Merge pull request #729 from govuk-one-login/OJ-1539-audit

OJ-1539: Replace audit logic with cri-audit and use cri-types

Author: mikebeeby

integration-tests/api-gateway/abandon/abandon-happy.test.ts

@@ -1,5 +1,6 @@
+import { AuditEvent } from "@govuk-one-login/cri-audit";
 import { clearAttemptsTable, clearItemsFromTables, getItemByKey } from "../../resources/dynamodb-helper";
-import { ABANDONED_EVENT_NAME, AuditEvent, baseExpectedEvent, pollForTestHarnessEvents } from "../audit";
+import { ABANDONED_EVENT_NAME, baseExpectedEvent, pollForTestHarnessEvents } from "../audit";
 import {
   abandonEndpoint,
   authorizationEndpoint,

integration-tests/api-gateway/audit.ts

@@ -1,8 +1,9 @@
-import type { AuditEvent } from "../../lambdas/common/src/types/audit";
-import type { UnixSecondsTimestamp } from "../../lambdas/common/src/types/brands";
+import type { UnixSecondsTimestamp, PersonIdentityDateOfBirth, PersonIdentityNamePart} from "@govuk-one-login/cri-types";
 import { unmarshall } from "@aws-sdk/util-dynamodb";
 import { signedFetch } from "../resources/fetch";
 import { pause } from "../resources/util";
+import { Evidence } from "../../lambdas/common/src/types/evidence";
+import { AuditEvent, AuditRestricted } from "@govuk-one-login/cri-audit";
 
 const prefix = "IPV_HMRC_RECORD_CHECK_CRI" as const;
 
@@ -13,7 +14,18 @@ export const VC_ISSUED_EVENT_NAME = `${prefix}_VC_ISSUED`;
 export const END_EVENT_NAME = `${prefix}_END`;
 export const ABANDONED_EVENT_NAME = `${prefix}_ABANDONED`;
 
-export type AuditEventRecord<EventType = AuditEvent> = {
+export interface NinoCheckAuditRestricted extends AuditRestricted {
+	socialSecurityRecord?: { personalNumber: string }[];
+};
+
+export type NinoCheckAuditExtensions = {
+  evidence?:
+    | (Evidence & { attemptNum: number; ciReasons?: { ci: string; reason: string }[] })[]
+    | { txn: string }
+    | [{ context: string }];
+};
+
+export type AuditEventRecord<EventType = AuditEvent<never, never, AuditRestricted>> = {
   partitionKey: `SESSION#${string}`;
   sortKey: `TXMA#${typeof prefix}_${string}#${string}#${string}`;
   event: EventType;
@@ -68,5 +80,3 @@ export function baseExpectedEvent(eventName: string, sessionId: string): AuditEv
     }),
   };
 }
-
-export { AuditEvent };

integration-tests/api-gateway/check/check-lambda-happy.test.ts

@@ -2,13 +2,15 @@ import { ninoCheckEndpoint, createSession, getJarAuthorization } from "../endpoi
 import { clearAttemptsTable, clearItemsFromTables } from "../../resources/dynamodb-helper";
 import { AUDIENCE, NINO } from "../env-variables";
 import {
-  AuditEvent,
+  NinoCheckAuditExtensions,
   baseExpectedEvent,
   pollForTestHarnessEvents,
   REQUEST_SENT_EVENT_NAME,
   RESPONSE_RECEIVED_EVENT_NAME,
+  NinoCheckAuditRestricted,
 } from "../audit";
 import { testUser } from "../user";
+import { AuditEvent } from "@govuk-one-login/cri-audit";
 
 jest.setTimeout(60_000); // 1 min
 
@@ -58,23 +60,26 @@ describe("Given the session and NINO is valid", () => {
 
     const reqSentEvents = await pollForTestHarnessEvents(REQUEST_SENT_EVENT_NAME, sessionId);
     expect(reqSentEvents).toHaveLength(1);
-    expect(reqSentEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestSentAuditEvent: AuditEvent<never, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(REQUEST_SENT_EVENT_NAME, sessionId),
       restricted: {
         birthDate: [{ value: testUser.dob }],
         name: testUser.formattedName,
         socialSecurityRecord: [{ personalNumber: NINO }],
-      },
-    });
+      }
+    };
+    expect(reqSentEvents[0].event).toStrictEqual(expectedRequestSentAuditEvent);
 
