feat: wire-up dummy gp code changes#1895
Draft
MWClayson-NHS wants to merge 27 commits intomainfrom
Draft
Conversation
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR wires up “Remove Dummy GP Code” end-to-end, adding RBAC-gated UI access, forwarding CIS2 auth headers to the new function endpoint, and extending audit logging so requests can be captured and persisted via the audit pipeline.
Changes:
- Add UI RBAC gating for the Remove Dummy GP Code feature and send CIS2 tokens to the backend.
- Introduce an audit logging host extension and add audit events for ServiceNow receive + dummy GP code removal.
- Refactor Functions auth to use an
IFunctionContextAuthResolver, and move audit snapshot blob-writing intoAuditWriter.
Reviewed changes
Copilot reviewed 33 out of 33 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/UnitTests/SharedTests/AuthenticationTests/AuthenticationTests.cs | Updates middleware construction to use the new auth resolver dependency. |
| tests/UnitTests/SharedTests/AuditLogClientTests/AuditLogClientTests.cs | Adds unit coverage for AuditLogClient queueing/logging behavior. |
| tests/UnitTests/ServiceNowMessageHandlerTests/ReceiveServiceNowMessageFunctionTests.cs | Updates function constructor to include IAuditLogClient. |
| tests/UnitTests/ParticipantManagementServicesTests/RemoveDummyGPCodeTests/ReceiveRemoveDummyGPCodeFunctionTests.cs | Updates test harness for new auth/audit dependencies and FunctionContext setup. |
| tests/UnitTests/ParticipantManagementServicesTests/ManageServiceNowParticipantTests/ManageServiceNowParticipantFunctionTests.cs | Removes audit-client expectations after audit responsibility shift. |
| tests/UnitTests/AuditServicesTests/AuditWriterTests/AuditWriterTests.cs | Updates AuditWriter tests for blob snapshot write behavior and failure modes. |
| infrastructure/tf-core/environments/development.tfvars | Adds key vault hookup + UserInfoUrl for RemoveDummyGPCode. |
| application/CohortManager/src/Web/app/remove-dummy-gp-code/page.tsx | Adds server-side RBAC check + redirect guard for the page. |
| application/CohortManager/src/Web/app/lib/removeDummyGpCode.ts | Adds CIS2 token headers when calling the RemoveDummyGPCode API. |
| application/CohortManager/src/Web/app/lib/removeDummyGpCode.test.ts | Mocks auth for the updated server action. |
| application/CohortManager/src/Web/app/lib/checkAccess.ts | Adds RBAC check helper specific to Remove Dummy GP Code feature flag/code. |
| application/CohortManager/src/Web/app/components/overview.tsx | Conditionally renders Dummy GP Code cards based on RBAC. |
| application/CohortManager/src/Web/.env.example | Documents new RBAC env var for Remove Dummy GP Code. |
| application/CohortManager/src/Functions/Shared/Model/ParticipantAuditMessage.cs | Removes JsonIgnore so RequestSnapshot is serialized into audit messages. |
| application/CohortManager/src/Functions/Shared/Common/Extensions/AuthenticationExtension.cs | Registers auth resolver and swaps middlewares to use it. |
| application/CohortManager/src/Functions/Shared/Common/Extensions/AuditExtension.cs | Adds AddAuditLogging host extension and registers IAuditLogClient. |
| application/CohortManager/src/Functions/Shared/Common/Authentication/Models/FunctionEndpointMetadataCollection.cs | Extracts endpoint metadata helper type. |
| application/CohortManager/src/Functions/Shared/Common/Authentication/Models/FunctionEndpoint.cs | Extracts endpoint wrapper type used by the auth resolver. |
| application/CohortManager/src/Functions/Shared/Common/Authentication/Middleware/PermissionsMiddleware.cs | Replaces context extensions with IFunctionContextAuthResolver. |
| application/CohortManager/src/Functions/Shared/Common/Authentication/Middleware/Cis2AuthMiddleware.cs | Fetches scoped ICis2UserService from InstanceServices; uses resolver for auth requirement. |
| application/CohortManager/src/Functions/Shared/Common/Authentication/IFunctionContextAuthResolver.cs | Adds new abstraction for auth/roles resolution from FunctionContext. |
| application/CohortManager/src/Functions/Shared/Common/Authentication/FunctionContextAuthResolver.cs | Implements cached endpoint metadata lookup + exposes user/role/auth checks. |
| application/CohortManager/src/Functions/Shared/Common/AuditLogClient.cs | Removes snapshot blob write; now only enqueues audit messages. |
| application/CohortManager/src/Functions/ServiceNowIntegration/ServiceNowMessageHandler/ReceiveServiceNowMessageFunction.cs | Emits audit log messages for incoming ServiceNow requests. |
| application/CohortManager/src/Functions/ServiceNowIntegration/ServiceNowMessageHandler/Program.cs | Wires audit logging into ServiceNowMessageHandler host. |
| application/CohortManager/src/Functions/ParticipantManagementServices/RemoveDummyGPCode/ReceiveRemoveDummyGPCodeFunction.cs | Adds [Authentication] and emits audit messages for dummy GP removals. |
| application/CohortManager/src/Functions/ParticipantManagementServices/RemoveDummyGPCode/Program.cs | Enables auth middleware and wires audit logging. |
| application/CohortManager/src/Functions/ParticipantManagementServices/ManageServiceNowParticipant/Program.cs | Removes audit client registration; adjusts ServiceBus registration ordering. |
| application/CohortManager/src/Functions/ParticipantManagementServices/ManageServiceNowParticipant/ManageServiceNowParticipantFunction.cs | Removes audit enqueue from ManageServiceNowParticipant. |
| application/CohortManager/src/Functions/CaasIntegration/receiveCaasFile/Program.cs | Switches to AddAuditLogging rather than manual audit client registration. |
| application/CohortManager/src/Functions/AuditServices/AuditWriter/Program.cs | Registers IBlobStorageHelper for snapshot writes. |
| application/CohortManager/src/Functions/AuditServices/AuditWriter/AuditWriter.cs | Writes RequestSnapshot to blob and persists resulting URI. |
| .github/workflows/ci-ui-tests.yaml | Adds env vars for e2e tests related to new RBAC code + API URL. |
Comments suppressed due to low confidence (1)
application/CohortManager/src/Functions/Shared/Common/Extensions/AuthenticationExtension.cs:27
IFunctionContextAuthResolveris only registered inside the!authConfig.ByPassAuthenticationbranch. Any function that injectsIFunctionContextAuthResolverdirectly (e.g.,ReceiveRemoveDummyGpCodeFunction) will fail DI/startup whenByPassAuthenticationis enabled. Consider registeringFunctionContextAuthResolverunconditionally (even if the middleware pipeline is bypassed).
hostBuilder.ConfigureServices((context, services) =>
{
services.AddSingleton<IFunctionContextAuthResolver, FunctionContextAuthResolver>();
services.AddSingleton<IAuthenticationService, JwtAuthentication>();
services.AddScoped<ICis2UserService,Cis2UserService>();
services.AddSingleton<IRoleManager, RoleManager>();
});
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ns/AuthenticationExtension.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ervices/RemoveDummyGPCode/ReceiveRemoveDummyGPCodeFunction.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ervices/RemoveDummyGPCode/ReceiveRemoveDummyGPCodeFunction.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ervices/RemoveDummyGPCode/ReceiveRemoveDummyGPCodeFunction.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ervices/RemoveDummyGPCode/ReceiveRemoveDummyGPCodeFunction.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…cation/Middleware/Cis2AuthMiddleware.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Context
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.