Skip to content

Commit 8a8d338

Browse files
[CDAPI-85]: Initial introduction of APIM Authenticator class
Initial Introduction of the ApimAuthenticator class, handling authentication with the API Management platform utilising Signed JWT application restricted access. This commit also includes the creation of a `SessionManager` class handling the creation of a `request.Session` object with appropriate default configuration.
1 parent baf1109 commit 8a8d338

File tree

20 files changed

+1335
-174
lines changed

20 files changed

+1335
-174
lines changed

.github/workflows/preview-env.yaml

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ jobs:
4343
steps:
4444
- name: Checkout
4545
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
46+
with:
47+
fetch-depth: 0 # Full history required for accurate sonar analysis.
4648

4749
- name: Set up Python
4850
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
@@ -137,6 +139,8 @@ jobs:
137139
APIM_APIKEY: ${{ secrets.APIM_APIKEY }}
138140
API_MTLS_CERT: ${{ secrets.API_MTLS_CERT }}
139141
API_MTLS_KEY: ${{ secrets.API_MTLS_KEY }}
142+
APIM_KEY_ID: ${{ secrets.APIM_KEY_ID }}
143+
CLIENT_REQUEST_TIMEOUT: ${{ secrets.CLIENT_REQUEST_TIMEOUT }}
140144
run: |
141145
cd pathology-api/target/
142146
FN="${{ steps.names.outputs.function_name }}"
@@ -146,6 +150,8 @@ jobs:
146150
API_KEY="${APIM_APIKEY:-/cds/pathology/dev/apim/api-key}"
147151
MTLS_CERT="${API_MTLS_CERT:-/cds/pathology/dev/mtls/client1-key-public}"
148152
MTLS_KEY="${API_MTLS_KEY:-/cds/pathology/dev/mtls/client1-key-secret}"
153+
KEY_ID="${APIM_KEY_ID:-DEV-1}"
154+
CLIENT_TIMEOUT="${CLIENT_REQUEST_TIMEOUT:-10s}"
149155
echo "Deploying preview function: $FN"
150156
wait_for_lambda_ready() {
151157
while true; do
@@ -167,14 +173,18 @@ jobs:
167173
wait_for_lambda_ready
168174
aws lambda update-function-configuration --function-name "$FN" \
169175
--handler "${{ env.LAMBDA_HANDLER }}" \
176+
--memory-size 512 \
177+
--timeout 30 \
170178
--environment "Variables={APIM_TOKEN_EXPIRY_THRESHOLD=$EXPIRY_THRESHOLD, \
171179
APIM_PRIVATE_KEY_NAME=$PRIVATE_KEY, \
172180
APIM_API_KEY_NAME=$API_KEY, \
173181
APIM_MTLS_CERT_NAME=$MTLS_CERT, \
174182
APIM_MTLS_KEY_NAME=$MTLS_KEY, \
175-
APIM_TOKEN_URL=$MOCK_URL/apim, \
176-
PDM_BUNDLE_URL=$MOCK_URL/pdm, \
183+
APIM_KEY_ID=$KEY_ID, \
184+
APIM_TOKEN_URL=$MOCK_URL/apim/oauth2/token, \
185+
PDM_BUNDLE_URL=$MOCK_URL/apim/check_auth, \
177186
MNS_EVENT_URL=$MOCK_URL/mns, \
187+
CLIENT_TIMEOUT=$CLIENT_TIMEOUT, \
178188
JWKS_SECRET_NAME=$JWKS_SECRET}" || true
179189
wait_for_lambda_ready
180190
aws lambda update-function-code --function-name "$FN" \
@@ -186,14 +196,18 @@ jobs:
186196
--handler "${{ env.LAMBDA_HANDLER }}" \
187197
--zip-file "fileb://artifact.zip" \
188198
--role "${{ steps.role-select.outputs.lambda_role }}" \
199+
--memory-size 512 \
200+
--timeout 30 \
189201
--environment "Variables={APIM_TOKEN_EXPIRY_THRESHOLD=$EXPIRY_THRESHOLD, \
190202
APIM_PRIVATE_KEY_NAME=$PRIVATE_KEY, \
191203
APIM_API_KEY_NAME=$API_KEY, \
204+
APIM_KEY_ID=$KEY_ID, \
192205
APIM_MTLS_CERT_NAME=$MTLS_CERT, \
193206
APIM_MTLS_KEY_NAME=$MTLS_KEY, \
194-
APIM_TOKEN_URL=$MOCK_URL/apim, \
195-
PDM_BUNDLE_URL=$MOCK_URL/pdm, \
207+
APIM_TOKEN_URL=$MOCK_URL/apim/oauth2/token, \
208+
PDM_BUNDLE_URL=$MOCK_URL/apim/check_auth, \
196209
MNS_EVENT_URL=$MOCK_URL/mns, \
210+
CLIENT_TIMEOUT=$CLIENT_TIMEOUT, \
197211
JWKS_SECRET_NAME=$JWKS_SECRET}" \
198212
--publish
199213
wait_for_lambda_ready

