[NRL-602] Make apigee error responses into valid OperationOutcomes

proxies/live/apiproxy/policies/AssignMessage.Errors.CatchAllMessage.xml

@@ -1,24 +1,23 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.Errors.CatchAllMessage">
   <Set>
-    <Payload contentType="application/json" variablePrefix="%" variableSuffix="#">
+    <Payload contentType="application/json">
     {
         "resourceType": "OperationOutcome",
-        "issue": [
-            {
+        "issue": [ {
             "severity": "error",
-            "code": "%error.status.code#",
+            "code": "exception",
             "details": {
                 "coding": [
                 {
-                    "code": "%error.status.code#",
-                    "display": "%error.reason.phrase#"
+                    "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                    "code": "ACCESS DENIED"
+                    "display": "Access has been denied to process this request"
                 }
                 ]
             },
-            "diagnostics": "%error.content#"
-            }
-        ]
+            "diagnostics": "{error.content}"
+        } ]
     }
     </Payload>
     <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

proxies/live/apiproxy/policies/AssignMessage.OAuthPolicyErrorResponse.xml

@@ -11,13 +11,13 @@
             "details": {
               "coding": [
                 {
-                  "system": "https://fhir.nhs.uk/R4/CodeSystem/Spine-ErrorOrWarningCode",
-                  "version": "1",
+                  "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
                   "code": "ACCESS_DENIED",
-                  "display": "{faultstring}"
+                  "display": "Access has been denied to process this request"
                 }
               ]
-            }
+            },
+            "disagnostics": "{faultstring}"
           }
         ]
       }

proxies/live/apiproxy/policies/RaiseFault.400MissingODSHeader.xml

@@ -0,0 +1,26 @@
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.400MissingODSHeader">
+    <FaultResponse>
+        <Set>
+            <Payload contentType="text/plain">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "required",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                            "code": "MISSING_OR_INVALID_HEADER",
+                            "display": "There is a required header missing or invalid"
+                        } ]
+                    },
+                    "diagnostics": "The NHSD-End-User-Organisation-ODS header is missing or invalid"
+                } ]
+            }
+            </Payload>
+            <StatusCode>400</StatusCode>
+            <ReasonPhrase>Bad Request</ReasonPhrase>
+        </Set>
+    </FaultResponse>
+    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
+</RaiseFault>

proxies/live/apiproxy/policies/RaiseFault.401Unauthorized.xml

@@ -5,7 +5,23 @@
     <FaultResponse>
         <Set>
             <Headers/>
-            <Payload contentType="text/plain"/>
+            <Payload contentType="text/plain">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "forbidden",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                            "code": "ACCESS_DENIED",
+                            "display": "Access has been denied to process this request"
+                        } ]
+                    },
+                    "diagnostics": "You are not authorized to access this resource."
+                } ]
+            }
+            </Payload>
             <StatusCode>401</StatusCode>
             <ReasonPhrase>Access Denied</ReasonPhrase>
         </Set>

proxies/live/apiproxy/policies/RaiseFault.403NoPointers.xml

@@ -1,24 +1,23 @@
 <RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.403NoPointers">
     <FaultResponse>
         <Set>
-        <Payload contentType="application/json"> {
-            "resourceType": "OperationOutcome",
-            "issue": [
-                {
-                "severity": "error",
-                "code": "403",
-                "details": {
-                    "coding": [
-                    {
-                        "code": "403",
-                        "display": "Forbidden"
-                    }
-                    ]
-                },
-                "diagnostics": "Provided ODS code has no pointers within requesting app"
-                }
-            ]
-        }</Payload>
+            <Payload contentType="application/json">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "forbidden",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                            "code": "ACCESS_DENIED",
+                            "display": "Access has been denied to process this request"
+                        } ]
+                    },
+                    "diagnostics": "Provided ODS code has no pointers within requesting app"
+                } ]
+            }
+            </Payload>
             <StatusCode>403</StatusCode>
             <ReasonPhrase>Forbidden</ReasonPhrase>
         </Set>

proxies/live/apiproxy/proxies/default.xml

@@ -31,8 +31,7 @@
     <Flow name="Raise400ForMissingODSHeader">
       <Request>
         <Step>
-          <Name>RaiseFault.400BadRequest</Name>
-          <Message>Missing Header: NHSD-End-User-Organisation-ODS</Message>
+          <Name>RaiseFault.400MissingODSHeader</Name>
         </Step>
       </Request>
       <Condition>request.verb != "OPTIONS" and (request.header.NHSD-End-User-Organisation-ODS = null or request.header.NHSD-End-User-Organisation-ODS = "")</Condition>
@@ -77,7 +76,7 @@
         </Step>
         <Step>
             <Name>AssignMessage.Errors.CatchAllMessage</Name>
-            <Condition>(response.content NOT Like "*OperationOutcome*")</Condition>
+            <Condition>(response.content NOT Like "*OperationOutcome*") and (error.content NOT Like "*OperationOutcome*")</Condition>
         </Step>
     </DefaultFaultRule>
 </ProxyEndpoint>

