Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set up sandbox #47

Merged
merged 1 commit into from
May 13, 2024
Merged

set up sandbox #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions proxies/sandbox/apiproxy/policies/AssignMessage.AddAsidHeader.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddAsidHeader">
<Add>
<Headers>
<Header name="NHSD-ASID">{private.apigee.NHSD-ASID}</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
10 changes: 10 additions & 0 deletions proxies/sandbox/apiproxy/policies/AssignMessage.AddIHEHeaders.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddIHEHeaders">
<Add>
<Headers>
<Header name="nhse-apim-envrionment">"sandbox"</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
2 changes: 1 addition & 1 deletion proxies/sandbox/apiproxy/policies/AssignMessage.AddIssuerHeader.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddIssuerHeader">
<Add>
<Headers>
<Header name="NHSD-Identity-IdP">{jwt.DecodeJWT.FromJWTHeader.claim.issuer}</Header>
<Header name="NHSD-Identity-IdP">{accesstoken.id_token-issuer}</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
Expand Down
2 changes: 1 addition & 1 deletion proxies/sandbox/apiproxy/policies/AssignMessage.AddUserIdHeader.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddUserIdHeader">
<Add>
<Headers>
<Header name="NHSD-Identity-UUID">{jwt.DecodeJWT.FromJWTHeader.claim.subject}</Header>
<Header name="NHSD-Identity-UUID">{accesstoken.id_token-subject}</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
Expand Down
28 changes: 28 additions & 0 deletions proxies/sandbox/apiproxy/policies/AssignMessage.OAuthPolicyErrorResponse.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.OAuthPolicyErrorResponse">
<Set>
<StatusCode>401</StatusCode>
<Payload contentType="application/json">
{
"resourceType": "OperationOutcome",
"issue": [
{
"severity": "error",
"code": "forbidden",
"details": {
"coding": [
{
"system": "https://fhir.nhs.uk/R4/CodeSystem/Spine-ErrorOrWarningCode",
"version": "1",
"code": "ACCESS_DENIED",
"display": "{faultstring}"
}
]
}
}
]
}
</Payload>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response" />
</AssignMessage>
14 changes: 14 additions & 0 deletions proxies/sandbox/apiproxy/policies/AssignMessage.SetStatusResponse.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AssignMessage.SetStatusResponse" async="false">
<Set>
<Payload>{"status": "pass","version":"{{ DEPLOYED_VERSION }}","revision":"{apiproxy.revision}","releaseId":"{{ RELEASE_RELEASEID }}","commitId":"{{ SOURCE_COMMIT_ID }}"}</Payload>
<StatusCode>200</StatusCode>
<Verb>GET</Verb>
<Headers>
<Header name="Content-Type">application/json</Header>
</Headers>
<Version>1.1</Version>
</Set>
<AssignTo createNew="false" transport="http" type="request"/>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</AssignMessage>
3 changes: 0 additions & 3 deletions proxies/sandbox/apiproxy/policies/DecodeJWT.FromJWTHeader.xml
View file
Open in desktop

This file was deleted.

9 changes: 9 additions & 0 deletions proxies/sandbox/apiproxy/policies/ExtractVariables.OAuthErrorFaultString.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<ExtractVariables async="false" continueOnError="false" enabled="true" name="ExtractVariables.OAuthErrorFaultString">
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<JSONPayload>
<Variable name="faultstring">
<JSONPath>$.fault.faultstring</JSONPath>
</Variable>
</JSONPayload>
<Source clearPayload="false">error</Source>
</ExtractVariables>
5 changes: 5 additions & 0 deletions proxies/sandbox/apiproxy/policies/FlowCallout.ApplyRateLimiting.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="FlowCallout.ApplyRateLimiting">
<DisplayName>FlowCallout.ApplyRateLimiting</DisplayName>
<SharedFlowBundle>ApplyRateLimiting</SharedFlowBundle>
</FlowCallout>
8 changes: 8 additions & 0 deletions proxies/sandbox/apiproxy/policies/FlowCallout.GetEnvironmentKeyValueMapData.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="FlowCallout.GetEnvironmentKeyValueMapData">
<DisplayName>FlowCallout.GetEnvironmentKeyValueMapData</DisplayName>
<Parameters>
<Parameter name="service_name">nhse-tsas-solarch-demo-api</Parameter>
</Parameters>
<SharedFlowBundle>GetEnvironmentKeyValueMapData</SharedFlowBundle>
</FlowCallout>
3 changes: 0 additions & 3 deletions proxies/sandbox/apiproxy/policies/OAuthV2.VerifyAccessToken.xml
View file
Open in desktop

This file was deleted.

