Merge branch 'pyic-6242' into pyic-6243

govuk-one-login · Oct 30, 2024 · dc93624 · dc93624
2 parents 4e2b286 + 1f502e7
commit dc93624
Show file tree

Hide file tree

Showing 34 changed files with 3,290 additions and 814 deletions.
diff --git a/README.md b/README.md
@@ -120,3 +120,18 @@ sam deploy --debug --config-file ./samconfig.toml --config-env dev-{{environment
 ```
 sam sync --watch --config-file samconfig.toml --config-env {{environment}} --stack-name core-back-dev-{{environment}} --region eu-west-2
 ```
+
+## Canaries
+When deploying using dev-deploy, the canary deployment strategy which will be used is set in LambdaDeploymentPreference and StepFunctionsDeploymentPreference in template.yaml file.
+
+When deploying using the pipeline, canary deployment strategy set in the pipeline will be used and override the default set in template.yaml.
+
+Canary deployments will cause a rollback if any canary alarms associated with a lambda or step-functions are triggered and a slack notification will be sent to #di-ipv-core-non-prod-alarms or #di-ipv-core-prod-alarms.
+
+To skip canaries such as when releasing urgent changes to production, set the last commit message to contain either of these phrases: [skip canary], [canary skip], or [no canary] as specified in the [Canary Escape Hatch guide](https://govukverify.atlassian.net/wiki/spaces/PLAT/pages/3836051600/Rollback+Recovery+Guidance#Escape-Hatch%3A-how-to-skip-canary-deployments-when-needed).
+`git commit -m "some message [skip canary]"`
+
+Note: To update LambdaDeploymentPreference or StepFunctionsDeploymentPreference, update the LambdaCanaryDeployment or StepFunctionsDeploymentPreference pipeline parameter in the [core-common-infra repository](https://github.com/govuk-one-login/ipv-core-common-infra/tree/main/terraform/deployments). To update the LambdaDeploymentPreference or StepFunctionsDeploymentPreference for a stack in dev using sam deploy, parameter override needs to be set in [samconfig.toml](./deploy/samconfig.toml):
+
+`--parameter-overrides LambdaDeploymentPreference=<define-strategy> \`
+`--parameter-overrides StepFunctionsDeploymentPreference=<define-strategy> \`
diff --git a/api-tests/data/cri-stub-requests/hmrcKbv/kenneth-score-1/credentialSubject.json b/api-tests/data/cri-stub-requests/hmrcKbv/kenneth-score-1/credentialSubject.json
@@ -0,0 +1,32 @@
+{
+  "address": [
+    {
+      "addressCountry": "GB",
+      "buildingName": "",
+      "streetName": "HADLEY ROAD",
+      "postalCode": "BA2 5AA",
+      "buildingNumber": "8",
+      "addressLocality": "BATH",
+      "subBuildingName": ""
+    }
+  ],
+  "name": [
+    {
+      "nameParts": [
+        {
+          "type": "GivenName",
+          "value": "KENNETH"
+        },
+        {
+          "type": "FamilyName",
+          "value": "DECERQUEIRA"
+        }
+      ]
+    }
+  ],
+  "birthDate": [
+    {
+      "value": "1965-07-08"
+    }
+  ]
+}
diff --git a/api-tests/data/cri-stub-requests/hmrcKbv/kenneth-score-1/evidence.json b/api-tests/data/cri-stub-requests/hmrcKbv/kenneth-score-1/evidence.json
@@ -0,0 +1,21 @@
+{
+  "type": "IdentityCheck",
+  "verificationScore": 1,
+  "checkDetails": [
+    {
+      "kbvResponseMode": "multiple_choice",
+      "kbvQuality": 3,
+      "checkMethod": "kbv"
+    },
+    {
+      "kbvResponseMode": "multiple_choice",
+      "kbvQuality": 3,
+      "checkMethod": "kbv"
+    },
+    {
+      "kbvResponseMode": "multiple_choice",
+      "kbvQuality": 2,
+      "checkMethod": "kbv"
+    }
+  ]
+}
diff --git a/api-tests/data/cri-stub-requests/nino/kenneth-score-1/credentialSubject.json b/api-tests/data/cri-stub-requests/nino/kenneth-score-1/credentialSubject.json
@@ -0,0 +1,26 @@
+{
+  "name": [
+    {
+      "nameParts": [
+        {
+          "value": "Kenneth",
+          "type": "GivenName"
+        },
+        {
+          "value": "Decerqueira",
+          "type": "FamilyName"
+        }
+      ]
+    }
+  ],
+  "birthDate": [
+    {
+      "value": "1965-07-08"
+    }
+  ],
+  "socialSecurityRecord": [
+    {
+      "personalNumber": "AA000003D"
+    }
+  ]
+}
diff --git a/api-tests/data/cri-stub-requests/nino/kenneth-score-1/evidence.json b/api-tests/data/cri-stub-requests/nino/kenneth-score-1/evidence.json
@@ -0,0 +1,10 @@
+{
+  "type": "IdentityCheck",
+  "strengthScore": 1,
+  "validityScore": 1,
+  "checkDetails": [
+    {
+      "checkMethod": "data"
+    }
+  ]
+}
diff --git a/api-tests/features/p1-journeys.feature b/api-tests/features/p1-journeys.feature
