Remove SSN endpoint from Cosmetology API

[landonshumway-ia]

The Cosmetology API does not need to support reading the full SSN of a practitioner. As a security measure we are removing that API endpoint and the permissions to query the SSN table. This will require two full deployments to all environments, the first to remove the API resources, then the second to remove the IAM role from the persistent stack.

Closes #1474

Summary by CodeRabbit

• Chores

  • Removed the provider SSN retrieval API and all SSN-related configuration, monitoring, rate‑limiting, and permissions.
  • Removed the staff permission/action for reading SSNs and all API/model/schema exposures for SSN.
  • Replaced the functional SSN endpoint with a no‑op placeholder to preserve stack compatibility.

• Tests

  • Removed SSN endpoint unit, integration, and smoke tests.

• Documentation

  • Removed SSN-related test environment variable and smoke test references.

[coderabbitai]

Warning

Rate limit exceeded

@landonshumway-ia has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 47 minutes and 3 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 47 minutes and 3 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 743a53c6-d3b7-4b26-a531-0b9c87a72ebf

📥 Commits

Reviewing files that changed from the base of the PR and between a0c56fa and 1449447.

📒 Files selected for processing (26)

• backend/cosmetology-app/common_constructs/resource_scope_mixin.py
• backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/common.py
• backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/provider/api.py
• backend/cosmetology-app/lambdas/python/common/cc_common/utils.py
• backend/cosmetology-app/lambdas/python/provider-data-v1/handlers/providers.py
• backend/cosmetology-app/lambdas/python/provider-data-v1/tests/function/test_handlers/test_providers.py
• backend/cosmetology-app/lambdas/python/staff-user-pre-token/tests/test_user_scopes.py
• backend/cosmetology-app/lambdas/python/staff-user-pre-token/user_data.py
• backend/cosmetology-app/stacks/api_lambda_stack/provider_management.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api_model.py
• backend/cosmetology-app/stacks/api_stack/v1_api/provider_management.py
• backend/cosmetology-app/stacks/persistent_stack/__init__.py
• backend/cosmetology-app/stacks/persistent_stack/ssn_table.py
• backend/cosmetology-app/tests/app/base.py
• backend/cosmetology-app/tests/app/test_api/test_provider_management_api.py
• backend/cosmetology-app/tests/app/test_pipeline.py
• backend/cosmetology-app/tests/resources/snapshots/JURISDICTION_RESOURCE_SERVER_CONFIGURATION.json
• backend/cosmetology-app/tests/resources/snapshots/PATCH_STAFF_USERS_REQUEST_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/PATCH_STAFF_USERS_RESPONSE_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/POST_STAFF_USERS_REQUEST_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/POST_STAFF_USERS_RESPONSE_SCHEMA.json
• backend/cosmetology-app/tests/smoke/README.md
• backend/cosmetology-app/tests/smoke/smoke_common.py
• backend/cosmetology-app/tests/smoke/smoke_tests_env_example.json
• backend/cosmetology-app/tests/smoke/ssn_read_throttling_smoke_tests.py

📝 Walkthrough

Walkthrough

Removed provider SSN read capability across the codebase: SSN schema, handler, endpoint, rate-limiting, permissions/scopes, infra wiring (lambda, grants, alarms, exports), persistence access, smoke/tests, and related snapshots/fixtures.

