From 737b72e1204b9c5aae32440302b6bcf8795f7c3d Mon Sep 17 00:00:00 2001 From: feordin Date: Sun, 3 Nov 2024 15:49:51 -0800 Subject: [PATCH 1/7] Update load of search param status --- .../Features/Search/Registry/SearchParameterStatusManager.cs | 4 +++- .../Features/Security/DataActions.cs | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.Health.Fhir.Core/Features/Search/Registry/SearchParameterStatusManager.cs b/src/Microsoft.Health.Fhir.Core/Features/Search/Registry/SearchParameterStatusManager.cs index 44f407689f..ad4f72819e 100644 --- a/src/Microsoft.Health.Fhir.Core/Features/Search/Registry/SearchParameterStatusManager.cs +++ b/src/Microsoft.Health.Fhir.Core/Features/Search/Registry/SearchParameterStatusManager.cs @@ -81,12 +81,14 @@ internal async Task EnsureInitializedAsync(CancellationToken cancellationToken) if (p.IsSearchable != tempStatus.IsSearchable || p.IsSupported != tempStatus.IsSupported || p.IsPartiallySupported != tempStatus.IsPartiallySupported || - p.SortStatus != result.SortStatus) + p.SortStatus != result.SortStatus || + p.SearchParameterStatus != result.Status) { p.IsSearchable = tempStatus.IsSearchable; p.IsSupported = tempStatus.IsSupported; p.IsPartiallySupported = tempStatus.IsPartiallySupported; p.SortStatus = result.SortStatus; + p.SearchParameterStatus = result.Status; updated.Add(p); } diff --git a/src/Microsoft.Health.Fhir.Core/Features/Security/DataActions.cs b/src/Microsoft.Health.Fhir.Core/Features/Security/DataActions.cs index 27eb096a0f..5bbcd8ddf8 100644 --- a/src/Microsoft.Health.Fhir.Core/Features/Security/DataActions.cs +++ b/src/Microsoft.Health.Fhir.Core/Features/Security/DataActions.cs @@ -30,6 +30,6 @@ public enum DataActions : ulong Smart = 1 << 30, // Do not include Smart in the '*' case. We only want smart for a user if explicitly added to the role or user [EnumMember(Value = "*")] - All = (Import << 1) - 1, + All = (SearchParameter << 1) - 1, } } From d0b98cbda910eb157ac600f3da82a73182f9ab49 Mon Sep 17 00:00:00 2001 From: feordin Date: Tue, 5 Nov 2024 09:39:29 -0800 Subject: [PATCH 2/7] Added test for disabled status --- .../SearchParameterStatusManagerTests.cs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/Microsoft.Health.Fhir.Core.UnitTests/Features/Search/Registry/SearchParameterStatusManagerTests.cs b/src/Microsoft.Health.Fhir.Core.UnitTests/Features/Search/Registry/SearchParameterStatusManagerTests.cs index 6bdf7a6849..53688b3f01 100644 --- a/src/Microsoft.Health.Fhir.Core.UnitTests/Features/Search/Registry/SearchParameterStatusManagerTests.cs +++ b/src/Microsoft.Health.Fhir.Core.UnitTests/Features/Search/Registry/SearchParameterStatusManagerTests.cs @@ -34,6 +34,7 @@ public class SearchParameterStatusManagerTests private static readonly string ResourceProfile = "http://hl7.org/fhir/SearchParameter/Resource-profile"; private static readonly string ResourceSecurity = "http://hl7.org/fhir/SearchParameter/Resource-security"; private static readonly string ResourceQuery = "http://hl7.org/fhir/SearchParameter/Resource-query"; + private static readonly string ResourceSource = "http://hl7.org/fhir/SearchParameter/Resource-source"; private readonly SearchParameterStatusManager _manager; private readonly ISearchParameterStatusDataStore _searchParameterStatusDataStore; @@ -85,6 +86,12 @@ public SearchParameterStatusManagerTests() Uri = new Uri(ResourceSecurity), LastUpdated = Clock.UtcNow, }, + new ResourceSearchParameterStatus + { + Status = SearchParameterStatus.Disabled, + Uri = new Uri(ResourceSource), + LastUpdated = Clock.UtcNow, + }, }; _searchParameterStatusDataStore.GetSearchParameterStatuses(Arg.Any()).Returns(_resourceSearchParameterStatuses); @@ -99,6 +106,7 @@ public SearchParameterStatusManagerTests() new