Merge pull request #362 from medizininformatik-initiative/release/v6.…

…0.0-alpha.2 Release/v6.0.0 alpha.2
medizininformatik-initiative · Sep 4, 2024 · 601104a · 601104a
2 parents cf5b856 + 0c8b520
commit 601104a
Show file tree

Hide file tree

Showing 40 changed files with 1,042 additions and 1,811 deletions.
diff --git a/.github/integration-test/docker-compose.yml b/.github/integration-test/docker-compose.yml
@@ -1,12 +1,12 @@
 version: '3.7'
 services:
-  feasibility-gui-backend:
-    container_name: feasibility-gui-backend
+  dataportal-backend:
+    container_name: dataportal-backend
     image: backend:latest
     ports:
       - "8091:8090"
     depends_on:
-      - feasibility-gui-backend-db
+      - dataportal-postgres
     environment:
       QUERYRESULT_PUBLIC_KEY: "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA1lWOfXzE/mUEPitNLxsDMtjERJGVhS8gP1WmuHPvjPxUOQyod4EbJcbJlkBqLqpaIs8Buy3gcbJvIPERdG1N1BSZ8NOKOtRubioKf30JwnLdZAae3vJAzRC3h42OPM3fohZCXMxbrju+KM0ZUIrLEXKEDMHQWfevCQCxeixvXVYpfXlkJIBGaWz4cDgEOiiwhU87AMzGZwjAIHvr4oTF/uHg6+C3Mdx0m8WLtygTiEixJegMb/txR+4gNVYrzpm5BwDUU7Qxy3nTUDYZLlTGeP9MBFWW+W87IHzgP+OFr3ZKMEkAPU0R1lqXFZCYcgZHGA5He2W701isnqkKIQT8ePOH43ZOXo3S34Pqw5oQ4Q2kPubp1wgZWw0VtEiZDtlwqUJ+r3CigU7NAFM5JnC/skiIBKetbWoNm1JPEfGOTrgjHD2uo82jSO8tV45LNH1EaR2+5UWSFZyDvTayLZsxsVlRFXJKgQJDI344R6lhGbLXbhqCuPzeQaHr1XGCKAtdAgMBAAE="
       # ----- app
@@ -18,18 +18,19 @@ services:
       QUERYRESULT_EXPIRY_MINUTES: 5
       ELASTIC_SEARCH_ENABLED: "false"
       # ---- db config
-      FEASIBILITY_DATABASE_HOST: "feasibility-gui-backend-db"
-      FEASIBILITY_DATABASE_PORT: 5432
-      FEASIBILITY_DATABASE_USER: "guidbuser"
-      FEASIBILITY_DATABASE_PASSWORD: "guidbpw"
+      DATABASE_HOST: "dataportal-postgres"
+      DATABASE_PORT: 5432
+      DATABASE_USER: "dataportaluser"
+      DATABASE_PASSWORD: "dataportalpw"
+      DATABASE_DBNAME: "dataportal"
       # ---- auth
       KEYCLOAK_ENABLED: "true"
-      KEYCLOAK_ALLOWED_ROLE: "FeasibilityUser"
-      KEYCLOAK_POWER_ROLE: "FeasibilityPowerUser"
-      KEYCLOAK_ADMIN_ROLE: "FeasibilityAdmin"
+      KEYCLOAK_ALLOWED_ROLE: "DataportalUser"
+      KEYCLOAK_POWER_ROLE: "DataportalPowerUser"
+      KEYCLOAK_ADMIN_ROLE: "DataportalAdmin"
       KEYCLOAK_BASE_URL_ISSUER: "http://auth:8080/auth"
       KEYCLOAK_BASE_URL_JWK: "http://auth:8080/auth"
-      KEYCLOAK_REALM: "feasibility"
+      KEYCLOAK_REALM: "dataportal"
       #---- Direct broker
       BROKER_CLIENT_DIRECT_ENABLED: "true"
       BROKER_CLIENT_DIRECT_USE_CQL: "false"
@@ -42,8 +43,8 @@ services:
