Merge branch 'master' into rel_6_0_0_mergeback

.github/workflows/build-images.yaml

@@ -19,25 +19,24 @@ jobs:
     name: Build
     runs-on: ubuntu-20.04
     steps:
-      - name: Docker meta
+      - name: Container meta for default (distroless) image
         id: docker_meta
         uses: docker/metadata-action@v3
         with:
           images: ${{ env.IMAGES }}
           tags: |
             type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}}
-            type=sha
            
-      - name: Docker distroless meta
+
-        id: docker_distroless_meta
+      - name: Container meta for tomcat image
+        id: docker_tomcat_meta
         uses: docker/metadata-action@v3
         with:
           images: ${{ env.IMAGES }}
           tags: |
             type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}}
-            type=sha
           flavor: |
-            suffix=-distroless,onlatest=true
+            suffix=-tomcat,onlatest=true
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -60,7 +59,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-
 
-      - name: Build and push
+      - name: Build and push default (distroless) image
         id: docker_build
         uses: docker/build-push-action@v2
         with:
@@ -70,15 +69,16 @@ jobs:
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
           platforms: ${{ env.PLATFORMS }}
+          target: default
 
-      - name: Build and push distroless
+      - name: Build and push tomcat image
-        id: docker_build_distroless
+        id: docker_build_tomcat
         uses: docker/build-push-action@v2
         with:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.docker_distroless_meta.outputs.tags }}
+          tags: ${{ steps.docker_tomcat_meta.outputs.tags }}
-          labels: ${{ steps.docker_distroless_meta.outputs.labels }}
+          labels: ${{ steps.docker_tomcat_meta.outputs.labels }}
           platforms: ${{ env.PLATFORMS }}
-          target: release-distroless
+          target: tomcat

Dockerfile

@@ -1,4 +1,4 @@
-FROM maven:3.8.2-jdk-11-slim as build-hapi
+FROM maven:3.8-openjdk-17-slim as build-hapi
 WORKDIR /tmp/hapi-fhir-jpaserver-starter
 
 COPY pom.xml .
@@ -6,14 +6,34 @@ COPY server.xml .
 RUN mvn -ntp dependency:go-offline
 
 COPY src/ /tmp/hapi-fhir-jpaserver-starter/src/
-RUN mvn clean install -DskipTests
+RUN mvn clean install -DskipTests -Djdk.lang.Process.launchMechanism=vfork
 
 FROM build-hapi AS build-distroless
 RUN mvn package spring-boot:repackage -Pboot
-RUN mkdir /app && \
+RUN mkdir /app && cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war
-    cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war
 
-FROM gcr.io/distroless/java-debian11:11 AS release-distroless
+
+########### bitnami tomcat version is suitable for debugging and comes with a shell
+########### it can be built using eg. `docker build --target tomcat .`
+FROM bitnami/tomcat:9.0 as tomcat
+
+RUN rm -rf /opt/bitnami/tomcat/webapps/ROOT && \
+    rm -rf /opt/bitnami/tomcat/webapps_default/ROOT && \
+    mkdir -p /opt/bitnami/hapi/data/hapi/lucenefiles && \
+    chmod 775 /opt/bitnami/hapi/data/hapi/lucenefiles
+
+USER root
+RUN mkdir -p /target && chown -R 1001:1001 target
+USER 1001
+
+COPY --chown=1001:1001 catalina.properties /opt/bitnami/tomcat/conf/catalina.properties
+COPY --chown=1001:1001 server.xml /opt/bitnami/tomcat/conf/server.xml
+COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /opt/bitnami/tomcat/webapps_default/ROOT.war
+
+ENV ALLOW_EMPTY_PASSWORD=yes
+
+########### distroless brings focus on security and runs on plain spring boot - this is the default image
+FROM gcr.io/distroless/java17:nonroot as default
 COPY --chown=nonroot:nonroot --from=build-distroless /app /app
 # 65532 is the nonroot user's uid
 # used here instead of the name to allow Kubernetes to easily detect that the container
@@ -21,13 +41,3 @@ COPY --chown=nonroot:nonroot --from=build-distroless /app /app
 USER 65532:65532
 WORKDIR /app
 CMD ["/app/main.war"]
-
-FROM tomcat:9.0.53-jdk11-openjdk-slim-bullseye
-
-RUN mkdir -p /data/hapi/lucenefiles && chmod 775 /data/hapi/lucenefiles
-COPY --from=build-hapi /tmp/hapi-fhir-jpaserver-starter/target/*.war /usr/local/tomcat/webapps/
-
-COPY catalina.properties /usr/local/tomcat/conf/catalina.properties
-COPY server.xml /usr/local/tomcat/conf/server.xml
-
-CMD ["catalina.sh", "run"]

