From 1a528978b87bc8c78420fac4281cc1e01d7a3b21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kan=20MacLean?= Date: Tue, 22 Feb 2022 09:36:41 +0100 Subject: [PATCH 01/18] Added instructions about removing Hibernate dialect To fix the problem raised in [this](https://github.com/hapifhir/hapi-fhir-jpaserver-starter/issues/318) issue. --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index a377bf1..2f2b01f 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,13 @@ spring: password: admin driverClassName: com.mysql.jdbc.Driver ``` + +Also, make sure you are not setting the Hibernate dialect explicitly, in other words remove any lines similar to: + +``` +hibernate.dialect: {some none MySQL dialect} +``` + On some systems, it might be necessary to override hibernate's default naming strategy. The naming strategy must be set using spring.jpa.hibernate.physical_naming_strategy. ```yaml @@ -279,6 +286,8 @@ spring: driverClassName: com.mysql.jdbc.Driver ``` +Also, make sure you are not setting the Hibernate Dialect explicitly, see more details in the section about MySQL. + ## Running hapi-fhir-jpaserver directly from IntelliJ as Spring Boot Make sure you run with the maven profile called ```boot``` and NOT also ```jetty```. Then you are ready to press debug the project directly without any extra Application Servers. From 24a20a7e973aef9674204bbce202cac860d9a472 Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Wed, 2 Mar 2022 16:39:13 +0100 Subject: [PATCH 02/18] Feature/update docker support (#319) * Updated docker image according to discussion on https://github.com/hapifhir/hapi-fhir-jpaserver-starter/pull/305 * Added doc * Added corrections according to comments * Update Dockerfile * Update build-images.yaml Updated to default to distroless --- .github/workflows/build-images.yaml | 24 ++++++++--------- Dockerfile | 40 ++++++++++++++++++----------- 2 files changed, 37 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml index dae0205..2a413b5 100644 --- a/.github/workflows/build-images.yaml +++ b/.github/workflows/build-images.yaml @@ -19,25 +19,24 @@ jobs: name: Build runs-on: ubuntu-20.04 steps: - - name: Docker meta + - name: Container meta for default (distroless) image id: docker_meta uses: docker/metadata-action@v3 with: images: ${{ env.IMAGES }} tags: | type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}} - type=sha + - - name: Docker distroless meta - id: docker_distroless_meta + - name: Container meta for tomcat image + id: docker_tomcat_meta uses: docker/metadata-action@v3 with: images: ${{ env.IMAGES }} tags: | type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}} - type=sha flavor: | - suffix=-distroless,onlatest=true + suffix=-tomcat,onlatest=true - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -60,7 +59,7 @@ jobs: restore-keys: | ${{ runner.os }}-buildx- - - name: Build and push + - name: Build and push default (distroless) image id: docker_build uses: docker/build-push-action@v2 with: @@ -70,15 +69,16 @@ jobs: tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} platforms: ${{ env.PLATFORMS }} + target: default - - name: Build and push distroless - id: docker_build_distroless + - name: Build and push tomcat image + id: docker_build_tomcat uses: docker/build-push-action@v2 with: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.docker_distroless_meta.outputs.tags }} - labels: ${{ steps.docker_distroless_meta.outputs.labels }} + tags: ${{ steps.docker_tomcat_meta.outputs.tags }} + labels: ${{ steps.docker_tomcat_meta.outputs.labels }} platforms: ${{ env.PLATFORMS }} - target: release-distroless + target: tomcat diff --git a/Dockerfile b/Dockerfile index 5d3772e..3a8ea7a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM maven:3.8.2-jdk-11-slim as build-hapi +FROM maven:3.8-openjdk-17-slim as build-hapi WORKDIR /tmp/hapi-fhir-jpaserver-starter COPY pom.xml . @@ -6,14 +6,34 @@ COPY server.xml . RUN mvn -ntp dependency:go-offline COPY src/ /tmp/hapi-fhir-jpaserver-starter/src/ -RUN mvn clean install -DskipTests +RUN mvn clean install -DskipTests -Djdk.lang.Process.launchMechanism=vfork FROM build-hapi AS build-distroless RUN mvn package spring-boot:repackage -Pboot -RUN mkdir /app && \ - cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war +RUN mkdir /app && cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war -FROM gcr.io/distroless/java-debian11:11 AS release-distroless + +########### bitnami tomcat version is suitable for debugging and comes with a shell +########### it can be built using eg. `docker build --target tomcat .