Merge branch 'main' into dependabot/github_actions/asdf-vm/actions-4.0.0

Author: wildjames

.devcontainer/Dockerfile

@@ -9,7 +9,7 @@ RUN apt-get update \
     jq apt-transport-https ca-certificates gnupg-agent \
     software-properties-common bash-completion python3-pip make libbz2-dev \
     libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev liblzma-dev netcat libyaml-dev
+    xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev
 
 # install aws stuff
 RUN wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && \

.github/workflows/run_notify_load.yml

@@ -0,0 +1,139 @@
+name: Run psu notify load test
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to run tests against. Allowed values are dev or ref'
+        required: true
+        default: 'ref'
+      arrivalRate:
+        description: 'How many requests to send per second during the main test'
+        required: true
+        default: '100'
+      duration:
+        description: 'The duration of the main test'
+        required: true
+        default: '900'
+      rampUpDuration:
+        description: 'The duration of ramp-up phase of the test'
+        required: true
+        default: '900'
+      maxVusers:
+        description: 'Maximum number of virtual users to create'
+        required: true
+        default: '100'
+      artillery_key:
+        description: 'Your Artillery cloud API key (optional – omit to run without recording)'
+        required: false
+        default: ''
+
+jobs:
+  run_artillery:
+    name: Run Artillery
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Show input params
+        shell: bash
+        run: |
+          echo "## environment : ${{ github.event.inputs.environment }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "## arrivalRate : ${{ github.event.inputs.arrivalRate }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "## duration : ${{ github.event.inputs.duration }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "## rampUpDuration : ${{ github.event.inputs.rampUpDuration }}" >> "$GITHUB_STEP_SUMMARY"
+          echo "## maxVusers : ${{ github.event.inputs.maxVusers }}" >> "$GITHUB_STEP_SUMMARY"
+          if [ -n "${{ github.event.inputs.artillery_key }}" ]; then
+            echo "## artillery_key        : (provided)" >> "$GITHUB_STEP_SUMMARY"
+          else
+            echo "## artillery_key        : (not provided)" >> "$GITHUB_STEP_SUMMARY"
+          fi
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.0
+      
+      - name: Cache asdf
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+      
+      - name: Install asdf dependencies in .tool-versions
+        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        with:
+          asdf_branch: v0.14.0
+        env:
+          PYTHON_CONFIGURE_OPTS: --enable-shared
+
+      - name: Install Dependencies
+        run: make install
+
+      - name: Assume dev artillery runner role
+        if: github.event.inputs.environment == 'dev'
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.DEV_ARTILLERY_RUNNER_ROLE }}
+          role-session-name: github-actions-artillery
+
+      - name: Assume ref artillery runner role
+        if: github.event.inputs.environment == 'ref'
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.REF_ARTILLERY_RUNNER_ROLE }}
+          role-session-name: github-actions-artillery
+
+      - name: Run load tests
+        shell: bash
+        env:
+          environment: ${{ github.event.inputs.environment }}
+          arrivalRate: ${{ github.event.inputs.arrivalRate }}
+          duration: ${{ github.event.inputs.duration }}
+          rampUpDuration: ${{ github.event.inputs.rampUpDuration }}
+          maxVusers: ${{ github.event.inputs.maxVusers }}
+          artillery_key: ${{ github.event.inputs.artillery_key }}
+        run: |
+          ./scripts/run_notify_load_test.sh 
+
+      - uses: actions/upload-artifact@v4
+        if: always()
+        name: Upload test_report
+        with:
+          name: test_report
+          path: |
+            notify_load_test.json
+            notify_load_test.json.html
+
+      - name: Upload artifacts to S3, if we are using REF environment
+        if: github.event.inputs.environment == 'ref'
+        continue-on-error: true
+        env:
+          AWS_REGION: eu-west-2
+          BUCKET_NAME: artilleryio-test-data-${{ secrets.AWS_ACCOUNT_ID }}
+          RUN_ID: ${{ github.run_id }}
+        run: |
+          aws s3 cp notify_load_test.json s3://$BUCKET_NAME/reports/$RUN_ID/notify_load_test.json --acl public-read
+          aws s3 cp notify_load_test.json.html s3://$BUCKET_NAME/reports/$RUN_ID/notify_load_test.json.html --acl public-read
+
+      - name: Output link to HTML report
+        if: github.event.inputs.environment == 'ref'
+        env:
+          AWS_REGION: eu-west-2
+          BUCKET_NAME: artilleryio-test-data-${{ secrets.AWS_ACCOUNT_ID }}
+          RUN_ID: ${{ github.run_id }}
+        run: |
+          REPORT_URL="https://$BUCKET_NAME.s3.${AWS_REGION}.amazonaws.com/reports/$RUN_ID/notify_load_test.json.html"
+          echo "Test report is hosted at: $REPORT_URL" >> "$GITHUB_STEP_SUMMARY"
+          echo "::set-output name=report_url::$REPORT_URL"

