[PRMP-1362] Version history infrastructure (#599)

Author: kamenbachvarov-nhs

infrastructure/api.tf

@@ -44,6 +44,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     aws_api_gateway_rest_api.ndr_doc_store_api,
     aws_api_gateway_authorizer.repo_authoriser,
     aws_api_gateway_resource.document_reference_by_id,
+    aws_api_gateway_integration.get_document_reference_version,
     module.access-audit-gateway,
     module.access-audit-lambda,
     module.back-channel-logout-gateway,
@@ -59,6 +60,8 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.document_reference_gateway,
     module.document-status-check-gateway,
     module.document-status-check-lambda,
+    module.document_reference_history_gateway,
+    module.document_reference_version_gateway,
     module.feature-flags-gateway,
     module.feature-flags-lambda,
     module.fhir_document_reference_gateway,
@@ -78,6 +81,7 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.review_document_status_gateway,
     module.review-document-status-check-lambda,
     module.review_document_version_gateway,
+    module.search_document_reference_history_lambda,
     module.search-document-references-gateway,
     module.search-document-references-lambda,
     module.search_document_review_lambda,

infrastructure/gateway-document-reference.tf

@@ -39,3 +39,36 @@ module "document_reference_id_gateway" {
 
   depends_on = [module.document_reference_gateway]
 }
+
+module "document_reference_history_gateway" {
+  source              = "./modules/gateway"
+  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  parent_id           = module.document_reference_id_gateway.gateway_resource_id
+  http_methods        = ["GET"]
+  authorization       = "CUSTOM"
+  gateway_path        = "_history"
+  authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
+  require_credentials = true
+  origin              = local.base_url_with_quotes
+
+  depends_on = [module.document_reference_id_gateway]
+}
+
+module "document_reference_version_gateway" {
+  source              = "./modules/gateway"
+  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  parent_id           = module.document_reference_history_gateway.gateway_resource_id
+  http_methods        = ["GET"]
+  authorization       = "CUSTOM"
+  gateway_path        = "{version}"
+  authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
+  require_credentials = true
+  origin              = local.base_url_with_quotes
+
+  request_parameters = {
+    "method.request.path.id"      = true,
+    "method.request.path.version" = true
+  }
+
+  depends_on = [module.document_reference_history_gateway]
+}

infrastructure/lambda-get-doc-ref.tf

@@ -72,3 +72,17 @@ module "get-doc-ref-lambda" {
     module.document_reference_id_gateway
   ]
 }
+
+resource "aws_api_gateway_integration" "get_document_reference_version" {
+  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  resource_id             = module.document_reference_version_gateway.gateway_resource_id
+  http_method             = "GET"
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = module.get-doc-ref-lambda.invoke_arn
+
+  depends_on = [
+    module.document_reference_version_gateway,
+    module.get-doc-ref-lambda,
+  ]
+}

infrastructure/lambda-search-document-reference-history.tf

@@ -0,0 +1,66 @@
+module "search_document_reference_history_lambda" {
+  source  = "./modules/lambda"
+  name    = "SearchDocumentReferenceHistory"
+  handler = "handlers.search_document_reference_history_handler.lambda_handler"
+  iam_role_policy_documents = [
+    module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
+    module.ndr-lloyd-george-store.s3_read_policy_document,
+    module.ndr-app-config.app_config_policy,
+  ]
+  kms_deletion_window = var.kms_deletion_window
+  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  resource_id         = module.document_reference_history_gateway.gateway_resource_id
+  http_methods        = ["GET"]
+  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  lambda_environment_variables = {
+    APPCONFIG_APPLICATION      = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT      = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION    = module.ndr-app-config.app_config_configuration_profile_id
+    WORKSPACE                  = terraform.workspace
+    LLOYD_GEORGE_DYNAMODB_NAME = module.lloyd_george_reference_dynamodb_table.table_name
+  }
+
+  depends_on = [
+    aws_api_gateway_rest_api.ndr_doc_store_api,
+    module.document_reference_history_gateway,
+  ]
+}
+
+module "search_document_reference_history_lambda_alarm" {
+  source               = "./modules/lambda_alarms"
+  lambda_function_name = module.search_document_reference_history_lambda.function_name
+  lambda_timeout       = module.search_document_reference_history_lambda.timeout
+  lambda_name          = "search_document_reference_history_handler"
+  namespace            = "AWS/Lambda"
+  alarm_actions        = [module.search_document_reference_history_lambda_alarm_topic.arn]
+  ok_actions           = [module.search_document_reference_history_lambda_alarm_topic.arn]
+}
+
+module "search_document_reference_history_lambda_alarm_topic" {
+  source                 = "./modules/sns"
+  sns_encryption_key_id  = module.sns_encryption_key.id
+  topic_name             = "search-document-reference-history-lambda-alarm-topic"
+  topic_protocol         = "email"
+  is_topic_endpoint_list = true
+  topic_endpoint_list    = local.is_sandbox ? [] : nonsensitive(split(",", data.aws_ssm_parameter.cloud_security_notification_email_list.value))
+  delivery_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "cloudwatch.amazonaws.com"
+        },
+        "Action" : [
+          "SNS:Publish",
+        ],
+        "Condition" : {
+          "ArnLike" : {
+            "aws:SourceArn" : "arn:aws:cloudwatch:eu-west-2:${data.aws_caller_identity.current.account_id}:alarm:*"
+          }
+        },
+        "Resource" : "*"
+      }
+    ]
+  })
+}

infrastructure/modules/app_config/configurations/dev.json

@@ -29,6 +29,9 @@
         },
         "userRestrictionEnabled": {
             "name": "userRestrictionEnabled"
+        },
+        "versionHistoryEnabled": {
+          "name": "versionHistoryEnabled"
         }
     },
     "values": {
@@ -61,6 +64,9 @@
         },
         "userRestrictionEnabled": {
             "enabled": "true"
+        },
+        "versionHistoryEnabled": {
+          "enabled": "true"
         }
     },
     "version": "1"

infrastructure/modules/app_config/configurations/pre-prod.json

@@ -29,6 +29,9 @@
         },
         "userRestrictionEnabled": {
             "name": "userRestrictionEnabled"
+        },
+        "versionHistoryEnabled": {
+          "name": "versionHistoryEnabled"
         }
     },
     "values": {
@@ -61,6 +64,9 @@
         },
         "userRestrictionEnabled": {
             "enabled": "false"
+        },
+        "versionHistoryEnabled": {
+          "enabled": "false"
         }
     },
     "version": "1"

infrastructure/modules/app_config/configurations/prod.json

@@ -29,6 +29,9 @@
         },
         "userRestrictionEnabled": {
             "name": "userRestrictionEnabled"
+        },
+        "versionHistoryEnabled": {
+          "name": "versionHistoryEnabled"
         }
     },
     "values": {
@@ -61,6 +64,9 @@
         },
         "userRestrictionEnabled": {
             "enabled": "false"
+        },
+        "versionHistoryEnabled": {
+          "enabled": "false"
         }
     },
     "version": "1"

infrastructure/modules/app_config/configurations/sandbox.json

@@ -29,6 +29,9 @@
         },
         "userRestrictionEnabled": {
             "name": "userRestrictionEnabled"
+        },
+        "versionHistoryEnabled": {
+          "name": "versionHistoryEnabled"
         }
     },
     "values": {
@@ -61,6 +64,9 @@
         },
         "userRestrictionEnabled": {
             "enabled": "true"
+        },
+        "versionHistoryEnabled": {
+          "enabled": "true"
         }
     },
     "version": "1"