000      | Default maximum limit for pagination
+| Environment variable           | Default                                             | Description                                                                                                         |
+|--------------------------------|-----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|
+| BIND_ADDR                      | :25400                                              | The host and port to bind to                                                                                        |
+| GRACEFUL_SHUTDOWN_TIMEOUT      | 5s                                                  | The graceful shutdown timeout in seconds (`time.Duration` format)                                                   |
+| HEALTHCHECK_INTERVAL           | 30s                                                 | Time between self-healthchecks (`time.Duration` format)                                                             |
+| HEALTHCHECK_CRITICAL_TIMEOUT   | 90s                                                 | Time to wait until an unhealthy dependent propagates its state to make this app unhealthy (`time.Duration` format)  |
+| MONGODB_BIND_ADDR              | localhost:27017                                     | The MongoDB bind address                                                                                            |
+| MONGODB_USERNAME               |                                                     | The MongoDB Username                                                                                                |
+| MONGODB_PASSWORD               |                                                     | The MongoDB Password                                                                                                |
+| MONGODB_DATABASE               | permissions                                         | The MongoDB database                                                                                                |
+| MONGODB_COLLECTIONS            | RolesCollection:roles, PoliciesCollection:policies  | The MongoDB collections                                                                                             |
+| MONGODB_REPLICA_SET            |                                                     | The name of the MongoDB replica set                                                                                 |
+| MONGODB_ENABLE_READ_CONCERN    | false                                               | Switch to use (or not) majority read concern                                                                        |
+| MONGODB_ENABLE_WRITE_CONCERN   | true                                                | Switch to use (or not) majority write concern                                                                       |
+| MONGODB_CONNECT_TIMEOUT        | 5s                                                  | The timeout when connecting to MongoDB (`time.Duration` format)                                                     |
+| MONGODB_QUERY_TIMEOUT          | 15s                                                 | The timeout for querying MongoDB (`time.Duration` format)                                                           |
+| MONGODB_IS_SSL                 | false                                               | Switch to use (or not) TLS when connecting to mongodb                                                               |
+| DEFAULT_LIMIT                  | 20                                                  | Default limit for pagination                                                                                        |
+| DEFAULT_OFFSET                 | 0                                                   | Default offset for pagination                                                                                       |
+| DEFAULT_MAXIMUM_LIMIT          | 1000                                                | Default maximum limit for pagination                                                                                |
 
 ### Contributing
 
 See [CONTRIBUTING](CONTRIBUTING.md) for details.
 
 ### License
 
-Copyright © 2021, Office for National Statistics (https://www.ons.gov.uk)
+Copyright © 2022, Office for National Statistics (https://www.ons.gov.uk)
 
 Released under MIT license, see [LICENSE](LICENSE.md) for details.
 
@@ -41,7 +41,7 @@ func TestSuccessfulAddPolicies(t *testing.T) {
 		permissionsApi := setupAPIWithStore(mockedPermissionsStore)
 
 		Convey("When a POST request is made to the policies endpoint with all the policies properties", func() {
-			reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "r1", "conditions": [{"attributes": ["a1"], "operator": "StringEquals", "values": ["v1"]}]}`)
+			reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "r1", "conditions": [{"attribute": "a1", "operator": "StringEquals", "values": ["v1"]}]}`)
 			request, _ := http.NewRequest("POST", "http://localhost:25400/v1/policies", reader)
 			responseWriter := httptest.NewRecorder()
 			permissionsApi.Router.ServeHTTP(responseWriter, request)
@@ -69,7 +69,7 @@ func TestSuccessfulAddPolicies(t *testing.T) {
 				So(policy.Role, ShouldResemble, "r1")
 				So(policy.Entities, ShouldResemble, []string{"e1", "e2"})
 				So(policy.Conditions, ShouldResemble, []models.Condition{
-					{Attributes: []string{"a1"}, Values: []string{"v1"}, Operator: models.OperatorStringEquals}},
+					{Attribute: "a1", Values: []string{"v1"}, Operator: models.OperatorStringEquals}},
 				)
 			})
 		})
@@ -155,7 +155,7 @@ func TestFailedAddPoliciesWithInvalidPolicy(t *testing.T) {
 	Convey("When a POST request is made to the policies without a role", t, func() {
 		permissionsApi := setupAPI()
 