@@ -215,3 +215,132 @@ Feature: P1 journey
       | Attribute          | Values                                      |
       | evidence_requested | {"scoringPolicy":"gpg45","strengthScore":2} |
     Then I get a 'page-face-to-face-handoff' page response
+
+  Scenario: P1 Validate the Evidence requested for low confidence journey in Experian KBV
+    Given I activate the 'p1Journeys' feature set
+    When I start a new 'low-confidence' journey
+    Then I get a 'page-ipv-identity-document-start' page response
+    When I submit an 'appTriage' event
+    Then I get a 'dcmaw' CRI response
+    When I call the CRI stub and get an 'access_denied' OAuth error
+    Then I get a 'page-multiple-doc-check' page response with context 'nino'
+    When I submit an 'ukPassport' event
+    Then I get a 'ukPassport' CRI response
+    When I submit 'kenneth-passport-valid' details to the CRI stub
+    Then I get an 'address' CRI response
+    When I submit 'kenneth-current' details to the CRI stub
+    Then I get a 'fraud' CRI response
+    When I submit 'kenneth-score-1' details to the CRI stub
+    Then I get a 'page-pre-experian-kbv-transition' page response
+    When I submit a 'next' event
+    Then I get a 'kbv' CRI response
+    When I submit 'kenneth-score-1' details with attributes to the CRI stub
+      | Attribute          | Values                                          |
+      | evidence_requested | {"scoringPolicy":"gpg45","verificationScore":1} |
+    Then I get a 'page-ipv-success' page response
+    When I submit a 'next' event
+    Then I get an OAuth response
+    When I use the OAuth response to get my identity
+    Then I get a 'P1' identity
+
+  Scenario: P1 Validate the Evidence requested for low confidence journey in DWP KBV
+    Given I activate the 'p1Journeys,dwpKbvTest' feature set
+    When I start a new 'low-confidence' journey
+    Then I get a 'page-ipv-identity-document-start' page response
+    When I submit an 'appTriage' event
+    Then I get a 'dcmaw' CRI response
+    When I call the CRI stub and get an 'access_denied' OAuth error
+    Then I get a 'page-multiple-doc-check' page response with context 'nino'
+    When I submit an 'ukPassport' event
+    Then I get a 'ukPassport' CRI response
+    When I submit 'kenneth-passport-valid' details to the CRI stub
+    Then I get an 'address' CRI response
+    When I submit 'kenneth-current' details to the CRI stub
+    Then I get a 'fraud' CRI response
+    When I submit 'kenneth-score-1' details to the CRI stub
+    Then I get a 'personal-independence-payment' page response
+    When I submit a 'next' event
+    Then I get a 'page-pre-dwp-kbv-transition' page response
+    When I submit a 'next' event
+    Then I get a 'dwpKbv' CRI response
+    When I submit 'kenneth-score-1' details with attributes to the CRI stub
+      | Attribute          | Values                                          |
+      | evidence_requested | {"scoringPolicy":"gpg45","verificationScore":1} |
+    Then I get a 'page-ipv-success' page response
+    When I submit a 'next' event
+    Then I get an OAuth response
+    When I use the OAuth response to get my identity
+    Then I get a 'P1' identity
+
+  Scenario: P1 Validate the Evidence requested for low confidence journey in HMRC KBV
+    Given I activate the 'p1Journeys,m2bBetaHmrcKbv' feature set
+    When I start a new 'low-confidence' journey
+    Then I get a 'page-ipv-identity-document-start' page response
+    When I submit an 'appTriage' event
+    Then I get a 'dcmaw' CRI response
+    When I call the CRI stub and get an 'access_denied' OAuth error
+    Then I get a 'page-multiple-doc-check' page response with context 'nino'
+    When I submit an 'ukPassport' event
+    Then I get a 'ukPassport' CRI response
+    When I submit 'kenneth-passport-valid' details to the CRI stub
+    Then I get an 'address' CRI response
+    When I submit 'kenneth-current' details to the CRI stub
+    Then I get a 'fraud' CRI response
+    When I submit 'kenneth-score-1' details to the CRI stub
+    Then I get a 'nino' CRI response
+    When I submit 'kenneth-score-1' details to the CRI stub
+    Then I get a 'hmrcKbv' CRI response
+    When I submit 'kenneth-score-1' details with attributes to the CRI stub
+      | Attribute          | Values                                          |
+      | evidence_requested | {"scoringPolicy":"gpg45","verificationScore":1} |
+    Then I get a 'page-ipv-success' page response
+    When I submit a 'next' event
