Skip to content

added scenario where mix Disease Type has one unauthorized disease type #1254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
FimranNHS merged 15 commits into from
Mar 2, 2026
Merged

added scenario where mix Disease Type has one unauthorized disease type #1254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
bdd52ba
added scenario where mix DiseaseType has unauthorized diseasetype
FimranNHS Feb 27, 2026
0c25495
Merge branch 'master' into feature/VED-1049---updated-for-authorized-…
FimranNHS Feb 27, 2026
706ec2b
parameterize the search steps
FimranNHS Feb 27, 2026
e24422d
refactor to reduce duplicated code
FimranNHS Feb 28, 2026
036830d
fix formatting issue
FimranNHS Feb 28, 2026
b19b603
lint fix
FimranNHS Feb 28, 2026
2ac09d5
fix
FimranNHS Feb 28, 2026
2ba01f9
Normalize line endings for e2e tests
FimranNHS Feb 28, 2026
7ea13ab
Normalize line endings for e2e tests
FimranNHS Feb 28, 2026
7e5971a
remove .gitattributes
FimranNHS Feb 28, 2026
63807e2
Update test_search_steps.py
Thomas-Boyle Mar 2, 2026
d32ac19
Update test_search_steps.py
Thomas-Boyle Mar 2, 2026
bf87589
Update test_search_steps.py
Thomas-Boyle Mar 2, 2026
f157e66
Merge branch 'master' into feature/VED-1049---updated-for-authorized-…
FimranNHS Mar 2, 2026
db2730e
Merge branch 'master' into feature/VED-1049---updated-for-authorized-…
dlzhry2nhs Mar 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 60 additions & 60 deletions tests/e2e_automation/.env.example.static
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,60 +1,60 @@
aws_token_refresh=True
USE_STATIC_APPS=True
########## INT env variables
# baseUrl=https://int.api.service.nhs.uk/immunisation-fhir-api/FHIR/R4
# auth_url=https://int.api.service.nhs.uk/oauth2-mock/authorize
# token_url=https://int.api.service.nhs.uk/oauth2-mock/token
# callback_url=https://oauth.pstmn.io/v1/callback
# S3_env=int
# aws_profile_name={your-aws-profile}
# PROXY_NAME=immunisation-fhir-api-int
## Id/Secret values - please contact Dev or Test team to get these values
# username=
# scope=
# STATUS_API_KEY=
# AWS_DOMAIN_NAME=
# Postman_Auth_client_Id=
# Postman_Auth_client_Secret=
# RAVS_client_Id=
# RAVS_client_Secret=
# MAVIS_client_Id=
# MAVIS_client_Secret=
# EMIS_client_Id=
# EMIS_client_Secret=
# SONAR_client_Id=
# SONAR_client_Secret=
# TPP_client_Id=
# TPP_client_Secret=
# MEDICUS_client_Id=
# MEDICUS_client_Secret=
########## Internal-QA env variables
baseUrl=https://internal-qa.api.service.nhs.uk/immunisation-fhir-api/FHIR/R4
auth_url=https://internal-qa.api.service.nhs.uk/oauth2-mock/authorize
token_url=https://internal-qa.api.service.nhs.uk/oauth2-mock/token
callback_url=https://oauth.pstmn.io/v1/callback
S3_env=internal-qa
aws_profile_name={your-aws-profile}
PROXY_NAME=immunisation-fhir-api-internal-qa
# This will only not match S3_env in preprod, where we have a blue/green environment
SUB_ENVIRONMENT=internal-qa
## Id/Secret values - please contact Dev or Test team to get these values
username=
scope=
STATUS_API_KEY=
AWS_DOMAIN_NAME=
Postman_Auth_client_Id=
Postman_Auth_client_Secret=
RAVS_client_Id=
RAVS_client_Secret=
MAVIS_client_Id=
MAVIS_client_Secret=
EMIS_client_Id=
EMIS_client_Secret=
SONAR_client_Id=
SONAR_client_Secret=
TPP_client_Id=
TPP_client_Secret=
MEDICUS_client_Id=
MEDICUS_client_Secret=
aws_token_refresh=True
USE_STATIC_APPS=True

