CCM-13278: Add component tests for MESH acknowledger

Author: gareth-allan

infrastructure/terraform/components/dl/README.md

@@ -50,6 +50,7 @@ No requirements.
 | <a name="module_pdm_uploader"></a> [pdm\_uploader](#module\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_s3bucket_cf_logs"></a> [s3bucket\_cf\_logs](#module\_s3bucket\_cf\_logs) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_s3bucket_letters"></a> [s3bucket\_letters](#module\_s3bucket\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
+| <a name="module_s3bucket_non_pii_data"></a> [s3bucket\_non\_pii\_data](#module\_s3bucket\_non\_pii\_data) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_s3bucket_static_assets"></a> [s3bucket\_static\_assets](#module\_s3bucket\_static\_assets) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_sqs_event_publisher_errors"></a> [sqs\_event\_publisher\_errors](#module\_sqs\_event\_publisher\_errors) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_mesh_acknowledge"></a> [sqs\_mesh\_acknowledge](#module\_sqs\_mesh\_acknowledge) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-sqs.zip | n/a |

infrastructure/terraform/components/dl/module_s3bucket_non_pii_data.tf

@@ -0,0 +1,58 @@
+module "s3bucket_non_pii_data" {
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip"
+
+  name = "non-pii-data"
+
+  aws_account_id = var.aws_account_id
+  region         = var.region
+  project        = var.project
+  environment    = var.environment
+  component      = local.component
+
+  kms_key_arn = module.kms.key_arn
+
+  policy_documents = [data.aws_iam_policy_document.s3bucket_non_pii_data.json]
+}
+
+data "aws_iam_policy_document" "s3bucket_non_pii_data" {
+  statement {
+    sid    = "AllowManagedAccountsToList"
+    effect = "Allow"
+
+    actions = [
+      "s3:ListBucket",
+    ]
+
+    resources = [
+      module.s3bucket_non_pii_data.arn,
+    ]
+
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${var.aws_account_id}:root"
+      ]
+    }
+  }
+
+  statement {
+    sid    = "AllowManagedAccountsToGet"
+    effect = "Allow"
+
+    actions = [
+      "s3:GetObject",
+      "s3:PutObject",
+    ]
+
+    resources = [
+      "${module.s3bucket_non_pii_data.arn}/*",
+    ]
+
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${var.aws_account_id}:root"
+      ]
+    }
+  }
+}

tests/playwright/constants/backend-constants.ts

@@ -17,6 +17,7 @@ export const TTL_QUEUE_NAME = `${CSI}-ttl-queue`;
 export const TTL_DLQ_NAME = `${CSI}-ttl-dlq`;
 export const PDM_UPLOADER_DLQ_NAME = `${CSI}-pdm-uploader-dlq`;
 export const PDM_POLL_DLQ_NAME = `${CSI}-pdm-poll-dlq`;
+export const MESH_ACKNOWLEDGE_DLQ_NAME = `${CSI}-mesh-acknowledge-dlq`;
 
 // Queue Url Prefix
 export const SQS_URL_PREFIX = `https://sqs.${REGION}.amazonaws.com/${AWS_ACCOUNT_ID}/`;
@@ -31,6 +32,7 @@ export const TTL_TABLE_NAME = `${CSI}-ttl`;
 
 // S3
 export const LETTERS_S3_BUCKET_NAME = `nhs-${process.env.AWS_ACCOUNT_ID}-${REGION}-${ENV}-dl-letters`;
+export const NON_PII_S3_BUCKET_NAME = `nhs-${process.env.AWS_ACCOUNT_ID}-${REGION}-${ENV}-dl-non-pii-data`;
 
 // Cloudwatch
 export const PDM_UPLOADER_LAMBDA_LOG_GROUP_NAME = `/aws/lambda/${CSI}-pdm-uploader`;

tests/playwright/digital-letters-component-tests/mesh-acknowledge.component.spec.ts