proxies/live/apiproxy/resources/jsc/ConnectionMetadata.SetRequestHeaders.js

@@ -26,7 +26,7 @@
     "request.header.NHSD-End-User-Organisation-ODS"
   );
   if (!odsCode || odsCode.trim().length === 0) {
-    //This will trigger RaiseFault.400BadRequest.xml - see proxies/deafult.xml in the DefaultFaultRules
+    //This will trigger RaiseFault.400MissingODSHeader.xml - see proxies/deafult.xml in the DefaultFaultRules
     return;
   }
 

proxies/sandbox/apiproxy/policies/AssignMessage.Errors.CatchAllMessage.xml

@@ -1,24 +1,23 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.Errors.CatchAllMessage">
   <Set>
-    <Payload contentType="application/json" variablePrefix="%" variableSuffix="#">
+    <Payload contentType="application/json">
     {
         "resourceType": "OperationOutcome",
-        "issue": [
-            {
+        "issue": [ {
             "severity": "error",
-            "code": "%error.status.code#",
+            "code": "exception",
             "details": {
                 "coding": [
                 {
-                    "code": "%error.status.code#",
-                    "display": "%error.reason.phrase#"
+                    "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                    "code": "ACCESS DENIED"
+                    "display": "Access has been denied to process this request"
                 }
                 ]
             },
-            "diagnostics": "%error.content#"
-            }
-        ]
+            "diagnostics": "{error.content}"
+        } ]
     }
     </Payload>
     <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

proxies/sandbox/apiproxy/policies/RaiseFault.400MissingODSHeader.xml

@@ -0,0 +1,26 @@
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.400MissingODSHeader">
+    <FaultResponse>
+        <Set>
+            <Payload contentType="text/plain">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "required",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                            "code": "MISSING_OR_INVALID_HEADER",
+                            "display": "There is a required header missing or invalid"
+                        } ]
+                    },
+                    "diagnostics": "The NHSD-End-User-Organisation-ODS header is missing or invalid"
+                } ]
+            }
+            </Payload>
+            <StatusCode>400</StatusCode>
+            <ReasonPhrase>Bad Request</ReasonPhrase>
+        </Set>
+    </FaultResponse>
+    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
+</RaiseFault>

proxies/sandbox/apiproxy/policies/RaiseFault.401Unauthorized.xml

@@ -5,7 +5,23 @@
     <FaultResponse>
         <Set>
             <Headers/>
-            <Payload contentType="text/plain"/>
+            <Payload contentType="text/plain">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "forbidden",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                            "code": "ACCESS_DENIED",
+                            "display": "Access has been denied to process this request"
+                        } ]
+                    },
+                    "diagnostics": "You are not authorized to access this resource."
+                } ]
+            }
+            </Payload>
             <StatusCode>401</StatusCode>
             <ReasonPhrase>Access Denied</ReasonPhrase>
         </Set>

proxies/sandbox/apiproxy/policies/RaiseFault.403NoPointers.xml

@@ -1,24 +1,23 @@
 <RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.403NoPointers">
     <FaultResponse>
         <Set>
-        <Payload contentType="application/json"> {
-            "resourceType": "OperationOutcome",
-            "issue": [
-                {
-                "severity": "error",
-                "code": "403",
-                "details": {
-                    "coding": [
-                    {
-                        "code": "403",
-                        "display": "Forbidden"
-                    }
-                    ]
-                },
-                "diagnostics": "Provided ODS code has no pointers within requesting app"
-                }
-            ]
-        }</Payload>
+            <Payload contentType="application/json">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "forbidden",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/spine-error-or-warning-code-1",
+                            "code": "ACCESS_DENIED",
+                            "display": "Access has been denied to process this request"
+                        } ]
+                    },
+                    "diagnostics": "Provided ODS code has no pointers within requesting app"
+                } ]
+            }
+            </Payload>
             <StatusCode>403</StatusCode>
             <ReasonPhrase>Forbidden</ReasonPhrase>
         </Set>

proxies/sandbox/apiproxy/proxies/default.xml

@@ -32,8 +32,7 @@
     <Flow name="Raise400ForMissingODSHeader">
       <Request>
         <Step>
-          <Name>RaiseFault.400BadRequest</Name>
-          <Message>Missing Header: NHSD-End-User-Organisation-ODS</Message>
+          <Name>RaiseFault.400MissingODSHeader</Name>
         </Step>
       </Request>
       <Condition>request.verb != "OPTIONS" and (request.header.NHSD-End-User-Organisation-ODS = null or request.header.NHSD-End-User-Organisation-ODS = "")</Condition>
@@ -78,7 +77,7 @@
     </Step>
     <Step>
       <Name>AssignMessage.Errors.CatchAllMessage</Name>
-      <Condition>(response.content NOT Like "*OperationOutcome*")</Condition>
+      <Condition>(response.content NOT Like "*OperationOutcome*") and (error.content NOT Like "*OperationOutcome*")</Condition>
     </Step>
   </DefaultFaultRule>
 </ProxyEndpoint>

proxies/sandbox/apiproxy/resources/jsc/ConnectionMetadata.SetRequestHeaders.js

@@ -33,7 +33,7 @@ const permissions = [];
     "request.header.NHSD-End-User-Organisation-ODS"
   );
   if (!odsCode || odsCode.trim().length === 0) {
-    //This will trigger RaiseFault.400BadRequest.xml - see proxies/deafult.xml in the DefaultFaultRules
+    //This will trigger RaiseFault.400MissingODSHeader.xml - see proxies/deafult.xml in the DefaultFaultRules
     return;
   }