Add upsert lambda

.devcontainer/devcontainer.json

@@ -83,7 +83,8 @@
   },
   "mounts": [
     "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
-    "source=${localEnv:HOME}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached"
+    "source=${localEnv:HOME}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.npmrc,target=/home/vscode/.npmrc,type=bind,consistency=cached"
   ],
   "name": "Devcontainer",
   "postCreateCommand": "scripts/devcontainer/postcreatecommand.sh"

.github/workflows/stage-1-commit.yaml

@@ -72,7 +72,7 @@ jobs:
     needs: detect-terraform-changes
     if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
     permissions:
-        contents: write
+      contents: write
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
@@ -164,8 +164,6 @@ jobs:
           registry-url: 'https://npm.pkg.github.com'
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@v4
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy Scan"
         uses: ./.github/actions/trivy
   count-lines-of-code:
@@ -288,7 +286,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: ${{ inputs.nodejs_version }}
-          registry-url: 'https://npm.pkg.github.com'
+          registry-url: "https://npm.pkg.github.com"
 
       - name: check if local version differs from latest published version
         id: check-version

.github/workflows/stage-2-test.yaml

@@ -38,7 +38,7 @@ env:
 
 permissions:
   id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
+  contents: read # This is required for actions/checkout
   packages: read # This is required for downloading from GitHub Package Registry
 
 jobs:
@@ -49,6 +49,11 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.nodejs_version }}
+          registry-url: "https://npm.pkg.github.com"
       - name: "Cache node_modules"
         uses: actions/cache@v4
         with:
@@ -73,6 +78,11 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.nodejs_version }}
+          registry-url: "https://npm.pkg.github.com"
       - name: "Cache node_modules"
         uses: actions/cache@v4
         with:
@@ -142,6 +152,11 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.nodejs_version }}
+          registry-url: "https://npm.pkg.github.com"
       - name: "Cache node_modules"
         uses: actions/cache@v4
         with:
@@ -168,6 +183,11 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v5
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.nodejs_version }}
+          registry-url: "https://npm.pkg.github.com"
       - name: "Cache node_modules"
         uses: actions/cache@v4
         with:

infrastructure/terraform/components/api/README.md

@@ -12,6 +12,8 @@ No requirements.
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_ca_pem_filename"></a> [ca\_pem\_filename](#input\_ca\_pem\_filename) | Filename for the CA truststore file within the s3 bucket | `string` | `null` | no |
 | <a name="input_component"></a> [component](#input\_component) | The variable encapsulating the name of this component | `string` | `"supapi"` | no |
+| <a name="input_core_account_id"></a> [core\_account\_id](#input\_core\_account\_id) | AWS Account ID for Core | `string` | `"000000000000"` | no |
+| <a name="input_core_environment"></a> [core\_environment](#input\_core\_environment) | Environment of Core | `string` | `"prod"` | no |
 | <a name="input_default_tags"></a> [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no |
 | <a name="input_enable_backups"></a> [enable\_backups](#input\_enable\_backups) | Enable backups | `bool` | `false` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
@@ -22,6 +24,7 @@ No requirements.
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
 | <a name="input_letter_table_ttl_hours"></a> [letter\_table\_ttl\_hours](#input\_letter\_table\_ttl\_hours) | Number of hours to set as TTL on letters table | `number` | `24` | no |
+| <a name="input_letter_variant_map"></a> [letter\_variant\_map](#input\_letter\_variant\_map) | n/a | `map(object({ supplierId = string, specId = string }))` | <pre>{<br/>  "lv1": {<br/>    "specId": "spec1",<br/>    "supplierId": "supplier1"<br/>  },<br/>  "lv2": {<br/>    "specId": "spec2",<br/>    "supplierId": "supplier1"<br/>  },<br/>  "lv3": {<br/>    "specId": "spec3",<br/>    "supplierId": "supplier2"<br/>  }<br/>}</pre> | no |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels | `string` | `"INFO"` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_manually_configure_mtls_truststore"></a> [manually\_configure\_mtls\_truststore](#input\_manually\_configure\_mtls\_truststore) | Manually manage the truststore used for API Gateway mTLS (e.g. for prod environment) | `bool` | `false` | no |

infrastructure/terraform/components/api/ddb_table_letters.tf

@@ -2,8 +2,8 @@ resource "aws_dynamodb_table" "letters" {
   name         = "${local.csi}-letters"
   billing_mode = "PAY_PER_REQUEST"
 
