Skip to content

Commit

Permalink
Merge branch 'main' into chores/additional-code-coverage
Browse files Browse the repository at this point in the history
  • Loading branch information
luis-pabon-tf authored Jul 17, 2024
2 parents ba75905 + fb5034d commit 608a658
Show file tree
Hide file tree
Showing 19 changed files with 140 additions and 31 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -306,18 +306,18 @@ After enabling this option it is recommended that you delete all docker images a
with this option enabled.

1. Checkout `master` branch for `CDCgov/prime-reportstream`
2. Copy the scripts found at [/scripts/rs](/scripts/rs) to `prime-reportstream/prime-router`
2. Create a symbolic link or copy the scripts found at [/scripts/rs](/scripts/rs) to `prime-reportstream/prime-router`
- **Note**: follow the instructions in [/scripts/rs/readme.md](/scripts/rs/readme.md) to set up the environment variable
3. CD to `prime-reportstream/prime-router`

If attempting to access the metadata endpoint in ReportStream add the variable `ETOR_TI_baseurl="http://host.docker.internal:8080"` to `.prime-router/.vault/env/.env.local` file before building the container
4. Run the `./cleanslate` script. For more information you can refer to the [ReportStream docs](https://github.com/CDCgov/prime-reportstream/blob/master/prime-router/docs/docs-deprecated/getting-started/getting-started.md#building-the-baseline)
5. Run RS with `docker compose up --build -d`
6. Edit `/settings/staging/0166-flexion-staging-results-handling.yml` to comment the lines related to staging settings, and uncomment the ones for local settings:
6. Edit `/settings/STLTs/Flexion/flexion.yml` to comment the lines related to staging settings, and uncomment the ones for local settings:
- `authTokenUrl`, `reportUrl`, `authHeaders.host` under REST `transport` in `receivers`
- `type` and `credentialName` under SFTP `transport` in `receivers`
7. Run the `./reset.sh` script to reset the database and apply the flexion org settings
8. Run the `./setup-vault.sh` script to set up the local vault secrets
7. Run the `./reset.sh` script to reset the database
8. Run the `./load-etor-org-settings.sh` to apply the ETOR organization settings
9. Run the `./setup-local-vault.sh` script to set up the local vault secrets
- You can verify that the script created the secrets succesfully by going to `http://localhost:8200/` in your browser, use the token in `prime-router/.vault/env/.env.local` to authenticate, and then go to `Secrets engines` > `secret/` to check the available secrets

#### Submit request to ReportStream
Expand Down
2 changes: 1 addition & 1 deletion etor/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ dependencies {
testImplementation testFixtures(project(':shared'))

implementation 'com.azure:azure-storage-blob:12.26.1'
implementation 'com.azure:azure-identity:1.13.0'
implementation 'com.azure:azure-identity:1.13.1'

testImplementation 'org.apache.groovy:groovy:4.0.22'
testImplementation 'org.spockframework:spock-core:2.3-groovy-4.0'
Expand Down
Binary file modified gradle/wrapper/gradle-wrapper.jar
Binary file not shown.
2 changes: 1 addition & 1 deletion gradle/wrapper/gradle-wrapper.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
Expand Down
5 changes: 4 additions & 1 deletion gradlew
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

##############################################################################
#
Expand Down Expand Up @@ -84,7 +86,8 @@ done
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
' "$PWD" ) || exit

# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
Expand Down
2 changes: 2 additions & 0 deletions gradlew.bat
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@rem SPDX-License-Identifier: Apache-2.0
@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
Expand Down
2 changes: 1 addition & 1 deletion operations/environments/dev/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.111.0"
version = "3.112.0"
}
}

Expand Down
2 changes: 1 addition & 1 deletion operations/environments/internal/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.111.0"
version = "3.112.0"
}
}

Expand Down
2 changes: 1 addition & 1 deletion operations/environments/pr/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.111.0"
version = "3.112.0"
}
}

Expand Down
2 changes: 1 addition & 1 deletion operations/environments/prd/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.111.0"
version = "3.112.0"
}
}

Expand Down
2 changes: 1 addition & 1 deletion operations/environments/stg/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.111.0"
version = "3.112.0"
}
}

Expand Down
13 changes: 13 additions & 0 deletions scripts/hurl/epic/hrl
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
client=
audience=https://epicproxy-np.et0502.epichosted.com/FhirProxy/oauth2/token
secret=/path/to/ucsd-epic-private-key.pem
root=$CDCTI_HOME/examples/CA/
fpath="$1"
shift

hurl \
--variable fpath=$fpath \
--file-root $root \
--variable jwt=$(jwt encode --exp='+5min' --jti $(uuidgen) --alg RS256 -k $client -i $client -s $client -a $audience --no-iat -S @$secret) \
results.hurl \
$@
10 changes: 10 additions & 0 deletions scripts/hurl/epic/readme.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Epic/UCSD Hurl Script