4 changes: 4 additions & 0 deletions proxies/sandbox/apiproxy/policies/OAuthV2.VerifyAccessTokenAppAllLevels.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OauthV2.VerifyAccessTokenAppAllLevels">
<Operation>VerifyAccessToken</Operation>
<Scopes>urn:nhsd:apim:app:level1:nhse-tsas-solarch-demo-api urn:nhsd:apim:app:level3:nhse-tsas-solarch-demo-api</Scopes>
</OAuthV2>
4 changes: 4 additions & 0 deletions proxies/sandbox/apiproxy/policies/OAuthV2.VerifyAccessTokenAppLevel3OrCis2Aal3.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OauthV2.VerifyAccessTokenAppLevel3OrCis2Aal3">
<Operation>VerifyAccessToken</Operation>
<Scopes>urn:nhsd:apim:app:level3:nhse-tsas-solarch-demo-api urn:nhsd:apim:user-nhs-cis2:aal3:nhse-tsas-solarch-demo-api</Scopes>
</OAuthV2>
16 changes: 15 additions & 1 deletion proxies/sandbox/apiproxy/policies/ServiceCallout.CallHealthcheckEndpoint.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,22 @@
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</Request>
<Response>healthcheckResponse</Response>
<!-- <HTTPTargetConnection>-->
<!-- <SSLInfo>-->
<!-- <Enabled>true</Enabled>-->
<!-- </SSLInfo>-->
<!-- <LoadBalancer>-->
<!-- <Server name="nhse-tsas-solarch-demo-api" />-->
<!-- </LoadBalancer>-->
<!-- <Path>/_ping</Path>-->
<!-- </HTTPTargetConnection>-->
<HTTPTargetConnection>
{{ HOSTED_TARGET_HEALTHCHECK }}
<URL>http://mocktarget.apigee.net</URL>
<Properties>
<Property name="supports.http10">true</Property>
<Property name="request.retain.headers">User-Agent,Referer,Accept-Language</Property>
<Property name="retain.queryparams">apikey</Property>
</Properties>
</HTTPTargetConnection>
<Timeout>20000</Timeout>
</ServiceCallout>
3 changes: 3 additions & 0 deletions proxies/sandbox/apiproxy/policies/VerifyApiKey.FromHeader.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<VerifyAPIKey async="false" continueOnError="false" enabled="true" name="VerifyApiKey.FromHeader">
<APIKey ref="request.header.apikey"/>
</VerifyAPIKey>
35 changes: 28 additions & 7 deletions proxies/sandbox/apiproxy/proxies/default.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
<ProxyEndpoint name="default">
<PreFlow>
<Request>
<Step>
<Name>FlowCallout.GetEnvironmentKeyValueMapData</Name>
</Step>
</Request>
</PreFlow>

<Flows>
<Flow name="OptionsPreFlight">
<Request/>
Expand All @@ -17,8 +25,7 @@
<Name>AssignMessage.AddPayloadToPing</Name>
</Step>
</Response>
<Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))
</Condition>
<Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
</Flow>
<Flow name="StatusEndpoint">
<Request>
Expand All @@ -38,8 +45,18 @@
<Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))
</Condition>
</Flow>
<Flow name="AddIHEHeaders">
<Description>"Adds a header to inform the back end where the request has been routed from"</Description>
<Request>
<Step>
<Name>AssignMessage.AddCors</Name>
</Step>
</Request>
<Response>
</Response>
<Condition>(proxy.pathsuffix MatchesPath "/mhdspoc/**") and ((request.verb = "GET") or (request.verb = "HEAD") or (request.verb = "POST") or (request.verb = "PUT"))</Condition>
</Flow>
</Flows>
<PreFlow/>
<PostClientFlow name="PostClientFlow">
<Response>
<Step>
Expand All @@ -51,17 +68,21 @@
<BasePath>{{ SERVICE_BASE_PATH }}</BasePath>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="NoRoute">
<Condition>(request.verb = "OPTIONS") and (request.header.origin != null) and (request.header.Access-Control-Request-Method != null)</Condition>
</RouteRule>
<RouteRule name="NoRoutePing">
<Condition>(proxy.pathsuffix MatchesPath "/_ping") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
</RouteRule>
<RouteRule name="NoRouteStatus">
<Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))</Condition>
</RouteRule>
<RouteRule name="NoRoute">
<Condition>(request.verb = "OPTIONS") and (request.header.origin != null) and (request.header.Access-Control-Request-Method != null)</Condition>
<RouteRule name="nhse-tsas-solarch-mhdspoc-api-target">
<TargetEndpoint>tsas-solarch-mhdpoc-api-target</TargetEndpoint>
<Condition>(proxy.pathsuffix MatchesPath "/mhdspoc/**") and ((request.verb = "GET") or (request.verb = "HEAD") or (request.verb = "POST") or (request.verb = "PUT"))</Condition>
</RouteRule>
<RouteRule name="sandbox">
<TargetEndpoint>sandbox</TargetEndpoint>
<RouteRule name="nhse-tsas-solarch-demo-api-target">
<TargetEndpoint>nhse-tsas-solarch-demo-api-target</TargetEndpoint>
</RouteRule>
<DefaultFaultRule>
<Step>
Expand Down
2 changes: 1 addition & 1 deletion proxies/sandbox/apiproxy/proxy.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<APIProxy name="ntsda">
<!-- This is the root of the application -->
<Description>Proxy to a target service.</Description>
<Description>"nhse-tsas-solarch-demo-api"</Description>
</APIProxy>
20 changes: 0 additions & 20 deletions proxies/sandbox/apiproxy/targets/sandbox.xml
View file
Open in desktop