       AKTIN_BROKER_API_KEY: "xxxApiKeyAdmin123"
       # ---- DSF  broker
       BROKER_CLIENT_DSF_ENABLED: "false"
-      DSF_SECURITY_CACERT: "/opt/codex-feasibility-security/ca.pem"
-      DSF_SECURITY_KEYSTORE_P12FILE: "/opt/codex-feasibility-security/test-user.p12"
+      DSF_SECURITY_CACERT: "/opt/dataportal-security/ca.pem"
+      DSF_SECURITY_KEYSTORE_P12FILE: "/opt/dataportal-security/test-user.p12"
       DSF_SECURITY_KEYSTORE_PASSWORD: "password"
       DSF_WEBSERVICE_BASE_URL: "https://dsf-zars-fhir-proxy/fhir"
       DSF_WEBSOCKET_URL: "wss://dsf-zars-fhir-proxy:443/fhir/ws"
@@ -64,25 +65,25 @@ services:
       LOG_LEVEL: "warn"
     restart: unless-stopped
     volumes:
-      - ./ontology/ui_profiles:/opt/codex-feasibility-backend/ontology/ui_profiles
-      - ./ontology/codex-code-tree.json:/opt/codex-feasibility-backend/ontology/codex-code-tree.json
-      - ./ontology/codex-term-code-mapping.json:/opt/codex-feasibility-backend/ontology/codex-term-code-mapping.json
-      - ./ontology/terminology_systems.json:/opt/codex-feasibility-backend/ontology/terminology_systems.json
-      - ./ontology/dse/profile_tree.json:/opt/codex-feasibility-backend/ontology/dse/profile_tree.json
-      - ./ontology/migration/R__Load_latest_ui_profile.sql:/opt/codex-feasibility-backend/ontology/migration/R__Load_latest_ui_profile.sql
-      - ./secrets:/opt/codex-feasibility-security
-  feasibility-gui-backend-db:
-    image: 'postgres:15-alpine'
-    container_name: feasibility-gui-backend-db
+      - ./ontology/ui_profiles:/opt/dataportal-backend/ontology/ui_profiles
+      - ./ontology/codex-code-tree.json:/opt/dataportal-backend/ontology/codex-code-tree.json
+      - ./ontology/codex-term-code-mapping.json:/opt/dataportal-backend/ontology/codex-term-code-mapping.json
+      - ./ontology/terminology_systems.json:/opt/dataportal-backend/ontology/terminology_systems.json
+      - ./ontology/dse/profile_tree.json:/opt/dataportal-backend/ontology/dse/profile_tree.json
+      - ./ontology/migration/R__Load_latest_ui_profile.sql:/opt/dataportal-backend/ontology/migration/R__Load_latest_ui_profile.sql
+      - ./secrets:/opt/dataportal-security
+  dataportal-postgres:
+    image: 'postgres:16-alpine'
+    container_name: dataportal-postgres
     ports:
       - "5432:5432"
     environment:
-      POSTGRES_USER: "guidbuser"
-      POSTGRES_PASSWORD: "guidbpw"
-      POSTGRES_DB: "codex_ui"
+      POSTGRES_USER: "dataportaluser"
+      POSTGRES_PASSWORD: "dataportalpw"
+      POSTGRES_DB: "dataportal"
 
