NHSDigital
diff --git a/‎Makefile‎
Lines changed: 3 additions & 3 deletions b/‎Makefile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎layer/nrlf/core/dynamodb/repository.py‎
Lines changed: 11 additions & 7 deletions b/‎layer/nrlf/core/dynamodb/repository.py‎
Lines changed: 11 additions & 7 deletions
diff --git a/‎layer/nrlf/core/dynamodb/tests/test_repository.py‎
Lines changed: 112 additions & 2 deletions b/‎layer/nrlf/core/dynamodb/tests/test_repository.py‎
Lines changed: 112 additions & 2 deletions
diff --git a/‎layer/nrlf/core/log_references.py‎
Lines changed: 3 additions & 0 deletions b/‎layer/nrlf/core/log_references.py‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎layer/nrlf/tests/dynamodb.py‎
Lines changed: 12 additions & 0 deletions b/‎layer/nrlf/tests/dynamodb.py‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎scripts/get_s3_permissions.py‎
Lines changed: 103 additions & 3 deletions b/‎scripts/get_s3_permissions.py‎
Lines changed: 103 additions & 3 deletions
diff --git a/‎terraform/account-wide-infrastructure/dev/vars.tf‎
Lines changed: 1 addition & 1 deletion b/‎terraform/account-wide-infrastructure/dev/vars.tf‎
Lines changed: 1 addition & 1 deletion
@@ -7,7 +7,7 @@ SHELL := /bin/bash
 
 DIST_PATH ?= ./dist
 TEST_ARGS ?= --cov --cov-report=term-missing --cov-report=xml:$(DIST_PATH)/test-coverage.xml
-SMOKE_TEST_ARGS ?=
+SMOKE_TEST_ARGS ?= -s ./tests/smoke/scenarios/*
 FEATURE_TEST_ARGS ?= ./tests/features
 TF_WORKSPACE_NAME ?= $(shell terraform -chdir=terraform/infrastructure workspace show)
 ENV ?= dev
@@ -149,14 +149,14 @@ test-smoke-internal: check-warn ## Run the smoke tests against the internal envi
 	TEST_STACK_NAME=$(TF_WORKSPACE_NAME) \
 	TEST_STACK_DOMAIN=$(shell terraform -chdir=terraform/infrastructure output -raw domain 2>/dev/null) \
 	TEST_CONNECT_MODE="internal" \
-		pytest ./tests/smoke/scenarios/* $(SMOKE_TEST_ARGS)
+		pytest $(SMOKE_TEST_ARGS)
 
 test-smoke-public: check-warn ## Run the smoke tests for the external access points
 	@echo "Running smoke tests for the public endpoints ${ENV}"
 	TEST_ENVIRONMENT_NAME=$(ENV) \
 	TEST_STACK_NAME=$(TF_WORKSPACE_NAME) \
 	TEST_CONNECT_MODE="public" \
-		pytest ./tests/smoke/scenarios/* $(SMOKE_TEST_ARGS)
+		pytest $(SMOKE_TEST_ARGS)
 
 test-performance-prepare:
 	mkdir -p $(DIST_PATH)
 
@@ -344,14 +344,18 @@ def delete_by_id(self, id_: str, can_ignore_delete_fail: bool = False):
         key = f"D#{id_}"
         try:
             self.table.delete_item(Key={"pk": key, "sk": key})
+            logger.log(LogReference.REPOSITORY027, id=id_)
         except Exception as exc:
-            if can_ignore_delete_fail:
-                logger.log(
-                    LogReference.REPOSITORY026a,
-                    exc_info=sys.exc_info(),
-                    stacklevel=5,
-                    error=str(exc),
-                )
+            logger.log(
+                (
+                    LogReference.REPOSITORY026a
+                    if can_ignore_delete_fail
+                    else LogReference.REPOSITORY026b
+                ),
+                exc_info=sys.exc_info(),
+                stacklevel=5,
+                error=str(exc),
+            )
 
     def _query(self, **kwargs) -> Iterator[DocumentPointer]:
         """
 
