From 1a3f80a1bc648dee398940da6ac8ff7baacea71d Mon Sep 17 00:00:00 2001 From: RyanThomas1214 Date: Wed, 22 Apr 2026 11:50:22 +0100 Subject: [PATCH 1/3] FLAGSAPI-1730 add flowcallout policy to enforce IAL3 --- .../policies/FlowCallout.ValidateIDAssuranceLevel.xml | 7 +++++++ proxies/live/apiproxy/proxies/default.xml | 10 +++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 proxies/live/apiproxy/policies/FlowCallout.ValidateIDAssuranceLevel.xml diff --git a/proxies/live/apiproxy/policies/FlowCallout.ValidateIDAssuranceLevel.xml b/proxies/live/apiproxy/policies/FlowCallout.ValidateIDAssuranceLevel.xml new file mode 100644 index 000000000..85f0fcee6 --- /dev/null +++ b/proxies/live/apiproxy/policies/FlowCallout.ValidateIDAssuranceLevel.xml @@ -0,0 +1,7 @@ + + + FlowCallout.ValidateIDAssuranceLevel + + + ValidateIDAssuranceLevel + \ No newline at end of file diff --git a/proxies/live/apiproxy/proxies/default.xml b/proxies/live/apiproxy/proxies/default.xml index 04c7b939d..c301f86c0 100644 --- a/proxies/live/apiproxy/proxies/default.xml +++ b/proxies/live/apiproxy/proxies/default.xml @@ -1,9 +1,13 @@ - - AssignMessage.Errors.Default - + + AssignMessage.Errors.Default + + + FlowCallout.ValidateIDAssuranceLevel + !(proxy.pathsuffix = "/_ping" OR proxy.pathsuffix = "/_status") + From b997c7e5dc6c9594276b6754d02a28fc44c1af19 Mon Sep 17 00:00:00 2001 From: RyanThomas1214 Date: Tue, 5 May 2026 11:34:35 +0100 Subject: [PATCH 2/3] FLAGSAPI-1751 add whitespace change to kick off pipeline --- specification/summary-care-record.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/specification/summary-care-record.yaml b/specification/summary-care-record.yaml index 5b02c5d92..0d2839013 100644 --- a/specification/summary-care-record.yaml +++ b/specification/summary-care-record.yaml @@ -34,6 +34,7 @@ info: * send an SCR alert message, on those occasions when an SCR is accessed without the patient's permission e.g., in an emergency or when the equivalent of Self-Claim Legitimate Relationship is created. * update a patient's SCR Consent Preference on the Spine ACS + You can: * get a patient's SCR identifier * get a patient's SCR From 0b8430ee780345131f8d1f886c66d0dee008f25e Mon Sep 17 00:00:00 2001 From: RyanThomas1214 Date: Tue, 5 May 2026 13:41:17 +0100 Subject: [PATCH 3/3] FLAGSAPI-1751 move flow callout to correct target flow --- proxies/live/apiproxy/proxies/default.xml | 4 ---- proxies/live/apiproxy/targets/scr-target.xml | 4 ++++ specification/summary-care-record.yaml | 1 - 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/proxies/live/apiproxy/proxies/default.xml b/proxies/live/apiproxy/proxies/default.xml index c301f86c0..c1f3faff0 100644 --- a/proxies/live/apiproxy/proxies/default.xml +++ b/proxies/live/apiproxy/proxies/default.xml @@ -4,10 +4,6 @@ AssignMessage.Errors.Default - - FlowCallout.ValidateIDAssuranceLevel - !(proxy.pathsuffix = "/_ping" OR proxy.pathsuffix = "/_status") - diff --git a/proxies/live/apiproxy/targets/scr-target.xml b/proxies/live/apiproxy/targets/scr-target.xml index 250e12441..c4aec655e 100644 --- a/proxies/live/apiproxy/targets/scr-target.xml +++ b/proxies/live/apiproxy/targets/scr-target.xml @@ -35,6 +35,10 @@ FlowCallout.UserRoleService (access-mode Equals "user-restricted") + + FlowCallout.ValidateIDAssuranceLevel + (access-mode Equals "user-restricted") + Quota diff --git a/specification/summary-care-record.yaml b/specification/summary-care-record.yaml index 0d2839013..5b02c5d92 100644 --- a/specification/summary-care-record.yaml +++ b/specification/summary-care-record.yaml @@ -34,7 +34,6 @@ info: * send an SCR alert message, on those occasions when an SCR is accessed without the patient's permission e.g., in an emergency or when the equivalent of Self-Claim Legitimate Relationship is created. * update a patient's SCR Consent Preference on the Spine ACS - You can: * get a patient's SCR identifier * get a patient's SCR