` +FROM bitnami/tomcat:9.0 as tomcat + +RUN rm -rf /opt/bitnami/tomcat/webapps/ROOT && \ + rm -rf /opt/bitnami/tomcat/webapps_default/ROOT && \ + mkdir -p /opt/bitnami/hapi/data/hapi/lucenefiles && \ + chmod 775 /opt/bitnami/hapi/data/hapi/lucenefiles + +USER root +RUN mkdir -p /target && chown -R 1001:1001 target +USER 1001 + +COPY --chown=1001:1001 catalina.properties /opt/bitnami/tomcat/conf/catalina.properties +COPY --chown=1001:1001 server.xml /opt/bitnami/tomcat/conf/server.xml +COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /opt/bitnami/tomcat/webapps_default/ROOT.war + +ENV ALLOW_EMPTY_PASSWORD=yes + +########### distroless brings focus on security and runs on plain spring boot - this is the default image +FROM gcr.io/distroless/java17:nonroot as default COPY --chown=nonroot:nonroot --from=build-distroless /app /app # 65532 is the nonroot user's uid # used here instead of the name to allow Kubernetes to easily detect that the container @@ -21,13 +41,3 @@ COPY --chown=nonroot:nonroot --from=build-distroless /app /app USER 65532:65532 WORKDIR /app CMD ["/app/main.war"] - -FROM tomcat:9.0.53-jdk11-openjdk-slim-bullseye - -RUN mkdir -p /data/hapi/lucenefiles && chmod 775 /data/hapi/lucenefiles -COPY --from=build-hapi /tmp/hapi-fhir-jpaserver-starter/target/*.war /usr/local/tomcat/webapps/ - -COPY catalina.properties /usr/local/tomcat/conf/catalina.properties -COPY server.xml /usr/local/tomcat/conf/server.xml - -CMD ["catalina.sh", "run"] From 7db15103fe4790817588e74a099126e8008b620f Mon Sep 17 00:00:00 2001 From: "Joel Schneider (NMDP)" Date: Fri, 4 Mar 2022 04:38:16 -0600 Subject: [PATCH 03/18] add dao_scheduling_enabled configuration property (#324) --- src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java | 9 +++++++++ .../ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java | 2 ++ 2 files changed, 11 insertions(+) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java b/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java index 1118df7..2ef74cf 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java @@ -28,6 +28,7 @@ public class AppProperties { private Boolean allow_multiple_delete = false; private Boolean allow_override_default_search_params = true; private Boolean auto_create_placeholder_reference_targets = false; + private Boolean dao_scheduling_enabled = true; private Boolean delete_expunge_enabled = false; private Boolean enable_index_missing_fields = false; private Boolean enable_index_contained_resource = false; @@ -286,6 +287,14 @@ public class AppProperties { this.default_page_size = default_page_size; } + public Boolean getDao_scheduling_enabled() { + return dao_scheduling_enabled; + } + + public void setDao_scheduling_enabled(Boolean dao_scheduling_enabled) { + this.dao_scheduling_enabled = dao_scheduling_enabled; + } + public Boolean getDelete_expunge_enabled() { return delete_expunge_enabled; } diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java b/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java index fb99b7f..d9617c7 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java @@ -39,6 +39,7 @@ public class FhirServerConfigCommon { ourLog.info("Server configured to " + (appProperties.getAllow_contains_searches() ? "allow" : "deny") + " contains searches"); ourLog.info("Server configured to " + (appProperties.getAllow_multiple_delete() ? "allow" : "deny") + " multiple deletes"); ourLog.info("Server configured to " + (appProperties.getAllow_external_references() ? "allow" : "deny") + " external references"); + ourLog.info("Server configured to " + (appProperties.getDao_scheduling_enabled() ? "enable" : "disable") + " DAO scheduling"); ourLog.info("Server configured to " + (appProperties.getDelete_expunge_enabled() ? "enable" : "disable") + " delete expunges"); ourLog.info("Server configured to " + (appProperties.getExpunge_enabled() ? "enable" : "disable") + " expunges"); ourLog.info("Server configured to " + (appProperties.getAllow_override_default_search_params() ? "allow" : "deny") + " overriding default search params"); @@ -85,6 +86,7 @@ public class FhirServerConfigCommon { retVal.setAllowContainsSearches(appProperties.getAllow_contains_searches()); retVal.setAllowMultipleDelete(appProperties.getAllow_multiple_delete()); retVal.setAllowExternalReferences(appProperties.getAllow_external_references()); + retVal.setSchedulingDisabled(!appProperties.getDao_scheduling_enabled()); retVal.setDeleteExpungeEnabled(appProperties.getDelete_expunge_enabled()); retVal.setExpungeEnabled(appProperties.getExpunge_enabled()); if(appProperties.getSubscription() != null && appProperties.getSubscription().getEmail() != null) From 40d7b9ce27355fedb3fb70fcd79a09d7bd8290bb Mon Sep 17 00:00:00 2001 From: Patrick Werner