## Before running the script

- Add the `client` id to `.hrl`
- Update the `secret` variable path

## Usage

`./hrl <HL7_FILE_NAME>`
18 changes: 18 additions & 0 deletions scripts/hurl/epic/results.hurl
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# curl -H 'Content-Type: application/x-www-form-urlencoded' --data 'client_assertion=$(jwt encode --exp=+5min --jti $(uuidgen) --alg RS256 -k $client -i $client -s $client -a https://epicproxy-np.et0502.epichosted.com/FhirProxy/oauth2/token --no-iat -S @/path/to/ucsd-epic-private-key.pem)' --data 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' --data 'grant_type=client_credentials' 'https://epicproxy-np.et0502.epichosted.com/FhirProxy/oauth2/token'
POST https://epicproxy-np.et0502.epichosted.com/FhirProxy/oauth2/token
Content-Type: application/x-www-form-urlencoded
[FormParams]
client_assertion: {{jwt}}
client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
grant_type: client_credentials

HTTP 200

[Captures]
token: jsonpath "$['access_token']"

# curl -H 'Content-Type: application/hl7-v2' -H 'Authorization: Bearer $token' --data-binary '@/path/to/oru.hl7' 'https://epicproxy-np.et0502.epichosted.com/CDPH_NBGS_TST/api/epic/2015/EDI/HTTP/HL7v2/910377'
POST https://epicproxy-np.et0502.epichosted.com/CDPH_NBGS_TST/api/epic/2015/EDI/HTTP/HL7v2/910377
Content-Type: application/hl7-v2
Authorization: Bearer {{token}}
file,{{fpath}};
10 changes: 4 additions & 6 deletions scripts/hurl/readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,8 @@

- [hurl](https://hurl.dev/)

## ReportStream
## Available Hurl Scripts

The hurl script to send requests to ReportStream's endpoints is in [rs/](./rs/)

## CDC Intermediary

The hurl script to send requests to the CDC Intermediary's endpoints is in [ti/](./ti/)
- [ReportStream](./rs/): scripts to send requests to ReportStream's endpoints
- [CDC Intermediary](./ti/): scripts to send requests to the CDC Intermediary's endpoints
- [Epic/UCSD](./epic/): scripts to send requests to Epic endpoints for UCSD
58 changes: 58 additions & 0 deletions scripts/rs/load-etor-org-settings.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/usr/bin/env bash

# This script loads the ETOR organization settings and adds the public keys for the senders.
# NOTE: Remember to run this script inside the prime-router directory of the prime-reportstream codebase
# Make sure to add a CDCTI_HOME environment variable pointing to the trusted-intermediary directory
# export CDCTI_HOME="/path/to/trusted-intermediary"
# You'll also need to set the path to the keys if running in a non-local environment

env=${1:-"local"}

if [ "$env" = "local" ]; then
flexion_key="$CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem"
# al_phl_key="/path/to/organization-al-phl-public-key-local.pem"
# oracle_rln_key="/path/to/organization-oracle-rln-public-key-local.pem"
# ca_phl_key="/path/to/organization-ca-phl-public-key-local.pem"
# la_phl_key="/path/to/organization-la-phl-public-key-local.pem"
# la_ochsner_key="/path/to/organization-la-ochsner-public-key-local.pem"
elif [ "$env" = "staging" ]; then
# flexion_key="/path/to/organization-trusted-intermediary-public-key-staging.pem"
# al_phl_key="/path/to/organization-al-phl-public-key-staging.pem"
# oracle_rln_key="/path/to/organization-oracle-rln-public-key-staging.pem"
# ca_phl_key="/path/to/organization-ca-phl-public-key-staging.pem"
# la_phl_key="/path/to/organization-la-phl-public-key-staging.pem"
# la_ochsner_key="/path/to/organization-la-ochsner-public-key-staging.pem"
elif [ "$env" = "prod" ]; then
# flexion_key="/path/to/organization-trusted-intermediary-public-key-prod.pem"
# al_phl_key="/path/to/organization-al-phl-public-key-prod.pem"
# oracle_rln_key="/path/to/organization-oracle-rln-public-key-prod.pem"
# ca_phl_key="/path/to/organization-ca-phl-public-key-prod.pem"
# la_phl_key="/path/to/organization-la-phl-public-key-prod.pem"
# la_ochsner_key="/path/to/organization-la-ochsner-public-key-prod.pem"
else
echo "Unknown environment: $env"
exit 1
fi

## Flexion
./prime multiple-settings set -s -e $env -i ./settings/STLTs/Flexion/flexion.yml
./prime organization addkey -e $env --public-key $flexion_key --scope "flexion.*.report" --orgName flexion --kid flexion.etor-service-sender --doit
./prime organization addkey -e $env --public-key $flexion_key --scope "flexion.*.report" --orgName flexion --kid flexion.simulated-hospital --doit
./prime organization addkey -e $env --public-key $flexion_key --scope "flexion.*.report" --orgName flexion --kid flexion.simulated-lab --doit