########## INT env variables
# baseUrl=https://int.api.service.nhs.uk/immunisation-fhir-api/FHIR/R4
# auth_url=https://int.api.service.nhs.uk/oauth2-mock/authorize
# token_url=https://int.api.service.nhs.uk/oauth2-mock/token
# callback_url=https://oauth.pstmn.io/v1/callback
# S3_env=int
# aws_profile_name={your-aws-profile}
# PROXY_NAME=immunisation-fhir-api-int
## Id/Secret values - please contact Dev or Test team to get these values
# username=
# scope=
# STATUS_API_KEY=
# AWS_DOMAIN_NAME=
# Postman_Auth_client_Id=
# Postman_Auth_client_Secret=
# RAVS_client_Id=
# RAVS_client_Secret=
# MAVIS_client_Id=
# MAVIS_client_Secret=
# EMIS_client_Id=
# EMIS_client_Secret=
# SONAR_client_Id=
# SONAR_client_Secret=
# TPP_client_Id=
# TPP_client_Secret=
# MEDICUS_client_Id=
# MEDICUS_client_Secret=

########## Internal-QA env variables
baseUrl=https://internal-qa.api.service.nhs.uk/immunisation-fhir-api/FHIR/R4
auth_url=https://internal-qa.api.service.nhs.uk/oauth2-mock/authorize
token_url=https://internal-qa.api.service.nhs.uk/oauth2-mock/token
callback_url=https://oauth.pstmn.io/v1/callback
S3_env=internal-qa
aws_profile_name={your-aws-profile}
PROXY_NAME=immunisation-fhir-api-internal-qa
# This will only not match S3_env in preprod, where we have a blue/green environment
SUB_ENVIRONMENT=internal-qa
## Id/Secret values - please contact Dev or Test team to get these values
username=
scope=
STATUS_API_KEY=
AWS_DOMAIN_NAME=
Postman_Auth_client_Id=
Postman_Auth_client_Secret=
RAVS_client_Id=
RAVS_client_Secret=
MAVIS_client_Id=
MAVIS_client_Secret=
EMIS_client_Id=
EMIS_client_Secret=
SONAR_client_Id=
SONAR_client_Secret=
TPP_client_Id=
TPP_client_Secret=
MEDICUS_client_Id=
MEDICUS_client_Secret=
62 changes: 37 additions & 25 deletions tests/e2e_automation/features/APITests/search.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Feature: Search the immunization of a patient
@Delete_cleanUp @supplier_name_TPP
Scenario Outline: Verify that the GET method of Search API will be successful with all the valid parameters
Given Valid vaccination record is created with Patient '<Patient>' and vaccine_type '<Vaccine_type>'
When Send a search request with GET method for Immunization event created
When Send a search request with 'GET' method for Immunization event created
Then The request will be successful with the status code '200'
And The Search Response JSONs should contain the detail of the immunization events created above
And The Search Response JSONs field values should match with the input JSONs field values for resourceType Immunization
Expand All @@ -28,7 +28,7 @@ Feature: Search the immunization of a patient
@Delete_cleanUp @supplier_name_EMIS
Scenario Outline: Verify that the POST method of Search API will be successful with all the valid parameters
Given Valid vaccination record is created with Patient '<Patient>' and vaccine_type '<Vaccine_type>'
When Send a search request with POST method for Immunization event created
When Send a search request with 'POST' method for Immunization event created
Then The request will be successful with the status code '200'
And The Search Response JSONs should contain the detail of the immunization events created above
And The Search Response JSONs field values should match with the input JSONs field values for resourceType Immunization
Expand All @@ -49,10 +49,10 @@ Feature: Search the immunization of a patient
@Delete_cleanUp @supplier_name_Postman_Auth
Scenario Outline: Verify that the immunization events retrieved in the response of Search API should be within Date From and Date To range
Given Valid vaccination record is created for '<NHSNumber>' and Disease Type '<vaccine_type>' with recorded date as '<DateFrom>'
When Send a search request with GET method with valid NHS Number '<NHSNumber>' and Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>'
When Send a search request with 'GET' method with valid NHS Number '<NHSNumber>' and Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>'
Then The request will be successful with the status code '200'
And The occurrenceDateTime of the immunization events should be within the Date From and Date To range
When Send a search request with POST method with valid NHS Number '<NHSNumber>' and Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>'
When Send a search request with 'POST' method with valid NHS Number '<NHSNumber>' and Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>'
Then The request will be successful with the status code '200'
And The occurrenceDateTime of the immunization events should be within the Date From and Date To range
Examples:
Expand All @@ -62,10 +62,10 @@ Feature: Search the immunization of a patient
# Negative Scenarios
@supplier_name_Postman_Auth
Scenario Outline: Verify that Search API will throw error if NHS Number is invalid
When Send a search request with GET method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
When Send a search request with 'GET' method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid NHS Number
When Send a search request with POST method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
When Send a search request with 'POST' method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid NHS Number
Examples:
Expand All @@ -78,10 +78,10 @@ Feature: Search the immunization of a patient
@smoke
@supplier_name_Postman_Auth
Scenario Outline: Verify that Search API will throw error if include is invalid
When Send a search request with GET method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and invalid include '<include>'
When Send a search request with 'GET' method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and invalid include '<include>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid include
When Send a search request with POST method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and invalid include '<include>'
When Send a search request with 'POST' method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and invalid include '<include>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid include
Examples:
Expand All @@ -91,10 +91,10 @@ Feature: Search the immunization of a patient
@smoke
@supplier_name_Postman_Auth
Scenario Outline: Verify that Search API will throw error if both different combination of dates and include is invalid
When Send a search request with GET method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>' and include '<include>'
When Send a search request with 'GET' method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>' and include '<include>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date From, Date To and include
When Send a search request with POST method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>' and include '<include>'
When Send a search request with 'POST' method with valid NHS Number '<NHSNumber>' and valid Disease Type '<vaccine_type>' and Date From '<DateFrom>' and Date To '<DateTo>' and include '<include>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date From, Date To and include
Examples:
Expand All @@ -107,10 +107,10 @@ Feature: Search the immunization of a patient
@smoke
@supplier_name_Postman_Auth
Scenario Outline: Verify that Search API will throw error if Disease Type is invalid
When Send a search request with GET method with valid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
When Send a search request with 'GET' method with valid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Disease Type
When Send a search request with POST method with valid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
When Send a search request with 'POST' method with valid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Disease Type
Examples:
Expand All @@ -121,10 +121,10 @@ Feature: Search the immunization of a patient

