NRL-1928 Rename new_permissions -> v2_permissions and lookup v2 permissions in lambda layer rather than s3 (as we agreed)

Author: anjalitrace2-nhs

layer/nrlf/core/authoriser.py

@@ -23,40 +23,25 @@ def get_pointer_permissions(
     app_id = connection_metadata.nrl_app_id
 
     key = f"{producer_or_consumer}/{app_id}/{ods_code}.json"
-
     logger.log(LogReference.S3PERMISSIONS011, key=key)
 
-    # nothing to retrieve yet!
-    s3_client = get_s3_client()
-    try:
-        response = s3_client.get_object(Bucket=config.AUTH_STORE, Key=key)
-        pointer_permissions = json.loads(response["Body"].read())
-        logger.log(
-            LogReference.S3PERMISSIONS012, pointer_permissions=pointer_permissions
-        )
-        return pointer_permissions
-
-    except ClientError as exc:
-        if exc.response.get("Error", {}).get("Code") == "NoSuchKey":
-            logger.log(LogReference.S3PERMISSIONS013, error=str(exc), key=key)
-            return {}
+    file_path = f"/opt/python/nrlf_permissions/{key}"
 
-        logger.log(
-            LogReference.S3PERMISSIONS014,
-            exc_info=sys.exc_info(),
-            stacklevel=5,
-            error=str(exc),
-        )
-        raise exc
+    if connection_metadata.is_test_event:
+        file_path = path.abspath(f"layer/test_permissions/{key}")
 
+    pointer_permissions = {}
+    try:
+        with open(file_path) as file:
+            pointer_permissions = json.load(file)
     except Exception as exc:
         logger.log(
             LogReference.S3PERMISSIONS014,
             exc_info=sys.exc_info(),
             stacklevel=5,
             error=str(exc),
         )
-        raise exc
+    return pointer_permissions
 
 
 def get_pointer_types(

layer/nrlf/core/decorators.py

@@ -143,7 +143,7 @@ def wrapper(*args, **kwargs) -> Dict[str, Any]:
 RepositoryType = Union[Type[DocumentPointerRepository], None]
 
 
-def _use_new_permissions_model(headers: Dict[str, str], config: Config) -> bool:
+def _use_v2_permissions_model(headers: Dict[str, str], config: Config) -> bool:
     case_insensitive_headers = {key.lower(): value for key, value in headers.items()}
     # if either or both headers are missing
     return (
@@ -152,9 +152,9 @@ def _use_new_permissions_model(headers: Dict[str, str], config: Config) -> bool:
     )
 
 
-def _load_new_connection_metadata(headers: Dict[str, str], config: Config, path: str):
+def _load_v2_connection_metadata(headers: Dict[str, str], config: Config, path: str):
     logger.log(LogReference.HANDLER004d)
-    metadata = parse_headers(headers, use_new_permissions=True)
+    metadata = parse_headers(headers, use_v2_permissions=True)
 
     if PERMISSION_ALLOW_ALL_POINTER_TYPES in metadata.nrl_permissions:
         logger.log(LogReference.HANDLER004a)
@@ -177,10 +177,10 @@ def _load_new_connection_metadata(headers: Dict[str, str], config: Config, path:
 
 def load_connection_metadata(headers: Dict[str, str], config: Config, path=""):
 
-    if _use_new_permissions_model(headers, config):
-        return _load_new_connection_metadata(headers, config, path)
+    if _use_v2_permissions_model(headers, config):
+        return _load_v2_connection_metadata(headers, config, path)
 
-    metadata = parse_headers(headers, use_new_permissions=False)
+    metadata = parse_headers(headers, use_v2_permissions=False)
     if PERMISSION_ALLOW_ALL_POINTER_TYPES in metadata.nrl_permissions:
         logger.log(LogReference.HANDLER004b)
         metadata.pointer_types = PointerTypes.list()

