NRL-2015 Make v2 vs v1 decision (hopefully) more readable & reduce duplication of work

anjalitrace2-nhs · anjalitrace2-nhs · commit b35b3dbc6fb3 · 2026-03-24T16:07:47.000Z
diff --git a/layer/nrlf/core/authoriser.py b/layer/nrlf/core/authoriser.py
@@ -25,17 +25,24 @@ def get_pointer_permissions_v2(
     # check for app-wide permissions
     app_wide_key = f"{producer_or_consumer}/{app_id}.json"
     if path.isfile(f"/opt/python/nrlf_permissions/{app_wide_key}"):
-        logger.log(LogReference.V2PERMISSIONS011, key=app_wide_key)
         key = app_wide_key
     else:  # use org level
         key = f"{producer_or_consumer}/{app_id}/{ods_code}.json"
-        logger.log(LogReference.V2PERMISSIONS011, key=key)
+
+    logger.log(LogReference.V2PERMISSIONS011, key=key)
     file_path = f"/opt/python/nrlf_permissions/{key}"
 
     pointer_permissions = {}
     try:
         with open(file_path) as file:
             pointer_permissions = json.load(file)
+    except FileNotFoundError as exc:
+        logger.log(
+            LogReference.V2PERMISSIONS013,
+            exc_info=sys.exc_info(),
+            error=str(exc),
+        )
+        raise exc
     except Exception as exc:
         logger.log(
             LogReference.S3PERMISSIONS005,
diff --git a/layer/nrlf/core/decorators.py b/layer/nrlf/core/decorators.py
@@ -25,12 +25,11 @@
     X_REQUEST_ID_HEADER,
     AccessControls,
     PointerTypes,
-    V2Headers,
 )
 from nrlf.core.dynamodb.repository import DocumentPointerRepository
 from nrlf.core.errors import OperationOutcomeError, ParseError
 from nrlf.core.logger import LogReference, logger
-from nrlf.core.model import PermissionsPolicy
+from nrlf.core.model import ConnectionMetadata, PermissionsPolicy
 from nrlf.core.request import parse_body, parse_headers, parse_params, parse_path
 from nrlf.core.response import Response
 
@@ -73,7 +72,7 @@ def wrapper(*args, **kwargs) -> Dict[str, Any]:
 
 
 def header_handler(
-    wrapped_func: Callable[..., Dict[str, Any]]
+    wrapped_func: Callable[..., Dict[str, Any]],
 ) -> Callable[..., Dict[str, Any]]:
     """
     Wraps the function to set the specific headers in the request and response
@@ -117,7 +116,7 @@ def wrapper(*args, **kwargs) -> Dict[str, Any]:
 
 
 def logger_initialiser(
-    wrapper_func: Callable[..., Dict[str, Any]]
+    wrapper_func: Callable[..., Dict[str, Any]],
 ) -> Callable[..., Dict[str, Any]]:
     """
     Wraps the function and initialises the request logger
@@ -144,29 +143,25 @@ def wrapper(*args, **kwargs) -> Dict[str, Any]:
 RepositoryType = Union[Type[DocumentPointerRepository], None]
 
 
-def _use_v2_permissions_model(headers: Dict[str, str], path: str) -> bool:
-    case_insensitive_headers = {key.lower(): value for key, value in headers.items()}
-
-    v2_headers_provided = (
-        V2Headers.NHSD_END_USER_ORGANISATION_ODS in case_insensitive_headers.keys()
-        and V2Headers.NHSD_NRL_APP_ID in case_insensitive_headers.keys()
-    )
-    if not v2_headers_provided:
-        return False
-
-    metadata = parse_headers(headers, use_v2_permissions=True)
-    v2_permissions_configured = get_pointer_permissions_v2(metadata, path) != {}
+def v1_perms_stuff(metadata: ConnectionMetadata, config: Config):
+    if PERMISSION_ALLOW_ALL_POINTER_TYPES in metadata.nrl_permissions:
+        logger.log(LogReference.HANDLER004a)
+        metadata.pointer_types = PointerTypes.list()
+        return metadata
 
