Fix: [AEA-4028] - Add Capability Statement

Makefile

@@ -102,6 +102,7 @@ lint-node: compile-node
 	npm run lint --workspace packages/sandbox
 	npm run lint --workspace packages/specification
 	npm run lint --workspace packages/statusLambda
+	npm run lint --workspace packages/capabilityStatement
 
 lint-samtemplates:
 	poetry run cfn-lint -t SAMtemplates/**/*.yaml
@@ -122,6 +123,7 @@ test: compile
 	npm run test --workspace packages/gsul
 	npm run test --workspace packages/sandbox
 	npm run test --workspace packages/statusLambda
+	npm run test --workspace packages/capabilityStatement
 
 clean:
 	rm -rf packages/updatePrescriptionStatus/coverage
@@ -132,6 +134,8 @@ clean:
 	rm -rf packages/specification/lib
 	rm -rf packages/statusLambda/coverage
 	rm -rf packages/statusLambda/lib
+	rm -rf packages/capabilityStatement/coverage
+	rm -rf packages/capabilityStatement/lib
 	rm -rf .aws-sam
 
 deep-clean: clean

README.md

@@ -1,20 +1,23 @@
 # EPS Prescription Status Update API
 
-![Build](https://github.com/NHSDigital/eps-prescription-status-update-api/actions/workflows/ci.yml/badge.svg?branch=main)   
-![Release](https://github.com/NHSDigital/eps-prescription-status-update-api/actions/workflows/release.yml/badge.svg?branch=main)   
+![Build](https://github.com/NHSDigital/eps-prescription-status-update-api/actions/workflows/ci.yml/badge.svg?branch=main)  
+![Release](https://github.com/NHSDigital/eps-prescription-status-update-api/actions/workflows/release.yml/badge.svg?branch=main)
 
 ## Versions and deployments
-Version release history can be found ot https://github.com/NHSDigital/eps-prescription-status-update-api/releases.   
-We use eslint convention for commit messages for commits to main branch. Descriptions for the types of changes in a release can be found in the [contributing guidelines](./CONTRIBUTING.md)   
+
+Version release history can be found ot https://github.com/NHSDigital/eps-prescription-status-update-api/releases.  
+We use eslint convention for commit messages for commits to main branch. Descriptions for the types of changes in a release can be found in the [contributing guidelines](./CONTRIBUTING.md)  
 Deployment history can be found at https://nhsdigital.github.io/eps-prescription-status-update-api/
 
 ## Introduction
+
 This is the AWS layer that provides an API for EPS Prescription Status Update.
 
 - `packages/updatePrescriptionStatus/` Handles updating prescription status for the root endpoint.
 - `packages/sandbox` A sandbox endpoint returning an example response.
 - `packages/specification/` This [Open API Specification](https://swagger.io/docs/specification/about/) describes the endpoints, methods and messages.
 - `packages/statusLambda/` Returns the status of the updatePrescriptionStatus endpoint
+- `packages/capabilityStatement/` Returns a static capability statement.
 - `scripts/` Utilities helpful to developers of this specification.
 - `SAMtemplates/` Contains the SAM templates used to define the stacks.
 - `.devcontainer` Contains a dockerfile and vscode devcontainer definition.
@@ -162,6 +165,7 @@ These are used to do common commands
 - `test` Runs unit tests for all code
 
 #### Publish targets
+
 - `publish` Outputs the specification as a **single file** into the `dist/` directory. This is used when uploading to Apigee, which requires the spec as a single file.
 
 #### Compiling
@@ -212,16 +216,16 @@ Workflows are in the `.github/workflows` folder:
 - `pr-link.yaml` This workflow template links Pull Requests to Jira tickets and runs when a pull request is opened.
 - `pull_request.yml` Called when pull request is opened or updated. Calls sam_package_code and sam_release_code to build and deploy the code. Deploys to dev AWS account. The main stack deployed adopts the naming convention psu-pr-<PULL_REQUEST_ID>, while the sandbox stack follows the pattern psu-sandbox-pr-<PULL_REQUEST_ID>
 - `quality_checks.yml` Runs check-licenses, lint, test and SonarCloud scan against the repo. Called from pull_request.yml and release.yml
-- `release.yml` Runs on demand to create a release and deploy to all environments. 
+- `release.yml` Runs on demand to create a release and deploy to all environments.
 - `sam_package_code.yml` Packages code and uploads to a github artifact for later deployment.
 - `sam_release_code.yml` Release code built by sam_package_code.yml to an environment.
 
