generated from NHSDigital/nhs-notify-repository-template
-
Notifications
You must be signed in to change notification settings - Fork 0
CCM-14200 - event driven callback delivery #33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
mjewildnhs
wants to merge
78
commits into
main
Choose a base branch
from
feature/CCM-14200-event-driven-callback-delivery
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+8,241
−1,375
Draft
Changes from all commits
Commits
Show all changes
78 commits
Select commit
Hold shift + click to select a range
fd5a645
First pass implementation
mjewildnhs 84ae5d5
Update lambda placeholder IAM policy name
mjewildnhs 8f8f6af
Use shared module for s3 config
mjewildnhs 924357d
Fix sonar scanner props
mjewildnhs 11c6c81
Placeholder tests to test coverage
mjewildnhs 4e27d7a
Fix lambda jest config
mjewildnhs a1fa079
Better name for config bucket
mjewildnhs ff16952
Update with data-model changes
mjewildnhs ded5a05
Update event names/terminology and remove nhsnumber, routingplan fiel…
mjewildnhs 7f340cc
Refactor model type structure
mjewildnhs 152ef89
Remove unncessary sonar exclusions
mjewildnhs 7ca4971
update teamResponsible enum
mjewildnhs 40f54e9
Update event schema based on guidance from meeting
mjewildnhs ac0273c
fixup! Update event schema based on guidance from meeting
mjewildnhs 55efe4e
WIP - US1 tasks
mjewildnhs 294de36
WIP - US1 tasks - mock webhook
mjewildnhs 3a71da3
WIP - US1 tasks - mock webhook - infrastructure
mjewildnhs 6d193da
DROP - temporarily lower coverage
mjewildnhs f1075ed
Event schema changes
mjewildnhs bae6dcd
DROP - Update fast-xml-parser
mjewildnhs f22a849
Sonar fixes
mjewildnhs 4234f19
fixup! DROP - temporarily lower coverage
mjewildnhs 174aaf0
Update agent file to run correct test command
mjewildnhs 7806385
fixup! Event schema changes
mjewildnhs 9a7eca8
fixup! Sonar fixes
mjewildnhs 66a64c7
Exclude jest config from coverage
mjewildnhs bf93ca2
Metric test coverage
mjewildnhs 466ac35
Logger and error handler coverage
mjewildnhs 93e0f1f
fixup! Logger and error handler coverage
mjewildnhs 13c44af
fixup! WIP - US1 tasks
mjewildnhs 1753b77
Handle SQS event correctly in lambda
mjewildnhs 9f5bc7a
Permit lambda to put cloudwatch metrics
mjewildnhs fe0fffa
fixup! WIP - US1 tasks - mock webhook - infrastructure
mjewildnhs 984e341
DROP - temp test client
mjewildnhs 57b71f5
explicitly set pull-request read permission
cgitim edd0f32
DROP? - trivyignore for minimatch
mjewildnhs 91a8aa3
WIP - type fixes
mjewildnhs 823c33d
Tidy up transform lambda code
mjewildnhs 16bdfe2
AGENTS.md add section on comment policy
mjewildnhs 6f16332
Simplify validation using zod
mjewildnhs 39b1cd1
Remove superflous comments, simplify code
mjewildnhs cf0b2c6
WIP - re-write metrics
mjewildnhs aec4edb
Re-write metrics to use aws-embedded-metrics
mjewildnhs b988f60
WIP - concurrent event processing
mjewildnhs 47eac8c
More cleanup
mjewildnhs f03dd2f
Refactor error handling and callback logging
mjewildnhs d4583fc
fixup! Refactor error handling and callback logging
mjewildnhs f964104
fixup! WIP - US1 tasks - mock webhook
mjewildnhs 304d473
Transform lambda root handler test coverage
mjewildnhs c0e7653
Introduce base test config
mjewildnhs 011b247
Sonar and jest vscode settings
mjewildnhs 1eb1594
Remove extraneous int test comments
mjewildnhs 548abcb
Refactor some of the int test to use await util
mjewildnhs 30988d1
Tidy up unncessary arg in unit test script and remove unncessary tsco…
mjewildnhs b1fa7d8
Scripts for running int test