     const resReceivedEvents = await pollForTestHarnessEvents(RESPONSE_RECEIVED_EVENT_NAME, sessionId);
     expect(resReceivedEvents).toHaveLength(1);
-    expect(resReceivedEvents[0].event).toStrictEqual<AuditEvent>({
+    const expectedResponseReceivedAuditEvent: AuditEvent<NinoCheckAuditExtensions, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(RESPONSE_RECEIVED_EVENT_NAME, sessionId),
       extensions: {
         evidence: { txn: expect.any(String) },
-      },
-    });
+      }
+    }
+    expect(resReceivedEvents[0].event).toStrictEqual(expectedResponseReceivedAuditEvent);
   });
 
   it("Should receive a 200 response when /check endpoint is called with optional headers", async () => {
@@ -93,21 +98,24 @@ describe("Given the session and NINO is valid", () => {
 
     const reqSentEvents = await pollForTestHarnessEvents(REQUEST_SENT_EVENT_NAME, sessionId);
     expect(reqSentEvents).toHaveLength(1);
-    expect(reqSentEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestSentAuditEvent: AuditEvent<never, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(REQUEST_SENT_EVENT_NAME, sessionId),
       restricted: {
         birthDate: [{ value: testUser.dob }],
         name: testUser.formattedName,
         socialSecurityRecord: [{ personalNumber: NINO }],
         device_information: {
           encoded: "test encoded header",
-        },
-      },
-    });
+        }
+      }
+    }
+    expect(reqSentEvents[0].event).toStrictEqual(expectedRequestSentAuditEvent);
 
     const resReceivedEvents = await pollForTestHarnessEvents(RESPONSE_RECEIVED_EVENT_NAME, sessionId);
     expect(resReceivedEvents).toHaveLength(1);
-    expect(resReceivedEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestReceivedAuditEvent: AuditEvent<NinoCheckAuditExtensions, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(RESPONSE_RECEIVED_EVENT_NAME, sessionId),
       restricted: {
         device_information: {
@@ -116,8 +124,9 @@ describe("Given the session and NINO is valid", () => {
       },
       extensions: {
         evidence: { txn: expect.any(String) },
-      },
-    });
+      }
+    }
+    expect(resReceivedEvents[0].event).toStrictEqual(expectedRequestReceivedAuditEvent);
   });
 
   it("Should request retry when NINo match fails", async () => {
@@ -172,7 +181,8 @@ describe("Given the session and NINO is valid", () => {
 
     const reqSentEvents = await pollForTestHarnessEvents(REQUEST_SENT_EVENT_NAME, sessionId);
     expect(reqSentEvents).toHaveLength(1);
-    expect(reqSentEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestSentAuditEvent: AuditEvent<never, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(REQUEST_SENT_EVENT_NAME, sessionId),
       restricted: {
         birthDate: deceasedPersonSession.birthDate,
@@ -182,11 +192,13 @@ describe("Given the session and NINO is valid", () => {
           encoded: "test encoded header",
         },
       },
-    });
+    }
+    expect(reqSentEvents[0].event).toStrictEqual(expectedRequestSentAuditEvent);
 
     const resReceivedEvents = await pollForTestHarnessEvents(RESPONSE_RECEIVED_EVENT_NAME, sessionId);
     expect(resReceivedEvents).toHaveLength(1);
-    expect(resReceivedEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestReceivedAuditEvent: AuditEvent<NinoCheckAuditExtensions, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(RESPONSE_RECEIVED_EVENT_NAME, sessionId),
       restricted: {
         device_information: {
@@ -195,8 +207,9 @@ describe("Given the session and NINO is valid", () => {
       },
       extensions: {
         evidence: { txn: expect.any(String) },
-      },
-    });
+      }
+    }
+    expect(resReceivedEvents[0].event).toStrictEqual(expectedRequestReceivedAuditEvent);
   });
 
   it("Should receive a 200 response when /check endpoint is called using multiple named user", async () => {
@@ -253,22 +266,26 @@ describe("Given the session and NINO is valid", () => {
 
     const reqSentEvents = await pollForTestHarnessEvents(REQUEST_SENT_EVENT_NAME, sessionId);
     expect(reqSentEvents).toHaveLength(1);
-    expect(reqSentEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestSentAuditEvent: AuditEvent<never, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(REQUEST_SENT_EVENT_NAME, sessionId),
       restricted: {
         birthDate: [{ value: "2000-02-02" }],
         name: multipleNamesSession.name,
         socialSecurityRecord: [{ personalNumber: NINO }],
-      },
-    });
+      }
+    }
+    expect(reqSentEvents[0].event).toStrictEqual(expectedRequestSentAuditEvent);
 
     const resReceivedEvents = await pollForTestHarnessEvents(RESPONSE_RECEIVED_EVENT_NAME, sessionId);
     expect(resReceivedEvents).toHaveLength(1);
-    expect(resReceivedEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestReceivedAuditEvent: AuditEvent<NinoCheckAuditExtensions, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(RESPONSE_RECEIVED_EVENT_NAME, sessionId),
       extensions: {
         evidence: { txn: expect.any(String) },
-      },
-    });
+      }
+    }
+    expect(resReceivedEvents[0].event).toStrictEqual(expectedRequestReceivedAuditEvent);
   });
 });