README.md

@@ -189,6 +189,13 @@ spring:
     password: admin
     driverClassName: com.mysql.jdbc.Driver
 ```
+
+Also, make sure you are not setting the Hibernate dialect explicitly, in other words remove any lines similar to:
+
+```
+hibernate.dialect: {some none MySQL dialect}
+```
+
 On some systems, it might be necessary to override hibernate's default naming strategy. The naming strategy must be set using spring.jpa.hibernate.physical_naming_strategy. 
 
 ```yaml
@@ -215,6 +222,26 @@ spring:
 
 Because the integration tests within the project rely on the default H2 database configuration, it is important to either explicity skip the integration tests during the build process, i.e., `mvn install -DskipTests`, or delete the tests altogether. Failure to skip or delete the tests once you've configured PostgreSQL for the datasource.driver, datasource.url, and hibernate.dialect as outlined above will result in build errors and compilation failure.
 
+### Microsoft SQL Server configuration
+
+To configure the starter app to use MS SQL Server, instead of the default H2, update the application.yaml file to have the following:
+
+```yaml
+spring:
+  datasource:
+    url: 'jdbc:sqlserver://<server>:<port>;databaseName=<databasename>'
+    username: admin
+    password: admin
+    driverClassName: com.microsoft.sqlserver.jdbc.SQLServerDriver
+```
+
+
+Because the integration tests within the project rely on the default H2 database configuration, it is important to either explicity skip the integration tests during the build process, i.e., `mvn install -DskipTests`, or delete the tests altogether. Failure to skip or delete the tests once you've configured PostgreSQL for the datasource.driver, datasource.url, and hibernate.dialect as outlined above will result in build errors and compilation failure.
+
+
+NOTE: MS SQL Server by default uses a case-insensitive codepage. This will cause errors with some operations - such as when expanding case-sensitive valuesets (UCUM) as there are unique indexes defined on the terminology tables for codes. 
+It is recommended to deploy a case-sensitive database prior to running HAPI FHIR when using MS SQL Server to avoid these and potentially other issues. 
+
 ## Customizing The Web Testpage UI
 