@@ -0,0 +1,168 @@
+import { expect, test } from '@playwright/test';
+import {
+  ENV,
+  MESH_ACKNOWLEDGE_DLQ_NAME,
+  NON_PII_S3_BUCKET_NAME,
+} from 'constants/backend-constants';
+import { MESHInboxMessageDownloaded } from 'digital-letters-events';
+import messageDownloadedValidator from 'digital-letters-events/MESHInboxMessageDownloaded.js';
+import { getLogsFromCloudwatch } from 'helpers/cloudwatch-helpers';
+import eventPublisher from 'helpers/event-bus-helpers';
+import expectToPassEventually from 'helpers/expectations';
+import { downloadFromS3 } from 'helpers/s3-helpers';
+import { expectMessageContainingString } from 'helpers/sqs-helpers';
+import { v4 as uuidv4 } from 'uuid';
+
+test.describe('Digital Letters - Mesh Acknowledger', () => {
+  // These values match the ones configured in senders.setup.ts
+  const senderId = 'test-sender-1';
+  const sendersMeshMailboxId = 'test-mesh-sender-1';
+
+  const validMessageDownloadedEvent: MESHInboxMessageDownloaded = {
+    id: uuidv4(),
+    specversion: '1.0',
+    source:
+      '/nhs/england/notify/production/primary/data-plane/digitalletters/mesh',
+    subject:
+      'customer/920fca11-596a-4eca-9c47-99f624614658/recipient/769acdd4-6a47-496f-999f-76a6fd2c3959',
+    type: 'uk.nhs.notify.digital.letters.mesh.inbox.message.downloaded.v1',
+    time: '2023-06-20T12:00:00Z',
+    recordedtime: '2023-06-20T12:00:00.250Z',
+    severitynumber: 2,
+    traceparent: '00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01',
+    datacontenttype: 'application/json',
+    dataschema:
+      'https://notify.nhs.uk/cloudevents/schemas/digital-letters/2025-10-draft/data/digital-letters-mesh-inbox-message-downloaded-data.schema.json',
+    severitytext: 'INFO',
+    datacategory: 'non-sensitive',
+    dataclassification: 'public',
+    dataregulation: 'GDPR',
+    tracestate: 'rojo=00f067aa0ba902b7,congo=t61rcWkgMzE',
+    partitionkey: 'customer-920fca11',
+    sampledrate: 5,
+    sequence: '00000000000000000042',
+    data: {
+      meshMessageId: '12345',
+      messageUri: `https://example.com/ttl/resource/${uuidv4()}`,
+      messageReference: 'ref1',
+      senderId,
+    },
+  };
+
+  test('should send MESH acknowledgement and publish message acknowledged event following message downloaded event', async () => {
+    const letterId = uuidv4();
+    const messageReference = uuidv4();
+    const meshMessageId = '20200601122152994285_D59900';
+
+    await eventPublisher.sendEvents<MESHInboxMessageDownloaded>(
+      [
+        {
+          ...validMessageDownloadedEvent,
+          id: letterId,
+          data: {
+            ...validMessageDownloadedEvent.data,
+            messageUri: `https://example.com/ttl/resource/${letterId}`,
+            messageReference,
+            meshMessageId,
+          },
+        },
+      ],
+      messageDownloadedValidator,
+    );
+
+    // The mailbox ID matches the Mock MESH config in SSM.
+    const meshMailboxId = 'mock-mailbox';
+
+    // Verify MESH acknowledgement message was published.
+    await expectToPassEventually(async () => {
+      const messageContent = await downloadFromS3(
+        NON_PII_S3_BUCKET_NAME,
+        `mock-mesh/${meshMailboxId}/out/${sendersMeshMailboxId}/${messageReference}_`,
+      );
+
+      const messageHeaders = messageContent.metadata ?? {};
+      expect(messageHeaders.subject).toEqual('202');
+      expect(messageHeaders.local_id).toEqual(messageReference);
+      expect(messageHeaders.workflow_id).toEqual('NHS_NOTIFY_SEND_REQUEST_ACK');
+
+      const messageBody = JSON.parse(messageContent.body);
+      expect(messageBody).toEqual({
+        meshMessageId,
+        requestId: `${senderId}_${messageReference}`,
+      });
+    });
+
+    // Verify message acknowledged event was published.
+    await expectToPassEventually(async () => {
+      const eventLogEntry = await getLogsFromCloudwatch(
+        `/aws/vendedlogs/events/event-bus/nhs-${ENV}-dl`,
+        [
+          '$.message_type = "EVENT_RECEIPT"',
+          '$.details.detail_type = "uk.nhs.notify.digital.letters.mesh.inbox.message.acknowledged.v1"',
+          `$.details.event_detail = "*\\"messageReference\\":\\"${messageReference}\\"*"`,
+          `$.details.event_detail = "*\\"senderId\\":\\"${senderId}\\"*"`,
+          `$.details.event_detail = "*\\"meshMailboxId\\":\\"${sendersMeshMailboxId}\\"*"`,
+        ],
+      );
+
+      expect(eventLogEntry.length).toEqual(1);
+    });
+  });
+
+  test('should send an event for an unknown sender to dlq', async () => {
+    // We need to leave time to go through the 3 retries before it's sent to the DLQ.
+    test.setTimeout(550_000);
+
+    const letterId = uuidv4();
+
+    await eventPublisher.sendEvents<MESHInboxMessageDownloaded>(
+      [
+        {
+          ...validMessageDownloadedEvent,
+          id: letterId,
+          data: {
+            ...validMessageDownloadedEvent.data,
+            senderId: 'unknown-sender-id',
+          },
+        },
+      ],
+      messageDownloadedValidator,
+    );
+
+    await expectMessageContainingString(
+      MESH_ACKNOWLEDGE_DLQ_NAME,
+      letterId,
+      420,
+    );
+  });
+
+  test('should send invalid event to dlq', async () => {
+    // We need to leave time to go through the 3 retries before it's sent to the DLQ.
+    test.setTimeout(550_000);
+
+    const letterId = uuidv4();
+
+    await eventPublisher.sendEvents<
+      MESHInboxMessageDownloaded & { data: { unexpectedField: string } }
+    >(
+      [
+        {
+          ...validMessageDownloadedEvent,
+          id: letterId,
+          data: {
+            ...validMessageDownloadedEvent.data,
+            unexpectedField: 'I should not be here',
+          },
+        },
+      ],
+      // We don't actually want to validate this event on the way out, as we intend it to be invalid.
+      () => true,
+    );
+
+    await expectMessageContainingString(
+      MESH_ACKNOWLEDGE_DLQ_NAME,
+      letterId,
+      420,
+    );
+  });
+});