integration-tests/api-gateway/e2e/e2e-happy-path.test.ts

@@ -5,7 +5,8 @@ import { clearAttemptsTable, clearItemsFromTables } from "../../resources/dynamo
 import { authorizationEndpoint, checkEndpoint, createSession, getJarAuthorization } from "../endpoints";
 import { generatePrivateJwtParams } from "../crypto/private-key-jwt-helper";
 import {
-  AuditEvent,
+  NinoCheckAuditExtensions,
+  NinoCheckAuditRestricted,
   baseExpectedEvent,
   END_EVENT_NAME,
   pollForTestHarnessEvents,
@@ -14,6 +15,7 @@ import {
   START_EVENT_NAME,
   VC_ISSUED_EVENT_NAME,
 } from "../audit";
+import { AuditEvent } from "@govuk-one-login/cri-audit";
 
 let sessionData: Response;
 let authCode: { value: string };
@@ -142,27 +144,32 @@ describe("End to end happy path journey", () => {
 
     const reqSentEvents = await pollForTestHarnessEvents(REQUEST_SENT_EVENT_NAME, sessionId);
     expect(reqSentEvents).toHaveLength(1);
-    expect(reqSentEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestSentAuditEvent: AuditEvent<never, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(REQUEST_SENT_EVENT_NAME, sessionId),
       restricted: {
         birthDate: claimSet.shared_claims.birthDate,
         name: claimSet.shared_claims.name,
         socialSecurityRecord: [{ personalNumber: NINO }],
-      },
-    });
+      }
+    }
+    expect(reqSentEvents[0].event).toStrictEqual(expectedRequestSentAuditEvent);
 
     const resReceivedEvents = await pollForTestHarnessEvents(RESPONSE_RECEIVED_EVENT_NAME, sessionId);
     expect(resReceivedEvents).toHaveLength(1);
-    expect(resReceivedEvents[0].event).toStrictEqual<AuditEvent>({
+
+    const expectedRequestReceivedAuditEvent: AuditEvent<NinoCheckAuditExtensions, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(RESPONSE_RECEIVED_EVENT_NAME, sessionId),
       extensions: {
         evidence: { txn: expect.any(String) },
-      },
-    });
+      }
+    }
+    expect(resReceivedEvents[0].event).toStrictEqual(expectedRequestReceivedAuditEvent);
 
     const vcIssuedEvents = await pollForTestHarnessEvents(VC_ISSUED_EVENT_NAME, sessionId);
     expect(vcIssuedEvents).toHaveLength(1);
-    expect(vcIssuedEvents[0].event).toEqual<AuditEvent>({
+
+    const expectedVCIssuedAuditEvent: AuditEvent<NinoCheckAuditExtensions, never, NinoCheckAuditRestricted> = {
       ...baseExpectedEvent(VC_ISSUED_EVENT_NAME, sessionId),
       restricted: {
         birthDate: claimSet.shared_claims.birthDate,
@@ -180,8 +187,9 @@ describe("End to end happy path journey", () => {
             attemptNum: 1,
           },
         ],
-      },
-    });
+      }
+    }
+    expect(vcIssuedEvents[0].event).toEqual(expectedVCIssuedAuditEvent);
 
     const endEvents = await pollForTestHarnessEvents(END_EVENT_NAME, sessionId);
     expect(endEvents).toHaveLength(1);

integration-tests/package.json

@@ -12,13 +12,14 @@
     "compile": "tsc"
   },
   "devDependencies": {
-    "@aws-sdk/client-cloudformation": "3.828.0",
-    "@aws-sdk/client-kms": "3.828.0",
-    "@aws-sdk/client-secrets-manager": "3.828.0",
-    "@aws-sdk/client-sqs": "3.828.0",
-    "@aws-sdk/client-ssm": "3.828.0",
-    "@aws-sdk/lib-dynamodb": "3.828.0",
-    "@aws-sdk/util-dynamodb": "3.828.0",
+    "@aws-sdk/client-cloudformation": "3.934.0",
+    "@aws-sdk/client-dynamodb": "3.934.0",
+    "@aws-sdk/client-kms": "3.934.0",
+    "@aws-sdk/client-secrets-manager": "3.934.0",
+    "@aws-sdk/client-sqs": "3.934.0",
+    "@aws-sdk/client-ssm": "3.934.0",
+    "@aws-sdk/lib-dynamodb": "3.934.0",
+    "@aws-sdk/util-dynamodb": "3.934.0",
     "@pact-foundation/pact": "16.0.0",
     "@types/express": "4.17.21",
     "@types/uuid": "9.0.8",
@@ -31,7 +32,7 @@
     "wait-on": "8.0.3"
   },
   "dependencies": {
-    "@aws-sdk/credential-providers": "3.828.0",
+    "@aws-sdk/credential-providers": "3.934.0",
     "aws-sigv4-fetch": "4.4.1"
   },
   "overrides": {