 The UI that comes with this server is an exact clone of the server available at [http://hapi.fhir.org](http://hapi.fhir.org). You may skin this UI if you'd like. For example, you might change the introductory text or replace the logo with your own.
@@ -279,6 +306,8 @@ spring:
     driverClassName: com.mysql.jdbc.Driver
 ```
 
+Also, make sure you are not setting the Hibernate Dialect explicitly, see more details in the section about MySQL.
+
 ## Running hapi-fhir-jpaserver directly from IntelliJ as Spring Boot
 Make sure you run with the maven profile called ```boot``` and NOT also ```jetty```. Then you are ready to press debug the project directly without any extra Application Servers.
 

charts/hapi-fhir-jpaserver/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
-  version: 10.12.2
+  version: 11.1.19
-digest: sha256:38ee315eae1af3e3f6eb20e1dd8ffd60d4ab7ee0c51bf26941b56c8bcb376c11
+digest: sha256:5bb38230bfa62c63547851e6f46f66a61441a4a4f18e3689827546277e34d192
-generated: "2021-10-07T00:19:18.9743522+02:00"
+generated: "2022-04-08T21:55:34.6868891+02:00"

charts/hapi-fhir-jpaserver/Chart.yaml

@@ -7,20 +7,23 @@ sources:
   - https://github.com/hapifhir/hapi-fhir-jpaserver-starter
 dependencies:
   - name: postgresql
-    version: 10.12.2
+    version: 11.1.19
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
 annotations:
   artifacthub.io/license: Apache-2.0
-  artifacthub.io/prerelease: "true"
   artifacthub.io/changes: |
     # When using the list of objects option the valid supported kinds are
     # added, changed, deprecated, removed, fixed, and security.
     - kind: changed
       description: |
-        updated HAPI FHIR starter image to 5.6.0
+        updated HAPI FHIR starter image to 5.7.0
-    - kind: added
+    - kind: changed
       description: |
-        added support for configuring PodDisruptionBudget for the server pods
+        BREAKING CHANGE: updated included PostgreSQL-subchart to v11
-appVersion: v5.6.0
+    - kind: changed
-version: 0.7.0
+      description: |
+        BREAKING CHANGE: removed ability to override the image flavor.
+        The one based on distroless is now the new default.
+appVersion: v5.7.0
+version: 0.8.0

charts/hapi-fhir-jpaserver/README.md

@@ -1,6 +1,6 @@
 # HAPI FHIR JPA Server Starter Helm Chart
 
-![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.6.0](https://img.shields.io/badge/AppVersion-v5.6.0-informational?style=flat-square)
+![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.7.0](https://img.shields.io/badge/AppVersion-v5.7.0-informational?style=flat-square)
 
 This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
 
@@ -29,11 +29,10 @@ helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpas
 | externalDatabase.user | string | `"fhir"` | username for the external database |
 | extraEnv | list | `[]` | extra environment variables to set on the server container |
 | fullnameOverride | string | `""` | override the chart fullname |
-| image.flavor | string | `"distroless"` | the flavor or variant of the image to use. appended to the image tag by `-`. |
 | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
 | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted |
 | image.repository | string | `"hapiproject/hapi"` | the path inside the repository |
-| image.tag | string | `""` | defaults to `Chart.appVersion` |
+| image.tag | string | `""` | defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor |
 | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
 | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
 | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
@@ -51,11 +50,11 @@ helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpas
 | podDisruptionBudget.maxUnavailable | string | `""` | maximum unavailable instances |
 | podDisruptionBudget.minAvailable | int | `1` | minimum available instances |
 | podSecurityContext | object | `{}` | pod security context |
-| postgresql.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
+| postgresql.auth.database | string | `"fhir"` | name for a custom database to create |
-| postgresql.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. |
 | postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used |
-| postgresql.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. |
+| postgresql.primary.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
-| postgresql.postgresqlDatabase | string | `"fhir"` | name of the database to create see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run> |
+| postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | readinessProbe.failureThreshold | int | `5` |  |
 | readinessProbe.initialDelaySeconds | int | `30` |  |
 | readinessProbe.periodSeconds | int | `20` |  |

charts/hapi-fhir-jpaserver/ci/enabled-ingress-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  enabled: true
+
+postgresql:
+  auth:
+    postgresPassword: secretpassword

charts/hapi-fhir-jpaserver/templates/_helpers.tpl

@@ -30,18 +30,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
-{{/*
-Create image tag
-*/}}
-{{- define "hapi-fhir-jpaserver.imageTag" -}}