Date: Mon, 7 Mar 2022 13:20:06 +0100 Subject: [PATCH 04/18] added reindexProvider to Config (#326) --- .../java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java b/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java index a41e399..3d94924 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java @@ -42,6 +42,7 @@ import ca.uhn.fhir.rest.server.interceptor.RequestValidatingInterceptor; import ca.uhn.fhir.rest.server.interceptor.ResponseHighlighterInterceptor; import ca.uhn.fhir.rest.server.interceptor.ResponseValidatingInterceptor; import ca.uhn.fhir.rest.server.interceptor.partition.RequestTenantPartitionInterceptor; +import ca.uhn.fhir.rest.server.provider.ReindexProvider; import ca.uhn.fhir.rest.server.provider.ResourceProviderFactory; import ca.uhn.fhir.rest.server.tenant.UrlBaseTenantIdentificationStrategy; import ca.uhn.fhir.rest.server.util.ISearchParamRegistry; @@ -95,6 +96,8 @@ public class BaseJpaRestfulServer extends RestfulServer { @Autowired ValueSetOperationProvider valueSetOperationProvider; @Autowired + ReindexProvider reindexProvider; + @Autowired BinaryStorageInterceptor binaryStorageInterceptor; @Autowired IPackageInstallerSvc packageInstallerSvc; @@ -373,6 +376,9 @@ public class BaseJpaRestfulServer extends RestfulServer { // valueSet Operations i.e $expand registerProvider(valueSetOperationProvider); + //reindex Provider $reindex + registerProvider(reindexProvider); + // Partitioning if (appProperties.getPartitioning() != null) { registerInterceptor(new RequestTenantPartitionInterceptor()); From 0483db9195057326a574b29af654f8da0b1cfee1 Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Tue, 8 Mar 2022 10:42:52 +0100 Subject: [PATCH 05/18] Update application.yaml --- src/main/resources/application.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 7ea0ccc..3b7e97b 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -1,6 +1,7 @@ spring: main: allow-circular-references: true + allow-bean-definition-overriding: true flyway: enabled: false check-location: false From 929a3535fa93d33b24cef06ed4158ae2fcb9f6a2 Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Tue, 8 Mar 2022 10:44:13 +0100 Subject: [PATCH 06/18] Update application.yaml Roll back - mistake from my side --- src/main/resources/application.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 3b7e97b..3131c7e 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -1,7 +1,7 @@ spring: main: allow-circular-references: true - allow-bean-definition-overriding: true + #allow-bean-definition-overriding: true flyway: enabled: false check-location: false From aeef4b176c0a48065c6190f6b56d27a45a62db33 Mon Sep 17 00:00:00 2001 From: jkv Date: Sun, 20 Mar 2022 21:22:36 +0100 Subject: [PATCH 07/18] Add actuator --- pom.xml | 19 +++++++++++++++++++ src/main/resources/application.yaml | 7 +++++++ 2 files changed, 26 insertions(+) diff --git a/pom.xml b/pom.xml index 69aef16..3c511ef 100644 --- a/pom.xml +++ b/pom.xml @@ -85,6 +85,12 @@ ca.uhn.hapi.fhir hapi-fhir-jpaserver-subscription ${project.version} + + + com.zaxxer + HikariCP-java7 + + @@ -301,6 +307,19 @@ ${spring_boot_version} + + org.springframework.boot + spring-boot-starter-actuator + ${spring_boot_version} + + + + com.zaxxer + HikariCP + 5.0.1 + + + org.junit.jupiter junit-jupiter-api diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 3131c7e..11da8d1 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -1,3 +1,10 @@ +#Adds the option to go to eg. http://localhost:8080/actuator/env for seeing the running configuration +management: + endpoints: + web: + exposure: + include: "*" + exclude: "beans" spring: main: allow-circular-references: true From da319e8761ed2ef017ed5e9dcbde489a99489123 Mon Sep 17 00:00:00 2001 From: craig mcclendon Date: Wed, 23 Mar 2022 14:12:48 -0500 Subject: [PATCH 08/18] disable springboot actuator endpoints other than 'health' for security reasons (#338) Co-authored-by: Craig McClendon --- src/main/resources/application.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 11da8d1..b03dd76 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -1,10 +1,10 @@ -#Adds the option to go to eg. http://localhost:8080/actuator/env for seeing the running configuration +#Adds the option to go to eg. http://localhost:8080/actuator/health for seeing the running configuration +#see https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints management: endpoints: web: exposure: - include: "*" - exclude: "beans" + include: "health" spring: main: allow-circular-references: true From 6b3f57cf12a1f264a9ef9ce9bcd885de0a67d269 Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Thu, 7 Apr 2022 22:32:38 +0200 Subject: [PATCH 09/18] Update application.yaml (#345) --- src/main/resources/application.