feat: Add Mock PDS Lambda and ECR repository configuration

- Introduced a new Mock PDS Lambda function to simulate PDS responses.
- Created an ECR repository for the Mock PDS service with appropriate policies.
- Updated deployment workflows to include mock_pds in build flags and image overrides.
- Enhanced infrastructure configuration to support the new Mock PDS service, including image URI handling and environment variable setup.

Author: Thomas-Boyle

.github/workflows/deploy-backend.yml

@@ -9,7 +9,7 @@ on:
       lambda_build_flags:
         description: >
           JSON map of lambda_name -> force-build flag.
-          e.g. {"recordprocessor":true,"ack-backend":false}
+          e.g. {"recordprocessor":true,"ack-backend":false,"mock_pds":false}
         required: false
         type: string
         default: "{}"
@@ -73,14 +73,14 @@ on:
       lambda_build_flags:
         description: >
           JSON map of lambda_name -> force-build flag.
-          e.g. {"recordprocessor":true,"ack-backend":false}
+          e.g. {"recordprocessor":true,"ack-backend":false,"mock_pds":false}
         required: false
         type: string
         default: "{}"
       lambda_image_overrides:
         description: >
           JSON map of lambda_name -> immutable image selector for reuse mode.
-          e.g. {"recordprocessor":"internal-dev-git-abc123","ack-backend":"123456789012.dkr.ecr.eu-west-2.amazonaws.com/imms-ackbackend-repo@sha256:..."}
+          e.g. {"recordprocessor":"internal-dev-git-abc123","ack-backend":"123456789012.dkr.ecr.eu-west-2.amazonaws.com/imms-ackbackend-repo@sha256:...","mock_pds":"123456789012.dkr.ecr.eu-west-2.amazonaws.com/imms-mock-pds-repo@sha256:..."}
         required: false
         type: string
         default: "{}"
@@ -130,6 +130,12 @@ jobs:
             dockerfile_path: lambdas/ack_backend/Dockerfile
             lambda_paths: |
               lambdas/ack_backend/
+          - lambda_name: mock_pds
+            tf_var_suffix: mock_pds
+            ecr_repository: imms-mock-pds-repo
+            dockerfile_path: lambdas/mock_pds/Dockerfile
+            lambda_paths: |
+              lambdas/mock_pds/
     uses: ./.github/workflows/deploy-lambda-artifact.yml
     with:
       lambda_name: ${{ matrix.lambda_name }}

.github/workflows/pr-deploy-and-test.yml

@@ -22,7 +22,7 @@ jobs:
       apigee_environment: internal-dev
       lambda_build_flags: >-
         ${{ (github.event.action == 'opened' || github.event.action == 'reopened')
-            && '{"recordprocessor":true,"ack-backend":true}'
+            && '{"recordprocessor":true,"ack-backend":true,"mock_pds":true}'
             || '{}' }}
       diff_base_sha: ${{ github.event.action == 'synchronize' && github.event.before || github.event.pull_request.base.sha }}
       diff_head_sha: ${{ github.event.pull_request.head.sha }}

.github/workflows/pr-teardown.yml

@@ -55,6 +55,7 @@ jobs:
           }
           echo "TF_VAR_recordprocessor_image_uri=$(resolve_or_placeholder recordprocessor_image_uri imms-recordprocessor-repo)" >> $GITHUB_ENV
           echo "TF_VAR_ack_backend_image_uri=$(resolve_or_placeholder ack_backend_image_uri imms-ackbackend-repo)" >> $GITHUB_ENV
+          echo "TF_VAR_mock_pds_image_uri=$(resolve_or_placeholder mock_pds_image_uri imms-mock-pds-repo)" >> $GITHUB_ENV
 
       - name: Install poetry
         run: pip install poetry==2.1.4
@@ -129,6 +130,6 @@ jobs:
               --output json
           }
 
-          for repository_name in imms-recordprocessor-repo imms-ackbackend-repo; do
+          for repository_name in imms-recordprocessor-repo imms-ackbackend-repo imms-mock-pds-repo; do
             cleanup_repo_by_prefix "${repository_name}"
           done

infrastructure/account/mock_pds_ecr_repo.tf

@@ -0,0 +1,33 @@
+resource "aws_ecr_repository" "mock_pds_repository" {
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+  image_tag_mutability = "IMMUTABLE"
+  name                 = "imms-mock-pds-repo"
+}
+
+resource "aws_ecr_repository_policy" "mock_pds_repository_lambda_image_retrieval_policy" {
+  repository = aws_ecr_repository.mock_pds_repository.name
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid    = "LambdaECRImageRetrievalPolicy"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+        Action = [
+          "ecr:BatchGetImage",
+          "ecr:GetDownloadUrlForLayer"
+        ]
+        Condition = {
+          StringLike = {
+            "aws:sourceArn" = "arn:aws:lambda:${var.aws_region}:${var.imms_account_id}:function:imms-*-mock-pds-lambda"
+          }
+        }
+      }
+    ]
+  })
+}