-		reader := strings.NewReader(`{"entities": ["e1", "e2"], "conditions": [{"attributes": ["a1"], "operator": "StringEquals", "values": ["v1"]}]}`)
+		reader := strings.NewReader(`{"entities": ["e1", "e2"], "conditions": [{"attribute": "a1", "operator": "StringEquals", "values": ["v1"]}]}`)
 		request, _ := http.NewRequest("POST", "http://localhost:25400/v1/policies", reader)
 		responseWriter := httptest.NewRecorder()
 		permissionsApi.Router.ServeHTTP(responseWriter, request)
@@ -175,7 +175,7 @@ func TestFailedAddPoliciesWithInvalidPolicy(t *testing.T) {
 	Convey("When a POST request is made to the policies with empty role", t, func() {
 		permissionsApi := setupAPI()
 
-		reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "", "conditions": [{"attributes": ["a1"], "operator": "StringEquals", "values": ["v1"]}]}`)
+		reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "", "conditions": [{"attribute": "a1", "operator": "StringEquals", "values": ["v1"]}]}`)
 		request, _ := http.NewRequest("POST", "http://localhost:25400/v1/policies", reader)
 		responseWriter := httptest.NewRecorder()
 		permissionsApi.Router.ServeHTTP(responseWriter, request)
@@ -195,7 +195,7 @@ func TestFailedAddPoliciesWithInvalidPolicy(t *testing.T) {
 	Convey("When a POST request is made to the policies with an invalid condition operator", t, func() {
 		permissionsApi := setupAPI()
 
-		reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "r1", "conditions": [{"attributes": ["a1"], "operator": "And", "values": ["v1"]}]}`)
+		reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "r1", "conditions": [{"attribute": "a1", "operator": "And", "values": ["v1"]}]}`)
 		request, _ := http.NewRequest("POST", "http://localhost:25400/v1/policies", reader)
 		responseWriter := httptest.NewRecorder()
 		permissionsApi.Router.ServeHTTP(responseWriter, request)
@@ -304,7 +304,7 @@ func TestGetPolicyHandler(t *testing.T) {
 						ID:         testPolicyID,
 						Entities:   []string{"e1", "e2"},
 						Role:       "r1",
-						Conditions: []models.Condition{{Attributes: []string{"al"}, Operator: models.OperatorStringEquals, Values: []string{"v1"}}}}, nil
+						Conditions: []models.Condition{{Attribute: "al", Operator: models.OperatorStringEquals, Values: []string{"v1"}}}}, nil
 				case "NOTFOUND":
 					return nil, apierrors.ErrPolicyNotFound
 				default:
@@ -326,7 +326,7 @@ func TestGetPolicyHandler(t *testing.T) {
 					ID:         testPolicyID,
 					Entities:   []string{"e1", "e2"},
 					Role:       "r1",
-					Conditions: []models.Condition{{Attributes: []string{"al"}, Operator: models.OperatorStringEquals, Values: []string{"v1"}}}}
+					Conditions: []models.Condition{{Attribute: "al", Operator: models.OperatorStringEquals, Values: []string{"v1"}}}}
 
 				policy := models.Policy{}
 				payload, _ := ioutil.ReadAll(responseRecorder.Body)
@@ -378,7 +378,7 @@ func TestSuccessfulUpdatePolicy(t *testing.T) {
 		permissionsApi := setupAPIWithStore(mockedPermissionsStore)
 
 		Convey("When a PUT request is made to the update policies endpoint to update an existing policy", func() {
-			reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "r1", "conditions": [{"attributes": ["a1"], "operator": "StringEquals", "values": ["v1"]}]}`)
+			reader := strings.NewReader(`{"entities": ["e1", "e2"], "role": "r1", "conditions": [{"attribute": "a1", "operator": "StringEquals", "values": ["v1"]}]}`)
 			request, _ := http.NewRequest("PUT", "http://localhost:25400/v1/policies/existing_policy", reader)
 			responseWriter := httptest.NewRecorder()
 			permissionsApi.Router.ServeHTTP(responseWriter, request)
@@ -521,7 +521,7 @@ func TestDeletePolicyHandler(t *testing.T) {
 						ID:         testPolicyID,
 						Entities:   []string{"e1", "e2"},
 						Role:       "r1",
-						Conditions: []models.Condition{{Attributes: []string{"al"}, Operator: models.OperatorStringEquals, Values: []string{"v1"}}}}, nil
+						Conditions: []models.Condition{{Attribute: "al", Operator: models.OperatorStringEquals, Values: []string{"v1"}}}}, nil
 				case "NOTFOUND":
 					return nil, apierrors.ErrPolicyNotFound
 				default:
 
@@ -30,9 +30,7 @@ Feature: Behaviour of application when performing requests against /v1/policies
               "conditions": [
                   {
                       "operator": "StringEquals",
-                      "attributes": [
-                        "collection-id"
-                      ],
+                      "attribute": "collection-id",
                       "values": [
                         "collection-765"
                       ]
@@ -47,10 +45,10 @@ Feature: Behaviour of application when performing requests against /v1/policies
     When I DELETE "/v1/policies/publisher"
     Then the HTTP status code should be "204"
 