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 3131c7e..df61672 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -100,7 +100,6 @@ hapi: # mdm_enabled: true # local_base_urls: # - https://hapi.fhir.org/baseR4 - mdm_enabled: true # partitioning: # allow_references_across_partitions: false # partitioning_include_in_search_hashes: false From cdda71b25320afa83538c2c6d88e097bedbfaa70 Mon Sep 17 00:00:00 2001 From: craig mcclendon Date: Sat, 9 Apr 2022 12:19:44 -0500 Subject: [PATCH 10/18] add support for ms sql server (#347) --- README.md | 20 ++++++++++++++++++++ pom.xml | 4 ++++ 2 files changed, 24 insertions(+) diff --git a/README.md b/README.md index a377bf1..bb67d6a 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,26 @@ spring: Because the integration tests within the project rely on the default H2 database configuration, it is important to either explicity skip the integration tests during the build process, i.e., `mvn install -DskipTests`, or delete the tests altogether. Failure to skip or delete the tests once you've configured PostgreSQL for the datasource.driver, datasource.url, and hibernate.dialect as outlined above will result in build errors and compilation failure. +### Microsoft SQL Server configuration + +To configure the starter app to use MS SQL Server, instead of the default H2, update the application.yaml file to have the following: + +```yaml +spring: + datasource: + url: 'jdbc:sqlserver://:;databaseName=' + username: admin + password: admin + driverClassName: com.microsoft.sqlserver.jdbc.SQLServerDriver +``` + + +Because the integration tests within the project rely on the default H2 database configuration, it is important to either explicity skip the integration tests during the build process, i.e., `mvn install -DskipTests`, or delete the tests altogether. Failure to skip or delete the tests once you've configured PostgreSQL for the datasource.driver, datasource.url, and hibernate.dialect as outlined above will result in build errors and compilation failure. + + +NOTE: MS SQL Server by default uses a case-insensitive codepage. This will cause errors with some operations - such as when expanding case-sensitive valuesets (UCUM) as there are unique indexes defined on the terminology tables for codes. +It is recommended to deploy a case-sensitive database prior to running HAPI FHIR when using MS SQL Server to avoid these and potentially other issues. + ## Customizing The Web Testpage UI The UI that comes with this server is an exact clone of the server available at [http://hapi.fhir.org](http://hapi.fhir.org). You may skin this UI if you'd like. For example, you might change the introductory text or replace the logo with your own. diff --git a/pom.xml b/pom.xml index 69aef16..591664c 100644 --- a/pom.xml +++ b/pom.xml @@ -61,6 +61,10 @@ org.postgresql postgresql + + com.microsoft.sqlserver + mssql-jdbc + From bb21ccfe90e5e40b86587bcf9b04cda08114b878 Mon Sep 17 00:00:00 2001 From: dotasek Date: Mon, 11 Apr 2022 11:47:09 -0400 Subject: [PATCH 11/18] Fix comments in Demo that lead to 404 (#348) Co-authored-by: dotasek --- src/test/java/ca/uhn/fhir/jpa/starter/Demo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/ca/uhn/fhir/jpa/starter/Demo.java b/src/test/java/ca/uhn/fhir/jpa/starter/Demo.java index 5dadf14..d460943 100644 --- a/src/test/java/ca/uhn/fhir/jpa/starter/Demo.java +++ b/src/test/java/ca/uhn/fhir/jpa/starter/Demo.java @@ -15,6 +15,6 @@ public class Demo { System.setProperty("spring.batch.job.enabled", "false"); SpringApplication.run(Demo.class, args); - //Server is now accessible at eg. http://localhost:8080/metadata + //Server is now accessible at eg. http://localhost:8080/fhir/metadata } } From 4bed69fedfd1f3021c1ecdae388dfee9067073e2 Mon Sep 17 00:00:00 2001 From: chgl Date: Mon, 11 Apr 2022 17:56:32 +0200 Subject: [PATCH 12/18] updated helm chart to use v5.7.0 and latest PostgreSQL sub-chart (#346) --- charts/hapi-fhir-jpaserver/Chart.lock | 6 +-- charts/hapi-fhir-jpaserver/Chart.yaml | 17 ++++---- charts/hapi-fhir-jpaserver/README.md | 13 +++---- .../ci/enabled-ingress-values.yaml | 6 +++ .../templates/_helpers.tpl | 24 +++--------- .../templates/deployment.yaml | 8 ++-- .../templates/externaldb-secret.yaml | 4 +- ...st-connection.yaml => test-endpoints.yaml} | 29 +++++++++++++- charts/hapi-fhir-jpaserver/values.yaml | 39 +++++++++---------- 9 files changed, 82 insertions(+), 64 deletions(-) create mode 100644 charts/hapi-fhir-jpaserver/ci/enabled-ingress-values.yaml rename charts/hapi-fhir-jpaserver/templates/tests/{test-connection.yaml => test-endpoints.yaml} (53%) diff --git a/charts/hapi-fhir-jpaserver/Chart.lock b/charts/hapi-fhir-jpaserver/Chart.lock index 0db0f3a..bfb87ac 100644 --- a/charts/hapi-fhir-jpaserver/Chart.lock +++ b/charts/hapi-fhir-jpaserver/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.12.2 -digest: sha256:38ee315eae1af3e3f6eb20e1dd8ffd60d4ab7ee0c51bf26941b56c8bcb376c11 -generated: "2021-10-07T00:19:18.9743522+02:00" + version: 11.1.19 +digest: sha256:5bb38230bfa62c63547851e6f46f66a61441a4a4f18e3689827546277e34d192 +generated: "2022-04-08T21:55:34.6868891+02:00" diff --git a/charts/hapi-fhir-jpaserver/Chart.yaml b/charts/hapi-fhir-jpaserver/Chart.yaml index dd2c479..3cb702b 100644 --- a/charts/hapi-fhir-jpaserver/Chart.yaml +++ b/charts/hapi-fhir-jpaserver/Chart.yaml @@ -7,20 +7,23 @@ sources: - https://github.com/hapifhir/hapi-fhir-jpaserver-starter dependencies: - name: postgresql - version: 10.12.2 + version: 11.1.19 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled annotations: artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" artifacthub.io/changes: | # When using the list of objects option the valid supported kinds are # added, changed, deprecated, removed, fixed, and security. - kind: changed description: | - updated HAPI FHIR starter image to 5.6.0 - - kind: added + updated HAPI FHIR starter image to 5.7.0 + - kind: changed description: | - added support for configuring PodDisruptionBudget for the server pods -appVersion: v5.6.0 -version: 0.7.0 + BREAKING CHANGE: updated included PostgreSQL-subchart to v11 + - kind: changed + description: | + BREAKING CHANGE: removed ability to override the image flavor. + The one based on distroless is now the new default. +appVersion: v5.7.0 +version: 0.8.0 diff --git a/charts/hapi-fhir-jpaserver/README.md b/charts/hapi-fhir-jpaserver/README.md index 9208bd6..288e2ce 100644 --- a/charts/hapi-fhir-jpaserver/README.md +++ b/charts/hapi-fhir-jpaserver/README.md @@ -1,6 +1,6 @@ # HAPI FHIR JPA Server Starter Helm Chart -![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.6.0](https://img.shields.io/badge/AppVersion-v5.6.0-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.7.0](https://img.shields.io/badge/AppVersion-v5.7.0-informational?style=flat-square) This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment. @@ -29,11 +29,10 @@ helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpas | externalDatabase.user | string | `"fhir"` | username for the external database | | extraEnv | list | `[]` | extra environment variables to set on the server container | | fullnameOverride | string | `""` | override the chart fullname | -| image.flavor | string | `"distroless"` | the flavor or variant of the image to use. appended to the image tag by `-`. | | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use | | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted | | image.repository | string | `"hapiproject/hapi"` | the path inside the repository | -| image.tag | string | `""` | defaults to `Chart.appVersion` | +| image.tag | string | `""` | defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor | | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image | | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. | | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint | @@ -51,11 +50,11 @@ helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpas | podDisruptionBudget.maxUnavailable | string | `""` | maximum unavailable instances | | podDisruptionBudget.minAvailable | int | `1` | minimum available instances | | podSecurityContext | object | `{}` | pod security context | -| postgresql.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| postgresql.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| postgresql.auth.database | string | `"fhir"` | name for a custom database to create | +| postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. | | postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see for details if set to `false`, the values under `externalDatabase` are used | -| postgresql.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | -| postgresql.postgresqlDatabase | string | `"fhir"` | name of the database to create see: | +| postgresql.primary.