Changes

Cohort / File(s)	Summary
Schema & permission enums backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/provider/api.py, backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/common.py	Deleted ProviderSSNResponseSchema and removed CCPermissionsAction.READ_SSN.
Provider handlers backend/cosmetology-app/lambdas/python/provider-data-v1/handlers/providers.py	Removed get_provider_ssn handler, _ssn_rate_limit_exceeded helper, and SSN-specific imports/logic.
Handler tests backend/cosmetology-app/lambdas/python/provider-data-v1/tests/function/test_handlers/test_providers.py	Deleted TestGetProviderSSN test class and related helpers/imports.
API lambda stack backend/cosmetology-app/stacks/api_lambda_stack/provider_management.py	Removed SSN Lambda creation and env vars; added inert/dummy no-op SSN Lambda to preserve exports; removed SSN alarms, metrics, and permissions.
API stack & models backend/cosmetology-app/stacks/api_stack/v1_api/api.py, .../api_model.py, .../provider_management.py	Removed SSN authorization scopes/method options, deleted provider-SSN API model/property and endpoint wiring (and its 4xx alarm).
Persistence / SSN table backend/cosmetology-app/stacks/persistent_stack/__init__.py, .../ssn_table.py	Revoked read/KMS decrypt grants for API query role, adjusted KMS allowlist, added CFN exports for role ARN/name, and updated cdk-nag suppressions.
Resource server / scopes backend/cosmetology-app/common_constructs/resource_scope_mixin.py, .../staff-user-pre-token/user_data.py	Removed generation/assignment of compact/jurisdiction readSSN resource server scopes and related scope generation logic.
Utility helpers backend/cosmetology-app/lambdas/python/common/cc_common/utils.py	Removed helper user_has_read_ssn_access_for_provider(...).
Pipeline, snapshots & tests backend/cosmetology-app/tests/app/*, backend/cosmetology-app/tests/resources/snapshots/*, backend/cosmetology-app/lambdas/python/staff-user-pre-token/tests/*	Updated tests and snapshots to remove readSSN / cosm.readSSN expectations and OAuth scopes.
Smoke tests & docs backend/cosmetology-app/tests/smoke/*	Removed SSN smoke test file, env var example entries, and helper get_provider_ssn_lambda_name().

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant API as API_Gateway
  participant Lambda as SSN_Lambda
  participant RateDB as RateLimit_DynamoDB
  participant ProviderDB as Provider_DynamoDB
  participant KMS
  participant CloudWatch

  Client->>API: GET /providers/{id}/ssn
  API->>Lambda: invoke
  Lambda->>RateDB: check rate-limit
  alt under limit
    Lambda->>ProviderDB: query encrypted SSN
    ProviderDB-->>Lambda: encrypted SSN
    Lambda->>KMS: decrypt
    KMS-->>Lambda: plaintext SSN
    Lambda->>Client: 200 + SSN
    Lambda->>CloudWatch: emit metrics/alarms
  else rate limited
    Lambda->>Client: 429
    Lambda->>CloudWatch: emit throttling metric
  end

Loading

sequenceDiagram
  participant Client
  participant API as API_Gateway
  participant CloudWatch

  Client->>API: GET /providers/{id}/ssn
  API->>Client: 404 / Method Not Found (endpoint removed)
  Note right of API: No SSN Lambda, no RateDB, no KMS, no SSN metrics/alarms

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Refactor Cosmetology License schema to remove NPI / require license number #1291 — Modifies the same provider schema file and removes SSN-related schema elements.

Suggested reviewers

• jlkravitz
• ChiefStief
• rmolinares

Poem

🐰 I hopped through modules, nip and tuck,

SSN paths folded—no more muck.
Lambdas quiet, scopes set free,
Four digits smiling, hiding glee.
A small code-hop, a lighter tree.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 36.36% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The PR description provides context about the security-driven removal of the SSN endpoint and mentions the requirement for two deployments, but does not address most of the testing checklist items from the template.	Add confirmation that unit tests, build, and serve commands have been validated. Clarify whether CDK tests were updated and if the OpenAPI spec has been regenerated.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and concisely describes the main change: removing the SSN endpoint from the Cosmetology API, which aligns with the substantial code changes across multiple files.
Linked Issues check	✅ Passed	The PR comprehensively removes the SSN endpoint, permissions, and associated code across backend, tests, and configuration files, directly addressing the core requirement to remove the ability to view full SSNs in the Cosmetology API.
Out of Scope Changes check	✅ Passed	All changes are directly related to removing SSN functionality: handler removal, schema updates, permission cleanup, infrastructure changes, and test updates. No unrelated modifications are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@backend/cosmetology-app/lambdas/python/provider-data-v1/handlers/providers.py`:
- Around line 1-14: Residual readSSN permission artifacts remain after removing
the get_provider_ssn handler; update the PR by adding a clear note (or create a
follow-up ticket) stating this is a phased cleanup and listing the remaining
symbols/integration points to remove later (readSSN scope generation in
staff-user-pre-token lambda, readSSN boolean in API schema/api_model, tests
verifying scope generation, and the utility
user_has_read_ssn_access_for_provider), and reference that staff-user data
migration must complete before final removal so reviewers and future maintainers
are aware of the planned staged deletion.

