Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add initial package and configuration files for FHIR info Gateway #304

Open
wants to merge 56 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 53 commits
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
8e2c200
Add initial package and configuration files for FHIR info Gateway
drizzentic May 20, 2024
b0a333c
Add SMART on fhir realms creator
drizzentic May 24, 2024
f6cec06
Platform beta release
drizzentic May 15, 2024
e9979d6
Fix failing tests
drizzentic May 16, 2024
d6f8cb6
Add correct assertion
bradsawadye May 16, 2024
5a7c368
Ensure that the entry property in the bundle is always an array
bradsawadye May 16, 2024
feccb35
Add jempi network for the services to communicate
bradsawadye May 17, 2024
fb5eb07
Fix kafka consumer failing test
drizzentic May 16, 2024
c7ec435
Bump instant version to latest
rcrichton May 16, 2024
399a407
fix version and disable cert verification in console.
drizzentic May 20, 2024
be32707
Update version for mpi mediator
bradsawadye May 21, 2024
57fb197
Adds reprocess config files
ItsMurumba May 22, 2024
76c250c
Cleanup Reprocess package
ItsMurumba May 22, 2024
4601f8f
Change docker images to be configurable env variables
ItsMurumba May 24, 2024
ec18ae1
Format json files
ItsMurumba May 24, 2024
069145f
Format json files
ItsMurumba May 24, 2024
541a056
adding image variable to metadata.json and docker-compose files
brett-onions Apr 16, 2024
e51e516
adding deployment placement
brett-onions Apr 25, 2024
e7b84ad
adding image definition to metadata.json file
brett-onions Apr 16, 2024
417530e
adding placement and image version for pg in metadata file
brett-onions Apr 17, 2024
9769590
Update Kibana image and add KIBANA_IMAGE environment variable
brett-onions Apr 16, 2024
060ca81
add image and max replicas to metadata file
brett-onions Apr 16, 2024
9ca3ad8
Update docker-compose files and package metadata
brett-onions Apr 18, 2024
7d09a73
Update Elasticsearch cluster placement
brett-onions Apr 25, 2024
08c356c
Update Docker Compose files for PostgreSQL and Pgpool
brett-onions Apr 25, 2024
b6963e1
chore: update CLICKHOUSE_IMAGE to version 23.8.14.6
brett-onions May 21, 2024
d624b15
Change the name of the postgres image variable
bradsawadye May 24, 2024
3f25382
Disable the clickhouse test case (temporarily)
bradsawadye May 27, 2024
ec74acd
Fix syntax error
bradsawadye May 27, 2024
ffbe6a9
Run the recipe tests first
bradsawadye May 27, 2024
fc583cf
Fix typo
bradsawadye May 27, 2024
0474393
Fix if statement
bradsawadye May 27, 2024
65797ea
Fix typo in variable name
bradsawadye May 28, 2024
5e7b67a
Refactor
bradsawadye May 28, 2024
f449d8e
Update .vscode/settings.json
drizzentic May 29, 2024
9daa76b
Fix failure in client scopes creation on keycloak
drizzentic May 30, 2024
d3ae2c7
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic May 30, 2024
0e3aacc
parent cbd8b688d9f1973fbeb17415fe1ae55ad3102461
drizzentic May 24, 2024
d109bdc
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic May 30, 2024
44c1194
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Jul 3, 2024
1506798
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Jul 8, 2024
1b68f57
PR feedback
drizzentic Jul 9, 2024
ac4d67f
Update fhir-info-gateway/swarm.sh
drizzentic Jul 10, 2024
892c5c6
Update fhir-info-gateway/swarm.sh
drizzentic Jul 10, 2024
5f2a64c
Update fhir-info-gateway/swarm.sh
drizzentic Jul 10, 2024
a4b770f
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Jul 26, 2024
e4e6edf
Update config.yaml
drizzentic Jul 26, 2024
8a6d8dd
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Jul 29, 2024
759e7ee
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Jul 31, 2024
138558a
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Aug 14, 2024
2b94455
PR feedback
drizzentic Aug 14, 2024
9f4f8ee
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Sep 16, 2024
bb0b7ef
Add the update script to create default clients,roles and mappings
drizzentic Sep 17, 2024
f965914
add config importer to update keycloak
drizzentic Sep 17, 2024
ce3dbcd
Merge branch 'main' into CU-86byv0cyf_Add-initial-package-and-configu…
drizzentic Sep 18, 2024
abfd851
cleanup
drizzentic Sep 18, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ packages:
- database-postgres
- reprocess-mediator
- fhir-ig-importer
- fhir-info-gateway
drizzentic marked this conversation as resolved.
Show resolved Hide resolved

profiles:
- name: cdr-dw
Expand All @@ -47,6 +48,7 @@ profiles:
- kafka-unbundler-consumer
- fhir-ig-importer
- reprocess-mediator
- fhir-info-gateway
envFiles:
- cdr-dw.env

Expand All @@ -63,6 +65,8 @@ profiles:
- client-registry-jempi
- identity-access-manager-keycloak
- openhim-mapping-mediator
- fhir-ig-importer
- fhir-info-gateway
envFiles:
- cdr.env