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | +| postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | | readinessProbe.failureThreshold | int | `5` | | | readinessProbe.initialDelaySeconds | int | `30` | | | readinessProbe.periodSeconds | int | `20` | | diff --git a/charts/hapi-fhir-jpaserver/ci/enabled-ingress-values.yaml b/charts/hapi-fhir-jpaserver/ci/enabled-ingress-values.yaml new file mode 100644 index 0000000..f28063f --- /dev/null +++ b/charts/hapi-fhir-jpaserver/ci/enabled-ingress-values.yaml @@ -0,0 +1,6 @@ +ingress: + enabled: true + +postgresql: + auth: + postgresPassword: secretpassword diff --git a/charts/hapi-fhir-jpaserver/templates/_helpers.tpl b/charts/hapi-fhir-jpaserver/templates/_helpers.tpl index 178d840..eee1ed5 100644 --- a/charts/hapi-fhir-jpaserver/templates/_helpers.tpl +++ b/charts/hapi-fhir-jpaserver/templates/_helpers.tpl @@ -30,18 +30,6 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} -{{/* -Create image tag -*/}} -{{- define "hapi-fhir-jpaserver.imageTag" -}} -{{- $version := default .Chart.AppVersion .Values.image.tag -}} -{{- if .Values.image.flavor }} -{{- printf "%s-%s" $version .Values.image.flavor }} -{{- else }} -{{- printf "%s" $version }} -{{- end }} -{{- end }} - {{/* Common labels */}} @@ -75,10 +63,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this Get the Postgresql credentials secret name. */}} {{- define "hapi-fhir-jpaserver.postgresql.secretName" -}} -{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.existingSecret) -}} +{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret) -}} {{- printf "%s" (include "hapi-fhir-jpaserver.postgresql.fullname" .) -}} -{{- else if and (.Values.postgresql.enabled) (.Values.postgresql.existingSecret) -}} - {{- printf "%s" .Values.postgresql.existingSecret -}} +{{- else if and (.Values.postgresql.enabled) (.Values.postgresql.auth.existingSecret) -}} + {{- printf "%s" .Values.postgresql.auth.existingSecret -}} {{- else }} {{- if .Values.externalDatabase.existingSecret -}} {{- printf "%s" .Values.externalDatabase.existingSecret -}} @@ -95,7 +83,7 @@ Get the Postgresql credentials secret key. {{- if (.Values.externalDatabase.existingSecret) -}} {{- printf "%s" .Values.externalDatabase.existingSecretKey -}} {{- else }} - {{- printf "postgresql-password" -}} + {{- printf "postgres-password" -}} {{- end -}} {{- end -}} @@ -110,14 +98,14 @@ Add environment variables to configure database values Add environment variables to configure database values */}} {{- define "hapi-fhir-jpaserver.database.user" -}} -{{- ternary .Values.postgresql.postgresqlUsername .Values.externalDatabase.user .Values.postgresql.enabled -}} +{{- ternary "postgres" .Values.externalDatabase.user .Values.postgresql.enabled -}} {{- end -}} {{/* Add environment variables to configure database values */}} {{- define "hapi-fhir-jpaserver.database.name" -}} -{{- ternary .Values.postgresql.postgresqlDatabase .Values.externalDatabase.database .Values.postgresql.enabled -}} +{{- ternary .Values.postgresql.auth.database .Values.externalDatabase.database .Values.postgresql.enabled -}} {{- end -}} {{/* diff --git a/charts/hapi-fhir-jpaserver/templates/deployment.yaml b/charts/hapi-fhir-jpaserver/templates/deployment.yaml index a58024c..187ee9d 100644 --- a/charts/hapi-fhir-jpaserver/templates/deployment.yaml +++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ include "hapi-fhir-jpaserver.imageTag" . }} + image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http @@ -102,12 +102,10 @@ spec: key: {{ include "hapi-fhir-jpaserver.postgresql.secretKey" . }} - name: SPRING_DATASOURCE_DRIVERCLASSNAME value: org.postgresql.Driver - - name: SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT - value: org.hibernate.dialect.PostgreSQL10Dialect + - name: spring.jpa.properties.hibernate.dialect + value: ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgres94Dialect - name: HAPI_FHIR_USE_APACHE_ADDRESS_STRATEGY value: "true" - - name: SPRING_JPA_DATABASE_PLATFORM - value: org.hibernate.dialect.PostgreSQLDialect {{- if .Values.extraEnv }} {{ toYaml .Values.extraEnv | nindent 12 }} {{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml b/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml index e3a35d8..a487cb6 100644 --- a/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml +++ b/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml @@ -1,4 +1,4 @@ -{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret) }} +{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.auth.existingSecret) }} apiVersion: v1 kind: Secret metadata: @@ -7,5 +7,5 @@ metadata: {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} type: Opaque data: - postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }} + postgres-password: {{ .Values.externalDatabase.password | b64enc | quote }} {{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml similarity index 53% rename from charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml rename to charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml index eac503d..911f59d 100644 --- a/charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml +++ b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-connection" + name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-endpoints" labels: {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} {{ include "hapi-fhir-jpaserver.fullname" . }}-client: "true" @@ -10,7 +10,32 @@ metadata: spec: restartPolicy: Never containers: - - name: wget + - name: test-metadata-endpoint + image: busybox:1 + command: ['wget', '-O', '-'] + args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata'] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsUser: 22222 + runAsNonRoot: true + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + livenessProbe: + exec: + command: ["true"] + readinessProbe: + exec: + command: ["true"] + - name: test-patient-endpoint image: busybox:1 command: ['wget', '-O', '-'] args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1'] diff --git a/charts/hapi-fhir-jpaserver/values.yaml b/charts/hapi-fhir-jpaserver/values.yaml index 5fb71dd..e89a5c4 100644 --- a/charts/hapi-fhir-jpaserver/values.yaml +++ b/charts/hapi-fhir-jpaserver/values.yaml @@ -6,11 +6,8 @@ image: registry: docker.io # -- the path inside the repository repository: hapiproject/hapi - # -- defaults to `Chart.appVersion` + # -- defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor tag: "" - # -- the flavor or variant of the image to use. - # appended to the image tag by `-`. - flavor: "distroless" # -- image pullPolicy to use pullPolicy: IfNotPresent @@ -96,22 +93,24 @@ postgresql: # see for details # if set to `false`, the values under `externalDatabase` are used enabled: true - # -- name of the database to create - # see: - postgresqlDatabase: "fhir" - # -- Name of existing secret to use for PostgreSQL passwords. - # The secret has to contain the keys `postgresql-password` - # which is the password for `postgresqlUsername` when it is - # different of `postgres`, `postgresql-postgres-password` which - # will override `postgresqlPassword`, `postgresql-replication-password` - # which will override `replication.password` and `postgresql-ldap-password` - # which will be sed to authenticate on LDAP. The value is evaluated as a template. - existingSecret: "" - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + auth: + # -- name for a custom database to create + database: "fhir" + # -- Name of existing secret to use for PostgreSQL credentials + # `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret + # The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), + # `password` (which is the password for the custom user to create when `auth.username` is set), + # and `replication-password` (which is the password for replication user). + # The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and + # picked from this secret in this case. + # The value is evaluated as a template. + existingSecret: "" + primary: + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readinessProbe: failureThreshold: 5 From bf51c2263af48f1a5927363d45c136068c78bd21 Mon Sep 17 00:00:00 2001 From: Jens Kristian Villadsen Date: Mon, 11 Apr 2022 20:00:06 +0200 Subject: [PATCH 13/18] Update application.yaml Reverted to sane defaults --- src/main/resources/application.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index df61672..891bf36 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -86,8 +86,7 @@ hapi: # enable_index_missing_fields: false # enable_index_contained_resource: false # advanced_lucene_indexing: false - advanced_lucene_indexing: true -# enforce_referential_integrity_on_delete: false + # enforce_referential_integrity_on_delete: false # enforce_referential_integrity_on_write: false # etag_support_enabled: true # expunge_enabled: true From c607a98728b2eb79bf73b266e3457bbab7f44e3c Mon Sep 17 00:00:00 2001 From: chgl Date: Fri, 15 Apr 2022 19:28:53 +0200 Subject: [PATCH 14/18] Updated to HAPI FHIR version 5.7.2 (#349) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 65d418f..fc2346b 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ ca.uhn.hapi.fhir hapi-fhir - 5.7.0 + 5.7.2 hapi-fhir-jpaserver-starter From c8da589636ca510445310efb36692806cb8b8a7b Mon Sep 17 00:00:00 2001 From: Patrick Werner Date: Wed, 20 Apr 2022 18:31:37 +0200 Subject: [PATCH 15/18] Add disclaimer for advanced_lucene_indexing added warning to advanced_lucene_indexing: false property --- src/main/resources/application.