-{{- $version := default .Chart.AppVersion .Values.image.tag -}}
-{{- if .Values.image.flavor }}
-{{- printf "%s-%s" $version .Values.image.flavor }}
-{{- else }}
-{{- printf "%s" $version }}
-{{- end }}
-{{- end }}
-
 {{/*
 Common labels
 */}}
@@ -75,10 +63,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 Get the Postgresql credentials secret name.
 */}}
 {{- define "hapi-fhir-jpaserver.postgresql.secretName" -}}
-{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.existingSecret) -}}
+{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret) -}}
     {{- printf "%s" (include "hapi-fhir-jpaserver.postgresql.fullname" .) -}}
-{{- else if and (.Values.postgresql.enabled) (.Values.postgresql.existingSecret) -}}
+{{- else if and (.Values.postgresql.enabled) (.Values.postgresql.auth.existingSecret) -}}
-    {{- printf "%s" .Values.postgresql.existingSecret -}}
+    {{- printf "%s" .Values.postgresql.auth.existingSecret -}}
 {{- else }}
     {{- if .Values.externalDatabase.existingSecret -}}
         {{- printf "%s" .Values.externalDatabase.existingSecret -}}
@@ -95,7 +83,7 @@ Get the Postgresql credentials secret key.
 {{- if (.Values.externalDatabase.existingSecret) -}}
     {{- printf "%s" .Values.externalDatabase.existingSecretKey -}}
 {{- else }}
-    {{- printf "postgresql-password" -}}
+    {{- printf "postgres-password" -}}
 {{- end -}}
 {{- end -}}
 
@@ -110,14 +98,14 @@ Add environment variables to configure database values
 Add environment variables to configure database values
 */}}
 {{- define "hapi-fhir-jpaserver.database.user" -}}
-{{- ternary .Values.postgresql.postgresqlUsername .Values.externalDatabase.user .Values.postgresql.enabled -}}
+{{- ternary "postgres" .Values.externalDatabase.user .Values.postgresql.enabled -}}
 {{- end -}}
 
 {{/*
 Add environment variables to configure database values
 */}}
 {{- define "hapi-fhir-jpaserver.database.name" -}}
-{{- ternary .Values.postgresql.postgresqlDatabase .Values.externalDatabase.database .Values.postgresql.enabled -}}
+{{- ternary .Values.postgresql.auth.database .Values.externalDatabase.database .Values.postgresql.enabled -}}
 {{- end -}}
 
 {{/*

charts/hapi-fhir-jpaserver/templates/deployment.yaml

@@ -60,7 +60,7 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ include "hapi-fhir-jpaserver.imageTag" . }}
+          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
@@ -102,12 +102,10 @@ spec:
                   key: {{ include "hapi-fhir-jpaserver.postgresql.secretKey" . }}
             - name: SPRING_DATASOURCE_DRIVERCLASSNAME
               value: org.postgresql.Driver
-            - name: SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT
+            - name: spring.jpa.properties.hibernate.dialect
-              value: org.hibernate.dialect.PostgreSQL10Dialect
+              value: ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgres94Dialect
             - name: HAPI_FHIR_USE_APACHE_ADDRESS_STRATEGY
               value: "true"
-            - name: SPRING_JPA_DATABASE_PLATFORM
-              value: org.hibernate.dialect.PostgreSQLDialect
             {{- if .Values.extraEnv }}
             {{ toYaml .Values.extraEnv | nindent 12 }}
             {{- end }}

charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml

@@ -1,4 +1,4 @@
-{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret) }}
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.auth.existingSecret) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,5 +7,5 @@ metadata:
     {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
 type: Opaque
 data:
-  postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }}
+  postgres-password: {{ .Values.externalDatabase.password | b64enc | quote }}
 {{- end }}

charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-connection"
+  name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-endpoints"
   labels:
     {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
     {{ include "hapi-fhir-jpaserver.fullname" . }}-client: "true"
@@ -10,7 +10,32 @@ metadata:
 spec:
   restartPolicy: Never
   containers:
-    - name: wget
+    - name: test-metadata-endpoint
+      image: busybox:1
+      command: ['wget', '-O', '-']
+      args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata']
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+        readOnlyRootFilesystem: true
+        runAsUser: 22222
+        runAsNonRoot: true
+      resources:
+        limits:
+          cpu: 100m
+          memory: 128Mi
+        requests:
+          cpu: 100m
+          memory: 128Mi
+      livenessProbe:
+        exec:
+          command: ["true"]
+      readinessProbe:
+        exec:
+          command: ["true"]
+    - name: test-patient-endpoint
       image: busybox:1
       command: ['wget', '-O', '-']
       args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1']

charts/hapi-fhir-jpaserver/values.yaml

@@ -6,11 +6,8 @@ image:
   registry: docker.io
   # -- the path inside the repository
   repository: hapiproject/hapi
-  # -- defaults to `Chart.appVersion`
+  # -- defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor
   tag: ""
-  # -- the flavor or variant of the image to use.
