diff --git a/scripts/manage_permissions.py b/scripts/manage_permissions.py index 42198a997..fa9997d7a 100755 --- a/scripts/manage_permissions.py +++ b/scripts/manage_permissions.py @@ -1,4 +1,7 @@ #!/usr/bin/env python +""" +Manage organisation pointer type permissions for NRLF apps in a given environment ENV +""" import json import os diff --git a/terraform/infrastructure/etc/perftest.tfvars b/terraform/infrastructure/etc/perftest.tfvars index f2aa7c0b4..6f7e4f6e7 100644 --- a/terraform/infrastructure/etc/perftest.tfvars +++ b/terraform/infrastructure/etc/perftest.tfvars @@ -1,7 +1,7 @@ account_name = "perftest" aws_account_name = "test" -dynamodb_pointers_table_name = "nhsd-nrlf--perftest-15m-pointers-table" +dynamodb_pointers_table_name = "nhsd-nrlf--perftest-55m-pointers-table" domain = "perftest.record-locator.national.nhs.uk" public_domain = "perftest.api.service.nhs.uk" diff --git a/tests/performance/README.md b/tests/performance/README.md index 255f74704..3a988abf2 100644 --- a/tests/performance/README.md +++ b/tests/performance/README.md @@ -45,6 +45,8 @@ make ENV=perftest USE_SHARED_RESOURCES=true apply You will need to generate pointer permissions the first time performance tests are run in an environment e.g. if the perftest environment is destroyed & recreated. +##### Internal permissions + ```sh assume nhsd-nrlf-mgmt @@ -59,6 +61,26 @@ make init TF_WORKSPACE_NAME=perftest-1 ENV=perftest make ENV=perftest USE_SHARED_RESOURCES=true apply ``` +This will set up permissions for the `K6PerformanceTest` organisation, which is used for internal testing. + +##### Public permissions + +To set additional permissions for public testing, you will need to update the permissions for the default app (currently: `X26-NRL-6981ad7d-cff4-4613-93d0-df60e5e2fc52`) which you can do using [./scripts/manage_permissions.py](./scripts/manage_permissions.py). + +You can find the pointer types each ODS code will need permissions for in [tests/performance/seed_data_constants.py](tests/performance/seed_data_constants.py) under `*_POINTERS_CUSTODIAN_DISTRIBUTIONS`. These are used to seed the test data. + +For example: while running perf tests, the following failure occurred: + +```sh +WARN[0484] {"issue":[{"severity":"error","code":"forbidden","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","code":"ACCESS DENIED","display":"Access has been denied to process this request"}]},"diagnostics":"Your organisation 'TD2L9A' does not have permission to access this resource. Contact the onboarding team."}],"resourceType":"OperationOutcome"} source=console +``` + +To resolve this, we can give the organisation `TD2L9A` permission to access the pointer type `824321000000109` on the default app: + +```sh +ENV=perftest poetry run python ./scripts/manage_permissions.py set_perms X26-NRL-6981ad7d-cff4-4613-93d0-df60e5e2fc52 TD2L9A http://snomed.info/sct\|824321000000109 +``` + ### Prepare to run tests Prepare input files diff --git a/tests/performance/producer/generate_permissions.py b/tests/performance/producer/generate_permissions.py index 5713eedf8..cbe4957ef 100644 --- a/tests/performance/producer/generate_permissions.py +++ b/tests/performance/producer/generate_permissions.py @@ -3,7 +3,11 @@ import fire -from tests.performance.seed_data_constants import DEFAULT_CUSTODIAN_DISTRIBUTIONS +from tests.performance.seed_data_constants import ( + DEFAULT_CUSTODIAN_DISTRIBUTIONS, + VOL_15M_POINTERS_CUSTODIAN_DISTRIBUTIONS, + VOL_55M_POINTERS_CUSTODIAN_DISTRIBUTIONS, +) def main(output_dir="../../dist/nrlf_permissions/K6PerformanceTest"): @@ -15,6 +19,12 @@ def main(output_dir="../../dist/nrlf_permissions/K6PerformanceTest"): for pointer_type, custodians in DEFAULT_CUSTODIAN_DISTRIBUTIONS.items(): for custodian, _ in custodians.items(): custodian_permissions.setdefault(custodian, []).append(pointer_type) + for pointer_type, custodians in VOL_15M_POINTERS_CUSTODIAN_DISTRIBUTIONS.items(): + for custodian, _ in custodians.items(): + custodian_permissions.setdefault(custodian, []).append(pointer_type) + for pointer_type, custodians in VOL_55M_POINTERS_CUSTODIAN_DISTRIBUTIONS.items(): + for custodian, _ in custodians.items(): + custodian_permissions.setdefault(custodian, []).append(pointer_type) for custodian, pointer_types in custodian_permissions.items(): permissions = [f"http://snomed.info/sct|{pt}" for pt in pointer_types]