## AL
./prime multiple-settings set -s -e $env -i ./settings/STLTs/AL/al-phl.yml
# ./prime organization addkey -e $env --public-key $al_phl_key --scope "al-phl.*.report" --orgName al-phl --kid al-phl.etor-nbs-results --doit
./prime multiple-settings set -e $env -s -i ./settings/STLTs/Oracle/oracle-rln.yml
# ./prime organization addkey -e $env --public-key $oracle_rln_key --scope "oracle-rln.*.report" --orgName oracle-rln --kid oracle-rln.etor-nbs-orders --doit

## CA
./prime multiple-settings set -s -e $env -i ./settings/STLTs/CA/ucsd.yml
./prime multiple-settings set -s -e $env -i ./settings/STLTs/CA/ca-phl.yml
# ./prime organization addkey -e $env --public-key $ca_phl_key --scope "ca-phl.*.report" --orgName ca-phl --kid ca-phl.etor-nbs-results --doit

## LA
./prime multiple-settings set -s -e $env -i ./settings/STLTs/LA/la-phl.yml
# ./prime organization addkey -e $env --public-key $la_phl_key --scope "la-phl.*.report" --orgName la-phl --kid la-phl.etor-nbs-results --doit
./prime multiple-settings set -s -e $env -i ./settings/STLTs/LA/la-ochsner.yml
# ./prime organization addkey -e $env --public-key $la_ochsner_key --scope "la-ochsner.*.report" --orgName la-ochsner --kid la-ochsner.etor-nbs-orders --doit
22 changes: 11 additions & 11 deletions scripts/rs/reset.sh
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
#!/usr/bin/env bash

# This script resets the database and loads the baseline settings.
# NOTE: Remember to run this script inside the prime-router directory of the prime-reportstream codebase
# Make sure to add a CDCTI_HOME environment variable pointing to the trusted-intermediary directory
# export CDCTI_HOME="/path/to/trusted-intermediary"

./gradlew resetDB
./gradlew reloadTable
./gradlew flywayRepair
./gradlew reloadSettings
./prime multiple-settings set -s -i ./settings/staging/0166-flexion-staging-results-handling.yml
./prime organization addkey --public-key $CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.etor-service-sender --doit
./prime organization addkey --public-key $CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.simulated-hospital --doit
./prime organization addkey --public-key $CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.simulated-lab --doit

# Reset database
../gradlew resetDB

# Reload tables
./prime lookuptables loadall

# Load baseline organization settings
./prime multiple-settings set -s -i ./settings/organizations.yml
7 changes: 7 additions & 0 deletions scripts/rs/setup-vault.sh → scripts/rs/setup-local-vault.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
#!/usr/bin/env bash

# This script loads the credentials into the local vault to set up the ETOR receivers.
# NOTE: Remember to run this script inside the prime-router directory of the prime-reportstream codebase
# Make sure to add a CDCTI_HOME environment variable pointing to the trusted-intermediary directory
# export CDCTI_HOME="/path/to/trusted-intermediary"
Expand All @@ -10,3 +12,8 @@ export $(xargs <.vault/env/.env.local)
./prime create-credential --type UserPass --user foo --pass pass --persist DEFAULT-SFTP
./prime create-credential --type UserApiKey --apikey-user flexion --apikey "$private_key" --persist FLEXION--ETOR-SERVICE-RECEIVER-ORDERS
./prime create-credential --type UserApiKey --apikey-user flexion --apikey "$private_key" --persist FLEXION--ETOR-SERVICE-RECEIVER-RESULTS
./prime create-credential --type UserApiKey --apikey-user ucsd --apikey "$private_key" --persist UCSD--ETOR-NBS-RESULTS
./prime create-credential --type UserApiKey --apikey-user la-phl --apikey "$private_key" --persist LA-PHL--ETOR-NBS-ORDERS
./prime create-credential --type UserApiKey --apikey-user la-ochsner --apikey "$private_key" --persist LA-OCHSNER--ETOR-NBS-RESULTS
./prime create-credential --type UserApiKey --apikey-user al-phl --apikey "$private_key" --persist AL-PHL--ETOR-NBS-ORDERS
./prime create-credential --type UserApiKey --apikey-user oracle-rln --apikey "$private_key" --persist ORACLE-RLN--ETOR-NBS-RESULTS
2 changes: 1 addition & 1 deletion shared/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ dependencies {

// azure sdk
implementation 'com.azure:azure-security-keyvault-secrets:4.8.4'
implementation 'com.azure:azure-identity:1.13.0'
implementation 'com.azure:azure-identity:1.13.1'

testImplementation 'org.apache.groovy:groovy:4.0.22'
testFixturesImplementation 'org.apache.groovy:groovy:4.0.22'
Expand Down

0 comments on commit 608a658

Please sign in to comment.