CCM-12685: Validate routing config submit #806
Conversation
ClareJonesBJSS
force-pushed
the
feature/CCM-12685_validate-submitted-config
branch
6 times, most recently
from
8bab989 to
b2f4edc
Compare
infrastructure/terraform/modules/backend-api/module_submit_routing_config_lambda.tf
Show resolved
Hide resolved
| 'Test Template for Submit' | ||
| ); | ||
|
|
||
| await templateStorageHelper.seedTemplateData([template]); |
There was a problem hiding this comment.
do we want to do a cleanup of this template data at the end? we're doing that in other places in the test suite
lambdas/backend-api/src/__tests__/infra/routing-config-repository/repository.test.ts
Outdated
Show resolved
Hide resolved
lambdas/backend-api/src/infra/routing-config-repository/repository.ts
Outdated
Show resolved
Hide resolved
ClareJonesBJSS
dismissed stale reviews from alexnuttall and chris-elliott-nhsd
via
d2f1081
| if (currentLockNumber !== lockNumber) { | ||
| return failure( | ||
| ErrorCase.CONFLICT, | ||
| 'Lock number mismatch - Message Plan has been modified since last read' |
There was a problem hiding this comment.
| 'Lock number mismatch - Message Plan has been modified since last read' | |
| 'Lock number mismatch - Routing configuration has been modified since last read' |
| } | ||
|
|
||
| const submittableValidationError = | ||
| this.parseSubmittableRoutingConfig(cascade); |
There was a problem hiding this comment.
I feel like it might be clearer to do this inline rather than extracting into this other function?
and also, the 400 it returns if its invalid will clash with the 400 for already submitted, does that matter?
| Update: update, | ||
| }, | ||
| // Template existence check + For LETTER templates, check they have PROOF_APPROVED or SUBMITTED status | ||
| // Also exclude DELETED templates for all template types |
There was a problem hiding this comment.
should we also be validating that the templates belong to the same client? or, given we do that when we add them to the message plan, are we assuming you couldnt have got in that state?
There was a problem hiding this comment.
The condition check is doing this - both the update and the condition check use the same user.clientId as the owner partition key.
| ('DELETED' satisfies RoutingConfigStatus) | ||
| ) { | ||
| missingTemplateIds.push(templateId); | ||
| } else { |
There was a problem hiding this comment.
is it not possible that you get ConditionalCheckFailed errors for other template types?
or letters that failed for reasons other than not being in submitted/proof approved?
There was a problem hiding this comment.
I don't think so? In the case where the template ID doesn't exist or isn't owned by the client, !reason.Item will apply (and I feel treating ownership mismatch as not found is correct), and DELETED and invalid LETTER statuses are the only other conditions in the statement.
| actualError: err, | ||
| errorMeta: { | ||
| code: 500, | ||
| description: 'Error retrieving Routing Config', |
There was a problem hiding this comment.
did you not update these error messages to be routing configuration?
There was a problem hiding this comment.
Oh fair spot, it was some 404s that I renamed as we had two different wordings and it was bugging me, so I went with the switch that touched the fewest lines, might as well do it here too
| }); | ||
| }); | ||
|
|
||
| test('returns 404 failure if transaction fails because routing config does not exist', async () => { |
There was a problem hiding this comment.
from the two descriptions, its not massively clear to me how this test and the one above are different , do they maybe need rewording, if we need them both?
There was a problem hiding this comment.
I think this covering is the logically possible but massively unlikely scenario where the routing config item is deleted from DynamoDB between sending the GetItem command and sending the TransactWrite command. I think the test is valuable but I agree the descriptions could be a little clearer - maybe include the command names in them?
| expect(mocks.dynamo).not.toHaveReceivedCommand(TransactWriteCommand); | ||
| }); | ||
|
|
||
| test('returns validation failure if defaultTemplateId is null with no conditionalTemplates', async () => { |
There was a problem hiding this comment.
I think similar here - I feel like these two test descriptions sound the same?
| }); | ||
| expect(res.success).toBe(false); | ||
| }); | ||
| }); |
There was a problem hiding this comment.
what about test for invalid with conditional template with a null template ID?
| }); | ||
| }); | ||
|
|
||
| test('returns 404 failure if transaction fails because routing config does not exist', async () => { |
There was a problem hiding this comment.
I think this covering is the logically possible but massively unlikely scenario where the routing config item is deleted from DynamoDB between sending the GetItem command and sending the TransactWrite command. I think the test is valuable but I agree the descriptions could be a little clearer - maybe include the command names in them?
| Update: update, | ||
| }, | ||
| // Template existence check + For LETTER templates, check they have PROOF_APPROVED or SUBMITTED status | ||
| // Also exclude DELETED templates for all template types |
There was a problem hiding this comment.
The condition check is doing this - both the update and the condition check use the same user.clientId as the owner partition key.
lambdas/backend-api/src/infra/routing-config-repository/repository.ts
Outdated
Show resolved
Hide resolved
ClareJonesBJSS
force-pushed
the
feature/CCM-12685_validate-submitted-config
branch
from
d2f1081 to
5bd3af2
Compare
ClareJonesBJSS
force-pushed
the
feature/CCM-12685_validate-submitted-config
branch
from
5bd3af2 to
f1ae2d3
Compare
…CCM-12685_validate-submitted-config
5 participants
Description
Removes the option of null language/accessibility templateIds, as this was not actually being leveraged and getting rid simplifies both this validation and core events
Context
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.