Merge pull request #47 from NHSDigital/CCM-8569_CCM-8570_updatesToEventPub

CCM-8569 CCM-8570 updates to event pub

Author: aidenvaines-cgi

infrastructure/modules/eventpub/iam_role_lambda.tf

@@ -67,6 +67,19 @@ data "aws_iam_policy_document" "lambda" {
     ]
   }
 
+    statement {
+    sid    = "DLQPutMessage"
+    effect = "Allow"
+
+    actions = [
+      "sqs:SendMessage",
+    ]
+
+    resources = [
+      aws_sqs_queue.dlq.arn
+    ]
+  }
+
   statement {
     sid    = "KMSCloudwatchKeyAccess"
     effect = "Allow"

infrastructure/modules/eventpub/lambda/eventpub/package-lock.json

@@ -16,5 +16,10 @@
     ]
   },
   "author": "NHS Notify",
-  "license": "ISC"
+  "license": "ISC",
+  "dependencies": {
+    "@aws-sdk/client-eventbridge": "^3.744.0",
+    "@aws-sdk/client-sqs": "^3.744.0",
+    "aws-sdk-client-mock": "^4.1.0"
+  }
 }

infrastructure/modules/eventpub/lambda/eventpub/package.json

@@ -0,0 +1,64 @@
+const { handler } = require('../index.js');
+const { mockClient } = require('aws-sdk-client-mock');
+const { SQSClient, SendMessageCommand } = require('@aws-sdk/client-sqs');
+const { EventBridgeClient, PutEventsCommand } = require('@aws-sdk/client-eventbridge');
+
+const eventBridgeMock = mockClient(EventBridgeClient);
+const sqsMock = mockClient(SQSClient);
+
+const snsEvent = {
+  Records: [
+      { Sns: { Message: JSON.stringify({ type: 'data', version: 1, source: 'mock', message: 'test' }) } }
+  ]
+};
+
+describe('SNS to EventBridge Lambda', () => {
+    beforeEach(() => {
+        eventBridgeMock.reset();
+        sqsMock.reset();
+    });
+
+    test('Valid event is sent to the correct EventBridge bus', async () => {
+        eventBridgeMock.on(PutEventsCommand).resolves({ FailedEntryCount: 0, Entries: [{}] });
+
+        await handler(snsEvent);
+
+        expect(eventBridgeMock.calls()).toHaveLength(1);
+    });
+
+    test('Invalid event is sent to DLQ', async () => {
+        sqsMock.on(SendMessageCommand).resolves({ MessageId: '123' });
+
+        await handler(snsEvent);
+
+        expect(sqsMock.calls()).toHaveLength(1);
+    });
+
+
+    test('Retries on EventBridge failure and sends failed events to DLQ', async () => {
+      eventBridgeMock
+          .on(PutEventsCommand)
+          .rejectsOnce(Object.assign(new Error('Rate limit exceeded'), { retryable: true }))
+          .resolves({ FailedEntryCount: 1, Entries: [{ ErrorCode: 'InternalFailure' }] });
+      sqsMock.on(SendMessageCommand).resolves({ MessageId: '123' });
+
+      await handler(snsEvent);
+
+      expect(eventBridgeMock.calls()).toHaveLength(2);
+      expect(sqsMock.calls()).toHaveLength(1);
+  });
+
+    test('Throttling delays event processing', async () => {
+      process.env.THROTTLE_DELAY_MS = '500';
+      jest.useFakeTimers();
+
+      const startTime = Date.now();
+      const handlerPromise = handler(snsEvent);
+      jest.advanceTimersByTime(500);
+      await handlerPromise;
+      const endTime = Date.now();
+
+      expect(endTime - startTime).toBeGreaterThanOrEqual(500);
+      jest.useRealTimers();
+  });
+});