   blaze:
-    image: "samply/blaze:0.27"
+    image: "samply/blaze:0.29"
     environment:
       BASE_URL: "http://blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx1g"
@@ -103,14 +104,14 @@ services:
     restart: unless-stopped
 
   auth-db:
-    image: postgres:15-alpine
+    image: postgres:16-alpine
     restart: unless-stopped
     environment:
       POSTGRES_DB: "keycloakdb"
       POSTGRES_USER: "keycloakdbuser"
       POSTGRES_PASSWORD: "keycloakdbpw"
     volumes:
-      - "feasibility-auth-db:/var/lib/postgresql/data"
+      - "dataportal-auth-db:/var/lib/postgresql/data"
 
   auth:
     image: keycloak/keycloak:21.1
@@ -131,10 +132,10 @@ services:
     ports:
       - "8083:8080"
     volumes:
-      - ./keycloak-init/feasibility-realm.json:/opt/keycloak/data/import/realm.json:ro
+      - ./keycloak-init/dataportal-realm.json:/opt/keycloak/data/import/realm.json:ro
     depends_on:
       - auth-db
 
 volumes:
-  feasibility-auth-db:
+  dataportal-auth-db:
   blaze-data:
diff --git a/...test/keycloak-init/feasibility-realm.json → ...-test/keycloak-init/dataportal-realm.json b/...test/keycloak-init/feasibility-realm.json → ...-test/keycloak-init/dataportal-realm.json
@@ -1,6 +1,6 @@
 {
   "id": "2268ed68-686a-4c9e-8637-6c366a60d459",
-  "realm": "feasibility",
+  "realm": "dataportal",
   "notBefore": 0,
   "defaultSignatureAlgorithm": "RS256",
   "revokeRefreshToken": false,
@@ -47,8 +47,8 @@
     "realm": [
       {
         "id": "51cb7b69-d269-4872-b832-2d326e2e8658",
-        "name": "FeasibilityUser",
-        "description": "Standard feasibility user, which is allowed to send feasibility queries but has no admin rights",
+        "name": "DataportalUser",
+        "description": "Standard dataportal user, which is allowed to send dataportal queries but has no admin rights",
         "composite": false,
         "clientRole": false,
         "containerId": "2268ed68-686a-4c9e-8637-6c366a60d459",
@@ -65,7 +65,7 @@
       },
       {
         "id": "79573cca-5524-4642-a46f-ce7b988690ae",
-        "name": "FeasibilityPowerUser",
+        "name": "DataportalPowerUser",
         "description": "Users in this role are not subject to the hard limit for creating queries.",
         "composite": false,
         "clientRole": false,
@@ -83,7 +83,7 @@
       },
       {
         "id": "e3102b96-039a-4b74-8b7b-1ee58bac24c4",
-        "name": "default-roles-feasibility",
+        "name": "default-roles-dataportal",
         "description": "${role_default-roles}",
         "composite": true,
         "composites": {
@@ -104,7 +104,7 @@
       },
       {
         "id": "c9d91f7e-30f0-4fab-9c06-75edad9a7fb9",
-        "name": "FeasibilityAdmin",
+        "name": "DataportalAdmin",
         "description": "Admin user who may access endpoints a normal user must not access. Users in this role are not subject to any rate limiting",
         "composite": false,
         "clientRole": false,
@@ -113,7 +113,7 @@
       }
     ],
     "client": {
-      "feasibility-webapp": [],
+      "dataportal-webapp": [],
       "realm-management": [
         {
           "id": "9331cbb4-1e36-4777-9df2-e9f55541f23c",
@@ -433,7 +433,7 @@
   "groups": [],
   "defaultRole": {
     "id": "e3102b96-039a-4b74-8b7b-1ee58bac24c4",
-    "name": "default-roles-feasibility",
+    "name": "default-roles-dataportal",
     "description": "${role_default-roles}",
     "composite": true,
     "clientRole": false,
@@ -504,13 +504,13 @@
       "clientId": "account",
       "name": "${client_account}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/feasibility/account/",
+      "baseUrl": "/realms/dataportal/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "/realms/feasibility/account/*"
+        "/realms/dataportal/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -548,13 +548,13 @@
       "clientId": "account-console",
       "name": "${client_account-console}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/feasibility/account/",
+      "baseUrl": "/realms/dataportal/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "/realms/feasibility/account/*"
+        "/realms/dataportal/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -680,8 +680,8 @@
     },
     {
       "id": "2bb006d9-c6d1-4694-91bb-d20c72f97ab4",
-      "clientId": "feasibility-webapp",
-      "name": "feasibility-webapp",
+      "clientId": "dataportal-webapp",
+      "name": "dataportal-webapp",
       "description": "",
       "rootUrl": "http://localhost:8091",
       "adminUrl": "http://localhost:8091",
@@ -776,13 +776,13 @@
       "clientId": "security-admin-console",
       "name": "${client_security-admin-console}",
       "rootUrl": "${authAdminUrl}",
-      "baseUrl": "/admin/feasibility/console/",
+      "baseUrl": "/admin/dataportal/console/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "/admin/feasibility/console/*"
+        "/admin/dataportal/console/*"
       ],
       "webOrigins": [
         "+"