tests/playwright/digital-letters-component-tests/pdm-uploader.component.spec.ts

@@ -194,7 +194,7 @@ test.describe('Digital Letters - Upload to PDM', () => {
           },
         },
       ],
-      messageDownloadedValidator,
+      () => true,
     );
 
     await expectToPassEventually(async () => {

tests/playwright/helpers/s3-helpers.ts

@@ -1,5 +1,7 @@
 import {
+  GetObjectCommand,
   ListBucketsCommand,
+  ListObjectsV2Command,
   PutObjectCommand,
   S3Client,
 } from '@aws-sdk/client-s3';
@@ -36,4 +38,40 @@ async function uploadToS3(
   );
 }
 
-export { listBuckets, uploadToS3 };
+async function downloadFromS3(
+  bucket: string,
+  keyPrefix: string,
+): Promise<{ body: string; metadata?: Record<string, string> }> {
+  const objects = await s3.send(
+    new ListObjectsV2Command({ Bucket: bucket, Prefix: keyPrefix }),
+  );
+
+  if ((objects.Contents?.length ?? 0) > 1) {
+    throw new Error(
+      `Multiple objects found for prefix s3://${bucket}/${keyPrefix}`,
+    );
+  }
+
+  if ((objects.Contents?.length ?? 0) === 0) {
+    throw new Error(`No objects found for prefix s3://${bucket}/${keyPrefix}`);
+  }
+
+  const key = objects.Contents?.[0]?.Key;
+  const response = await s3.send(
+    new GetObjectCommand({
+      Bucket: bucket,
+      Key: key,
+    }),
+  );
+
+  if (!response.Body) {
+    throw new Error(`No content found for s3://${bucket}/${key}`);
+  }
+
+  return {
+    body: await response.Body.transformToString(),
+    metadata: response.Metadata,
+  };
+}
+
+export { downloadFromS3, listBuckets, uploadToS3 };