Merge remote-tracking branch 'origin/main' into PRMP-1589

Author: PedroSoaresNHS

infrastructure/gateway-user-restrictions.tf

@@ -7,7 +7,7 @@ module "user_restrictions_gateway" {
   gateway_path        = "UserRestriction"
   authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
   require_credentials = true
-  origin              = contains(["prod"], terraform.workspace) ? "'https://${var.domain}'" : "'https://${terraform.workspace}.${var.domain}'"
+  origin              = local.base_url_with_quotes
 }
 
 module "user_restriction_id_gateway" {
@@ -19,7 +19,7 @@ module "user_restriction_id_gateway" {
   authorization       = "CUSTOM"
   authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
   require_credentials = true
-  origin              = contains(["prod"], terraform.workspace) ? "'https://${var.domain}'" : "'https://${terraform.workspace}.${var.domain}'"
+  origin              = local.base_url_with_quotes
 
   request_parameters = {
     "method.request.path.id" = true
@@ -35,5 +35,5 @@ module "user_restrictions_user_search_gateway" {
   authorization       = "CUSTOM"
   authorizer_id       = aws_api_gateway_authorizer.repo_authoriser.id
   require_credentials = true
-  origin              = contains(["prod"], terraform.workspace) ? "'https://${var.domain}'" : "'https://${terraform.workspace}.${var.domain}'"
+  origin              = local.base_url_with_quotes
 }

infrastructure/lambda-create-user-restriction.tf

@@ -5,19 +5,21 @@ module "create_user_restriction_lambda" {
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
     aws_iam_policy.ssm_access_policy.policy,
-    module.user_restriction_table.dynamodb_write_policy_document
+    module.user_restriction_table.dynamodb_write_policy_document,
+    module.user_restriction_table.dynamodb_read_policy_document
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
   resource_id         = module.user_restrictions_gateway.gateway_resource_id
   http_methods        = ["POST"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
-    APPCONFIG_APPLICATION   = module.ndr-app-config.app_config_application_id
-    APPCONFIG_ENVIRONMENT   = module.ndr-app-config.app_config_environment_id
-    APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
-    WORKSPACE               = terraform.workspace
-    RESTRICTIONS_TABLE_NAME = module.user_restriction_table.table_name
+    APPCONFIG_APPLICATION     = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT     = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION   = module.ndr-app-config.app_config_configuration_profile_id
+    WORKSPACE                 = terraform.workspace
+    RESTRICTIONS_TABLE_NAME   = module.user_restriction_table.table_name
+    HEALTHCARE_WORKER_API_URL = local.is_sandbox ? "" : data.aws_ssm_parameter.healthcare_worker_api_base_url.value
   }
 
   depends_on = [
@@ -63,4 +65,4 @@ module "create_user_restriction_lambda_alarm_topic" {
       }
     ]
   })
-}
+}

infrastructure/lambda-get-user-information.tf

@@ -12,10 +12,11 @@ module "get_user_information_lambda" {
   http_methods        = ["GET"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
-    APPCONFIG_APPLICATION   = module.ndr-app-config.app_config_application_id
-    APPCONFIG_ENVIRONMENT   = module.ndr-app-config.app_config_environment_id
-    APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
-    WORKSPACE               = terraform.workspace
+    APPCONFIG_APPLICATION     = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT     = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION   = module.ndr-app-config.app_config_configuration_profile_id
+    WORKSPACE                 = terraform.workspace
+    HEALTHCARE_WORKER_API_URL = data.aws_ssm_parameter.healthcare_worker_api_base_url.value
   }
 
   depends_on = [

infrastructure/lambda-mns-notification.tf

@@ -10,6 +10,8 @@ module "mns-notification-lambda" {
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.document_upload_review_dynamodb_table.dynamodb_write_policy_document,
     module.document_upload_review_dynamodb_table.dynamodb_read_policy_document,
+    module.user_restriction_table.dynamodb_read_policy_document,
+    module.user_restriction_table.dynamodb_write_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
     module.ndr-app-config.app_config_policy,
     aws_iam_policy.kms_mns_lambda_access[0].policy,
@@ -26,6 +28,7 @@ module "mns-notification-lambda" {
     DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_upload_review_dynamodb_table.table_name
     MNS_NOTIFICATION_QUEUE_URL    = module.sqs-mns-notification-queue[0].sqs_url
     PDS_FHIR_IS_STUBBED           = local.is_sandbox
+    RESTRICTIONS_TABLE_NAME       = module.user_restriction_table.table_name
   }
   is_gateway_integration_needed = false
   is_invoked_from_gateway       = false

infrastructure/lambda-search-patient.tf

@@ -60,6 +60,7 @@ module "search-patient-details-lambda" {
     module.ndr-app-config.app_config_policy,
     module.auth_session_dynamodb_table.dynamodb_write_policy_document,
     module.auth_session_dynamodb_table.dynamodb_read_policy_document,
+    module.user_restriction_table.dynamodb_read_policy_document,
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
@@ -73,6 +74,7 @@ module "search-patient-details-lambda" {
     PDS_FHIR_IS_STUBBED            = local.is_sandbox,
     WORKSPACE                      = terraform.workspace
     AUTH_SESSION_TABLE_NAME        = "${terraform.workspace}_${var.auth_session_dynamodb_table_name}"
+    RESTRICTIONS_TABLE_NAME        = module.user_restriction_table.table_name
   }
   api_execution_arn = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   depends_on = [

infrastructure/lambda-search-user-restriction.tf

@@ -13,11 +13,12 @@ module "search_user_restriction_lambda" {
   http_methods        = ["GET"]
   api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
-    APPCONFIG_APPLICATION   = module.ndr-app-config.app_config_application_id
-    APPCONFIG_ENVIRONMENT   = module.ndr-app-config.app_config_environment_id
-    APPCONFIG_CONFIGURATION = module.ndr-app-config.app_config_configuration_profile_id
-    WORKSPACE               = terraform.workspace
-    RESTRICTIONS_TABLE_NAME = module.user_restriction_table.table_name
+    APPCONFIG_APPLICATION     = module.ndr-app-config.app_config_application_id
+    APPCONFIG_ENVIRONMENT     = module.ndr-app-config.app_config_environment_id
+    APPCONFIG_CONFIGURATION   = module.ndr-app-config.app_config_configuration_profile_id
+    WORKSPACE                 = terraform.workspace
+    RESTRICTIONS_TABLE_NAME   = module.user_restriction_table.table_name
+    HEALTHCARE_WORKER_API_URL = data.aws_ssm_parameter.healthcare_worker_api_base_url.value
   }
 
   depends_on = [

infrastructure/ssm_parameters_user_restrictions.tf

@@ -10,3 +10,6 @@ module "healthcare_worker_api_base_url" {
   ignore_value_changes = true
 }
 
+data "aws_ssm_parameter" "healthcare_worker_api_base_url" {
+  name = "/ndr/${var.shared_infra_workspace}/hcw_api_url"
+}