Makefile

@@ -10,6 +10,9 @@ compile-node:
 
 compile: compile-node
 
+aws-configure:
+	aws configure sso --region eu-west-2
+
 aws-login:
 	aws sso login --sso-session sso-session
 
@@ -36,4 +39,7 @@ local-cpsu:
 	./scripts/test_cpsu_load_test.sh
 
 local-psu:
-	./scripts/test_psu_load_test.sh
+	./scripts/test_psu_load_test.sh
+
+local-notify:
+	./scripts/test_notify_load_test.sh

artillery/helper/odscodes.mjs

@@ -0,0 +1,8 @@
+// These ODS codes should match the values in AWS parameter store. They're assumed to be enabled in the whitelist
+export const allowedOdsCodes = [
+    "FA565"
+]
+
+export const blockedOdsCodes = [
+    "B3J1Z"
+]

artillery/helper/psu.mjs

@@ -6,17 +6,19 @@ const logger = pino()
 let oauthToken
 let tokenExpiryTime
 
-export function getBody(isValid = true) {
+export function getBody(
+  isValid = true, 
+  status = "in-progress",
+  odsCode = "C9Z10", 
+  nhsNumber = "9449304130",
+  businessStatus = "With Pharmacy",
+) {
   // If this is intended to be a failed request, mangle the prescription ID.
   const prescriptionID = isValid ? shortPrescId() : invalidShortPrescId();
 
   const task_identifier = uuidv4()
   const prescriptionOrderItemNumber = uuidv4()
-  const nhsNumber = "9449304130"
   const currentTimestamp = new Date().toISOString()
-  const odsCode = "C9Z1O"
-  const status = "in-progress"
-  const businessStatus = "With Pharmacy"
   const body = {
     resourceType: "Bundle",
     type: "transaction",
@@ -112,6 +114,8 @@ export async function getSharedAuthToken(vuContext) {
     const api_key = process.env.psu_api_key
     const kid = process.env.psu_kid
 
+    logger.info("Secrets:", {privateKey, api_key, kid})
+
     // And use them to fetch the access token
     const response = await getAccessToken(logger, vuContext.vars.target, privateKey, api_key, kid)
 
@@ -130,7 +134,6 @@ export async function getPSUParams(requestParams, vuContext) {
   const isValid = vuContext.scenario.tags.isValid
   const body = getBody(isValid)
 
-  requestParams.json = body
   // This sets the body of the request and some variables so headers are unique
   requestParams.json = body
   vuContext.vars.x_request_id = uuidv4()