-
 ### Github pages
 
-Github pages is used to display deployment information. The source for github pages is in the gh-pages branch.   
-As part of the ci and release workflows, the release tag (either the short commit SHA or release tag) is appended to _data/{environment}_deployments.csv so we have a history of releases and replaced in _data/{environment}_latest.csv so we now what the latest released version is.   
+Github pages is used to display deployment information. The source for github pages is in the gh-pages branch.  
+As part of the ci and release workflows, the release tag (either the short commit SHA or release tag) is appended to \_data/{environment}\_deployments.csv so we have a history of releases and replaced in \_data/{environment}\_latest.csv so we now what the latest released version is.  
 There are different makefile targets in this branch. These are
+
 - `run-jekyll` - runs the site locally so changes can be previewed during development
 - `sync-main` - syncs common files from main branch to gh-pages branch. You must commit and push after running this
 - `install-python` installs python dependencies

SAMtemplates/apis/main.yaml

@@ -30,6 +30,14 @@ Parameters:
     Type: String
     Default: none
 
+  CapabilityStatementFunctionName:
+    Type: String
+    Default: none
+
+  CapabilityStatementFunctionArn:
+    Type: String
+    Default: none
+
   LogRetentionInDays:
     Type: Number
 
@@ -226,16 +234,37 @@ Resources:
         IntegrationHttpMethod: POST
         Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${StatusFunctionArn}/invocations
 
+  CapabilityStatementResource:
+    Type: AWS::ApiGateway::Resource
+    Properties:
+      RestApiId: !Ref RestApiGateway
+      ParentId: !GetAtt RestApiGateway.RootResourceId
+      PathPart: metadata
+
+  CapabilityStatementMethod:
+    Type: AWS::ApiGateway::Method
+    Properties:
+      RestApiId: !Ref RestApiGateway
+      ResourceId: !Ref CapabilityStatementResource
+      HttpMethod: GET
+      AuthorizationType: NONE
+      Integration:
+        Type: AWS_PROXY
+        Credentials: !GetAtt RestApiGatewayResources.Outputs.ApiGwRoleArn
+        IntegrationHttpMethod: POST
+        Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CapabilityStatementFunctionArn}/invocations
+
   # *********************************************************************
   # if you add a new endpoint, then change the name of this resource
   # also need to change it in RestApiGatewayStage.Properties.DeploymentId
   # *********************************************************************
-  RestApiGatewayDeploymentV1a:
+  RestApiGatewayDeploymentV1b:
     Type: AWS::ApiGateway::Deployment
     DependsOn:
       # see note above if you add something in here when you add a new endpoint
       - UpdatePrescriptionStatusMethod
       - StatusLambdaMethod
+      - CapabilityStatementMethod
       # see note above if you add something in here when you add a new endpoint
     Properties:
       RestApiId: !Ref RestApiGateway
@@ -244,7 +273,7 @@ Resources:
     Type: AWS::ApiGateway::Stage
     Properties:
       RestApiId: !Ref RestApiGateway
-      DeploymentId: !Ref RestApiGatewayDeploymentV1a
+      DeploymentId: !Ref RestApiGatewayDeploymentV1b
       StageName: prod
       TracingEnabled: true
       AccessLogSetting:
@@ -267,6 +296,7 @@ Resources:
           - ","
           - - Fn::ImportValue: !Sub ${StackName}:state-machines:${UpdatePrescriptionStatusStateMachineName}:ExecuteStateMachinePolicy
             - Fn::ImportValue: !Sub ${StackName}:functions:${StatusFunctionName}:ExecuteLambdaPolicyArn
+            - Fn::ImportValue: !Sub ${StackName}:functions:${CapabilityStatementFunctionName}:ExecuteLambdaPolicyArn
         ApiName: !Sub ${StackName}-apigw
         LogRetentionInDays: !Ref LogRetentionInDays
         EnableSplunk: !Ref EnableSplunk

SAMtemplates/functions/main.yaml

@@ -158,6 +158,37 @@ Resources:
         SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
         SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream
 
+  CapabilityStatement:
+    Type: AWS::Serverless::Function
+    Properties:
+      FunctionName: !Sub ${StackName}-CapabilityStatement
+      CodeUri: ../../packages
+      Handler: capabilityStatement.handler
+      Role: !GetAtt CapabilityStatementResources.Outputs.LambdaRoleArn
+    Metadata:
+      BuildMethod: esbuild
+      BuildProperties:
+        Minify: true
+        Target: es2020
+        Sourcemap: true
+        tsconfig: capabilityStatement/tsconfig.json
+        EntryPoints:
+          - capabilityStatement/src/capabilityStatement.ts
+
+  CapabilityStatementResources:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: lambda_resources.yaml
+      Parameters:
+        StackName: !Ref StackName
+        LambdaName: !Sub ${StackName}-CapabilityStatement
+        LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-CapabilityStatement
+        LogRetentionInDays: !Ref LogRetentionInDays
+        CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn
+        EnableSplunk: !Ref EnableSplunk
+        SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
+        SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream
+
 Outputs:
   UpdatePrescriptionStatusFunctionName:
     Description: The function name of the UpdatePrescriptionStatus lambda
@@ -184,3 +215,11 @@ Outputs:
   StatusFunctionArn:
     Description: The function ARN of the Status lambda
     Value: !GetAtt Status.Arn
+
+  CapabilityStatementFunctionName:
+    Description: The function name of the CapabilityStatement lambda
+    Value: !Ref CapabilityStatement
+
+  CapabilityStatementFunctionArn:
+    Description: The function ARN of the CapabilityStatement lambda
+    Value: !GetAtt CapabilityStatement.Arn