In `@backend/cosmetology-app/stacks/persistent_stack/ssn_table.py`:
- Around line 257-275: Remove the unused CloudFormation export for
self.api_query_role.role_name (or both exports if no stack imports either) so
phase-2 cleanup isn't blocked; confirm which attribute the cosmetology API stack
imports and keep only self.api_query_role.role_arn if that's the sole consumer,
otherwise drop both exports. Also update the NagSuppressions reason string for
the ApiQuery role (reference self.api_query_role and the existing
NagSuppressions.add_resource_suppressions_by_path call) to: "This role is inert
(nothing assumes it) even though AWSLambdaBasicExecutionRole is attached for
backwards compatibility during staged removal." Ensure the export removal and
updated reason are committed together.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b25c99a6-ad90-4939-a687-2a345ab74f1a

📥 Commits

Reviewing files that changed from the base of the PR and between 0c2b88c and a30485a.

📒 Files selected for processing (15)

• backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/provider/api.py
• backend/cosmetology-app/lambdas/python/provider-data-v1/handlers/providers.py
• backend/cosmetology-app/lambdas/python/provider-data-v1/tests/function/test_handlers/test_providers.py
• backend/cosmetology-app/stacks/api_lambda_stack/provider_management.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api_model.py
• backend/cosmetology-app/stacks/api_stack/v1_api/provider_management.py
• backend/cosmetology-app/stacks/persistent_stack/__init__.py
• backend/cosmetology-app/stacks/persistent_stack/ssn_table.py
• backend/cosmetology-app/tests/app/base.py
• backend/cosmetology-app/tests/app/test_api/test_provider_management_api.py
• backend/cosmetology-app/tests/smoke/README.md
• backend/cosmetology-app/tests/smoke/smoke_common.py
• backend/cosmetology-app/tests/smoke/smoke_tests_env_example.json
• backend/cosmetology-app/tests/smoke/ssn_read_throttling_smoke_tests.py

💤 Files with no reviewable changes (11)

• backend/cosmetology-app/tests/smoke/README.md
• backend/cosmetology-app/tests/smoke/smoke_tests_env_example.json
• backend/cosmetology-app/tests/smoke/smoke_common.py
• backend/cosmetology-app/stacks/persistent_stack/init.py
• backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/provider/api.py
• backend/cosmetology-app/stacks/api_stack/v1_api/provider_management.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api.py
• backend/cosmetology-app/tests/app/test_api/test_provider_management_api.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api_model.py
• backend/cosmetology-app/stacks/api_lambda_stack/provider_management.py
• backend/cosmetology-app/tests/smoke/ssn_read_throttling_smoke_tests.py

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

backend/cosmetology-app/lambdas/python/staff-user-pre-token/tests/test_user_scopes.py (1)

23-27: ⚠️ Potential issue | 🔴 Critical

Remove stale READ_SSN references from UserData.

The CCPermissionsAction enum no longer defines READ_SSN, but UserData still references it at lines 57, 68–69, and 91. This will cause AttributeError when staff tokens are generated in production (called from main.py:30), breaking the staff-user-pre-token Lambda before any test assertions can run.

Required fix in user_data.py

 # backend/cosmetology-app/lambdas/python/staff-user-pre-token/user_data.py
 disallowed_actions = compact_actions - {
     CCPermissionsAction.READ,
     CCPermissionsAction.ADMIN,
     CCPermissionsAction.READ_PRIVATE,
-    CCPermissionsAction.READ_SSN,
 }

 ...