@supplier_name_Postman_Auth
Scenario Outline: Verify that Search API will throw error if both NHS Number and Disease Type are invalid
When Send a search request with GET method with invalid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
When Send a search request with 'GET' method with invalid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid NHS Number as higher priority
When Send a search request with POST method with invalid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
When Send a search request with 'POST' method with invalid NHS Number '<NHSNumber>' and invalid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid NHS Number as higher priority
Examples:
Expand All @@ -136,19 +136,31 @@ Feature: Search the immunization of a patient
@Delete_cleanUp @supplier_name_Postman_Auth
Scenario: Verify that Search API returns 200 with results and OperationOutcome when both valid and invalid Disease Type are provided
Given Valid vaccination record is created with Patient 'Random' and vaccine_type 'COVID'
When Send a search request with GET method with valid NHS Number and mixed valid and invalid Disease Type
When Send a search request with 'GET' method with valid NHS Number and mixed valid and invalid Disease Type
Then The request will be successful with the status code '200'
And The Search Response should contain search results and OperationOutcome for invalid immunization targets
When Send a search request with POST method with valid NHS Number and mixed valid and invalid Disease Type
When Send a search request with 'POST' method with valid NHS Number and mixed valid and invalid Disease Type
Then The request will be successful with the status code '200'
And The Search Response should contain search results and OperationOutcome for invalid immunization targets

@smoke
@Delete_cleanUp @supplier_name_MAVIS
Copy link
Collaborator

@dlzhry2nhs dlzhry2nhs Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably fine for now, but because we have bound our tests to Actual rather than Fake test suppliers (e.g. Postman/Test app) in some cases, this could in future pass if we gave MAVIS permission for the unauthorized vacc type in future.