infrastructure/modules/eventpub/lambda/eventpub/src/__tests__/index.test.js

@@ -1,70 +1,103 @@
-const { EventBridgeClient, PutEventsCommand } = require('@aws-sdk/client-eventbridge');
-const eventBridgeClient = new EventBridgeClient();
-
-exports.handler = async (event) => {
-  try {
-    const controlEventBusArn = process.env.CONTROL_PLANE_EVENT_BUS_ARN;
-    const dataEventBusArn = process.env.DATA_PLANE_EVENT_BUS_ARN;
-
-    if (!event.Records || !Array.isArray(event.Records)) {
-      throw new Error("Invalid event format. Expected an array of records.");
-    }
-
-    const batchSize = 10; // AWS EventBridge allows up to 10 entries per PutEvents request
-    const entries = [];
-
-    for (const record of event.Records) {
-      try {
-        const snsMessage = JSON.parse(record.Sns.Message);
-        if (!validateEvent(snsMessage)) {
-          throw new Error("Invalid event structure");
-        }
-        entries.push({
-          Source: snsMessage.Source,
-          DetailType: snsMessage.DetailType,
-          Detail: JSON.stringify({ message: snsMessage.Message }),
-          EventBusName: snsMessage.Type === 'control' ? controlEventBusArn : dataEventBusArn
-        });
-      } catch (err) {
-        console.error("Event validation failed", err);
+  const { EventBridgeClient, PutEventsCommand } = require('@aws-sdk/client-eventbridge');
+  const { SQSClient, SendMessageCommand } = require('@aws-sdk/client-sqs');
+
+  const eventBridge = new EventBridgeClient({});
+  const sqs = new SQSClient({});
+
+  const DATA_PLANE_EVENT_BUS_ARN = process.env.DATA_PLANE_EVENT_BUS_ARN;
+  const CONTROL_PLANE_EVENT_BUS_ARN = process.env.CONTROL_PLANE_EVENT_BUS_ARN;
+  const DLQ_URL = process.env.DLQ_URL;
+  const THROTTLE_DELAY_MS = parseInt(process.env.THROTTLE_DELAY_MS || '0', 10);
+  const MAX_RETRIES = 3;
+  const EVENTBRIDGE_MAX_BATCH_SIZE = 10;
+
+  function validateEvent(event) {
+  // Test Event
+  // {
+  //   "type":"data",
+  //   "version":"0.1",
+  //   "source":"manual",
+  //   "detailtype":"testEvent",
+  //   "message":"Hello World"
+  // }
+      const requiredFields = ['type', 'version', 'source', 'message'];
+      return requiredFields.every(field => event.hasOwnProperty(field));
+  }
+
+  async function sendToEventBridge(events, eventBusArn) {
+      // console.info(`Sending ${events.length} events to EventBridge: ${eventBusArn}`);
+
+      const failedEvents = [];
+      for (let i = 0; i < events.length; i += EVENTBRIDGE_MAX_BATCH_SIZE) {
+          const batch = events.slice(i, i + EVENTBRIDGE_MAX_BATCH_SIZE);
+          const entries = batch.map(event => ({
+              Source: 'custom.event',
+              DetailType: event.type,
+              Detail: JSON.stringify(event),
+              EventBusName: eventBusArn
+          }));
+
+          let attempts = 0;
+          while (attempts < MAX_RETRIES) {
+              try {
+                  // console.info(`Attempt ${attempts + 1}: Sending batch of ${entries.length} events.`);
+
+                  const response = await eventBridge.send(new PutEventsCommand({ Entries: entries }));
+                  response.FailedEntryCount && response.Entries.forEach((entry, idx) => {
+                      if (entry.ErrorCode) {
+                          console.warn(`Event failed with error: ${entry.ErrorCode}`);
+                          failedEvents.push(batch[idx]);
+                      }
+                  });
+                  break;
+              } catch (error) {
+                  console.error(`EventBridge send error: ${error}`);
+
+                  if (error.retryable) {
+                      console.warn(`Retrying after backoff: attempt ${attempts + 1}`);
+                      await new Promise(res => setTimeout(res, 2 ** attempts * 100));
+                      attempts++;
+                  } else {
+                      failedEvents.push(...batch);
+                      break;
+                  }
+              }
+          }
       }
-    }
-
-    for (let i = 0; i < entries.length; i += batchSize) {
-      const batch = entries.slice(i, i + batchSize);
-      const command = new PutEventsCommand({ Entries: batch });
-      try {
-        const response = await eventBridgeClient.send(command);
-        console.log(`Batch sent to EventBridge. Failed count: ${response.FailedEntryCount}`);
-        if (response.FailedEntryCount > 0) {
-          console.warn(`Some events failed:`, response.Entries);
-        }
-      } catch (err) {
-        console.error("Error sending batch to EventBridge", err);
+      return failedEvents;
+  }
+
+  async function sendToDLQ(events) {
+      console.warn(`Sending ${events.length} failed events to DLQ`);
+
+      for (const event of events) {
+          await sqs.send(new SendMessageCommand({ QueueUrl: DLQ_URL, MessageBody: JSON.stringify(event) }));
       }
-    }
-
-    return {
-      statusCode: 200,
-      body: JSON.stringify({ message: "Events processed with potential failures" })
-    };
-  } catch (error) {
-    console.error("Error processing events", error);
-    return {
-      statusCode: 500,
-      body: JSON.stringify({ error: error.message })
-    };
   }
-};
 