layer/nrlf/core/log_references.py

@@ -23,18 +23,18 @@ class LogReference(Enum):
     HANDLER002 = _Reference("DEBUG", "Attempting to parse request headers")
     HANDLER003 = _Reference("INFO", "Parsed metadata from request headers")
     HANDLER003a = _Reference(
-        "WARN", "Missing nhsd-end-user-organisation-ods header for new permissions"
+        "WARN", "Missing nhsd-end-user-organisation-ods header for v2 permissions"
     )
     HANDLER003b = _Reference(
-        "WARN", "Missing nhsd-nrl-app-id header for new permissions"
+        "WARN", "Missing nhsd-nrl-app-id header for v2 permissions"
     )
     HANDLER004 = _Reference("INFO", "Authorisation lookup enabled")
     HANDLER004a = _Reference("INFO", "Authorisation lookup skipped for sync request")
     HANDLER004b = _Reference("INFO", "Parsing embedded permissions file from S3")
     HANDLER004c = _Reference("INFO", "Parsed embedded permissions file from S3")
-    HANDLER004d = _Reference("INFO", "Using NEW permissions model")
-    HANDLER004e = _Reference("INFO", "Parsing new permissions file from S3")
-    HANDLER004f = _Reference("INFO", "Parsed new permissions file from S3")
+    HANDLER004d = _Reference("INFO", "Using v2 permissions model")
+    HANDLER004e = _Reference("INFO", "Parsing v2 permissions file from lambda layer")
+    HANDLER004f = _Reference("INFO", "Parsed v2 permissions file from lambda layer")
     HANDLER005 = _Reference("WARN", "Rejecting request due to missing pointer types")
     HANDLER006 = _Reference("DEBUG", "Attempting to parse request parameters")
     HANDLER007 = _Reference("INFO", "Parsed request parameters")
@@ -81,15 +81,19 @@ class LogReference(Enum):
         "EXCEPTION",
         "An error occurred whilst parsing embedded permissions files from S3",
     )
-    # S3 Permissions Lookup Logs - new permissions
+    # S3 Permissions Lookup Logs - v2 permissions
     S3PERMISSIONS011 = _Reference(
-        "INFO", "Retrieving new pointer permissions from S3 bucket"
+        "INFO", "Retrieving v2 pointer permissions from lambda layer"
+    )
+    S3PERMISSIONS012 = _Reference(
+        "INFO", "Retrieved v2 pointer permissions from lambda layer"
+    )
+    S3PERMISSIONS013 = _Reference(
+        "WARN", "No v2 permissions file found in lambda layer"
     )
-    S3PERMISSIONS012 = _Reference("INFO", "Retrieved new pointer permissions from S3")
-    S3PERMISSIONS013 = _Reference("WARN", "No new permissions file found in S3")
     S3PERMISSIONS014 = _Reference(
         "EXCEPTION",
-        "An error occurred whilst retrieving new pointer permissions from S3",
+        "An error occurred whilst retrieving v2 pointer permissions ",
     )
 
     # Parse Logs

layer/nrlf/core/request.py

@@ -34,7 +34,7 @@ def _fetch_ods_app_id_headers(headers: dict[str, str]):
 
 
 def parse_headers(
-    headers: Dict[str, str], use_new_permissions=False
+    headers: Dict[str, str], use_v2_permissions=False
 ) -> ConnectionMetadata:
     """
     Parses the connection metadata and client rp details from the headers passed from Apigee
@@ -49,8 +49,7 @@ def parse_headers(
             case_insensitive_headers.get(CONNECTION_METADATA, "{}")
         )
 
-        if use_new_permissions:
-            # top up new perms to pass validation? feels bad? or no?
+        if use_v2_permissions:
             ods_code, nrl_app_id = _fetch_ods_app_id_headers(case_insensitive_headers)
             raw_connection_metadata["nrl.ods-code"] = ods_code
             raw_connection_metadata["nrl.app-id"] = nrl_app_id

layer/nrlf/core/tests/test_decorators.py

@@ -816,7 +816,7 @@ def test_request_load_connection_metadata_with_no_permission_lookup_or_file():
 # now: botocore.exceptions.NoCredentialsError: Unable to locate credentials
 # TODO: Figure out mocking - avoid needing to use a test header
 @pytest.mark.parametrize("headers_missing_from_request", missing_headers)
-def test_request_load_connection_with_missing_headers_gets_new_permissions(
+def test_request_load_connection_with_missing_headers_gets_v2_permissions(
     headers_missing_from_request,
 ):
     headers = create_headers(

layer/nrlf/core/tests/test_request.py

@@ -127,7 +127,7 @@ def test_parse_headers_case_insensitive():
     assert metadata.client_rp_details.developer_app_id == "12345"
 
 
-def test_parse_headers_valid_headers_new_permissions():
+def test_parse_headers_valid_headers_v2_permissions():
     headers = {
         "nhsd-connection-metadata": json.dumps(
             {
@@ -147,7 +147,7 @@ def test_parse_headers_valid_headers_new_permissions():
         "nhsd-nrl-app-id": "X26-TestApp-12345",
     }
 
-    metadata = parse_headers(headers, use_new_permissions=True)
+    metadata = parse_headers(headers, use_v2_permissions=True)
 
     assert metadata.pointer_types == ["pointer_type"]
     assert metadata.ods_code == "X26"