-if CCPermissionsAction.READ_SSN in compact_actions:
-    self.scopes.add(f'{compact_abbr}/{CCPermissionsAction.READ_SSN}')
-
 if CCPermissionsAction.ADMIN in compact_actions:
     self.scopes.add(f'{compact_abbr}/{CCPermissionsAction.ADMIN}')

 ...

 disallowed_actions = jurisdiction_actions - {
     CCPermissionsAction.WRITE,
     CCPermissionsAction.ADMIN,
     CCPermissionsAction.READ_PRIVATE,
-    CCPermissionsAction.READ_SSN,
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@backend/cosmetology-app/lambdas/python/staff-user-pre-token/tests/test_user_scopes.py`
around lines 23 - 27, UserData currently references the removed enum member
CCPermissionsAction.READ_SSN (at the occurrences in user_data.py corresponding
to the checks around the constructor/permission logic), causing AttributeError;
open user_data.py and remove all uses of CCPermissionsAction.READ_SSN (lines
referenced in the review) and replace those checks with the appropriate existing
enum values (e.g., CCPermissionsAction.READ or CCPermissionsAction.READ_PRIVATE)
or collapse the condition into the existing permission logic so no code depends
on READ_SSN; ensure any unit tests or callers that expected READ_SSN behavior
are covered by the new checks and that imports/attribute access to
CCPermissionsAction no longer reference READ_SSN.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In
`@backend/cosmetology-app/lambdas/python/staff-user-pre-token/tests/test_user_scopes.py`:
- Around line 23-27: UserData currently references the removed enum member
CCPermissionsAction.READ_SSN (at the occurrences in user_data.py corresponding
to the checks around the constructor/permission logic), causing AttributeError;
open user_data.py and remove all uses of CCPermissionsAction.READ_SSN (lines
referenced in the review) and replace those checks with the appropriate existing
enum values (e.g., CCPermissionsAction.READ or CCPermissionsAction.READ_PRIVATE)
or collapse the condition into the existing permission logic so no code depends
on READ_SSN; ensure any unit tests or callers that expected READ_SSN behavior
are covered by the new checks and that imports/attribute access to
CCPermissionsAction no longer reference READ_SSN.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 08d87105-b318-4f9e-a19a-5b325afda54e

📥 Commits

Reviewing files that changed from the base of the PR and between a30485a and 5eaee5f.

📒 Files selected for processing (10)

• backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/common.py
• backend/cosmetology-app/lambdas/python/staff-user-pre-token/tests/test_user_scopes.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api_model.py
• backend/cosmetology-app/tests/app/base.py
• backend/cosmetology-app/tests/app/test_pipeline.py
• backend/cosmetology-app/tests/resources/snapshots/JURISDICTION_RESOURCE_SERVER_CONFIGURATION.json
• backend/cosmetology-app/tests/resources/snapshots/PATCH_STAFF_USERS_REQUEST_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/PATCH_STAFF_USERS_RESPONSE_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/POST_STAFF_USERS_REQUEST_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/POST_STAFF_USERS_RESPONSE_SCHEMA.json

💤 Files with no reviewable changes (6)

• backend/cosmetology-app/tests/resources/snapshots/PATCH_STAFF_USERS_RESPONSE_SCHEMA.json
• backend/cosmetology-app/lambdas/python/common/cc_common/data_model/schema/common.py
• backend/cosmetology-app/tests/resources/snapshots/PATCH_STAFF_USERS_REQUEST_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/POST_STAFF_USERS_REQUEST_SCHEMA.json
• backend/cosmetology-app/tests/resources/snapshots/JURISDICTION_RESOURCE_SERVER_CONFIGURATION.json
• backend/cosmetology-app/tests/resources/snapshots/POST_STAFF_USERS_RESPONSE_SCHEMA.json

🚧 Files skipped from review as they are similar to previous changes (2)

• backend/cosmetology-app/tests/app/base.py
• backend/cosmetology-app/stacks/api_stack/v1_api/api_model.py

[ChiefStief]

Looks good

[landonshumway-ia]

@jlkravitz This is ready for your review. Thanks