diff --git a/.github/integration-test/ontology/codex-code-tree.json b/.github/integration-test/ontology/codex-code-tree.json
diff --git a/.github/integration-test/ontology/codex-term-code-mapping.json b/.github/integration-test/ontology/codex-term-code-mapping.json
diff --git a/.github/scripts/check-if-running-as-dataportal-user.sh b/.github/scripts/check-if-running-as-dataportal-user.sh
@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+if docker exec -u0 dataportal-backend pgrep -u dataportal java > /dev/null
+then
+    echo "Java process is running as dataportal"
+    exit 0
+else
+    echo "Java process is not running as dataportal"
+    exit 1
+fi
diff --git a/.github/scripts/check-if-running-as-feasibility-user.sh b/.github/scripts/check-if-running-as-feasibility-user.sh
diff --git a/.github/scripts/create-keycloak-user.sh b/.github/scripts/create-keycloak-user.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
 docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user keycloakadmin --password keycloak
-docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh create users -s username=testuser -s email=test@example.com -s enabled=true -s emailVerified=true -r feasibility
-docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh add-roles --uusername testuser --rolename FeasibilityUser -r feasibility
-docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh set-password -r feasibility --username testuser --new-password testpassword
+docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh create users -s username=testuser -s email=test@example.com -s enabled=true -s emailVerified=true -r dataportal
+docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh add-roles --uusername testuser --rolename DataportalUser -r dataportal
+docker exec -u0 integration-test-auth-1 /opt/keycloak/bin/kcadm.sh set-password -r dataportal --username testuser --new-password testpassword
diff --git a/.github/scripts/download-and-unpack-ontology.sh b/.github/scripts/download-and-unpack-ontology.sh
@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
 mkdir --parents .github/integration-test/ontology/ui_profiles .github/integration-test/ontology/migration
-curl -L https://github.com/medizininformatik-initiative/fhir-ontology-generator/raw/v2.0.1-RC/example/mii_core_data_set/ontology/backend.zip -o .github/integration-test/ontology/backend.zip
+curl -L https://github.com/medizininformatik-initiative/fhir-ontology-generator/raw/v3.0.0-test.1/example/fdpg-ontology/backend.zip -o .github/integration-test/ontology/backend.zip
 unzip -jod .github/integration-test/ontology/ui_profiles/ .github/integration-test/ontology/backend.zip
 mv .github/integration-test/ontology/ui_profiles/R__Load_latest_ui_profile.sql .github/integration-test/ontology/migration/
 rm .github/integration-test/ontology/backend.zip
diff --git a/.github/scripts/post-test-query.sh b/.github/scripts/post-test-query.sh
@@ -1,16 +1,16 @@
 #!/bin/bash -e
 
 access_token="$(curl -s --request POST \
-  --url http://localhost:8083/auth/realms/feasibility/protocol/openid-connect/token \
+  --url http://localhost:8083/auth/realms/dataportal/protocol/openid-connect/token \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data grant_type=password \
-  --data client_id=feasibility-webapp \
+  --data client_id=dataportal-webapp \
   --data username=testuser \
   --data password=testpassword \
   --data scope=openid | jq '.access_token' | tr -d '"')"
 
 response=$(curl -s -i \
-  --url http://localhost:8091/api/v3/query \
+  --url http://localhost:8091/api/v4/query \
   --header "Authorization: Bearer $access_token" \
   --header 'Content-Type: application/json' \
   --data '{