This file was deleted.

57 changes: 57 additions & 0 deletions proxies/sandbox/apiproxy/targets/target.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
<TargetEndpoint name="nhse-tsas-solarch-demo-api-target">
<PreFlow>
<Request>
<!--
<Step>
<Name>VerifyApiKey.FromHeader</Name>
<Condition>request.header.Authorization Is null</Condition>
</Step>
<Step>
<Name>OauthV2.VerifyAccessTokenAppAllLevels</Name>
<Condition>request.header.apikey Is null</Condition>
</Step>
-->
<Step>
<Name>FlowCallout.ApplyRateLimiting</Name>
</Step>
</Request>
</PreFlow>
<FaultRules>
<!--
<FaultRule name="access_token_expired">
<Step>
<Name>ExtractVariables.OAuthErrorFaultString</Name>
</Step>
<Step>
<Name>AssignMessage.OAuthPolicyErrorResponse</Name>
</Step>
<Condition>oauthV2.OauthV2.VerifyAccessToken.failed</Condition>
</FaultRule>
-->
</FaultRules>
<!--
To point to a named target server as this is how it SHOULD be implemented:
For example:
<HTTPTargetConnection>
<SSLInfo>
<Enabled>true</Enabled>
</SSLInfo>
<LoadBalancer>
<Server name="nhse-tsas-solarch-demo-api" />
</LoadBalancer>
</HTTPTargetConnection>
-->
<HTTPTargetConnection>
<Properties>
<Property name="supports.http10">true</Property>
<Property name="request.retain.headers">User-Agent,Referer,Accept-Language</Property>
<Property name="retain.queryparams">apikey</Property>
</Properties>
<SSLInfo>
<Enabled>false</Enabled>
</SSLInfo>
<LoadBalancer>
<Server name="tsas-solarch-demo-api" />
</LoadBalancer>
</HTTPTargetConnection>
</TargetEndpoint>
58 changes: 58 additions & 0 deletions proxies/sandbox/apiproxy/targets/targetmhdspoc.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
<TargetEndpoint name="tsas-solarch-mhdpoc-api-target">
<PreFlow>
<Request>
<!-- No need to authorise access - open access
<Step>
<Name>VerifyApiKey.FromHeader</Name>
<Condition>request.header.Authorization Is null</Condition>
</Step>
<Step>
<Name>OauthV2.VerifyAccessTokenAppAllLevels</Name>
<Condition>request.header.apikey Is null</Condition>
</Step>
-->
<Step>
<Name>FlowCallout.ApplyRateLimiting</Name>
</Step>
</Request>
</PreFlow>
<FaultRules>
<!--
<FaultRule name="access_token_expired">
<Step>
<Name>ExtractVariables.OAuthErrorFaultString</Name>
</Step>
<Step>
<Name>AssignMessage.OAuthPolicyErrorResponse</Name>
</Step>
<Condition>oauthV2.OauthV2.VerifyAccessToken.failed</Condition>
</FaultRule>
-->
</FaultRules>
<!--
To point to a named target server as this is how it SHOULD be implemented:
For example:
<HTTPTargetConnection>
<SSLInfo>
<Enabled>true</Enabled>
</SSLInfo>
<LoadBalancer>
<Server name="nhse-tsas-solarch-demo-api" />
</LoadBalancer>
</HTTPTargetConnection>
-->
<HTTPTargetConnection>
<Properties>
<Property name="supports.http10">true</Property>
<Property name="request.retain.headers">User-Agent,Referer,Accept-Language</Property>
<Property name="retain.queryparams">apikey</Property>
</Properties>
<SSLInfo>
<Enabled>false</Enabled>
</SSLInfo>
<LoadBalancer>
<!-- Back end without TLSMA - hooked up to NRL Sandpit -->
<Server name="tsas-solarch-mhdpoc-api" />
</LoadBalancer>
</HTTPTargetConnection>
</TargetEndpoint>
Loading