[GPCAPIM-255] Controller module

[Vox-Ben]

Description

Creates the controller class that orchestrates calls to the other gateway components and to the GP provider

Context

This module is needed so that we have something that actually calls all the components that we need to call and manages their responses.

Supersedes #49. See #49 for discussion/comments specifically on the controller. This PR incorporates integrating the controller with API entry point, PDS and GP provider client.

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming
• Exceptions/Exclusions to coding standards (e.g. #noqa or #NOSONAR) are included within this Pull Request.

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[davidhamill1-nhs]

First pass

[davidhamill1-nhs]

Not sure what of the aim of this. But that may be because of my unnecessary handler class.

[Vox-Ben]

My understanding was that we were passing the request body and status received from the provider back through unchanged? That being the case there needs to be a mechanism for setting _response_body to the value returned as the body from the controller. This is that.

Does that make sense or have I got the wrong end of the stick somewhere?

[davidhamill1-nhs]

Not at all job for now, more a note for future work. We will be making multiple requests to NHS APIs through this Flask app. We should be clever about how we handle our auth journey, and grab an auth token, use that one for as long as it lasts and then get another one. This could be done by having the client, just before the PDs/SDS call, use some common functionality to get a cached token if possible, otherwise get a new token. In this way we are call the /auth endpoint as little as possible.

[Vox-Ben]

👍 @DWolfsNHS I can't remember, did we have a Confluence page for recording this sort of observation?

[davidhamill1-nhs]

I think it would be worth having a call to discuss how to test the controller.

[sonarqubecloud]

Quality Gate failed

Failed conditions
84.9% Coverage on New Code (required ≥ 95%)

See analysis details on SonarQube Cloud

[github-actions]

✅ Trivy gate: no Critical/High vulnerabilities.

Trivy Image Scan Summary

Image: 900119715266.dkr.ecr.eu-west-2.amazonaws.com/whoami:feature-gpcapim-255-controller-integration-cherrypick

Severity	Count
CRITICAL	0
HIGH	0
MEDIUM	0
LOW	0
UNKNOWN	0

✅ No vulnerabilities found.

[github-actions]

Deployment Complete

• Preview URL: https://feature-gpcapim-255-controller-integration-cherrypick.dev.endpoints.clinical-data-gateway.national.nhs.uk — Health endpoint
• Smoke Test: ✅ Passed (HTTP 200)
• ECS Cluster: ecs-cluster
• ECS Service: pr-feature-gpcapim-255-controller-integration-cherrypick
• ALB Target: arn:aws:elasticloadbalancing:eu-west-2:900119715266:targetgroup/gpcapim-255-controller-integrati/869111b182eb4e5b