+    Then I get an OAuth response
+    When I use the OAuth response to get my identity
+    Then I get a 'P1' identity
+
+  Scenario: P1 thin file for low confidence users with photo ID
+    Given I activate the 'p1Journeys' feature set
+    When I start a new 'low-confidence' journey
+    Then I get a 'page-ipv-identity-document-start' page response
+    When I submit an 'appTriage' event
+    Then I get a 'dcmaw' CRI response
+    When I call the CRI stub and get an 'access_denied' OAuth error
+    Then I get a 'page-multiple-doc-check' page response with context 'nino'
+    When I submit an 'ukPassport' event
+    Then I get a 'ukPassport' CRI response
+    When I submit 'kenneth-passport-valid' details to the CRI stub
+    Then I get an 'address' CRI response
+    When I submit 'kenneth-current' details to the CRI stub
+    Then I get a 'fraud' CRI response
+    When I submit 'kenneth-score-1' details to the CRI stub
+    Then I get a 'page-pre-experian-kbv-transition' page response
+    When I submit a 'next' event
+    Then I get a 'kbv' CRI response
+    When I submit 'kenneth-score-0' details with attributes to the CRI stub
+      | Attribute          | Values                                          |
+      | evidence_requested | {"scoringPolicy":"gpg45","verificationScore":1} |
+    Then I get a 'pyi-cri-escape' page response
+
+  Scenario: P1 unsuccessful KBV questions for low confidence users with photo ID
+    Given I activate the 'p1Journeys' feature set
+    When I start a new 'low-confidence' journey
+    Then I get a 'page-ipv-identity-document-start' page response
+    When I submit an 'appTriage' event
+    Then I get a 'dcmaw' CRI response
+    When I call the CRI stub and get an 'access_denied' OAuth error
+    Then I get a 'page-multiple-doc-check' page response with context 'nino'
+    When I submit an 'ukPassport' event
+    Then I get a 'ukPassport' CRI response
+    When I submit 'kenneth-passport-valid' details to the CRI stub
+    Then I get an 'address' CRI response
+    When I submit 'kenneth-current' details to the CRI stub
+    Then I get a 'fraud' CRI response
+    When I submit 'kenneth-score-1' details to the CRI stub
+    Then I get a 'page-pre-experian-kbv-transition' page response
+    When I submit a 'next' event
+    Then I get a 'kbv' CRI response
+    When I submit 'kenneth-needs-enhanced-verification' details with attributes to the CRI stub
+      | Attribute          | Values                                          |
+      | evidence_requested | {"scoringPolicy":"gpg45","verificationScore":1} |
+    Then I get a 'pyi-suggest-other-options' page response
diff --git a/api-tests/features/p1-no-photo-id.feature b/api-tests/features/p1-no-photo-id.feature
@@ -298,3 +298,30 @@ Feature: P1 No Photo Id Journey
     Then I get a 'page-ipv-identity-postoffice-start' page response with context 'lastChoice'
     When I submit a 'end' event
     Then I get a 'pyi-escape' page response
+
+  Scenario: P1 unsuccessful KBV questions for low confidence users without photo ID
+    Given I activate the 'p1Journeys' feature sets
+    When I start a new 'low-confidence' journey
+    Then I get a 'page-ipv-identity-document-start' page response
+    When I submit an 'end' event
+    Then I get a 'prove-identity-no-photo-id' page response with context 'nino'
+    When I submit an 'next' event
+    Then I get a 'claimedIdentity' CRI response
+    When I submit 'kenneth-current' details with attributes to the CRI stub
+      | Attribute | Values         |
+      | context   | "hmrc_check"   |
+    Then I get a 'nino' CRI response
+    When I submit 'kenneth-score-2' details with attributes to the CRI stub
+      | Attribute          | Values                                      |
+      | evidence_requested | {"scoringPolicy":"gpg45","strengthScore":2} |
+    Then I get an 'address' CRI response
+    When I submit 'kenneth-current' details to the CRI stub
+    Then I get a 'fraud' CRI response
+    When I submit 'kenneth-score-1-history-0' details to the CRI stub
+    Then I get a 'page-pre-experian-kbv-transition' page response
+    When I submit a 'next' event
+    Then I get a 'kbv' CRI response
+    When I submit 'kenneth-needs-enhanced-verification' details with attributes to the CRI stub
+      | Attribute          | Values                                          |
+      | evidence_requested | {"scoringPolicy":"gpg45","verificationScore":1} |
+    Then I get a 'no-photo-id-security-questions-find-another-way' page response