mjewildnhs e9794b0
Remove dependencies not needed now int tests own workspace
mjewildnhs c835710
Refactor lambda handler code out
mjewildnhs 9c4a844
Refactor lambda to tidy up observablity
mjewildnhs 79919f8
Revert "explicitly set pull-request read permission"
mjewildnhs fd433af
Swap todo for comment for snar
mjewildnhs 6287115
Turn off client creation
mjewildnhs bed3834
Revert "Turn off client creation"
mjewildnhs 432a80c
Update zod/pino and update validation test assertions
mjewildnhs 276e475
DI for handler and more test coverage
mjewildnhs 1af1b86
Use mock pino in mock lambda test
mjewildnhs a011e6d
Delete test which is no longer required as coverage provided elsewhere
mjewildnhs 72132ef
Fix cloudwatch events - single dimension with env, other fields as pr…
mjewildnhs aff9961
Fix event pipe template to align with lambda output
mjewildnhs 372f8fe
Remove dataschemaversion from event pipe input template and bus rule
mjewildnhs 92f6f4e
Var for pipe log level
mjewildnhs f27a558
REVIEW: Event bus logging - theres a new native approach we may want …
mjewildnhs fd457d5
Revert "REVIEW: Event bus logging - theres a new native approach we m…
mjewildnhs 96d857c
Remove event parameters which don't work in batch scenario
mjewildnhs a5d0cfe
Fix correlation ID on delivery initiated event/logging
mjewildnhs b50026e
KEEP? - attempt API destination permission fix
mjewildnhs 3048fe4
DROP - Enable INFO logging on event pipe
mjewildnhs 30730ac
Revert "KEEP? - attempt API destination permission fix"
mjewildnhs 781dc47
Permissions on lambda to allow it to be invoked without IAM
mjewildnhs File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Add CVE IDs to ignore specific vulnerabilities. | ||
| # Keep justification inline after the CVE for auditability. | ||
| # Syntax: one entry per line, comments allowed. | ||
|
|
||
| # Examples: | ||
| # CVE-2025-0001 # Unexploitable in AWS Lambda base per vendor advisory | ||
| # CVE-2024-12345 # False positive: not present in runtime layer | ||
| # CVE-2024-12345 # https://avd.aquasec.com/nvd/cve-2024-12345 - package-name - < 2.0.1 - justification | ||
|
|
||
| ########################### | ||
| # Package Vulnerabilities # | ||
| ########################### | ||
|
|
||
| # All CVEs below are tracked for remediation under the following Jira ticket: | ||
| # https://nhsd-jira.digital.nhs.uk/browse/CCM-14687 | ||
| # EXAMPLE: | ||
| # CVE-2024-12345 # https://avd.aquasec.com/nvd/cve-2024-12345 - package-name - < 2.0.1 - justification | ||
| CVE-2026-26996 https://avd.aquasec.com/nvd/cve-2026-26996 - minimatch - <10.2.1 - This is a dev dependency used in the build process, not present in the runtime layer, and therefore not exploitable in production. We will update to a non-vulnerable versions for our transitive dependencies when available. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
infrastructure/terraform/components/callbacks/module_client_destination.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85 changes: 85 additions & 0 deletions
85
infrastructure/terraform/components/callbacks/module_mock_webhook_lambda.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| module "mock_webhook_lambda" { | ||
| count = var.deploy_mock_webhook ? 1 : 0 | ||
| source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda?ref=v2.0.29" | ||
|
|
||
| function_name = "mock-webhook" | ||
| description = "Mock webhook endpoint for integration testing - logs received callbacks to CloudWatch" | ||
|
|