lambdas/abandon/src/abandon-handler.ts

@@ -5,10 +5,10 @@ import { AbandonHandlerConfig } from "./config/abandon-handler-config";
 import { removeAuthCodeFromSessionRecord } from "./services/abandon-dynamo-service";
 import { CriError } from "../../common/src/errors/cri-error";
 import { handleErrorResponse } from "../../common/src/errors/cri-error-response";
+import { buildAndSendAuditEvent } from "@govuk-one-login/cri-audit";
 import { logger } from "@govuk-one-login/cri-logger";
 import { getSessionBySessionId } from "../../common/src/database/get-record-by-session-id";
-import { sendAuditEvent } from "../../common/src/util/audit";
-import { ABANDONED } from "../../common/src/types/audit";
+import { AUDIT_EVENT_TYPE } from "../../common/src/types/audit";
 
 initOpenTelemetry();
 
@@ -44,7 +44,7 @@ export class AbandonHandler implements LambdaInterface {
             restricted: { device_information: { encoded: txmaAuditHeader } },
           }
         : undefined;
-      await sendAuditEvent(ABANDONED, this.config.audit, sessionItem, txmaAuditValue);
+      await buildAndSendAuditEvent(this.config.audit.queueUrl, AUDIT_EVENT_TYPE.ABANDONED, this.config.audit.componentId, sessionItem, txmaAuditValue);
 
       return {
         statusCode: 200,

lambdas/abandon/tests/abandon-handler.test.ts

@@ -13,8 +13,8 @@ process.env.AUDIT_QUEUE_URL = "cool-queuez.com";
 process.env.AUDIT_COMPONENT_ID = "https://check-hmrc-time.account.gov.uk";
 import { AbandonHandler } from "../src/abandon-handler";
 
-jest.mock("../../common/src/util/audit");
-import { sendAuditEvent } from "../../common/src/util/audit";
+jest.mock("@govuk-one-login/cri-audit");
+import { buildAndSendAuditEvent } from "@govuk-one-login/cri-audit";
 
 const auditConfig = {
   queueUrl: "cool-queuez.com",
@@ -84,9 +84,10 @@ describe("abandon-handler", () => {
       TableName: "session-table",
       UpdateExpression: "SET authorizationCodeExpiryDate = :expiry REMOVE authorizationCode",
     });
-    expect(sendAuditEvent).toHaveBeenCalledWith(
-      "ABANDONED",
-      auditConfig,
+    expect(buildAndSendAuditEvent).toHaveBeenCalledWith(
+      auditConfig.queueUrl,
+      "IPV_HMRC_RECORD_CHECK_CRI_ABANDONED",
+      auditConfig.componentId,
       {
         sessionId: "session-123",
         clientSessionId: "gov-123",
@@ -137,9 +138,10 @@ describe("abandon-handler", () => {
     const result = await abandonHandler.handler(event, {} as Context);
 
     expect(result.statusCode).toEqual(200);
-    expect(sendAuditEvent).toHaveBeenCalledWith(
-      "ABANDONED",
-      auditConfig,
+    expect(buildAndSendAuditEvent).toHaveBeenCalledWith(
+      auditConfig.queueUrl,
+      "IPV_HMRC_RECORD_CHECK_CRI_ABANDONED",
+      auditConfig.componentId,
       {
         sessionId: "session-123",
         clientSessionId: "gov-123",
@@ -270,7 +272,7 @@ describe("abandon-handler", () => {
       Count: 1,
     });
     ddbMock.on(UpdateItemCommand).resolves({});
-    (sendAuditEvent as jest.Mock).mockRejectedValue(new Error("Audit failed"));
+    (buildAndSendAuditEvent as jest.Mock).mockRejectedValue(new Error("Audit failed"));
 
     const event = {
       body: JSON.stringify({}),

lambdas/common/package.json

@@ -11,7 +11,7 @@
     "compile": "tsc"
   },
   "dependencies": {
-    "@aws-sdk/util-dynamodb": "3.828.0"
+    "@aws-sdk/util-dynamodb": "3.934.0"
   },
   "devDependencies": {
     "@aws-lambda-powertools/logger": "2.28.1",