CCM-14325: Remove authentication from PDM mock

Author: gareth-allan

infrastructure/terraform/components/dl/locals.tf

@@ -4,6 +4,7 @@ locals {
   apim_keystore_s3_bucket              = "nhs-${var.aws_account_id}-${var.region}-${var.environment}-${var.component}-static-assets"
   apim_private_key_ssm_parameter_name  = "/${var.component}/${var.environment}/apim/private_key"
   aws_lambda_functions_dir_path        = "../../../../lambdas"
+  pdm_access_token_ssm_parameter_name  = var.enable_pdm_mock ? "" : "${local.apim_access_token_ssm_parameter_name}"
   pdm_url                              = var.enable_pdm_mock ? aws_api_gateway_stage.pdm_mock[0].invoke_url : var.apim_base_url
   firehose_output_path_prefix          = "kinesis-firehose-output"
   log_destination_arn                  = "arn:aws:logs:${var.region}:${var.shared_infra_account_id}:destination:nhs-main-obs-firehose-logs"

infrastructure/terraform/components/dl/ssm_parameter_access_token.tf

@@ -2,11 +2,7 @@ resource "aws_ssm_parameter" "access_token" {
   name        = local.apim_access_token_ssm_parameter_name
   description = "Access token for APIM"
   type        = "SecureString"
-  value = jsonencode({
-    "access_token" : "PLACEHOLDER",
-    "expires_at" : 1772810483,
-    "token_type" : "Bearer"
-  })
+  value       = jsonencode({})
 
   tags = merge(local.default_tags, { Backup = "true" })
 

lambdas/pdm-mock-lambda/src/__tests__/authenticator.test.ts

@@ -35,16 +35,11 @@ describe('Container', () => {
 
   it('should create a container with all required dependencies', () => {
     expect(container).toBeDefined();
-    expect(container.authenticator).toBeDefined();
     expect(container.getResourceHandler).toBeDefined();
     expect(container.createResourceHandler).toBeDefined();
     expect(container.logger).toBeDefined();
   });
 
-  it('should create an authenticator function', () => {
-    expect(typeof container.authenticator).toBe('function');
-  });
-
   it('should create a getResourceHandler function', () => {
     expect(typeof container.getResourceHandler).toBe('function');
   });
@@ -74,14 +69,4 @@ describe('Container', () => {
     expect(result).toBeDefined();
     expect(result.statusCode).toBeDefined();
   });
-
-  it('should create authenticator that can be called', async () => {
-    const mockEvent = {
-      headers: { Authorization: 'Bearer test-token' },
-    };
-
-    const result = await container.authenticator(mockEvent);
-    expect(result).toBeDefined();
-    expect(result.isValid).toBeDefined();
-  });
 });

lambdas/pdm-mock-lambda/src/__tests__/container.test.ts

@@ -66,41 +66,18 @@ const createMockEvent = (
 };
 
 describe('Lambda Handler Integration', () => {
-  let mockAuthenticator: jest.Mock;
   let mockGetResourceHandler: jest.Mock;
   let mockCreateResourceHandler: jest.Mock;
 
   beforeEach(() => {
     jest.clearAllMocks();
 
     const container = createContainer();
-    mockAuthenticator = container.authenticator as jest.Mock;
     mockGetResourceHandler = container.getResourceHandler as jest.Mock;
     mockCreateResourceHandler = container.createResourceHandler as jest.Mock;
   });
 
-  it('should return authentication error when authentication fails', async () => {
-    mockAuthenticator.mockResolvedValue({
-      isValid: false,
-      error: {
-        statusCode: 401,
-        body: JSON.stringify({ error: 'Unauthorized' }),
-      },
-    });
-
-    const event = createMockEvent();
-    const response = (await handler(
-      event,
-      {} as Context,
-      {} as Callback,
-    )) as APIGatewayProxyResult;
-
-    expect(response.statusCode).toBe(401);
-    expect(mockGetResourceHandler).not.toHaveBeenCalled();
-  });
-
   it('should route GET requests to getResourceHandler', async () => {
-    mockAuthenticator.mockResolvedValue({ isValid: true });
     mockGetResourceHandler.mockResolvedValue({
       statusCode: 200,
       body: JSON.stringify({ id: 'test-id' }),
@@ -117,13 +94,11 @@ describe('Lambda Handler Integration', () => {
       {} as Callback,
     )) as APIGatewayProxyResult;
 
-    expect(mockAuthenticator).toHaveBeenCalledWith(event);
     expect(mockGetResourceHandler).toHaveBeenCalledWith(event);
     expect(response.statusCode).toBe(200);
   });
 
   it('should route POST requests to createResourceHandler', async () => {
-    mockAuthenticator.mockResolvedValue({ isValid: true });
     mockCreateResourceHandler.mockResolvedValue({
       statusCode: 201,
       body: JSON.stringify({ id: 'new-id' }),
@@ -141,14 +116,11 @@ describe('Lambda Handler Integration', () => {
       {} as Callback,
     )) as APIGatewayProxyResult;
 
-    expect(mockAuthenticator).toHaveBeenCalledWith(event);
     expect(mockCreateResourceHandler).toHaveBeenCalledWith(event);
     expect(response.statusCode).toBe(201);
   });
 
   it('should return 404 for unsupported endpoints', async () => {
-    mockAuthenticator.mockResolvedValue({ isValid: true });
-
     const event = createMockEvent({
       httpMethod: 'DELETE',
       path: '/unsupported',
@@ -165,7 +137,7 @@ describe('Lambda Handler Integration', () => {
   });
 
   it('should handle unexpected errors gracefully', async () => {
-    mockAuthenticator.mockRejectedValue(new Error('Unexpected error'));
+    mockGetResourceHandler.mockRejectedValue(new Error('Unexpected error'));
 
     const event = createMockEvent();
     const response = (await handler(

lambdas/pdm-mock-lambda/src/__tests__/index.test.ts

@@ -1,25 +1,20 @@
 import { logger } from 'utils';
-import { createAuthenticator } from 'authenticator';
 import {
   createCreateResourceHandler,
   createGetResourceHandler,
 } from 'handlers';
 
 export interface Container {
-  authenticator: ReturnType<typeof createAuthenticator>;
   getResourceHandler: ReturnType<typeof createGetResourceHandler>;
   createResourceHandler: ReturnType<typeof createCreateResourceHandler>;
   logger: typeof logger;
 }
 
 export const createContainer = (): Container => {
-  const authenticator = createAuthenticator(logger);
-
   const getResourceHandler = createGetResourceHandler(logger);
   const createResourceHandler = createCreateResourceHandler(logger);
 
   return {
-    authenticator,
     getResourceHandler,
     createResourceHandler,
     logger,

lambdas/pdm-mock-lambda/src/authenticator.ts

@@ -11,8 +11,7 @@ export const handler: Handler<
   APIGatewayProxyEvent,
   APIGatewayProxyResult
 > = async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
-  const { authenticator, createResourceHandler, getResourceHandler, logger } =
-    container;
+  const { createResourceHandler, getResourceHandler, logger } = container;
 
   try {
     const { requestId } = event.requestContext;
@@ -26,12 +25,6 @@ export const handler: Handler<
       hasAuth: !!event.headers?.Authorization,
     });
 
-    const authResult = await authenticator(event);
-    if (!authResult.isValid) {
-      logger.warn('Authentication failed', { requestId, httpMethod, path });
-      return authResult.error;
-    }
-
     if (
       httpMethod === 'GET' &&
       path.includes('/patient-data-manager/FHIR/R4/DocumentReference/')