.github/workflows/stage-2-test.yaml

Lines changed: 1 addition & 91 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ jobs:
5050
retention-days: 30
5151
- name: "Upload unit test results for mocks"
5252
if: always()
53-
uses: actions/upload-artifact@v6
53+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
5454
with:
5555
name: mock-unit-test-results
5656
path: mocks/test-artefacts/
@@ -60,93 +60,3 @@ jobs:
6060
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
6161
with:
6262
paths: pathology-api/test-artefacts/unit-tests.xml
63-
64-
test-contract:
65-
name: "Contract tests"
66-
runs-on: ubuntu-latest
67-
timeout-minutes: 5
68-
steps:
69-
- name: "Checkout code"
70-
uses: actions/checkout@v6
71-
- name: "Setup Python project"
72-
uses: ./.github/actions/setup-python-project
73-
with:
74-
python-version: ${{ inputs.python_version }}
75-
- name: "Start local Lambda"
76-
uses: ./.github/actions/start-local-lambda
77-
with:
78-
python-version: ${{ inputs.python_version }}
79-
- name: "Run contract tests"
80-
run: make test-contract
81-
- name: "Upload contract test results"
82-
if: always()
83-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
84-
with:
85-
name: contract-test-results
86-
path: pathology-api/test-artefacts/
87-
retention-days: 30
88-
- name: "Publish contract test results to summary"
89-
if: always()
90-
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
91-
with:
92-
paths: pathology-api/test-artefacts/contract-tests.xml
93-
94-
test-schema:
95-
name: "Schema validation tests"
96-
runs-on: ubuntu-latest
97-
timeout-minutes: 10
98-
steps:
99-
- name: "Checkout code"
100-
uses: actions/checkout@v6
101-
- name: "Setup Python project"
102-
uses: ./.github/actions/setup-python-project
103-
with:
104-
python-version: ${{ inputs.python_version }}
105-
- name: "Start local Lambda"
106-
uses: ./.github/actions/start-local-lambda
107-
with:
108-
python-version: ${{ inputs.python_version }}
109-
- name: "Run schema validation tests"
110-
run: make test-schema
111-
- name: "Upload schema test results"
112-
if: always()
113-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
114-
with:
115-
name: schema-test-results
116-
path: pathology-api/test-artefacts/
117-
retention-days: 30
118-
- name: "Publish schema test results to summary"
119-
if: always()
120-
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
121-
with:
122-
paths: pathology-api/test-artefacts/schema-tests.xml
123-
124-
test-integration:
125-
name: "Integration tests"
126-
runs-on: ubuntu-latest
127-
timeout-minutes: 10
128-
steps:
129-
- name: "Checkout code"
130-
uses: actions/checkout@v6
131-
- name: "Setup Python project"
132-
uses: ./.github/actions/setup-python-project
133-
with:
134-
python-version: ${{ inputs.python_version }}
135-
- name: "Start local Lambda"
136-
uses: ./.github/actions/start-local-lambda
137-
with:
138-
python-version: ${{ inputs.python_version }}
139-
- name: "Run integration test"
140-
run: make test-integration
141-
- name: "Upload integration test results"
142-
if: always()
143-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
144-
with:
145-
name: integration-test-results
146-
path: pathology-api/test-artefacts/
147-
retention-days: 30
148-
- name: "Publish integration test results to summary"
149-
if: always()
150-
uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
151-
with:
152-
paths: pathology-api/test-artefacts/integration-tests.xml

.vscode/settings.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,10 @@
5454
"gitlens.ai.enabled": false,
5555
"python.testing.unittestEnabled": false,
5656
"python.testing.pytestEnabled": true,
57+
"python.testing.pytestArgs": [
58+
"pathology-api",
59+
"mocks"
60+
],
5761
"git.enableCommitSigning": true,
5862
"sonarlint.connectedMode.project": {
5963
"connectionId": "nhsdigital",

pathology-api/lambda_handler.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@
1515
from pathology_api.logging import get_logger
1616

1717
_logger = get_logger(__name__)
18-
1918
app = APIGatewayHttpResolver()
2019

2120
type _ExceptionHandler[T: Exception] = Callable[[T], Response[str]]

0 commit comments

Comments
 (0)