-    return v2_permissions_configured
+    logger.log(LogReference.HANDLER004b)
+    pointer_types = parse_permissions_file(metadata)
+    if not pointer_types and not metadata.is_test_event:
+        logger.log(LogReference.HANDLER004)
+        pointer_types = get_pointer_types(metadata, config)
 
+    metadata.pointer_types = pointer_types
+    logger.log(LogReference.HANDLER004c, pointer_types=pointer_types)
 
-def _load_v2_connection_metadata(headers: Dict[str, str], path: str):
-    logger.log(LogReference.HANDLER004d)
+    return metadata
 
-    metadata = parse_headers(headers, use_v2_permissions=True)
-    logger.log(LogReference.HANDLER003, metadata=metadata.model_dump())
 
-    logger.log(LogReference.HANDLER004b)
+def v2_perms_stuff(metadata: ConnectionMetadata, path=""):
     pointer_permissions = get_pointer_permissions_v2(metadata, path)
 
     metadata.nrl_permissions_policy = PermissionsPolicy.model_validate(
@@ -195,27 +190,16 @@ def _load_v2_connection_metadata(headers: Dict[str, str], path: str):
 def load_connection_metadata(headers: Dict[str, str], config: Config, path=""):
     logger.log(LogReference.HANDLER002, headers=headers)
 
-    if _use_v2_permissions_model(headers, path):
-        return _load_v2_connection_metadata(headers, path)
-
-    metadata = parse_headers(headers, use_v2_permissions=False)
+    metadata = parse_headers(headers)
     logger.log(LogReference.HANDLER003, metadata=metadata.model_dump())
 
-    if PERMISSION_ALLOW_ALL_POINTER_TYPES in metadata.nrl_permissions:
-        logger.log(LogReference.HANDLER004a)
-        metadata.pointer_types = PointerTypes.list()
-        return metadata
-
-    logger.log(LogReference.HANDLER004b)
-    pointer_types = parse_permissions_file(metadata)
-    if not pointer_types and not metadata.is_test_event:
-        logger.log(LogReference.HANDLER004)
-        pointer_types = get_pointer_types(metadata, config)
-
-    metadata.pointer_types = pointer_types
-    logger.log(LogReference.HANDLER004c, pointer_types=pointer_types)
+    try:
+        return v2_perms_stuff(metadata, path)
+    except FileNotFoundError:
+        # No v2 perms file found, so try v1 instead
+        pass
 
-    return metadata
+    return v1_perms_stuff(metadata, config)
 
 
 def filter_kwargs(handler_func: RequestHandler, kwargs: Dict[str, Any]):
diff --git a/layer/nrlf/core/log_references.py b/layer/nrlf/core/log_references.py
@@ -88,7 +88,7 @@ class LogReference(Enum):
         "INFO", "Retrieved v2 pointer permissions from lambda layer"
     )
     V2PERMISSIONS013 = _Reference(
-        "WARN", "No v2 permissions file found in lambda layer"
+        "INFO", "No v2 permissions file found in lambda layer"
     )
 
     # Parse Logs
diff --git a/layer/nrlf/core/request.py b/layer/nrlf/core/request.py
@@ -11,12 +11,10 @@
 from nrlf.core.model import ClientRpDetails, ConnectionMetadata
 
 
-def _fetch_ods_app_id_headers(headers: dict[str, str]):
-
+def _fetch_v2_ods_app_id_headers(headers: dict[str, str]):
     case_insensitive_headers = {key.lower(): value for key, value in headers.items()}
 
     ods_code = case_insensitive_headers.get(V2Headers.NHSD_END_USER_ORGANISATION_ODS)
-
     if not ods_code or len(ods_code.strip()) == 0:
         logger.log(
             LogReference.HANDLER003a,
@@ -33,9 +31,7 @@ def _fetch_ods_app_id_headers(headers: dict[str, str]):
     return ods_code, nrl_app_id
 
 
-def parse_headers(
-    headers: Dict[str, str], use_v2_permissions=False
-) -> ConnectionMetadata:
+def parse_headers(headers: Dict[str, str]) -> ConnectionMetadata:
     """
     Parses the connection metadata and client rp details from the headers passed from Apigee
     """
@@ -49,8 +45,8 @@ def parse_headers(
             case_insensitive_headers.get(CONNECTION_METADATA, "{}")
         )
 