SearchParameterInfo("_profile", "_profile", SearchParamType.Token, new Uri(ResourceProfile), targetResourceTypes: targetResourceTypes), new SearchParameterInfo("_security", "_security", SearchParamType.Token, new Uri(ResourceSecurity), targetResourceTypes: targetResourceTypes), _queryParameter, + new SearchParameterInfo("_source", "_source", SearchParamType.Uri, new Uri(ResourceSource), targetResourceTypes: targetResourceTypes), }; _searchParameterDefinitionManager.GetSearchParameters("Account") @@ -117,6 +125,10 @@ public SearchParameterStatusManagerTests() _searchParameterSupportResolver .IsSearchParameterSupported(Arg.Is(_searchParameterInfos[4])) .Returns((true, false)); + + _searchParameterSupportResolver + .IsSearchParameterSupported(Arg.Is(_searchParameterInfos[5])) + .Returns((true, false)); } [Fact] @@ -145,6 +157,11 @@ public async Task GivenASPStatusManager_WhenInitializing_ThenSearchParameterIsUp Assert.False(list[4].IsSearchable); Assert.True(list[4].IsSupported); Assert.False(list[4].IsPartiallySupported); + + Assert.False(list[5].IsSearchable); + Assert.False(list[5].IsSupported); // Disabled Search Params show as unsupported + Assert.False(list[5].IsPartiallySupported); + Assert.Equal(SearchParameterStatus.Disabled, list[5].SearchParameterStatus); } [Fact] From b3e1d5b161e9deed4686365d42419fec518767cb Mon Sep 17 00:00:00 2001 From: "Jared Erwin (from Dev Box)" Date: Tue, 5 Nov 2024 15:33:16 -0800 Subject: [PATCH 3/7] pull buildkit from mcr --- build/jobs/docker-build-push.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/build/jobs/docker-build-push.yml b/build/jobs/docker-build-push.yml index 7802f6c0e5..6981766327 100644 --- a/build/jobs/docker-build-push.yml +++ b/build/jobs/docker-build-push.yml @@ -24,6 +24,7 @@ jobs: inlineScript: | TAG="$(azureContainerRegistry)/${{parameters.version}}_fhir-server:${{parameters.tag}}" az acr login --name $(azureContainerRegistryName) + docker pull mcr.microsoft.com/moby/buildkit:latest docker buildx create --name fhir-multi-platform --platform ${{parameters.buildPlatform}} --use --bootstrap docker buildx build --tag ${TAG,,} \ --file ./build/docker/Dockerfile \ From 4b330a902889dcd35cbcec82da011269c3b81eeb Mon Sep 17 00:00:00 2001 From: "Jared Erwin (from Dev Box)" Date: Wed, 6 Nov 2024 07:28:22 -0800 Subject: [PATCH 4/7] Change docker build/push to Docker@2 task --- build/jobs/docker-build-push.yml | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/build/jobs/docker-build-push.yml b/build/jobs/docker-build-push.yml index 6981766327..1b64281311 100644 --- a/build/jobs/docker-build-push.yml +++ b/build/jobs/docker-build-push.yml @@ -15,20 +15,17 @@ jobs: name: '$(DefaultLinuxPool)' vmImage: '$(LinuxVmImage)' steps: - - task: AzureCLI@2 - displayName: 'Build FHIR ${{parameters.version}} Server Image' - inputs: - azureSubscription: $(azureSubscriptionEndpoint) - scriptType: 'bash' - scriptLocation: 'inlineScript' - inlineScript: | - TAG="$(azureContainerRegistry)/${{parameters.version}}_fhir-server:${{parameters.tag}}" - az acr login --name $(azureContainerRegistryName) - docker pull mcr.microsoft.com/moby/buildkit:latest - docker buildx create --name fhir-multi-platform --platform ${{parameters.buildPlatform}} --use --bootstrap - docker buildx build --tag ${TAG,,} \ - --file ./build/docker/Dockerfile \ - --platform ${{parameters.buildPlatform}} \ - --build-arg FHIR_VERSION=${{parameters.version}} \ - --build-arg ASSEMBLY_VER=$(assemblySemFileVer) \ - --push . + - task: Docker@2 + displayName: 'Build FHIR ${{parameters.version}} Server Image' + inputs: + containerRegistry: $(azureContainerRegistryName) + repository: '${{parameters.version}}_fhir-server' + command: 'buildAndPush' + Dockerfile: './build/docker/Dockerfile' + tags: | + ${{parameters.tag}} + buildContext: . + arguments: | + --platform ${{parameters.buildPlatform}} \ + --build-arg FHIR_VERSION=${{parameters.version}} \ + --build-arg ASSEMBLY_VER=$(assemblySemFileVer) From 867f21d1d987446dcfafdcbe0edf05d5efab848c Mon Sep 17 00:00:00 2001 From: "Jared Erwin (from Dev Box)" Date: Wed, 6 Nov 2024 09:21:58 -0800 Subject: [PATCH 5/7] Use google docker mirror --- build/jobs/docker-build-push.yml | 33 ++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/build/jobs/docker-build-push.yml b/build/jobs/docker-build-push.yml index 1b64281311..b4d532741b 100644 --- a/build/jobs/docker-build-push.yml +++ b/build/jobs/docker-build-push.yml @@ -15,17 +15,22 @@ jobs: name: '$(DefaultLinuxPool)' vmImage: '$(LinuxVmImage)' steps: - - task: Docker@2 - displayName: 'Build FHIR ${{parameters.version}} Server Image' - inputs: - containerRegistry: $(azureContainerRegistryName) - repository: '${{parameters.version}}_fhir-server' - command: 'buildAndPush' - Dockerfile: './build/docker/Dockerfile' - tags: | - ${{parameters.tag}} - buildContext: . - arguments: | - --platform ${{parameters.buildPlatform}} \ - --build-arg FHIR_VERSION=${{parameters.version}} \ - --build-arg ASSEMBLY_VER=$(assemblySemFileVer) + - task: - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - task: AzureCLI@2 + displayName: 'Build FHIR ${{parameters.version}} Server Image' + inputs: + azureSubscription: $(azureSubscriptionEndpoint) + scriptType: 'bash' + scriptLocation: 'inlineScript' + inlineScript: | + docker pull mirror.gcr.io/moby/buildkit:buildx-stable-1 + TAG="$(azureContainerRegistry)/${{parameters.version}}_fhir-server:${{parameters.tag}}" + az acr login --name $(azureContainerRegistryName) + docker buildx create --name fhir-multi-platform --platform ${{parameters.buildPlatform}} --use --bootstrap + docker buildx build --tag ${TAG,,} \ + --file ./build/docker/Dockerfile \ + --platform ${{parameters.buildPlatform}} \ + --build-arg FHIR_VERSION=${{parameters.version}} \ + --build-arg ASSEMBLY_VER=$(assemblySemFileVer) \ + --push . From c20e01b85e3b90a726afef1f4c7104baa77d70df Mon Sep 17 00:00:00 2001 From: "Jared Erwin (from Dev Box)" Date: Wed, 6 Nov 2024 09:22:38 -0800 Subject: [PATCH 6/7] Remove docker task --- build/jobs/docker-build-push.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/build/jobs/docker-build-push.yml b/build/jobs/docker-build-push.yml index b4d532741b..708da87e2d 100644 --- a/build/jobs/docker-build-push.yml +++ b/build/jobs/docker-build-push.yml @@ -15,8 +15,6 @@ jobs: name: '$(DefaultLinuxPool)' vmImage: '$(LinuxVmImage)' steps: - - task: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - task: AzureCLI@2 displayName: 'Build FHIR ${{parameters.version}} Server Image' inputs: From 7baac00700af0e28b61471b97f73c06f0f2b1c7e Mon Sep 17 00:00:00 2001 From: "Jared Erwin (from Dev Box)" Date: Wed, 6 Nov 2024 11:12:01 -0800 Subject: [PATCH 7/7] Remove Trivy analysis --- build/jobs/analyze.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/build/jobs/analyze.yml b/build/jobs/analyze.yml index 5ad0110a60..2ccbb08ccd 100644 --- a/build/jobs/analyze.yml +++ b/build/jobs/analyze.yml @@ -89,12 +89,14 @@ steps: Path: '$(Build.SourcesDirectory)' ToolVersion: Latest -- task: Trivy@1 - displayName: 'Run Trivy' - inputs: - Target: '$(Build.SourcesDirectory)/build/docker' - Severities: all - VulTypes: all +## Currently removed due to too many requests issue: https://github.com/aquasecurity/trivy-action/issues/430 +## User story to address restoring this: 132160 +#- task: Trivy@1 +# displayName: 'Run Trivy' +# inputs: +# Target: '$(Build.SourcesDirectory)/build/docker' +# Severities: all +# VulTypes: all - task: PSScriptAnalyzer@1 displayName: 'Run PSScriptAnalyzer'