infrastructure/instance/mock_pds.tf

@@ -1,84 +1,6 @@
 locals {
-  mock_pds_lambda_dir     = abspath("${path.root}/../../lambdas/mock_pds")
-  mock_pds_lambda_files   = fileset(local.mock_pds_lambda_dir, "**")
-  mock_pds_lambda_dir_sha = sha1(join("", [for f in local.mock_pds_lambda_files : filesha1("${local.mock_pds_lambda_dir}/${f}")]))
-  mock_pds_lambda_name    = "${local.short_prefix}-mock-pds-lambda"
-  mock_pds_base_url       = var.mock_pds_enabled ? "${aws_lambda_function_url.mock_pds_lambda_url[0].function_url}Patient" : ""
-}
-
-resource "aws_ecr_repository" "mock_pds_lambda_repository" {
-  count = var.mock_pds_enabled ? 1 : 0
-
-  image_scanning_configuration {
-    scan_on_push = true
-  }
-
-  name         = "${local.short_prefix}-mock-pds-repo"
-  force_delete = local.is_temp
-}
-
-module "mock_pds_docker_image" {
-  count = var.mock_pds_enabled ? 1 : 0
-
-  source           = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version          = "8.7.0"
-  docker_file_path = "./mock_pds/Dockerfile"
-  create_ecr_repo  = false
-  ecr_repo         = aws_ecr_repository.mock_pds_lambda_repository[0].name
-  ecr_repo_lifecycle_policy = jsonencode({
-    "rules" : [
-      {
-        "rulePriority" : 1,
-        "description" : "Keep only the last 2 images",
-        "selection" : {
-          "tagStatus" : "any",
-          "countType" : "imageCountMoreThan",
-          "countNumber" : 2
-        },
-        "action" : {
-          "type" : "expire"
-        }
-      }
-    ]
-  })
-
-  platform      = "linux/amd64"
-  use_image_tag = false
-  source_path   = abspath("${path.root}/../../lambdas")
-  triggers = {
-    dir_sha = local.mock_pds_lambda_dir_sha
-  }
-}
-
-resource "aws_ecr_repository_policy" "mock_pds_lambda_ecr_image_retrieval_policy" {
-  count = var.mock_pds_enabled ? 1 : 0
-
-  repository = aws_ecr_repository.mock_pds_lambda_repository[0].name
-
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        "Sid" : "LambdaECRImageRetrievalPolicy",
-        "Effect" : "Allow",
-        "Principal" : {
-          "Service" : "lambda.amazonaws.com"
-        },
-        "Action" : [
-          "ecr:BatchGetImage",
-          "ecr:DeleteRepositoryPolicy",
-          "ecr:GetDownloadUrlForLayer",
-          "ecr:GetRepositoryPolicy",
-          "ecr:SetRepositoryPolicy"
-        ],
-        "Condition" : {
-          "StringLike" : {
-            "aws:sourceArn" : "arn:aws:lambda:${var.aws_region}:${var.immunisation_account_id}:function:${local.mock_pds_lambda_name}"
-          }
-        }
-      }
-    ]
-  })
+  mock_pds_lambda_name = "${local.short_prefix}-mock-pds-lambda"
+  mock_pds_base_url    = var.mock_pds_enabled ? "${aws_lambda_function_url.mock_pds_lambda_url[0].function_url}Patient" : ""
 }
 
 resource "aws_iam_role" "mock_pds_lambda_exec_role" {
@@ -174,7 +96,7 @@ resource "aws_lambda_function" "mock_pds_lambda" {
   function_name = local.mock_pds_lambda_name
   role          = aws_iam_role.mock_pds_lambda_exec_role[0].arn
   package_type  = "Image"
-  image_uri     = module.mock_pds_docker_image[0].image_uri
+  image_uri     = var.mock_pds_image_uri
   architectures = ["x86_64"]
   timeout       = 30
 

infrastructure/instance/variables.tf

@@ -161,6 +161,17 @@ variable "ack_backend_image_uri" {
   }
 }
 
+variable "mock_pds_image_uri" {
+  description = "Immutable URI of the mock PDS Lambda container image in ECR. Required when mock_pds_enabled is true; supplied by CI/CD."
+  type        = string
+  default     = ""
+
+  validation {
+    condition     = !var.mock_pds_enabled || trimspace(var.mock_pds_image_uri) != ""
+    error_message = "mock_pds_image_uri must be provided when mock_pds_enabled is true."
+  }
+}
+
 locals {
   prefix              = "${var.project_name}-${var.service}-${var.sub_environment}"
   short_prefix        = "${var.project_short_name}-${var.sub_environment}"