Fix: [AEA-5026] - create test for signing algorithm (#242)

## Summary

- Routine Change

### Details

- create test for signing algorithm
- use different credentials for different api products
- skip some validator tests until supplier has upgraded and we can
release new validator
- remove separate sha1 tests and have sceanario outlines to run tests
with different apps

.github/workflows/regression_tests.yml

@@ -37,11 +37,6 @@ on:
         description: 'The github tag to run the test pack from'
         required: false
         default: "main"
-      run_sha1_tests:
-        description: whether to also run against a sha1 enabled apigee app
-        required: false
-        type: boolean
-        default: false
 
 jobs:
   regression_tests:
@@ -64,6 +59,22 @@ jobs:
           echo run identifier "$ID"-"$PRODUCT"-"$ENV"-"$PULL_REQUEST_ID"
           echo run identifier "$ID"-"$PRODUCT"-"$ENV"-"$PULL_REQUEST_ID"  >> "$GITHUB_STEP_SUMMARY"
 
+      - name: show_input_parameters
+        env:
+          tags: ${{ inputs.tags }}
+          environment: ${{ inputs.environment }}
+          product: ${{ inputs.product }}
+          id: ${{ inputs.id }}
+          pull_request_id: ${{ inputs.pull_request_id }}
+          github_tag: ${{ inputs.github_tag }}
+        run: |
+          echo "tags: ${tags}"
+          echo "environment: ${environment}"
+          echo "product: ${product}"
+          echo "id: ${id}"
+          echo "pull_request_id: ${pull_request_id}"
+          echo "github_tag: ${github_tag}"
+
       # using git commit sha for version of action to ensure we have stable version
       - name: Install asdf
         uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
@@ -103,41 +114,39 @@ jobs:
           ENVIRONMENT: ${{ inputs.environment }}
           PULL_REQUEST_ID: ${{ inputs.pull_request_id }}
           TAGS: ${{ inputs.tags }}
-          CLIENT_ID: ${{ secrets.CLIENT_ID }}
-          CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
-          CERTIFICATE: ${{ secrets.CERTIFICATE }}
-          PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
-          JWT_KID: ${{ secrets.JWT_KID }}
-          JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
-        run: |
-            export CLIENT_ID="$CLIENT_ID"
-            export CLIENT_SECRET="$CLIENT_SECRET"
-            export CERTIFICATE="$CERTIFICATE"
-            export PRIVATE_KEY="$PRIVATE_KEY"
-            export JWT_KID="$JWT_KID"
-            export JWT_PRIVATE_KEY="$JWT_PRIVATE_KEY"
-            export PULL_REQUEST_ID="$PULL_REQUEST_ID"
-            echo Pull request ID = "$PULL_REQUEST_ID"
-            poetry run python ./runner.py --env="$ENVIRONMENT" --product="$PRODUCT" --tags="$TAGS"
-
-      - name: SHA1 Regression Tests
-        id: sha1_tests
-        continue-on-error: true
-        if: inputs.run_sha1_tests == true
-        env:
-          PRODUCT: ${{ inputs.product }}
-          ENVIRONMENT: ${{ inputs.environment }}
-          PULL_REQUEST_ID: ${{ inputs.pull_request_id }}
-          TAGS: ${{ inputs.tags }}
-          CLIENT_ID: ${{ secrets.SHA1_CLIENT_ID }}
-          CLIENT_SECRET: ${{ secrets.SHA1_CLIENT_SECRET }}
+          EPS_FHIR_CLIENT_ID: ${{ secrets.EPS_FHIR_CLIENT_ID }}
+          EPS_FHIR_CLIENT_SECRET: ${{ secrets.EPS_FHIR_CLIENT_SECRET }}
+          EPS_FHIR_SHA1_CLIENT_ID: ${{ secrets.EPS_FHIR_SHA1_CLIENT_ID }}
+          EPS_FHIR_SHA1_CLIENT_SECRET: ${{ secrets.EPS_FHIR_SHA1_CLIENT_SECRET }}
+          EPS_FHIR_PRESCRIBING_CLIENT_ID: ${{ secrets.EPS_FHIR_PRESCRIBING_CLIENT_ID }}
+          EPS_FHIR_PRESCRIBING_CLIENT_SECRET: ${{ secrets.EPS_FHIR_PRESCRIBING_CLIENT_SECRET }}
+          EPS_FHIR_PRESCRIBING_SHA1_CLIENT_ID: ${{ secrets.EPS_FHIR_PRESCRIBING_SHA1_CLIENT_ID }}
+          EPS_FHIR_PRESCRIBING_SHA1_CLIENT_SECRET: ${{ secrets.EPS_FHIR_PRESCRIBING_SHA1_CLIENT_SECRET }}
+          EPS_FHIR_DISPENSING_CLIENT_ID: ${{ secrets.EPS_FHIR_DISPENSING_CLIENT_ID }}
+          EPS_FHIR_DISPENSING_CLIENT_SECRET: ${{ secrets.EPS_FHIR_DISPENSING_CLIENT_SECRET }}
+          PFP_CLIENT_ID: ${{ secrets.PFP_CLIENT_ID }}
+          PFP_CLIENT_SECRET: ${{ secrets.PFP_CLIENT_SECRET }}
+          PSU_CLIENT_ID: ${{ secrets.PSU_CLIENT_ID }}
+          PSU_CLIENT_SECRET: ${{ secrets.PSU_CLIENT_SECRET }}
           CERTIFICATE: ${{ secrets.CERTIFICATE }}
           PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
           JWT_KID: ${{ secrets.JWT_KID }}
           JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
         run: |
-            export CLIENT_ID="$CLIENT_ID"
-            export CLIENT_SECRET="$CLIENT_SECRET"
+            export EPS_FHIR_CLIENT_ID="$EPS_FHIR_CLIENT_ID"
+            export EPS_FHIR_CLIENT_SECRET="$EPS_FHIR_CLIENT_SECRET"
+            export EPS_FHIR_SHA1_CLIENT_ID="$EPS_FHIR_SHA1_CLIENT_ID"
+            export EPS_FHIR_SHA1_CLIENT_SECRET="$EPS_FHIR_SHA1_CLIENT_SECRET"
+            export EPS_FHIR_PRESCRIBING_CLIENT_ID="$EPS_FHIR_PRESCRIBING_CLIENT_ID"
+            export EPS_FHIR_PRESCRIBING_CLIENT_SECRET="$EPS_FHIR_PRESCRIBING_CLIENT_SECRET"
+            export EPS_FHIR_PRESCRIBING_SHA1_CLIENT_ID="$EPS_FHIR_PRESCRIBING_SHA1_CLIENT_ID"
+            export EPS_FHIR_PRESCRIBING_SHA1_CLIENT_SECRET="$EPS_FHIR_PRESCRIBING_SHA1_CLIENT_SECRET"
+            export EPS_FHIR_DISPENSING_CLIENT_ID="$EPS_FHIR_DISPENSING_CLIENT_ID"
+            export EPS_FHIR_DISPENSING_CLIENT_SECRET="$EPS_FHIR_DISPENSING_CLIENT_SECRET"
+            export PFP_CLIENT_ID="$PFP_CLIENT_ID"
+            export PFP_CLIENT_SECRET="$PFP_CLIENT_SECRET"
+            export PSU_CLIENT_ID="$PSU_CLIENT_ID"
+            export PSU_CLIENT_SECRET="$PSU_CLIENT_SECRET"
             export CERTIFICATE="$CERTIFICATE"
             export PRIVATE_KEY="$PRIVATE_KEY"
             export JWT_KID="$JWT_KID"
@@ -163,7 +172,7 @@ jobs:
           repositories: "electronic-prescription-service-api-regression-tests,eps-test-reports"
 