||
| aws_account_id = var.aws_account_id | ||
| component = var.component | ||
| environment = var.environment | ||
| project = var.project | ||
| region = var.region | ||
| group = var.group | ||
|
|
||
| log_retention_in_days = var.log_retention_in_days | ||
| kms_key_arn = module.kms.key_arn | ||
|
|
||
| iam_policy_document = { | ||
| body = data.aws_iam_policy_document.mock_webhook_lambda[0].json | ||
| } | ||
|
|
||
| function_s3_bucket = local.acct.s3_buckets["lambda_function_artefacts"]["id"] | ||
| function_code_base_path = local.aws_lambda_functions_dir_path | ||
| function_code_dir = "mock-webhook-lambda/dist" | ||
| function_include_common = true | ||
| handler_function_name = "handler" | ||
| runtime = "nodejs22.x" | ||
| memory = 256 | ||
| timeout = 10 | ||
| log_level = var.log_level | ||
|
|
||
| force_lambda_code_deploy = var.force_lambda_code_deploy | ||
| enable_lambda_insights = false | ||
|
|
||
| log_destination_arn = local.log_destination_arn | ||
| log_subscription_role_arn = local.acct.log_subscription_role_arn | ||
|
|
||
| lambda_env_vars = { | ||
| LOG_LEVEL = var.log_level | ||
| } | ||
| } | ||
|
|
||
| data "aws_iam_policy_document" "mock_webhook_lambda" { | ||
| count = var.deploy_mock_webhook ? 1 : 0 | ||
|
|
||
| statement { | ||
| sid = "KMSPermissions" | ||
| effect = "Allow" | ||
|
|
||
| actions = [ | ||
| "kms:Decrypt", | ||
| "kms:GenerateDataKey", | ||
| ] | ||
|
|
||
| resources = [ | ||
| module.kms.key_arn, | ||
| ] | ||
| } | ||
|
|
||
| # Mock webhook only needs CloudWatch Logs permissions (already granted by shared lambda module) | ||
| # No additional permissions required beyond base Lambda execution role | ||
| } | ||
|
|
||
| # Lambda Function URL for mock webhook (test/dev only) | ||
| resource "aws_lambda_function_url" "mock_webhook" { | ||
| count = var.deploy_mock_webhook ? 1 : 0 | ||
| function_name = module.mock_webhook_lambda[0].function_name | ||
| authorization_type = "NONE" # Public endpoint for testing | ||
|
|
||
| cors { | ||
| allow_origins = ["*"] | ||
| allow_methods = ["POST"] | ||
| allow_headers = ["*"] | ||
| max_age = 86400 | ||
| } | ||
| } | ||
|
|
||
| resource "aws_lambda_permission" "mock_webhook_function_url" { | ||
| count = var.deploy_mock_webhook ? 1 : 0 | ||
| statement_id = "FunctionURLAllowPublicAccess" | ||
| action = "lambda:InvokeFunctionUrl" | ||
| function_name = module.mock_webhook_lambda[0].function_name | ||
| principal = "*" | ||
| function_url_auth_type = "NONE" | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,15 @@ | ||
| # Define the outputs for the component. The outputs may well be referenced by other component in the same or different environments using terraform_remote_state data sources... | ||
|
|
||
| ## | ||
| # Mock Webhook Lambda Outputs (test/dev environments only) | ||
| ## | ||
|
|
||
| output "mock_webhook_lambda_log_group_name" { | ||
| description = "CloudWatch log group name for mock webhook lambda (for integration test queries)" | ||
| value = var.deploy_mock_webhook ? module.mock_webhook_lambda[0].cloudwatch_log_group_name : null | ||
| } | ||
|
|
||
| output "mock_webhook_url" { | ||
| description = "URL endpoint for mock webhook (for TEST_WEBHOOK_URL environment variable)" | ||
| value = var.deploy_mock_webhook ? aws_lambda_function_url.mock_webhook[0].function_url : null | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comments added to this file seem fairly redundant, maybe we can strip these out?