Open
Conversation
Vox-Ben
force-pushed
the
feature/GPCAPIM-287-orange_box
branch
from
e8c4acd to
335eb79
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enables the gateway-api to construct and send GP Connect Access Record Structured requests that the Orange Box GP Connect demonstrator accepts, including updated stub data to “trigger” the Orange Box path and updated JWT claim structures/validation.
Changes:
- Added stub SDS/PDS data (ODS/ASID/endpoint + patient) to route a specific NHS number to the Orange Box demonstrator.
- Updated clinical JWT claim modeling (Device/Practitioner/Organization as dict payloads) and introduced a JWTValidator with unit tests.
- Updated the GP provider client request URL path/headers and expanded error diagnostics (behind
CDG_DEBUG), plus corresponding test updates and a new call script.
Reviewed changes
Copilot reviewed 24 out of 25 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| gateway-api/stubs/stubs/sds/stub.py | Adds dummy ODS/ASID/device + Orange Box endpoint seed data for SDS stub responses. |
| gateway-api/stubs/stubs/provider/stub.py | Adds strict header + JWT validation for stubbed provider access_record_structured handling. |
| gateway-api/stubs/stubs/pds/stub.py | Adds a test NHS number mapping to the new Orange Box trigger patient. |
| gateway-api/stubs/stubs/data/patients/patients.py | Registers the new Orange Box trigger patient fixture. |
| gateway-api/stubs/stubs/data/patients/orange_box_trigger_9690937278.json | Adds a Patient resource used to route to Orange Box via GP ODS. |
| gateway-api/src/gateway_api/test_controller.py | Updates controller JWT claim assertions to match new dict-based organization claim. |
| gateway-api/src/gateway_api/provider/test_client.py | Updates provider client tests for new endpoint path, headers, and stub signature. |
| gateway-api/src/gateway_api/provider/client.py | Changes provider endpoint path handling, content-type headers, and error reporting. |
| gateway-api/src/gateway_api/controller.py | Updates JWT generation to use dict claim objects (Device/Practitioner/Organization). |
| gateway-api/src/gateway_api/conftest.py | Adds a shared valid_jwt fixture for validator/client tests. |
| gateway-api/src/gateway_api/common/error.py | Introduces JWTValidationError for claim validation failures. |
| gateway-api/src/gateway_api/common/common.py | Adds get_http_text() helper for HTTP status phrase lookup. |
| gateway-api/src/gateway_api/clinical_jwt/validator.py | New JWTValidator implementing claim structure/timestamp validation. |
| gateway-api/src/gateway_api/clinical_jwt/test_validator.py | New unit tests for JWTValidator behavior. |
| gateway-api/src/gateway_api/clinical_jwt/test_practitioner.py | Updates Practitioner tests to use to_dict() output. |
| gateway-api/src/gateway_api/clinical_jwt/test_jwt.py | Updates JWT tests for dict-based claims and default algorithm behavior. |
| gateway-api/src/gateway_api/clinical_jwt/test_device.py | Updates Device tests to use to_dict() output. |
| gateway-api/src/gateway_api/clinical_jwt/practitioner.py | Refactors Practitioner to emit structured dict payloads (no JSON string building). |
| gateway-api/src/gateway_api/clinical_jwt/organization.py | Adds Organization claim model emitting dict payloads. |
| gateway-api/src/gateway_api/clinical_jwt/jwt.py | Changes JWT claim field types to dict payloads and sets default algorithm to none. |
| gateway-api/src/gateway_api/clinical_jwt/device.py | Refactors Device to emit structured dict payloads (no JSON string building). |
| gateway-api/src/gateway_api/clinical_jwt/init.py | Exposes Organization and JWTValidator from the clinical_jwt package. |
| gateway-api/scripts/call_gateway.py | Adds a CLI script for calling the gateway’s getstructuredrecord endpoint. |
| gateway-api/poetry.lock | Updates lockfile metadata (Poetry version and content hash). |
| Makefile | Passes stub/debug env vars into the docker container on make deploy. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gateway-api/stubs/stubs/data/patients/orange_box_trigger_9690937278.json
Show resolved
Hide resolved
Contributor
The gateway api container has the |
Vox-Ben
force-pushed
the
feature/GPCAPIM-287-orange_box
branch
from
9456e81 to
c56c3d1
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 35 out of 37 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
✅ Trivy gate: no Critical/High issues. Trivy IaC (Terraform) Summary
Findings (top 50)
|
|
✅ Trivy gate: no Critical/High vulnerabilities. Trivy Image Scan SummaryImage: 900119715266.dkr.ecr.eu-west-2.amazonaws.com/whoami:feature-gpcapim-287-orange-box
Findings (top 50)
|
|
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 35 out of 37 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+7
to
+13
| # Install required certificates for dev machines and upgrade packages. | ||
| RUN cp -r /resources/dev-certificates/* /usr/local/share/ca-certificates/; \ | ||
| update-ca-certificates; \ | ||
| cp -r /resources/dev-certificates/* /etc/ssl/certs/; \ | ||
| apk upgrade --no-cache; \ | ||
| addgroup -S nonroot; \ | ||
| adduser -S gateway_api_user -G nonroot |
|
|
||
| endpoint_path = "/".join([ARS_FHIR_BASE, FHIR_RESOURCE, ARS_FHIR_OPERATION]) | ||
| url = urljoin(self.provider_endpoint, endpoint_path) | ||
| url = urljoin(self.provider_endpoint, self.endpoint_path) |
Comment on lines
+74
to
+103
| def validate_device(device: dict[str, Any]) -> None: | ||
| """ | ||
| Validate JWT requesting_device structure. | ||
|
|
||
| Raises: | ||
| JWTValidationError: If device structure is invalid. | ||
| """ | ||
| device_errors = [] | ||
| if device.get("resourceType") != "Device": | ||
| device_errors.append("resourceType must be 'Device'") | ||
| if not device.get("identifier") or not isinstance( | ||
| device.get("identifier"), list | ||
| ): | ||
| device_errors.append("Device identifier must be a non-empty list") | ||
| else: | ||
| identifier = device["identifier"][0] | ||
| if not identifier.get("system"): | ||
| device_errors.append("identifier[0].system is required") | ||
| if not identifier.get("value"): | ||
| device_errors.append("identifier[0].value is required") | ||
| if not device.get("model"): | ||
| device_errors.append("model is required") | ||
| if not device.get("version"): | ||
| device_errors.append("version is required") | ||
|
|
||
| if device_errors: | ||
| raise JWTValidationError( | ||
| error_details=f"Invalid requesting_device: {', '.join(device_errors)}" | ||
| ) | ||
|
|
|
Deployment Complete
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR permits CDG to call the Orange Box GP Connect demonstrator
Note that it includes a call script. To call the orange box.
$STUB_PROVIDER=falsein your terminal$BASE_URL=http://gateway-api:8080in your terminalmake deploycd gateway-apipython src/scripts/call_gateway.py 9690937278To revert to using the stub, repeat the above but
unset STUB_PROVIDERbefore doing make deploy.Context
This demonstrates that we can build a request that is acceptable to the Orange Box demonstrator for GP Connect and return the response that we get.
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.