Worth consideration @FimranNHS but I will approve anyhow.

Scenario: Verify that Search API returns 200 with results and OperationOutcome with authorized and unauthorized Disease Type for the supplier
Given Valid vaccination record is created with Patient 'Random' and vaccine_type 'FLU'
When Send a search request with 'GET' method with valid NHS Number and multiple Disease Type
Then The request will be successful with the status code '200'
And The Search Response should contain search results and OperationOutcome for unauthorized immunization targets
When Send a search request with 'POST' method with valid NHS Number and multiple Disease Type
Then The request will be successful with the status code '200'
And The Search Response should contain search results and OperationOutcome for unauthorized immunization targets


@supplier_name_MAVIS @vaccine_type_RSV
Scenario Outline: Verify that Search API will throw error if date from is invalid
When Send a search request with GET method with invalid Date From '<DateFrom>' and valid Date To '<DateTo>'
When Send a search request with 'GET' method with invalid Date From '<DateFrom>' and valid Date To '<DateTo>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date From
When Send a search request with POST method with invalid Date From '<DateFrom>' and valid Date To '<DateTo>'
When Send a search request with 'POST' method with invalid Date From '<DateFrom>' and valid Date To '<DateTo>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date From
Examples:
Expand All @@ -159,10 +171,10 @@ Feature: Search the immunization of a patient

@supplier_name_RAVS @vaccine_type_RSV
Scenario Outline: Verify that Search API will throw error if date to is invalid
When Send a search request with GET method with valid Date From '<DateFrom>' and invalid Date To '<DateTo>'
When Send a search request with 'GET' method with valid Date From '<DateFrom>' and invalid Date To '<DateTo>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date To
When Send a search request with POST method with valid Date From '<DateFrom>' and invalid Date To '<DateTo>'
When Send a search request with 'POST' method with valid Date From '<DateFrom>' and invalid Date To '<DateTo>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date To
Examples:
Expand All @@ -173,10 +185,10 @@ Feature: Search the immunization of a patient

@supplier_name_MAVIS @vaccine_type_RSV
Scenario Outline: Verify that Search API will throw error if both date from and date to are invalid
When Send a search request with GET method with invalid Date From '<DateFrom>' and invalid Date To '<DateTo>'
When Send a search request with 'GET' method with invalid Date From '<DateFrom>' and invalid Date To '<DateTo>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date From
When Send a search request with POST method with invalid Date From '<DateFrom>' and invalid Date To '<DateTo>'
When Send a search request with 'POST' method with invalid Date From '<DateFrom>' and invalid Date To '<DateTo>'
Then The request will be unsuccessful with the status code '400'
And The Search Response JSONs should contain correct error message for invalid Date From
Examples:
Expand All @@ -188,10 +200,10 @@ Feature: Search the immunization of a patient
@smoke
@supplier_name_SONAR
Scenario Outline: Verify that Search API will throw error supplier is not authorized to make Search
When Send a search request with GET method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
When Send a search request with 'GET' method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '403'
And The Response JSONs should contain correct error message for 'unauthorized_access' access
When Send a search request with POST method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
When Send a search request with 'POST' method with invalid NHS Number '<NHSNumber>' and valid Disease Type '<DiseaseType>'
Then The request will be unsuccessful with the status code '403'
And The Response JSONs should contain correct error message for 'unauthorized_access' access
Examples:
Expand All @@ -203,7 +215,7 @@ Feature: Search the immunization of a patient
Scenario: Flu event is created and updated twice and search request fetch the latest meta version and Etag
Given I have created a valid vaccination record
And created event is being updated twice
When Send a search request with GET method for Immunization event created
When Send a search request with 'GET' method for Immunization event created
Then The request will be successful with the status code '200'
And The Search Response JSONs should contain the detail of the immunization events created above
And The Search Response JSONs field values should match with the input JSONs field values for resourceType Immunization
Expand Down
Loading