-  # appended to the image tag by `-`.
-  flavor: "distroless"
   # -- image pullPolicy to use
   pullPolicy: IfNotPresent
 
@@ -96,17 +93,19 @@ postgresql:
   # see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
   # if set to `false`, the values under `externalDatabase` are used
   enabled: true
-  # -- name of the database to create
+  auth:
-  # see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run>
+    # -- name for a custom database to create
-  postgresqlDatabase: "fhir"
+    database: "fhir"
-  # -- Name of existing secret to use for PostgreSQL passwords.
+    # -- Name of existing secret to use for PostgreSQL credentials
-  # The secret has to contain the keys `postgresql-password`
+    # `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret
-  # which is the password for `postgresqlUsername` when it is
+    # The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user),
-  # different of `postgres`, `postgresql-postgres-password` which
+    # `password` (which is the password for the custom user to create when `auth.username` is set),
-  # will override `postgresqlPassword`, `postgresql-replication-password`
+    # and `replication-password` (which is the password for replication user).
-  # which will override `replication.password` and `postgresql-ldap-password`
+    # The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and
-  # which will be sed to authenticate on LDAP. The value is evaluated as a template.
+    # picked from this secret in this case.
+    # The value is evaluated as a template.
     existingSecret: ""
+  primary:
     containerSecurityContext:
       allowPrivilegeEscalation: false
       capabilities:

pom.xml

@@ -61,6 +61,10 @@
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
         </dependency>
+        <dependency>
+          <groupId>com.microsoft.sqlserver</groupId>
+          <artifactId>mssql-jdbc</artifactId>
+        </dependency>
 
         <!-- Needed for Email subscriptions -->
         <dependency>
@@ -85,6 +89,12 @@
             <groupId>ca.uhn.hapi.fhir</groupId>
             <artifactId>hapi-fhir-jpaserver-subscription</artifactId>
             <version>${project.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.zaxxer</groupId>
+                    <artifactId>HikariCP-java7</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- This dependency includes the JPA server itself, which is packaged separately from the rest of HAPI FHIR -->
@@ -301,6 +311,26 @@
             <version>${spring_boot_version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+            <version>${spring_boot_version}</version>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/io.micrometer/micrometer-registry-prometheus -->
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+            <version>1.8.5</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.zaxxer</groupId>
+            <artifactId>HikariCP</artifactId>
+            <version>5.0.1</version>
+        </dependency>
+
+
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>

src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java

@@ -25,12 +25,14 @@ public class AppProperties {
   private Boolean openapi_enabled = false;
   private Boolean mdm_enabled = false;
   private boolean advanced_lucene_indexing = false;
+  private boolean enable_index_of_type = false;
   private Boolean allow_cascading_deletes = false;
   private Boolean allow_contains_searches = true;
   private Boolean allow_external_references = false;
   private Boolean allow_multiple_delete = false;
   private Boolean allow_override_default_search_params = true;
   private Boolean auto_create_placeholder_reference_targets = false;
+  private Boolean dao_scheduling_enabled = true;
   private Boolean delete_expunge_enabled = false;
   private Boolean enable_index_missing_fields = false;
   private Boolean enable_index_contained_resource = false;
@@ -286,6 +288,14 @@ public class AppProperties {
     this.default_page_size = default_page_size;
   }
 
+  public Boolean getDao_scheduling_enabled() {
+    return dao_scheduling_enabled;
+  }
+
+  public void setDao_scheduling_enabled(Boolean dao_scheduling_enabled) {
+    this.dao_scheduling_enabled = dao_scheduling_enabled;
+  }
+
   public Boolean getDelete_expunge_enabled() {
     return delete_expunge_enabled;
   }
@@ -807,4 +817,12 @@ public class AppProperties {
       private Boolean quitWait = false;
     }
   }
+
+  public boolean getEnable_index_of_type() {
+    return enable_index_of_type;
+  }
+
+  public void setEnable_index_of_type(boolean enable_index_of_type) {
+    this.enable_index_of_type = enable_index_of_type;
+  }
 }

src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java

@@ -28,6 +28,7 @@ import ca.uhn.fhir.rest.openapi.OpenApiInterceptor;
 import ca.uhn.fhir.rest.server.*;
 import ca.uhn.fhir.rest.server.interceptor.*;
 import ca.uhn.fhir.rest.server.interceptor.partition.RequestTenantPartitionInterceptor;
+import ca.uhn.fhir.rest.server.provider.ReindexProvider;
 import ca.uhn.fhir.rest.server.provider.ResourceProviderFactory;