artillery/notify_entrypoint.mjs

@@ -0,0 +1,106 @@
+import {v4 as uuidv4}   from "uuid"
+import pino from "pino"
+import {getSharedAuthToken, getBody} from "./helper/psu.mjs"
+import {allowedOdsCodes, blockedOdsCodes} from "./helper/odscodes.mjs"
+
+export { getSharedAuthToken }
+
+const logger = pino()
+
+function computeCheckDigit(nhsNumber) {
+    const factors = [10,9,8,7,6,5,4,3,2]
+    let total = 0
+    
+    for (let i = 0; i < 9; i++) {
+        total += parseInt(nhsNumber.charAt(i),10) * factors[i]
+    }
+    
+    const rem = total % 11
+    let d = 11 - rem
+    if (d === 11) d = 0
+    
+    return d
+}
+
+function generateValidNhsNumber() {
+  while (true) {
+    const partial = Array.from({length:9},() => Math.floor(Math.random()*10)).join("")
+    const cd = computeCheckDigit(partial)
+    if (cd < 10) return partial + cd
+  }
+}
+
+// Apparently Math.sampleNormal isn't a function? Do a quick Box-Muller transform instead
+function sampleNormal(mean = 0, sd = 1) {
+  let u = 0, v = 0;
+  // avoid zeros because of log(0)
+  while (u === 0) u = Math.random();
+  while (v === 0) v = Math.random();
+  const z = Math.sqrt(-2 * Math.log(u)) * Math.cos(2 * Math.PI * v);
+  return z * sd + mean;
+}
+
+function initUserContextVars(context) {
+  context.vars.nhsNumber = generateValidNhsNumber()
+
+  let prescriptionCount = Math.round(sampleNormal(3,1))
+  if (prescriptionCount < 1) prescriptionCount = 1 // just truncate at 1.
+  context.vars.prescriptionCount  = prescriptionCount
+  context.vars.loopcount = 0
+}
+
+export function initUserAllowed(context, events, done) {
+  logger.info("Initializing user context variables for allowed ODS codes")
+  initUserContextVars(context)
+  
+  // Generate data for a patient with an allowed ODS code
+  context.vars.odsCode = allowedOdsCodes[Math.floor(Math.random() * allowedOdsCodes.length)]
+
+  logger.info(`[ALLOWED] Patient ${context.vars.nhsNumber}, ODS ${context.vars.odsCode} has ${context.vars.prescriptionCount} prescriptions`)
+  done()
+}
+
+export function initUserBlocked(context, events, done) {
+  logger.info("Initializing user context variables for allowed ODS codes")
+  initUserContextVars(context)
+
+  // Generate data for a patient with a blocked ODS code
+  context.vars.odsCode = blockedOdsCodes[Math.floor(Math.random() * blockedOdsCodes.length)]
+
+  logger.info(`[BLOCKED] Patient ${context.vars.nhsNumber}, ODS ${context.vars.odsCode} has ${context.vars.prescriptionCount} prescriptions`)
+  done()
+}
+
+export function generatePrescData(requestParams, context, ee, next) {
+  const isAllowed = allowedOdsCodes.includes(context.vars.odsCode);
+  const logPrefix = isAllowed ? "[ALLOWED]" : "[BLOCKED]";
+
+  logger.debug(`${logPrefix} Generating a prescription for patient ${context.vars.nhsNumber}`)
+  const body = getBody(
+    true,                   /* isValid */   
+    "completed",            /* status */    
+    context.vars.odsCode,   /* odsCode */   
+    context.vars.nhsNumber, /* nhsNumber */ 
+    "ready to collect"      /* Item status */
+  )
+  // The body is fine - it works when I put it in postman
+
+  requestParams.json = body
+  context.vars.x_request_id = uuidv4()
+  context.vars.x_correlation_id = uuidv4()
+
+  context.vars.loopcount += 1
+
+  // Wait this long between requests
+  let meanDelay = 10 // seconds
+  let stdDevDelay = 10 // seconds
+  let delay = 0
+  if (context.vars.loopcount < context.vars.prescriptionCount) {
+    delay = sampleNormal(meanDelay, stdDevDelay)
+    while (delay < 0) delay = sampleNormal(meanDelay, stdDevDelay)
+  }
+
+  context.vars.nextDelay = delay
+  logger.debug(`${logPrefix} Patient ${context.vars.nhsNumber} (on prescription update ${context.vars.loopcount}/${context.vars.prescriptionCount}) will think for ${context.vars.nextDelay} seconds`)
+  next()
+}

artillery/notify_load_test.yml

@@ -0,0 +1,65 @@
+config:
+  processor: "./notify_entrypoint.mjs"
+  plugins:
+    expect: {}
+    apdex: {}
+  phases:
+    - name: ramp up phase
+      duration: "{{ $env.rampUpDuration }}"
+      arrivalRate: 1
+      rampTo: "{{ $env.arrivalRate }}"
+      maxVusers: "{{ $env.maxVusers }}"
+    - name: run phase
+      duration: "{{ $env.duration }}"
+      arrivalRate: "{{ $env.arrivalRate }}"
+      maxVusers: "{{ $env.maxVusers }}"
+  environments:
+    dev:
+      target: https://internal-dev.api.service.nhs.uk/
+    ref:
+      target: https://ref.api.service.nhs.uk/
+    int:
+      target: https://int.api.service.nhs.uk/
+    pr:
+      target: https://psu-pr-{{ prNumber }}.dev.eps.national.nhs.uk/
+
+before:
+  flow:
+    - function: getSharedAuthToken
+
+scenarios:
+  - name: Allowed ODS code scenario
+    weight: 1
+    flow:
+      - function: initUserAllowed
+      - loop:
+          - function: getSharedAuthToken
+          - post:
+              url: "/prescription-status-update/"
+              beforeRequest: "generatePrescData"
+              headers:
+                Authorization: "Bearer {{ authToken }}"
+                x-request-id:     "{{ x_request_id }}"
+                x-correlation-id: "{{ x_correlation_id }}"
+              expect:
+                - statusCode: 201
+          - think: "{{ nextDelay }}seconds"
+        count: "{{ prescriptionCount }}"
+
+  - name: Blocked ODS code scenario
+    weight: 0
+    flow:
+      - function: initUserBlocked
+      - loop:
+          - function: getSharedAuthToken
+          - post:
+              url: "/prescription-status-update/"
+              beforeRequest: "generatePrescData"
+              headers:
+                Authorization: "Bearer {{ authToken }}"
+                x-request-id:     "{{ x_request_id }}"
+                x-correlation-id: "{{ x_correlation_id }}"
+              expect:
+                - statusCode: 201
+          - think: "{{ nextDelay }}seconds"
+        count: "{{ prescriptionCount }}"