-  hash_key  = "supplierId"
-  range_key = "id"
+  hash_key  = "id"
+  range_key = "supplierId"
 
   ttl {
     attribute_name = "ttl"

infrastructure/terraform/components/api/module_lambda_upsert_letter.tf

@@ -1,7 +1,7 @@
 module "upsert_letter" {
   source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-lambda.zip"
 
-  function_name = "upsert-letter"
+  function_name = "upsert_letter"
   description   = "Update or Insert the letter data in the letters table"
 
   aws_account_id = var.aws_account_id
@@ -22,7 +22,7 @@ module "upsert_letter" {
   function_code_base_path = local.aws_lambda_functions_dir_path
   function_code_dir       = "upsert-letter/dist"
   function_include_common = true
-  handler_function_name   = "handler"
+  handler_function_name   = "upsertLetterHandler"
   runtime                 = "nodejs22.x"
   memory                  = 128
   timeout                 = 29
@@ -35,7 +35,9 @@ module "upsert_letter" {
   log_destination_arn       = local.destination_arn
   log_subscription_role_arn = local.acct.log_subscription_role_arn
 
-  lambda_env_vars = merge(local.common_lambda_env_vars, {})
+  lambda_env_vars = merge(local.common_lambda_env_vars, {
+    VARIANT_MAP = jsonencode(var.letter_variant_map)
+  })
 }
 
 data "aws_iam_policy_document" "upsert_letter_lambda" {
@@ -58,7 +60,10 @@ data "aws_iam_policy_document" "upsert_letter_lambda" {
     effect = "Allow"
 
     actions = [
-      "dynamodb:PutItem"
+      "dynamodb:PutItem",
+      "dynamodb:GetItem",
+      "dynamodb:Query",
+      "dynamodb:UpdateItem"
     ]
 
     resources = [

infrastructure/terraform/components/api/variables.tf

@@ -135,6 +135,15 @@ variable "eventpub_control_plane_bus_arn" {
   default     = ""
 }
 
+variable "letter_variant_map" {
+  type = map(object({ supplierId = string, specId = string }))
+  default = {
+    "lv1" = { supplierId = "supplier1", specId = "spec1" },
+    "lv2" = { supplierId = "supplier1", specId = "spec2" },
+    "lv3" = { supplierId = "supplier2", specId = "spec3" }
+  }
+}
+
 variable "core_account_id" {
   type        = string
   description = "AWS Account ID for Core"
@@ -145,4 +154,5 @@ variable "core_environment" {
   type        = string
   description = "Environment of Core"
   default     = "prod"
+
 }

internal/datastore/src/__test__/db.ts

@@ -51,8 +51,8 @@ const createLetterTableCommand = new CreateTableCommand({
   TableName: "letters",
   BillingMode: "PAY_PER_REQUEST",
   KeySchema: [
-    { AttributeName: "supplierId", KeyType: "HASH" }, // Partition key
-    { AttributeName: "id", KeyType: "RANGE" }, // Sort key
+    { AttributeName: "id", KeyType: "HASH" }, // Partition key (letter ID)
+    { AttributeName: "supplierId", KeyType: "RANGE" }, // Sort key
   ],
   GlobalSecondaryIndexes: [
     {

internal/datastore/src/__test__/heathcheck.test.ts

@@ -24,6 +24,10 @@ describe("DBHealthcheck", () => {
     await deleteTables(db);
   });
 
+  afterAll(async () => {
+    await db.container.stop();
+  });
+
   it("passes when the database is available", async () => {
     const dbHealthCheck = new DBHealthcheck(db.docClient, db.config);
     await expect(dbHealthCheck.check()).resolves.not.toThrow();