This is the project which contains the code for the consignment export authoriser
The infrastructure for the export, is defined in the terraform repository.
- The front end makes a request to the api gateway with the user's token
- A lambda authorises the request using the consignment api to check the token
- Api gateway triggers a step function
- The step function triggers an ECS task which runs the code in this repository.
This is the code for the second step. It does the following:
- Gets the token from the request and the consignment ID from the path
- Calls the API with the token. If the consignment is returned then the user is authorised and Allow is returned, otherwise Deny is returned.
The environment variables in the deployed lambda are encrypted using KMS and then base64 encoded. These are then decoded in the lambda. Because of this, any variables in src/test/resources/application.conf
which come from environment variables in src/main/resources/application.conf
need to be stored base64 encoded. There are comments next to each variable to say what the base64 string decodes to. If you want to add a new variable you can run echo -n "value of variable" | base64 -w 0
and paste the output into the test application.conf
Only values in the test application.conf which come from environment variables in main application.conf need to be base64 encoded.For example, migrations-user
is hard coded in main application.conf and so can be hard coded in test application.conf
Set the following environment variables:
AWS_LAMBDA_FUNCTION_NAME
: any valueCONSIGNMENT_ID
: the ID of a consignment on integrationACCESS_TOKEN
: a valid access token for integration belonging to a user who has permission to access the consignment
Run the LambdaRunner
app from IntelliJ, or with sbt run
on the command line.