-  Scenario: [Test #2] DELETE /v1/policies/publisher with invalid JWT token in header - the response status is 403 (forbidden)
+  Scenario: [Test #2] DELETE /v1/policies/publisher with invalid JWT token in header - the response status is 401
     Given I am a publisher user with invalid auth token
     When I DELETE "/v1/policies/publisher"
-    Then the HTTP status code should be "403"
+    Then the HTTP status code should be "401"
 
   Scenario: [Test #3] DELETE /v1/policies/viewer to fetch a policy having all parameters
     Given I am a viewer user
 
@@ -55,9 +55,7 @@ Feature: GET /v1/permissions-bundle endpoint
                     "conditions": [
                         {
                             "operator": "StringEquals",
-                            "attributes": [
-                              "collection-id"
-                            ],
+                            "attribute": "collection-id",
                             "values": [
                               "collection-765"
                             ]
@@ -90,9 +88,7 @@ Feature: GET /v1/permissions-bundle endpoint
                     "id": "viewer",
                     "conditions": [
                       {
-                        "attributes": [
-                          "collection-id"
-                        ],
+                        "attribute": "collection-id",
                         "operator": "StringEquals",
                         "values": [
                           "collection-765"
 
@@ -30,9 +30,7 @@ Feature: Behaviour of application when performing requests against /v1/policies
               "conditions": [
                   {
                       "operator": "StringEquals",
-                      "attributes": [
-                        "collection-id"
-                      ],
+                      "attribute": "collection-id",
                       "values": [
                         "collection-765"
                       ]
@@ -58,10 +56,10 @@ Feature: Behaviour of application when performing requests against /v1/policies
           }
       """
 
-  Scenario: [Test #2] GET /v1/policies/publisher with invalid JWT token in header - the response status is 403 (forbidden)
+  Scenario: [Test #2] GET /v1/policies/publisher with invalid JWT token in header - the response status is 401
     Given I am a publisher user with invalid auth token
     When I GET "/v1/policies/publisher"
-    Then the HTTP status code should be "403"
+    Then the HTTP status code should be "401"
 
   Scenario: [Test #3] GET /v1/policies/viewer to fetch a policy having all parameters
     Given I am a viewer user
@@ -79,9 +77,7 @@ Feature: Behaviour of application when performing requests against /v1/policies
               "conditions": [
                   {
                       "operator": "StringEquals",
-                      "attributes": [
-                        "collection-id"
-                      ],
+                      "attribute": "collection-id",
                       "values": [
                         "collection-765"
                       ]
 
@@ -12,9 +12,7 @@ Feature: Behaviour of application when doing the POST /v1/policies endpoint, usi
           "role": "r1",
           "conditions": [
             {
-              "attributes": [
-                "a1"
-              ],
+              "attribute": "a1",
               "operator": "StringEquals",
               "values": [
                 "v1"
@@ -47,9 +45,7 @@ Feature: Behaviour of application when doing the POST /v1/policies endpoint, usi
           "role": "r1",
           "conditions": [
             {
-              "attributes": [
-                "a1"
-              ],
+              "attribute": "a1",
               "operator": "StringEquals",
               "values": [
                 "v1"
@@ -69,9 +65,7 @@ Feature: Behaviour of application when doing the POST /v1/policies endpoint, usi
           "role": "r1",
           "conditions": [
             {
-              "attributes": [
-                "a1"
-              ],
+              "attribute": "a1",
               "operator": "StringEquals",
               "values": [
                 "v1"
@@ -93,9 +87,7 @@ Feature: Behaviour of application when doing the POST /v1/policies endpoint, usi
           ],
           "conditions": [
             {
-              "attributes": [
-                "a1"
-              ],
+              "attribute": "a1",
               "operator": "StringEquals",
               "values": [
                 "v1"
@@ -115,9 +107,7 @@ Feature: Behaviour of application when doing the POST /v1/policies endpoint, usi
           "role": "",
           "conditions": [
             {
-              "attributes": [
-                "a1"
-              ],
+              "attribute": "a1",
               "operator": "StringEquals",
               "values": [
                 "v1"
@@ -137,9 +127,7 @@ Feature: Behaviour of application when doing the POST /v1/policies endpoint, usi
           "role": "",
           "conditions": [
             {
-              "attributes": [
-                "a1"
-              ],
+              "attribute": "a1",
               "operator": "StringEquals",
               "values": [
                 "v1"