-        if use_v2_permissions:
-            ods_code, nrl_app_id = _fetch_ods_app_id_headers(case_insensitive_headers)
+        ods_code, nrl_app_id = _fetch_v2_ods_app_id_headers(case_insensitive_headers)
+        if ods_code and nrl_app_id:
             raw_connection_metadata["nrl.ods-code"] = ods_code
             raw_connection_metadata["nrl.app-id"] = nrl_app_id
             raw_client_rp_details["developer.app.id"] = nrl_app_id
diff --git a/layer/nrlf/core/tests/test_authoriser.py b/layer/nrlf/core/tests/test_authoriser.py
@@ -1,5 +1,7 @@
 from unittest.mock import mock_open, patch
 
+import pytest
+
 from nrlf.core.authoriser import get_pointer_permissions_v2, parse_permissions_file
 from nrlf.core.logger import LogReference, logger
 from nrlf.core.request import parse_headers
@@ -76,17 +78,16 @@ def test_authoriser_get_v2_permissions_with_app_pointer_types(
     spy.assert_called_with(LogReference.V2PERMISSIONS011, key=expected_lookup_key)
 
 
-def test_authoriser_parse_v2_permission_file_with_no_permission_file(mocker):
-    spy = mocker.spy(logger, "log")
-    expected_lookup_key = "consumer/NotAnApp/NotFound.json"
+def test_authoriser_parse_v2_permission_file_with_no_permission_file():
+    with pytest.raises(FileNotFoundError) as error:
+        get_pointer_permissions_v2(
+            connection_metadata=parse_headers(
+                create_headers(ods_code="NotFound", nrl_app_id="NotAnApp")
+            ),
+            request_path="/consumer/_status",
+        )
 
-    metadata_result = get_pointer_permissions_v2(
-        connection_metadata=parse_headers(
-            create_headers(ods_code="NotFound", nrl_app_id="NotAnApp")
-        ),
-        request_path="/consumer/_status",
+    assert (
+        f"No such file or directory: '/opt/python/nrlf_permissions/consumer/NotAnApp/NotFound.json'"
+        in str(error.value)
     )
-
-    assert metadata_result == {}
-
-    spy.assert_any_call(LogReference.V2PERMISSIONS011, key=expected_lookup_key)
diff --git a/layer/nrlf/core/tests/test_decorators.py b/layer/nrlf/core/tests/test_decorators.py
@@ -794,14 +794,17 @@ def test_request_load_connection_metadata_with_permission_headers():
     expected_metadata = load_connection_metadata(
         headers=create_headers(nrl_permissions=[PERMISSION_ALLOW_ALL_POINTER_TYPES]),
         config=Config(),
+        path="/consumer/something",
     )
 
     assert expected_metadata.pointer_types == PointerTypes.list()
 
 
 def test_request_load_connection_metadata_with_no_permission_lookup_or_file():
     expected_metadata = load_connection_metadata(
-        headers=create_headers(nrl_app_id="someId"), config=Config()
+        headers=create_headers(nrl_app_id="someId"),
+        config=Config(),
+        path="/producer/something",
     )
 
     assert expected_metadata.pointer_types == []
@@ -892,7 +895,7 @@ def test_load_connection_metadata_gets_v1_permissions_when_v2_permission_file_mi
     )
     mocker.patch(
         "nrlf.core.decorators.get_pointer_permissions_v2",
-        return_value={},
+        side_effect=FileNotFoundError("nope no v2 file here"),
     )
 
     v1_plus_v2_headers = create_headers(
@@ -906,11 +909,11 @@ def test_load_connection_metadata_gets_v1_permissions_when_v2_permission_file_mi
         headers=v1_plus_v2_headers, config=Config(), path="/producer/DocumentReference"
     )
 
-    assert metadata.pointer_types == v1_permissions
     assert metadata.nrl_permissions_policy == None  # no v2 permissions
+    assert metadata.pointer_types == v1_permissions
 