       - name: Report failure on test failure
-        if: steps.tests.outcome != 'success' || ( steps.sha1_tests.outcome != 'success' && steps.sha1_tests.outcome != 'skipped' )
+        if: steps.tests.outcome != 'success'
         run: |
           poetry run python scripts/send_test_results.py --token=${{ steps.generate-token.outputs.token }} --run_id ${{GITHUB.RUN_ID}}
           echo The regression tests step failed, this likely means there are test failures.

features/environment.py

@@ -49,6 +49,36 @@
     "SANDBOX": f".sandbox.dev{AWS_BASE_URL}",
 }
 
+APIGEE_APPS = {
+    "EPS-FHIR": {
+        "client_id": os.getenv("EPS_FHIR_CLIENT_ID"),
+        "client_secret": os.getenv("EPS_FHIR_CLIENT_SECRET"),
+    },
+    "EPS-FHIR-SHA1": {
+        "client_id": os.getenv("EPS_FHIR_SHA1_CLIENT_ID"),
+        "client_secret": os.getenv("EPS_FHIR_SHA1_CLIENT_SECRET"),
+    },
+    "EPS-FHIR-PRESCRIBING": {
+        "client_id": os.getenv("EPS_FHIR_PRESCRIBING_CLIENT_ID"),
+        "client_secret": os.getenv("EPS_FHIR_PRESCRIBING_CLIENT_SECRET"),
+    },
+    "EPS-FHIR-PRESCRIBING-SHA1": {
+        "client_id": os.getenv("EPS_FHIR_PRESCRIBING_SHA1_CLIENT_ID"),
+        "client_secret": os.getenv("EPS_FHIR_PRESCRIBING_SHA1_CLIENT_SECRET"),
+    },
+    "EPS-FHIR-DISPENSING": {
+        "client_id": os.getenv("EPS_FHIR_DISPENSING_CLIENT_ID"),
+        "client_secret": os.getenv("EPS_FHIR_DISPENSING_CLIENT_SECRET"),
+    },
+    "PFP-APIGEE": {
+        "client_id": os.getenv("PFP_CLIENT_ID"),
+        "client_secret": os.getenv("PFP_CLIENT_SECRET"),
+    },
+    "PSU": {
+        "client_id": os.getenv("PSU_CLIENT_ID"),
+        "client_secret": os.getenv("PSU_CLIENT_SECRET"),
+    },
+}
 CIS2_USERS = {
     "prescriber": {"user_id": "656005750107", "role_id": "555254242105"},
     "dispenser": {"user_id": "555260695103", "role_id": "555265434108"},
@@ -79,8 +109,6 @@
 
