implement apply access control to /validate endpoints

[aktaskaan]

JIRA link (if applicable)

https://tools.hmcts.net/jira/browse/CCD-5344

Change description

Does this PR introduce a breaking change? (check one with "x")

[ ] Yes
[ ] No

[hmcts-jenkins-a-to-c]

Plan Result (aat)

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 0 to add, 0 to change, 2 to destroy.

• Delete
  • module.postgresql_v15.azurerm_postgresql_flexible_server_configuration.pgsql_server_config["logfiles.download_enable"]
  • module.postgresql_v15.azurerm_postgresql_flexible_server_configuration.pgsql_server_config["logfiles.retention_days"]

Change Result (Click me)

  # module.postgresql_v15.azurerm_postgresql_flexible_server_configuration.pgsql_server_config["logfiles.download_enable"] will be destroyed
  # (because key ["logfiles.download_enable"] is not in for_each map)
  - resource "azurerm_postgresql_flexible_server_configuration" "pgsql_server_config" {
      - id        = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/ccd-data-store-api-postgres-db-v15-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/ccd-data-store-api-postgres-db-v15-aat/configurations/logfiles.download_enable" -> null
      - name      = "logfiles.download_enable" -> null
      - server_id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/ccd-data-store-api-postgres-db-v15-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/ccd-data-store-api-postgres-db-v15-aat" -> null
      - value     = "ON" -> null
    }

  # module.postgresql_v15.azurerm_postgresql_flexible_server_configuration.pgsql_server_config["logfiles.retention_days"] will be destroyed
  # (because key ["logfiles.retention_days"] is not in for_each map)
  - resource "azurerm_postgresql_flexible_server_configuration" "pgsql_server_config" {
      - id        = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/ccd-data-store-api-postgres-db-v15-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/ccd-data-store-api-postgres-db-v15-aat/configurations/logfiles.retention_days" -> null
      - name      = "logfiles.retention_days" -> null
      - server_id = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/ccd-data-store-api-postgres-db-v15-data-aat/providers/Microsoft.DBforPostgreSQL/flexibleServers/ccd-data-store-api-postgres-db-v15-aat" -> null
      - value     = "7" -> null
    }

Plan: 0 to add, 0 to change, 2 to destroy.

[danlysiak]

A few suggestions.

[danlysiak]

I think we need to re-work the tests in this PR (whether as part of this ticket or temporarily disabling here to be fixed in another ticket) so that they retain their original purpose of what they were actually trying to test, as now we're applying AC here it's no longer actually verifying the scenario.

[aktaskaan]

Assigning the necessary roles to the user for the TTL field solves the /validate scenarios but breaks about 20 different scenarios. Also, creating and assigning a new role just to access this field causes a similar problem. Since the TTL field is very dependent on scenarios, it would be better to reorganise the 5 scenarios that fail for /validate by adding a new field. Therefore I am disabling them and will create a new ticket.

[danlysiak]

Suggested change

	Map<String, JsonNode> map = MAPPER.convertValue(from, new TypeReference<HashMap<String, JsonNode>>() {});
	Map<String, JsonNode> map = convertValue(from);

Looks like we are just re-using the implementation for this anyway?

[aktaskaan]

done 👍

[aktaskaan]

@danlysiak @RebeccaBaker I have created CCD-5434 for the disabled FTs.

[aktaskaan]

combined with ccd-6022 in #2545