SAMtemplates/main_template.yaml

@@ -89,6 +89,8 @@ Resources:
         UpdatePrescriptionStatusStateMachineArn: !GetAtt StateMachines.Outputs.UpdatePrescriptionStatusStateMachineArn
         StatusFunctionName: !GetAtt Functions.Outputs.StatusFunctionName
         StatusFunctionArn: !GetAtt Functions.Outputs.StatusFunctionArn
+        CapabilityStatementFunctionName: !GetAtt Functions.Outputs.CapabilityStatementFunctionName
+        CapabilityStatementFunctionArn: !GetAtt Functions.Outputs.CapabilityStatementFunctionArn
         LogRetentionInDays: !Ref LogRetentionInDays
         EnableSplunk: !Ref EnableSplunk
 

SAMtemplates/sandbox_template.yaml

@@ -39,30 +39,7 @@ Parameters:
   LogRetentionInDays:
     Type: Number
     AllowedValues:
-      [
-        1,
-        3,
-        5,
-        7,
-        14,
-        30,
-        60,
-        90,
-        120,
-        150,
-        180,
-        365,
-        400,
-        545,
-        731,
-        1096,
-        1827,
-        2192,
-        2557,
-        2922,
-        3288,
-        3653,
-      ]
+      [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653]
 
 Conditions:
   ShouldUseMutualTLS: !Equals [true, !Ref EnableMutualTLS]
@@ -83,7 +60,7 @@ Resources:
         EnableSplunk: !Ref EnableSplunk
         SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
         SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream
-  
+
   Sandbox:
     Type: AWS::Serverless::Function
     Properties:
@@ -108,6 +85,44 @@ Resources:
         EntryPoints:
           - sandbox/src/sandbox.ts
 
+  CapabilityStatement:
+    Type: AWS::Serverless::Function
+    Properties:
+      FunctionName: !Sub ${AWS::StackName}-CapabilityStatement
+      CodeUri: ../packages
+      Handler: capabilityStatement.handler
+      Role: !GetAtt CapabilityStatementResources.Outputs.LambdaRoleArn
+      Events:
+        capabilityStatement:
+          Type: HttpApi
+          Properties:
+            ApiId: !Ref HttpApiGateway
+            Path: /metadata
+            Method: get
+    Metadata:
+      BuildMethod: esbuild
+      BuildProperties:
+        Minify: true
+        Target: es2020
+        Sourcemap: true
+        tsconfig: capabilityStatement/tsconfig.json
+        EntryPoints:
+          - capabilityStatement/src/capabilityStatement.ts
+
+  CapabilityStatementResources:
+    Type: AWS::Serverless::Application
+    Properties:
+      Location: functions/lambda_resources.yaml
+      Parameters:
+        StackName: AWS::StackName
+        LambdaName: !Sub ${AWS::StackName}-CapabilityStatement
+        LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-CapabilityStatement
+        CloudWatchKMSKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn
+        SplunkSubscriptionFilterRole: !ImportValue lambda-resources:SplunkSubscriptionFilterRole
+        SplunkDeliveryStreamArn: !ImportValue lambda-resources:SplunkDeliveryStream
+        EnableSplunk: !Ref EnableSplunk
+        LogRetentionInDays: !Ref LogRetentionInDays
+
   # TLS cert for custom domain
   GenerateCertificate:
     Type: AWS::CertificateManager::Certificate
@@ -153,13 +168,7 @@ Resources:
               - Fn::Join:
                   - "/"
                   - - "s3:/"
-                    - !Select [
-                        5,
-                        !Split [
-                          ":",
-                          Fn::ImportValue: account-resources:TrustStoreBucket,
-                        ],
-                      ]
+                    - !Select [5, !Split [":", Fn::ImportValue: account-resources:TrustStoreBucket]]
                     - "psu-sandbox-truststore.pem"
               - !Ref "AWS::NoValue"
           TruststoreVersion:
@@ -210,11 +219,7 @@ Resources:
   ApiGwAccessLogs:
     Type: AWS::Logs::LogGroup
     Properties:
-      LogGroupName:
-        !Join [
-          "/",
-          ["/aws/apigateway", !Ref "AWS::StackName", !Sub "${HttpApiGateway}"],
-        ]
+      LogGroupName: !Join ["/", ["/aws/apigateway", !Ref "AWS::StackName", !Sub "${HttpApiGateway}"]]
       RetentionInDays: !Ref LogRetentionInDays
       KmsKeyId: !ImportValue account-resources:CloudwatchLogsKmsKeyArn