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 062008f..95c7c5a 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -92,6 +92,8 @@ hapi: # enable_repository_validating_interceptor: false # enable_index_missing_fields: false # enable_index_contained_resource: false + ### !!Extended Lucene/Elasticsearch Indexing is still a experimental feature, expect some features (e.g. _total=accurate) to not work as expected!! + ### more information here: https://hapifhir.io/hapi-fhir/docs/server_jpa/elastic.html # advanced_lucene_indexing: false # enforce_referential_integrity_on_delete: false # enforce_referential_integrity_on_write: false From fdfa6fd711f411c58b9175223c05141cea0598fe Mon Sep 17 00:00:00 2001 From: chgl Date: Sun, 1 May 2022 21:48:18 +0200 Subject: [PATCH 16/18] Expose Prometheus metrics (#355) --- pom.xml | 7 +++++++ src/main/resources/application.yaml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fc2346b..6a69b1b 100644 --- a/pom.xml +++ b/pom.xml @@ -317,6 +317,13 @@ ${spring_boot_version} + + + io.micrometer + micrometer-registry-prometheus + 1.8.5 + + com.zaxxer HikariCP diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 95c7c5a..45c3e13 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -4,7 +4,7 @@ management: endpoints: web: exposure: - include: "health" + include: "health,prometheus" spring: main: allow-circular-references: true From 91e4105fd8c0c900e552633fbe02d436564b8675 Mon Sep 17 00:00:00 2001 From: Alejandro Medina Date: Fri, 6 May 2022 12:25:51 -0400 Subject: [PATCH 17/18] Add: of-type modifier option in application.yaml (#363) Co-authored-by: Alejandro Medina --- src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java | 9 +++++++++ .../ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java | 1 + src/main/resources/application.yaml | 1 + 3 files changed, 11 insertions(+) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java b/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java index 2ef74cf..a4ab834 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java @@ -22,6 +22,7 @@ public class AppProperties { private Boolean openapi_enabled = false; private Boolean mdm_enabled = false; private boolean advanced_lucene_indexing = false; + private boolean enable_index_of_type = false; private Boolean allow_cascading_deletes = false; private Boolean allow_contains_searches = true; private Boolean allow_external_references = false; @@ -834,4 +835,12 @@ public class AppProperties { private Boolean quitWait = false; } } + + public boolean getEnable_index_of_type() { + return enable_index_of_type; + } + + public void setEnable_index_of_type(boolean enable_index_of_type) { + this.enable_index_of_type = enable_index_of_type; + } } diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java b/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java index d9617c7..3896167 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java @@ -178,6 +178,7 @@ public class FhirServerConfigCommon { modelConfig.setNormalizedQuantitySearchLevel(appProperties.getNormalized_quantity_search_level()); modelConfig.setIndexOnContainedResources(appProperties.getEnable_index_contained_resource()); + modelConfig.setIndexIdentifierOfType(appProperties.getEnable_index_of_type()); return modelConfig; } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 45c3e13..67c86f4 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -91,6 +91,7 @@ hapi: # delete_expunge_enabled: true # enable_repository_validating_interceptor: false # enable_index_missing_fields: false + # enable_index_of_type: true # enable_index_contained_resource: false ### !!Extended Lucene/Elasticsearch Indexing is still a experimental feature, expect some features (e.g. _total=accurate) to not work as expected!! ### more information here: https://hapifhir.io/hapi-fhir/docs/server_jpa/elastic.html From 244113ba67d99b414f2c1bba6379145c16b922dd Mon Sep 17 00:00:00 2001 From: Dennis Verspuij <6680484+dennisverspuij@users.noreply.github.com> Date: Mon, 9 May 2022 21:39:56 +0200 Subject: [PATCH 18/18] Fix applying supported_resource_types option with list that already includes SearchParameter (#365) --- .../java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java b/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java index 3d94924..fb48ffd 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java @@ -131,8 +131,10 @@ public class BaseJpaRestfulServer extends RestfulServer { // Customize supported resource types List supportedResourceTypes = appProperties.getSupported_resource_types(); - if (!supportedResourceTypes.isEmpty() && !supportedResourceTypes.contains("SearchParameter")) { - supportedResourceTypes.add("SearchParameter"); + if (!supportedResourceTypes.isEmpty()) { + if (!supportedResourceTypes.contains("SearchParameter")) { + supportedResourceTypes.add("SearchParameter"); + } daoRegistry.setSupportedResourceTypes(supportedResourceTypes); }