 
-def test_load_connection_metadata_gets_v1_permissions_when_v2_headers_missing(
+def test_load_connection_metadata_throws_error_when_v2_permissions_lookup_encounters_genuine_error(
     mocker,
 ):
     v1_permissions = [
@@ -921,24 +924,26 @@ def test_load_connection_metadata_gets_v1_permissions_when_v2_headers_missing(
         "nrlf.core.decorators.parse_permissions_file",
         return_value=v1_permissions,
     )
-    v2_permissions = {"access_controls": [AccessControls.ALLOW_ALL_TYPES.value]}
     mocker.patch(
         "nrlf.core.decorators.get_pointer_permissions_v2",
-        return_value=v2_permissions,
+        side_effect=Exception("AAAH THIS IS A BIG PROBLEM"),
     )
 
-    v1_headers_only = create_headers(
+    v1_plus_v2_headers = create_headers(
         additional_headers={
             V2Headers.NHSD_END_USER_ORGANISATION_ODS: "Y05868",
+            V2Headers.NHSD_NRL_APP_ID: "Y05868-TestApp-12345678",
         }
     )
 
-    metadata = load_connection_metadata(
-        headers=v1_headers_only, config=Config(), path="/producer/DocumentReference"
-    )
+    with pytest.raises(Exception) as err:
+        load_connection_metadata(
+            headers=v1_plus_v2_headers,
+            config=Config(),
+            path="/producer/DocumentReference",
+        )
 
-    assert metadata.pointer_types == v1_permissions
-    assert metadata.nrl_permissions_policy == None  # no v2 permissions
+    assert "AAAH THIS IS A BIG PROBLEM" in str(err.value)
 
 
 def test_load_v2_connection_metadata_allow_all_types(mocker: MockerFixture):
diff --git a/layer/nrlf/core/tests/test_request.py b/layer/nrlf/core/tests/test_request.py
@@ -4,7 +4,7 @@
 
 from nrlf.core.errors import OperationOutcomeError, ParseError
 from nrlf.core.logger import LogReference, logger
-from nrlf.core.request import _fetch_ods_app_id_headers, parse_body, parse_headers
+from nrlf.core.request import _fetch_v2_ods_app_id_headers, parse_body, parse_headers
 from nrlf.producer.fhir.r4.model import DocumentReference
 from nrlf.tests.data import load_document_reference_data
 
@@ -59,7 +59,7 @@ def test_fetch_ods_app_id_headers(
     headers, expected_ods, expected_app_id, expected_log, mocker
 ):
     spy = mocker.spy(logger, "log")
-    ods_code, nrl_app_id = _fetch_ods_app_id_headers(headers)
+    ods_code, nrl_app_id = _fetch_v2_ods_app_id_headers(headers)
 
     assert ods_code == expected_ods
     assert nrl_app_id == expected_app_id
@@ -207,7 +207,7 @@ def test_parse_headers_valid_headers_v2_permissions():
         "nhsd-nrl-app-id": "X26-TestApp-12345",
     }
 
-    metadata = parse_headers(headers, use_v2_permissions=True)
+    metadata = parse_headers(headers)
 
     assert metadata.pointer_types == ["pointer_type"]
     assert metadata.ods_code == "X26"
diff --git a/layer/nrlf/tests/events.py b/layer/nrlf/tests/events.py
@@ -49,7 +49,7 @@ def create_test_api_gateway_event(
 ) -> Dict[str, Any]:
     return {
         "resource": "/",
-        "path": "/",
+        "path": "/consumer/producer/",
         "httpMethod": "GET",
         "requestContext": {
             "resourcePath": "/",

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ class LogReference(Enum):`
`88`	`88`	`"INFO", "Retrieved v2 pointer permissions from lambda layer"`
`89`	`89`	`)`
`90`	`90`	`V2PERMISSIONS013 = _Reference(`
`91`		`- "WARN", "No v2 permissions file found in lambda layer"`
	`91`	`+ "INFO", "No v2 permissions file found in lambda layer"`
`92`	`92`	`)`
`93`	`93`
`94`	`94`	`# Parse Logs`