@@ -1,7 +1,32 @@
+from unittest.mock import patch
+
 import pytest
+from moto import mock_aws
 
 from nrlf.core.constants import PointerTypes
-from nrlf.core.dynamodb.repository import _get_sk_ids_for_type
+from nrlf.core.dynamodb.model import DocumentPointer
+from nrlf.core.dynamodb.repository import (
+    DocumentPointerRepository,
+    _get_sk_ids_for_type,
+)
+from nrlf.core.log_references import LogReference
+from nrlf.tests.data import load_document_reference
+from nrlf.tests.dynamodb import mock_repository
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+
+def make_document_pointer(id: str = "Y05868-99999-99999-999999") -> DocumentPointer:
+    doc_ref = load_document_reference("Y05868-736253002-Valid")
+    doc_ref.id = id
+    return DocumentPointer.from_document_reference(doc_ref)
+
+
+# ---------------------------------------------------------------------------
+# _get_sk_ids_for_type
+# ---------------------------------------------------------------------------
 
 
 def test_get_sk_ids_for_type_exception_thrown_for_invalid_type():
@@ -30,4 +55,89 @@ def test_get_sk_ids_for_type_exception_thrown_if_new_type_has_no_category():
     )
 
 
-# TODO: Add unit tests for Repository Class
+# ---------------------------------------------------------------------------
+# DocumentPointerRepository.supersede
+# ---------------------------------------------------------------------------
+
+
+@mock_aws
+@mock_repository
+def test_supersede_creates_new_and_deletes_old(repository: DocumentPointerRepository):
+    old_doc = make_document_pointer(id="Y05868-OLD0001")
+    repository.create(old_doc)
+    assert repository.get_by_id("Y05868-OLD0001") is not None
+
+    new_doc = make_document_pointer(id="Y05868-NEW0001")
+    result = repository.supersede(new_doc, ids_to_delete=["Y05868-OLD0001"])
+
+    assert result.id == "Y05868-NEW0001"
+    assert repository.get_by_id("Y05868-NEW0001") is not None
+    assert repository.get_by_id("Y05868-OLD0001") is None
+
+
+@mock_aws
+@mock_repository
+@patch("nrlf.core.dynamodb.repository.logger")
+def test_supersede_with_can_ignore_delete_fail(
+    mock_logger,
+    repository: DocumentPointerRepository,
+):
+    new_doc = make_document_pointer(id="Y05868-NEW0003")
+
+    with patch.object(
+        repository.table,
+        "delete_item",
+        side_effect=Exception("simulated delete failure"),
+    ):
+        result = repository.supersede(
+            new_doc,
+            ids_to_delete=["Y05868-NONEXISTENT"],
+            can_ignore_delete_fail=True,
+        )
+
+    assert result.id == "Y05868-NEW0003"
+    log_codes = [c.args[0] for c in mock_logger.log.call_args_list]
+    assert LogReference.REPOSITORY026a in log_codes
+
+
+# ---------------------------------------------------------------------------
+# DocumentPointerRepository.delete_by_id
+# ---------------------------------------------------------------------------
+
+
+@mock_aws
+@mock_repository
+def test_delete_by_id_removes_document_pointer(repository: DocumentPointerRepository):
+    doc = make_document_pointer()
+    repository.create(doc)
+    assert repository.get_by_id(doc.id) is not None
+
+    repository.delete_by_id(doc.id)
+
+    assert repository.get_by_id(doc.id) is None
+
+
+@pytest.mark.parametrize(
+    "ignore_delete_fail, log_reference",
+    [(True, LogReference.REPOSITORY026a), (False, LogReference.REPOSITORY026b)],
+)
+@mock_aws
+@mock_repository
+@patch("nrlf.core.dynamodb.repository.logger")
+def test_delete_by_id_logs_correct_reference_based_on_can_ignore_delete_fail(
+    mock_logger,
+    repository: DocumentPointerRepository,
+    ignore_delete_fail,
+    log_reference,
+):
+    with patch.object(
+        repository.table,
+        "delete_item",
+        side_effect=Exception("simulated delete failure"),
+    ):
+        repository.delete_by_id(
+            "Y05868-NONEXISTENT", can_ignore_delete_fail=ignore_delete_fail
+        )
+
+    log_codes = [c.args[0] for c in mock_logger.log.call_args_list]
+    assert log_reference in log_codes
@@ -151,6 +151,9 @@ class LogReference(Enum):
     REPOSITORY026a = _Reference(
         "EXCEPTION", "Ignoring failure to delete resource from DynamoDB"
     )
+    REPOSITORY026b = _Reference(
+        "EXCEPTION", "Failed to delete superseded resource from DynamoDB"
+    )
     REPOSITORY027 = _Reference("INFO", "Successfully deleted item from DynamoDB")
     REPOSITORY028 = _Reference("INFO", "Received page of search results")
     REPOSITORY028a = _Reference("DEBUG", "Received page of search results with result")
 