 CERTIFICATE = os.getenv("CERTIFICATE")
 PRIVATE_KEY = os.getenv("PRIVATE_KEY")
-CLIENT_ID = os.getenv("CLIENT_ID")
-CLIENT_SECRET = os.getenv("CLIENT_SECRET")
 PULL_REQUEST_ID = os.getenv("PULL_REQUEST_ID")
 JWT_PRIVATE_KEY = os.getenv("JWT_PRIVATE_KEY")
 JWT_KID = os.getenv("JWT_KID")
@@ -108,7 +136,24 @@ def count_of_scenarios_to_run(context):
     return total_scenarios
 
 
+def before_feature(context, feature):
+    if "skip" in feature.tags:
+        feature.skip("Marked with @skip")
+        return
+    environment = context.config.userdata["env"].lower()
+    if "skip-sandbox" in feature.tags and "sandbox" in environment:
+        feature.skip("Marked with @skip-sandbox")
+        return
+
+
 def before_scenario(context, scenario):
+    if "skip" in scenario.effective_tags:
+        scenario.skip("Marked with @skip")
+        return
+    environment = context.config.userdata["env"].lower()
+    if "skip-sandbox" in scenario.effective_tags and "sandbox" in environment:
+        scenario.skip("Marked with @skip-sandbox")
+        return
     product = context.config.userdata["product"].upper()
     if product == "CPTS-UI":
         global _playwright
@@ -120,9 +165,11 @@ def before_scenario(context, scenario):
 
 
 def after_scenario(context, scenario):
-    if context.page is not None:
-        global _page
-        _page.close()
+    product = context.config.userdata["product"].upper()
+    if product == "CPTS-UI":
+        if context.page is not None:
+            global _page
+            _page.close()
 
 
 def before_all(context):

features/eps_fhir/cancel_prescriptions.feature

@@ -2,9 +2,13 @@
 @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-3869
 Feature: I can cancel prescriptions
 
-  Scenario: I can cancel a prescription
-    Given I am an authorised prescriber
+  Scenario Outline: I can cancel a prescription
+    Given I am an authorised prescriber with <App> app
     And I successfully prepare and sign a non-nominated prescription
     When I cancel all line items on the prescription
     Then the response indicates a success
     And the response body indicates a successful cancel action
+    Examples:
+      | App           |
+      | EPS-FHIR      |
+      | EPS-FHIR-SHA1 |

features/eps_fhir/create_prescriptions.feature

@@ -3,13 +3,27 @@
 Feature: I can create prescriptions
 
   Scenario Outline: I can create, sign and release a prescription
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with <App> app
     And I successfully prepare and sign a <Type> prescription
-    When I am an authorised dispenser
+    When I am an authorised dispenser with EPS-FHIR app
     And I release the prescription
     Then the response indicates a success
     And the response body indicates a successful release action
     Examples:
-      | Type          |
-      | nominated     |
-      | non-nominated |
+      | Type          | App           |
+      | nominated     | EPS-FHIR      |
+      | non-nominated | EPS-FHIR      |
+      | nominated     | EPS-FHIR-SHA1 |
+      | non-nominated | EPS-FHIR-SHA1 |
+
+  @skip-sandbox
+  Scenario: I can create a prescription with sha256
+    Given I am an authorised prescriber with EPS-FHIR app
+    And I successfully prepare a nominated prescription
+    Then the signing algorithm is RS256
+
+  @skip-sandbox
+  Scenario: I can create a prescription with sha1
+    Given I am an authorised prescriber with EPS-FHIR-SHA1 app
+    And I successfully prepare a nominated prescription
+    Then the signing algorithm is RS1

features/eps_fhir/dispense_prescriptions.feature

@@ -3,22 +3,22 @@ Feature: I can dispense prescriptions
 
   @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-3865
   Scenario: I can dispense a prescription
-    Given a prescription has been created and released
+    Given a prescription has been created and released using apim apis
     When I dispense the prescription
     Then the response indicates a success
     And the response body indicates a successful dispense action
 