-function validateEvent(event) {
-  // My test event looks like
-  // {
-  //   "Type":"data",
-  //   "Version":"0.1",
-  //   "Source":"manual",
-  //   "DetailType":"testEvent",
-  //   "Message":"Hello World"
-  // }
-  return event && event.Type && event.Source && event.DetailType && event.Message && event.Version;
-}
+  exports.handler = async (snsEvent) => {
+      // console.info(`Received SNS event with ${snsEvent.Records.length} records.`);
+
+      if (THROTTLE_DELAY_MS > 0) {
+          console.info(`Throttling enabled. Delaying processing by ${THROTTLE_DELAY_MS}ms`);
+          await new Promise(res => setTimeout(res, THROTTLE_DELAY_MS));
+      }
+
+      const records = snsEvent.Records.map(record => JSON.parse(record.Sns.Message));
+      const validEvents = records.filter(validateEvent);
+      const invalidEvents = records.filter(event => !validateEvent(event));
+
+      // console.info(`Valid events: ${validEvents.length}, Invalid events: ${invalidEvents.length}`);
+
+      if (invalidEvents.length) await sendToDLQ(invalidEvents);
+
+      const dataEvents = validEvents.filter(event => event.type === 'data');
+      const controlEvents = validEvents.filter(event => event.type === 'control');
+
+      // console.info(`Data events: ${dataEvents.length}, Control events: ${controlEvents.length}`);
+
+      const failedDataEvents = await sendToEventBridge(dataEvents, DATA_PLANE_EVENT_BUS_ARN);
+      const failedControlEvents = await sendToEventBridge(controlEvents, CONTROL_PLANE_EVENT_BUS_ARN);
+
+      await sendToDLQ([...failedDataEvents, ...failedControlEvents]);
+  };

infrastructure/modules/eventpub/lambda/eventpub/src/index.js

@@ -13,16 +13,18 @@ resource "aws_lambda_function" "main" {
   source_code_hash = data.archive_file.lambda.output_base64sha256
 
   logging_config {
-    application_log_level = "INFO"
+    application_log_level = var.log_level
     log_format            = "JSON"
     log_group             = aws_cloudwatch_log_group.lambda.name
-    system_log_level      = "WARN"
+    system_log_level      = var.log_level
   }
 
   environment {
     variables = {
       DATA_PLANE_EVENT_BUS_ARN    = var.data_plane_bus_arn
       CONTROL_PLANE_EVENT_BUS_ARN = var.control_plane_bus_arn
+      DLQ_URL                     = aws_sqs_queue.dlq.url
+      THROTTLE_DELAY_MS           = "0"
     }
   }
 }

infrastructure/modules/eventpub/lambda_function.tf

@@ -0,0 +1,5 @@
+resource "aws_sqs_queue" "dlq" {
+  name = "${local.csi}-dlq"
+
+  kms_master_key_id = var.kms_key_arn
+}

infrastructure/modules/eventpub/sqs_queue_dlq.tf

@@ -83,16 +83,7 @@ variable "enable_sns_delivery_logging" {
   default     = false
 }
 
-variable "sns_delivery_logging_bucket" {
-  type        = string
-  description = "An S3 bucket name if event caching is enabled"
-  default     = ""
 
-  validation {
-    condition     = var.enable_sns_delivery_logging == false || length(var.sns_delivery_logging_bucket) > 1
-    error_message = "If delivery logs are required, an S3 bucket name must be provided"
-  }
-}
 
 variable "sns_success_logging_sample_percent" {
   type        = number
@@ -103,7 +94,7 @@ variable "sns_success_logging_sample_percent" {
 variable "log_level" {
   type        = string
   description = "The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels"
-  default     = "INFO"
+  default     = "WARN"
 }
 
 variable "event_cache_expiry_days" {