Skip to content

adds EuoAllowListVerify functionality#2420

Merged
pca-nhs merged 6 commits intodevelopfrom
feature/ERSSUP-86798
Sep 24, 2025
Merged

adds EuoAllowListVerify functionality#2420
pca-nhs merged 6 commits intodevelopfrom
feature/ERSSUP-86798

Conversation

@kevinmason-nhs
Copy link
Copy Markdown
Contributor

@kevinmason-nhs kevinmason-nhs commented Jul 30, 2025

Summary

Adds new functionality for user-restricted flows to add EUOAllowlistVerify

This new functionality will check if the incoming ODS code is contained within the EUO allow list.

This should only be set if the Application has EUOAllowlistEnabled = true as a custom attribute.

Reviews Required

  • Dev
  • Test
  • Tech Author
  • Product Owner

Review Checklist

ℹ️ This section is to be filled in by the reviewer.

  • I have reviewed the changes in this PR and they fill all or part of the acceptance criteria of the ticket, and the code is in a mergeable state.
  • If there were infrastructure, operational, or build changes, I have made sure there is sufficient evidence that the changes will work.
  • I have ensured the changelog has been updated by the submitter, if necessary.

@kevinmason-nhs kevinmason-nhs requested a review from a team as a code owner July 30, 2025 12:40
@pca-nhs
Copy link
Copy Markdown
Contributor

pca-nhs commented Aug 29, 2025

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines Bot commented Aug 29, 2025

Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command.

kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread tests/integration/test_headers.py Outdated
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/proxies/default.xml
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/proxies/default.xml
kevinmason-nhs
kevinmason-nhs commented Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/proxies/default.xml
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread manifest_template.yml Outdated
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread manifest_template.yml
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml Outdated
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml
<Condition>(accesstoken.auth_type == "user")</Condition>
</Step>
<Step>
<Name>RaiseFault.MissingAsid</Name>
Copy link
Copy Markdown
Contributor

@pca-nhs pca-nhs Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CGI Feedback: Keep in mind the step order and the error being returned -- you only get one error, so priorities the error you want the user to see first

Copy link
Copy Markdown
Contributor Author

@kevinmason-nhs kevinmason-nhs Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want the asid validation to come before this?

Copy link
Copy Markdown
Contributor

@pca-nhs pca-nhs Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can go both ways: if the partner ASID is missing, we could surface that error, but if possibly the verification logic is more specific, so we'd be going from that to the (possibly) more broader error or the partner ASID being missing in the request. The key point I think is that we'd terminate early, so a request with both issues won't progress until the first is resolved

pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml Outdated
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingR4.xml Outdated
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml Outdated
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/targets/ers-target.xml Outdated
pca-nhs
pca-nhs reviewed Sep 9, 2025
View reviewed changes
Comment thread tests/conftest.py Outdated
pca-nhs
pca-nhs reviewed Sep 11, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingPreR4.xml
@@ -0,0 +1,18 @@
<AssignMessage enabled="true" name="AssignMessage.SetOperationOutcomeODSHeaderMissingPreR4">
Copy link
Copy Markdown
Contributor

@pca-nhs pca-nhs Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the change/refactor, we're duplicating the context between PreR4/R4 -- argument for collapsing this in the technical debt ticket

pca-nhs
pca-nhs previously approved these changes Sep 11, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@pca-nhs pca-nhs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pca-nhs
pca-nhs reviewed Sep 12, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingR4.xml Outdated
pca-nhs
pca-nhs reviewed Sep 12, 2025
View reviewed changes
Comment thread proxies/live/apiproxy/policies/AssignMessage.SetOperationOutcomeODSHeaderMissingPreR4.xml Outdated
@pca-nhs pca-nhs force-pushed the feature/ERSSUP-86798 branch 3 times, most recently from 00f8926 to 13a705d Compare September 12, 2025 11:24
@pca-nhs pca-nhs force-pushed the feature/ERSSUP-86798 branch from 1a7ded6 to f2ab1ba Compare September 23, 2025 17:48
@pca-nhs pca-nhs force-pushed the feature/ERSSUP-86798 branch from f2ab1ba to 2cbc884 Compare September 23, 2025 17:55
@pca-nhs pca-nhs force-pushed the feature/ERSSUP-86798 branch from 44dd84c to 7803c89 Compare September 24, 2025 12:26
@pca-nhs pca-nhs self-requested a review September 24, 2025 14:21
kevinmason-nhs
kevinmason-nhs commented Sep 24, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@kevinmason-nhs kevinmason-nhs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pca-nhs pca-nhs merged commit af29235 into develop Sep 24, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pca-nhs pca-nhs pca-nhs approved these changes

@daniel-mcadam-nhs daniel-mcadam-nhs Awaiting requested review from daniel-mcadam-nhs

@sudhanshu-arya1 sudhanshu-arya1 Awaiting requested review from sudhanshu-arya1

@adamoldfield-nhs adamoldfield-nhs Awaiting requested review from adamoldfield-nhs

@nhsd-jack-wainwright nhsd-jack-wainwright Awaiting requested review from nhsd-jack-wainwright

@nhsd-sw nhsd-sw Awaiting requested review from nhsd-sw

@nhsd-dm nhsd-dm Awaiting requested review from nhsd-dm

@nhsd-andrew-tuley nhsd-andrew-tuley Awaiting requested review from nhsd-andrew-tuley

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinmason-nhs @pca-nhs @nhsd-jack-wainwright