 import ca.uhn.fhir.rest.server.tenant.UrlBaseTenantIdentificationStrategy;
 import ca.uhn.fhir.rest.server.util.ISearchParamRegistry;
@@ -80,6 +81,8 @@ public class BaseJpaRestfulServer extends RestfulServer {
   @Autowired
   ValueSetOperationProvider valueSetOperationProvider;
   @Autowired
+  ReindexProvider reindexProvider;
+  @Autowired
   BinaryStorageInterceptor binaryStorageInterceptor;
   @Autowired
   IPackageInstallerSvc packageInstallerSvc;
@@ -113,8 +116,10 @@ public class BaseJpaRestfulServer extends RestfulServer {
     // Customize supported resource types
     List<String> supportedResourceTypes = appProperties.getSupported_resource_types();
 
-    if (!supportedResourceTypes.isEmpty() && !supportedResourceTypes.contains("SearchParameter")) {
+    if (!supportedResourceTypes.isEmpty()) {
+      if (!supportedResourceTypes.contains("SearchParameter")) {
         supportedResourceTypes.add("SearchParameter");
+      }
       daoRegistry.setSupportedResourceTypes(supportedResourceTypes);
     }
 
@@ -358,6 +363,9 @@ public class BaseJpaRestfulServer extends RestfulServer {
     // valueSet Operations i.e $expand
     registerProvider(valueSetOperationProvider);
 
+	 //reindex Provider $reindex
+	 registerProvider(reindexProvider);
+
     // Partitioning
     if (appProperties.getPartitioning() != null) {
       registerInterceptor(new RequestTenantPartitionInterceptor());

src/main/java/ca/uhn/fhir/jpa/starter/FhirServerConfigCommon.java

@@ -40,6 +40,7 @@ public class FhirServerConfigCommon {
     ourLog.info("Server configured to " + (appProperties.getAllow_contains_searches() ? "allow" : "deny") + " contains searches");
     ourLog.info("Server configured to " + (appProperties.getAllow_multiple_delete() ? "allow" : "deny") + " multiple deletes");
     ourLog.info("Server configured to " + (appProperties.getAllow_external_references() ? "allow" : "deny") + " external references");
+    ourLog.info("Server configured to " + (appProperties.getDao_scheduling_enabled() ? "enable" : "disable") + " DAO scheduling");
     ourLog.info("Server configured to " + (appProperties.getDelete_expunge_enabled() ? "enable" : "disable") + " delete expunges");
     ourLog.info("Server configured to " + (appProperties.getExpunge_enabled() ? "enable" : "disable") + " expunges");
     ourLog.info("Server configured to " + (appProperties.getAllow_override_default_search_params() ? "allow" : "deny") + " overriding default search params");
@@ -86,6 +87,7 @@ public class FhirServerConfigCommon {
     retVal.setAllowContainsSearches(appProperties.getAllow_contains_searches());
     retVal.setAllowMultipleDelete(appProperties.getAllow_multiple_delete());
     retVal.setAllowExternalReferences(appProperties.getAllow_external_references());
+    retVal.setSchedulingDisabled(!appProperties.getDao_scheduling_enabled());
     retVal.setDeleteExpungeEnabled(appProperties.getDelete_expunge_enabled());
     retVal.setExpungeEnabled(appProperties.getExpunge_enabled());
     if(appProperties.getSubscription() != null && appProperties.getSubscription().getEmail() != null)
@@ -177,6 +179,7 @@ public class FhirServerConfigCommon {
     modelConfig.setNormalizedQuantitySearchLevel(appProperties.getNormalized_quantity_search_level());
 
     modelConfig.setIndexOnContainedResources(appProperties.getEnable_index_contained_resource());
+    modelConfig.setIndexIdentifierOfType(appProperties.getEnable_index_of_type());
     return modelConfig;
   }
 

src/main/resources/application.yaml

@@ -1,6 +1,14 @@
+#Adds the option to go to eg. http://localhost:8080/actuator/health for seeing the running configuration
+#see https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "health,prometheus"
 spring:
   main:
     allow-circular-references: true
+    #allow-bean-definition-overriding: true
   flyway:
     enabled: false
     check-location: false
@@ -83,9 +91,13 @@ hapi:
     #    delete_expunge_enabled: true
     #    enable_repository_validating_interceptor: false
     #    enable_index_missing_fields: false
+    #    enable_index_of_type: true
     #    enable_index_contained_resource: false
-    # This is an experimental feature, and does not fully support _total and other FHIR features.
+    ###  !!Extended Lucene/Elasticsearch Indexing is still a experimental feature, expect some features (e.g. _total=accurate) to not work as expected!!
+    ###  more information here: https://hapifhir.io/hapi-fhir/docs/server_jpa/elastic.html
     advanced_lucene_indexing: false
+    #    enforce_referential_integrity_on_delete: false
+    # This is an experimental feature, and does not fully support _total and other FHIR features.
 #    enforce_referential_integrity_on_delete: false
     #    enforce_referential_integrity_on_write: false
     #    etag_support_enabled: true

src/test/java/ca/uhn/fhir/jpa/starter/Demo.java

@@ -15,6 +15,6 @@ public class Demo {
     System.setProperty("spring.batch.job.enabled", "false");
     SpringApplication.run(Demo.class, args);
 
-    //Server is now accessible at eg. http://localhost:8080/metadata
+    //Server is now accessible at eg. http://localhost:8080/fhir/metadata
   }
 }