@@ -1,3 +1,6 @@
+import functools
+import inspect
+
 from nrlf.core.boto import get_dynamodb_resource
 from nrlf.core.config import Config
 from nrlf.core.dynamodb.repository import DocumentPointerRepository
@@ -40,6 +43,7 @@ def create_document_pointer_table(config: Config, dynamodb: DynamoDBServiceResou
 
 
 def mock_repository(func):
+    @functools.wraps(func)
     def wrapped_function(*args, **kwargs):
         config = Config()
         dynamodb = get_dynamodb_resource()
@@ -49,4 +53,12 @@ def wrapped_function(*args, **kwargs):
 
         return func(*args, **kwargs, repository=repository)
 
+    # Remove 'repository' from the visible signature so pytest doesn't try
+    # to inject it as a test parameter (it's already injected by this decorator).
+    sig = inspect.signature(func)
+    params_minus_repository = [
+        p for name, p in sig.parameters.items() if name != "repository"
+    ]
+    wrapped_function.__signature__ = sig.replace(parameters=params_minus_repository)
+
     return wrapped_function
@@ -169,7 +169,6 @@ def add_feature_test_files(local_path):
             "v2-z00z-y11y-x22x",
             "V1ONLY0D5",
             [PointerTypes.LLOYD_GEORGE_FOLDER.value],
-            [],
         ),  # http://snomed.info/sct|16521000000101
     ]
     [
@@ -178,11 +177,108 @@ def add_feature_test_files(local_path):
             ods_code,
             pointer_types,
         )
-        for app_id, ods_code, pointer_types, access_controls in v1_permissions
+        for app_id, ods_code, pointer_types in v1_permissions
+    ]
+
+
+def add_smoke_test_files(secretsmanager, local_path, env_name):
+    """Bake in v2 permissions for the smoke test application so that the
+    v2 permissions model can be proven via smoke tests without
+    requiring a dynamic layer rebuild between test setup and test execution.
+    """
+
+    parameters_name = f"nhsd-nrlf--{env_name}--smoke-test-parameters"
+
+    secret_value = secretsmanager.get_secret_value(SecretId=parameters_name)
+    parameters = json.loads(secret_value["SecretString"])
+    smoke_test_app_id = parameters.get("nrlf_app_id")
+
+    print("Adding smoke test v2 permissions to temporary directory...")
+    org_permissions = {
+        "consumer": [
+            (
+                smoke_test_app_id,
+                "SMOKETEST",
+                [
+                    PointerTypes.MENTAL_HEALTH_PLAN.value
+                ],  # http://snomed.info/sct|736253002
+                [],
+            ),
+        ],
+        "producer": [
+            (
+                smoke_test_app_id,
+                "SMOKETEST",
+                [
+                    PointerTypes.MENTAL_HEALTH_PLAN.value
+                ],  # http://snomed.info/sct|736253002
+                [],
+            ),
+            (
+                # For public tests - don't have a separate apigee app for 1DSync
+                smoke_test_app_id,
+                "SMOKETEST1DSYNC",
+                [],
+                [AccessControls.ALLOW_ALL_TYPES.value],
+            ),
+        ],
+    }
+    [
+        _write_permission_file(
+            Path.joinpath(local_path, actor_type, app_id),
+            ods_code,
+            pointer_types,
+            access_controls,
+        )
+        for actor_type, entries in org_permissions.items()
+        for app_id, ods_code, pointer_types, access_controls in entries
+    ]
+    app_permissions = {
+        "producer": [
+            (
+                "SMOKETEST1DSYNC",
+                [],
+                [AccessControls.ALLOW_ALL_TYPES.value],
+            ),
+        ],
+    }
+    [
+        _write_permission_file(
+            Path.joinpath(local_path, actor_type),
+            app_id,
+            pointer_types,
+            access_controls,
+        )
+        for actor_type, entries in app_permissions.items()
+        for app_id, pointer_types, access_controls in entries
+    ]
+
+    print("Adding smoke test v1 permissions to temporary directory...")
+    v1_permissions = [
+        (  # not needed, won't hit this file
+            "SMOKETEST1DSYNCV1",
+            "SMOKETEST",
+            [],
+        ),
+        (
+            smoke_test_app_id,
+            "SMOKETESTV1",
+            [PointerTypes.MENTAL_HEALTH_PLAN.value],  # http://snomed.info/sct|736253002
+        ),
+    ]
+    [
+        _write_v1_permission_file(
+            Path.joinpath(local_path, app_id),
+            ods_code,
+            pointer_types,
+        )
+        for app_id, ods_code, pointer_types in v1_permissions
     ]
 