Expand Down
17 changes: 17 additions & 0 deletions fhir-info-gateway/docker-compose-smart_keycloak.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: "3.9"

services:
smart-config:
image: jembi/keycloak-config:v0.0.1
networks:
keycloak:
environment:
KEYCLOAK_BASE_URL: ${KC_API_URL}
KEYCLOAK_USER: ${KC_ADMIN_USERNAME}
KEYCLOAK_PASSWORD: ${KC_ADMIN_PASSWORD}
KEYCLOAK_REALM: ${KC_REALM_NAME}
command: [ "-configFile", "config/backend-services-config.json" ]
networks:
keycloak:
name: keycloak_public
external: true
8 changes: 8 additions & 0 deletions fhir-info-gateway/docker-compose.dev.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
version: '3.9'

services:
fhir-info-gateway:
ports:
- target: 8080
published: 8880
mode: host
33 changes: 33 additions & 0 deletions fhir-info-gateway/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
version: "3.9"
services:
fhir-info-gateway:
image: ${FHIR_INFO_GATEWAY_IMAGE}
networks:
openhim:
keycloak:
default:
environment:
TOKEN_ISSUER: ${KC_API_URL}/realms/${KC_REALM_NAME}
ACCESS_CHECKER: ${ACCESS_CHECKER}
PROXY_TO: ${GATEWAY_MPI_PROXY_URL}
BACKEND_TYPE: ${BACKEND_TYPE}
RUN_MODE: ${RUN_MODE}
deploy:
replicas: ${FHIR_INFO_GATEWAY_INSTANCES}
placement:
max_replicas_per_node: ${FHIR_INFO_GATEWAY_MAX_REPLICAS_PER_NODE}
resources:
limits:
cpus: ${FHIR_INFO_GATEWAY_CPU_LIMIT}
memory: ${FHIR_INFO_GATEWAY_MEMORY_LIMIT}
reservations:
cpus: ${FHIR_INFO_GATEWAY_CPU_RESERVE}
memory: ${FHIR_INFO_GATEWAY_MEMORY_RESERVE}
networks:
openhim:
name: openhim_public
external: true
keycloak:
name: keycloak_public
external: true
default:
231 changes: 231 additions & 0 deletions fhir-info-gateway/importer/keycloak-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,231 @@
{
"clientScopes": {
"system/*.rs": {
"protocol": "openid-connect",
"description": "Read access to all resources",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "admin",
"name": "administrator",
"description": "Has full access to all resources"
}
},

"system/Patient.cruds": {
"protocol": "openid-connect",
"description": "Read access to all data",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "admin",
"name": "administrator",
"description": "Has full access to all resources"
}
},
"system/Patient.cud": {
"protocol": "openid-connect",
"description": "Read and write access to all Patient",
"attributes": {
"include.in.token.scope": "false"
},
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "manager",
"name": "manager",
"description": "Has limited access to all resources"
}
},
"system/Patient.rs": {
"protocol": "openid-connect",
"description": "Read access to all Patient",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "user",
"name": "user",
"description": "Has read access to all resources"
}
},
"system/Encounter.rs": {
"protocol": "openid-connect",
"description": "Read access to all Encounter data",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "user",
"name": "user",
"description": "Has read access to all resources"
}
},
"system/Observation.rs": {
"protocol": "openid-connect",
"description": "Read access to all Observation data",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "user",
"name": "user",
"description": "Has read access to all resources"
}
},
"system/Encounter.cruds": {
"protocol": "openid-connect",
"description": "Read, write and search access to all Encounter data",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "admin",
"name": "administrator",
"description": "Has full access to all resources"
}
},
"system/Encounter.cud": {
"protocol": "openid-connect",
"description": "Read and write access to all Encounter data",
"attributes": {
"include.in.token.scope": "false"
},
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "manager",
"name": "manager",
"description": "Has limited access to all resources"
}
},
"system/Observation.cruds": {
"protocol": "openid-connect",
"description": "Read access to all Observation data",
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "admin",
"name": "administrator",
"description": "Has full access to all resources"
}
},
"system/Observation.cud": {
"protocol": "openid-connect",
"description": "Read and write access to all Observation data",
"attributes": {
"include.in.token.scope": "false"
},
"mappers": {
"Audience Mapper": {
"protocol": "openid-connect",
"protocolmapper": "oidc-audience-mapper",
"config": {
"access.token.claim": "true"
}
}
},
"role": {
"id": "manager",
"name": "manager",
"description": "Has limited access to all resources"
}
}
},

"client": {
"protocol": "openid-connect",
"clientId": "emr",
"name": "EMR user",
"description": "",
"publicClient": false,
"authorizationServicesEnabled": false,
"serviceAccountsEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"standardFlowEnabled": true,
"frontchannelLogout": true,
"alwaysDisplayInConsole": false,
"attributes": {
"oauth2.device.authorization.grant.enabled": false,
"oidc.ciba.grant.enabled": false
}
},
"groups": {
"fhirUser": {}
},
"defaultGroup": "fhir-user-group",
"defaultUser": {
"username": "fhirUser",
"firstName": "FHIR",
"lastName": "User",
"email": "[email protected]",
"emailVerified": false,
"enabled": true,
"groups": ["fhirUser"]
},
"resetPassword": {
"temporary": false,
"type": "password",
"value": "dev_password_only"
}
Comment on lines +226 to +230
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strongly advise against using the current password in production.

The resetPassword configuration sets a non-temporary password with the value "dev_password_only". This password is weak and not suitable for production environments. Using such a password poses a significant security risk, as attackers could easily guess or brute-force it, gaining unauthorized access to the system.

Strongly recommend generating a secure, random password for production use. Consider using a password manager or a secure password generation tool to create a strong password with a minimum of 12 characters, including a mix of uppercase and lowercase letters, numbers, and special characters.

Apply this diff to remove the current password:

-    "value": "dev_password_only"
+    "value": "<GENERATE_SECURE_PASSWORD>"

Committable suggestion was skipped due to low confidence.

}
Loading
Loading