NRL-1948 use new permission model by anjalitrace2-nhs · Pull Request #1153 · NHSDigital/NRLF

anjalitrace2-nhs · 2026-02-25T14:33:09Z

When a request:

is missing the nhsd-connection-metadata OR nhsd-client-rp-details headers
specifies the ODS code in the NHSD-End-User-Organisation-ODS header AND the app id in the nhsd-nrl-app-id header

NRL will attempt to lookup pointer permissions using the new permissions model - <producer|consumer>/<app id>/<ods>.json in S3

There are no permissions set up here yet and it wouldn't yet do anything with our new shiny ones anyways!

This is deployed on my feature branch https://anjal-dev.api.record-locator.dev.national.nhs.uk if you'd like to have a play 🛝

No environment defaults or app-level permissions in scope yet

TODO

switch permissions lookup to lambda layer rather than s3
rename "new perms" -> "v2 perms"
manually test with postman
make unit testing better - will follow up in another PR

…exclude beefy tests closer to E2Es

…r client-details are missing. Move proxy code into here to grab ods code from other existing end-user-org header and expects app id to arrive in a new header nrl-app-id

…ve this a lil test mayeb in dev bucket??

sonarqubecloud · 2026-02-25T14:39:43Z

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.6% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-actions · 2026-02-25T14:40:11Z

🚀 PR environment successfully deployed.
Commit Hash: e7c8761aee20a368d7c89202d3763c4e4598a46d
URL: https://nrl1948-01ba47.api.record-locator.dev.national.nhs.uk/

github-actions · 2026-02-25T14:53:14Z

🚀 PR environment successfully deployed.
Commit Hash: 1c876ed765d9a8180698147ab89f2d9d2c625c3d
URL: https://nrl1948-01ba47.api.record-locator.dev.national.nhs.uk/

…ssions in lambda layer rather than s3 (as we agreed)

github-actions · 2026-02-27T09:27:23Z

🚀 PR environment successfully deployed.
Commit Hash: b00e987c8ff907cdc3a7ec809bf0ee22ff485e50
URL: https://nrl1948-01ba47.api.record-locator.dev.national.nhs.uk/

github-actions · 2026-02-27T11:30:20Z

🚀 PR environment successfully deployed.
Commit Hash: e6b8ec8ed2a0b962505fa9356420bafba1691a46
URL: https://nrl1948-01ba47.api.record-locator.dev.national.nhs.uk/

github-actions · 2026-02-27T11:49:59Z

🚀 PR environment successfully deployed.
Commit Hash: 96e52f0f0765c3c6e688942f3780730cccdd4557
URL: https://nrl1948-01ba47.api.record-locator.dev.national.nhs.uk/

Makefile

layer/nrlf/core/authoriser.py

layer/nrlf/core/request.py

…ed comments

sonarqubecloud · 2026-02-27T16:44:46Z

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-actions · 2026-02-27T16:46:44Z

🚀 PR environment successfully deployed.
Commit Hash: 3c6d492efdc97bad9145d727eeb1098c7d910b09
URL: https://nrl1948-01ba47.api.record-locator.dev.national.nhs.uk/

anjalitrace2-nhs added 6 commits February 19, 2026 11:23

NRL-1948 be able to run unit tests without needing to login to aws - …

2d46c15

…exclude beefy tests closer to E2Es

NRL-1948 choose to use new permissions model if connection-metadata o…

a0231b1

…r client-details are missing. Move proxy code into here to grab ods code from other existing end-user-org header and expects app id to arrive in a new header nrl-app-id

NRL-1948 Attempt to fetch permissions from new structure. Up next: gi…

bd86b1f

…ve this a lil test mayeb in dev bucket??

NRL-1948 Add logging and even more tests

b56a845

NRL-1948 Remove bad tests for polishing later and replace bad log

93d6b05

NRL-1948 Fix logging and case-sensitive headers

e7c8761

anjalitrace2-nhs requested a review from a team as a code owner February 25, 2026 14:33

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:33 — with GitHub Actions Inactive

NRL-1948 Remove beefy from aws tests failing for now

1c876ed

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:35 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:38 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:46 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:50 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:53 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 25, 2026 14:54 — with GitHub Actions Inactive

anjalitrace2-nhs marked this pull request as draft February 27, 2026 09:09

NRL-1928 Rename new_permissions -> v2_permissions and lookup v2 permi…

b00e987

…ssions in lambda layer rather than s3 (as we agreed)

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 09:21 — with GitHub Actions Inactive

anjalitrace2-nhs had a problem deploying to pull-request February 27, 2026 09:24 — with GitHub Actions Failure

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 09:24 — with GitHub Actions Inactive

anjalitrace2-nhs had a problem deploying to pull-request February 27, 2026 11:27 — with GitHub Actions Failure

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:27 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:30 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:31 — with GitHub Actions Inactive

NRL-1928 Satisfy test coverage with old-style unit test for now

96e52f0

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:43 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:46 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:47 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:50 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 11:51 — with GitHub Actions Inactive

NRL-1928 Remove unneeded config arg and custom code for testing.

0676227

sandyforresternhs reviewed Feb 27, 2026

View reviewed changes

anjalitrace2-nhs added 2 commits February 27, 2026 16:34

NRL-1928 Spy on logging and more shiny testing

c982ea8

NRL-1948 Renamed logs to better reflect what's being logged and remov…

3c6d492

…ed comments

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 16:40 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 16:43 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 16:44 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 16:46 — with GitHub Actions Inactive

anjalitrace2-nhs temporarily deployed to pull-request February 27, 2026 16:48 — with GitHub Actions Inactive

anjalitrace2-nhs deployed to pull-request February 27, 2026 16:48 — with GitHub Actions Active

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NRL-1948 use new permission model#1153

NRL-1948 use new permission model#1153
anjalitrace2-nhs wants to merge 13 commits intodevelopfrom
NRL-1948-use-new-permission-model

anjalitrace2-nhs commented Feb 25, 2026 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Feb 25, 2026

Uh oh!

github-actions bot commented Feb 25, 2026

Uh oh!

github-actions bot commented Feb 25, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Feb 27, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

anjalitrace2-nhs commented Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

TODO

Uh oh!

sonarqubecloud bot commented Feb 25, 2026

Quality Gate passed

Uh oh!

github-actions bot commented Feb 25, 2026

Uh oh!

github-actions bot commented Feb 25, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Feb 27, 2026

Quality Gate passed

Uh oh!

github-actions bot commented Feb 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

anjalitrace2-nhs commented Feb 25, 2026 •

edited

Loading