 
-def download_files(s3_client, bucket_name, local_path, file_names, folders):
+def download_files(
+    s3_client, bucket_name, local_path, file_names, folders, secretsmanager, env_name
+):
     print(f"Downloading {len(file_names)} S3 files to temporary directory...")
     local_path = Path(local_path)
 
@@ -199,6 +295,7 @@ def download_files(s3_client, bucket_name, local_path, file_names, folders):
 
     add_test_files("K6PerformanceTest", "Y05868.json", local_path)
     add_feature_test_files(local_path)
+    add_smoke_test_files(secretsmanager, local_path, env_name)
 
 
 def main(use_shared_resources: str, env: str, workspace: str, path_to_store: str):
@@ -210,12 +307,15 @@ def main(use_shared_resources: str, env: str, workspace: str, path_to_store: str
     s3 = boto_session.client("s3")
     files, folders = get_file_folders(s3, bucket)
 
+    secretsmanager = boto_session.client("secretsmanager", region_name="eu-west-2")
     download_files(
         s3,
         bucket,
         path.abspath(path.join(path_to_store + "/nrlf_permissions")),
         files,
         folders,
+        secretsmanager,
+        env_name=env,
     )
     print("Downloaded S3 permissions...")
 
 
@@ -71,7 +71,7 @@ variable "use_powerbi_gw_custom_ami" {
 variable "powerbi_gw_root_volume_size" {
   type        = number
   description = "Size of the root EBS volume in GB"
-  default     = 40
+  default     = 120
 }
 
 variable "powerbi_gw_root_volume_iops" {
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ variable "use_powerbi_gw_custom_ami" {`
`71`	`71`	`variable "powerbi_gw_root_volume_size" {`
`72`	`72`	`type = number`
`73`	`73`	`description = "Size of the root EBS volume in GB"`
`74`		`- default = 40`
	`74`	`+ default = 120`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`variable "powerbi_gw_root_volume_iops" {`