   @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-3868
   Scenario: I can amend a single dispense notification
-    Given a new prescription has been dispensed
+    Given a new prescription has been dispensed using apim apis
     When I amend the dispense notification
     Then the response indicates a success
     And the response body indicates a successful amend dispense action
 
   @withdraw
   @allure.tms:https://nhsd-jira.digital.nhs.uk/browse/AEA-3867
   Scenario: I can withdraw a dispense notification
-    Given a new prescription has been dispensed
+    Given a new prescription has been dispensed using apim apis
     When I withdraw the dispense notification
     Then the response indicates a success
     And the response body indicates a successful dispense withdrawal action

features/eps_fhir/return_prescriptions.feature

@@ -3,7 +3,7 @@
 Feature: I can return prescriptions
 
   Scenario: I can return a prescription
-    Given a prescription has been created and released
+    Given a prescription has been created and released using apim apis
     When I return the prescription
     Then the response indicates a success
     And the response body indicates a successful return action

features/eps_fhir/validator.feature

@@ -4,57 +4,62 @@
 Feature: I can call the validator endpoint
 
   Scenario: I can call the validator endpoint with valid fhir with x-show-validation-warnings set to false
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a valid request to the eps_fhir validator endpoint with show validation set to false
     Then the response indicates a success
     And the validator response has 1 information issue
 
   Scenario: I can call the validator endpoint with valid fhir with x-show-validation-warnings set to true
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a valid request to the eps_fhir validator endpoint with show validation set to true
     Then the response indicates a bad request
     And the validator response has many information issue
     And the validator response has 0 error issue
 
   Scenario: I can call the validator endpoint with valid fhir with x-show-validation-warnings set to unset
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a valid request to the eps_fhir validator endpoint with show validation set to unset
     Then the response indicates a success
     And the validator response has 1 information issue
 
   Scenario: I can call the validator endpoint with invalid fhir
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a invalid request to the eps_fhir validator endpoint with show validation set to false
     Then the response indicates a bad request
     And the validator response has many error issue
     And the validator response has error with diagnostic containing Failed to parse JSON encoded FHIR content
 
+  @skip
   Scenario: I can call the validator endpoint with missing dosage instructions message
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a request with file missing_dosage_instructions/request.json to the eps_fhir validator endpoint
     Then the response indicates a bad request
     And the validator response matches missing_dosage_instructions/response.json
 
+  @skip
   Scenario: I can call the validator endpoint with missing dispense request quantity message
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a request with file missing_dispense_request_quantity/request.json to the eps_fhir validator endpoint
     Then the response indicates a bad request
     And the validator response matches missing_dispense_request_quantity/response.json
 
+  @skip
   Scenario: I can call the validator endpoint with missing medication message
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a request with file missing_medication/request.json to the eps_fhir validator endpoint
     Then the response indicates a bad request
     And the validator response matches missing_medication/response.json
 
+  @skip
   Scenario: I can call the validator endpoint with too many medication requests message
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a request with file too_many_medication_requests/request.json to the eps_fhir validator endpoint
     Then the response indicates a bad request
     And the validator response matches too_many_medication_requests/response.json
 
+  @skip
   Scenario: I can call the validator endpoint with unknown endorsement message
-    Given I am an authorised prescriber
+    Given I am an authorised prescriber with EPS-FHIR app
     When I make a request with file unknown_endorsement/request.json to the eps_fhir validator endpoint
     Then the response indicates a bad request
     And the validator response matches unknown_endorsement/response.json

features/eps_fhir_dispensing/dispense_prescriptions.feature

@@ -4,21 +4,21 @@ Feature: I can dispense prescriptions
 
   @dispense
   Scenario: I can dispense a prescription
-    Given a prescription has been created and released
+    Given a prescription has been created and released using proxygen apis
     When I dispense the prescription
     Then the response indicates a success
     And the response body indicates a successful dispense action
 
   @amend
   Scenario: I can amend a single dispense notification
-    Given a new prescription has been dispensed
+    Given a new prescription has been dispensed using proxygen apis
     When I amend the dispense notification
     Then the response indicates a success
     And the response body indicates a successful amend dispense action
 
   @withdraw
   Scenario: I can withdraw a dispense notification
-    Given a new prescription has been dispensed
+    Given a new prescription has been dispensed using proxygen apis
     When I withdraw the dispense notification
     Then the response indicates a success
     And the response body indicates a successful dispense withdrawal action

features/eps_fhir_dispensing/return_prescriptions.feature

@@ -3,7 +3,7 @@
 Feature: I can return prescriptions
 
   Scenario: I can return a prescription
-    Given a prescription has been created and released
+    Given a prescription has been created and released using proxygen apis
     When I return the prescription
     Then the response indicates a success
     And the response body indicates a successful return action