external configuration initial commit

ahdis · Jan 29, 2021 · b5239e5 · b5239e5
1 parent 59676d8
commit b5239e5
Show file tree

Hide file tree

Showing 11 changed files with 205 additions and 73 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -4,13 +4,13 @@ EXPOSE 9090
 EXPOSE 9091
 VOLUME /tmp
 
-ARG JAR_FILE=target/i4mi-ipf-hapifhir-gateway-1.0-SNAPSHOT-spring-boot.jar
+ARG JAR_FILE=target/mobile-access-gateway-1.0-SNAPSHOT-spring-boot.jar
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
 
 COPY ${JAR_FILE} /app.jar
 
-ENTRYPOINT java -Xmx1G -Xshareclasses -Xquickstart -jar /app.jar
+ENTRYPOINT java -Xmx1G -Xshareclasses -Xquickstart -jar /app.jar -Dspring.config.additional-location=optional:file:/config/application.yml
 
 
 # export PROJECT_ID="$(gcloud config get-value project -q)"

diff --git a/README.md b/README.md
@@ -33,6 +33,11 @@ See [client.http](client.http) for example calls to the Mobile Access Gateway.
 4. Install the dependencies: `mvn install`
 5. Either run it from your favorite IDE or in the CLI: `mvn clean compile && mvn exec:java -Dexec.mainClass="ch.bfh.ti.i4mi.mag.MobileAccessGateway"`
 
+To run your own configuration stored in a properties file use the `-Dspring.config.additional-location` switch.
+Any config parameter that is not specified in the file will be taken from the defaults.
+If your config file is called "myownconfig.properties" run it using:
+`mvn clean compile && mvn exec:java -Dexec.mainClass="ch.bfh.ti.i4mi.mag.MobileAccessGateway" -Dspring.config.additional-location=file:myownconfig.properties`
+
 ## Caution
 - a @ComponentScan had to be added to the main Application class, otherwise the routes / component could note  be defined (see open issues)
 
@@ -46,4 +51,32 @@ See [client.http](client.http) for example calls to the Mobile Access Gateway.
 - Java Extension needed
 
 ### open issues
-- ipf-platform-camel-ihe-fhir-r4-pixpdq works not nicely with spring-boot together, is the META-INF directory not added to the output source?
+- ipf-platform-camel-ihe-fhir-r4-pixpdq works not nicely with spring-boot together, is the META-INF directory not added to the output source?
+
+## Deployment
+
+The MobileAccessGateway can run in a docker container and can be deployed to a Kubernetes cluster. 
+
+### Building an image
+To create a new docker image run:
+
+```
+mvn clean package
+docker build -t gateway:v020
+```
+
+Where "gateway" is the image name and v020 is the version. Then push to a registry.
+
+### Creating a configuration
+- Create an empty folder ("**myconfig**" in this example) and copy the contents of the example-config directory.
+- Edit the application.yml. Leave the pathes for the keystores as they are.
+- Provide p12 or jks keystores for the client certificate, the server certificate and for IDP.
+
+### Deploying to Kubernetes
+- Edit myconfig/kubernetes-config.yml as you need it
+- Create a config map for "application.yml"
+`kubectl create configmap  mobile-access-gateway-configmap --from-file=application.yml=myconfig/application.yml`
+- Create a secret for the certificates and keys
+`kubectl create secret generic mobile-access-gateway-secret --from-file=client.jks=myconfig/client-certificate.jks --from-file=server.p12=myconfig/server-certificate.jks --from-file=idp.jks=myconfig/idp.jks`
+- Upload configuration
+`kubectl apply -f myconfig/kubernetes-config.yml`
diff --git a/example-config/application.yml b/example-config/application.yml
@@ -0,0 +1,67 @@
+mag:
+  baseurl: http://localhost
+  client-ssl:
+    enabled: true
+    key-store: /secret/client.jks    
+    key-store-password: a1b2c3
+    cert-alias: gateway    
+  xds:
+    https: true
+    iti-18:     
+      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/reg/sq         
+    iti-43:      
+      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/rep/ret          
+    iti-41:      
+      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/rep/prb
+    retrieve:
+      url: http://localhost:9090/camel/xdsretrieve
+      repositoryUniqueId: 1.1.4567332.1.2    
+  pix:
+    https: true
+    iti-45:      
+      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType      
+    iti-44:      
+      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType      
+    iti-47:            
+      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PDQSupplier_Service/PDQSupplier_PortType
+    oids:
+      sender: 1.3.6.1.4.1.21367.2017.2.2.108      
+      receiver: 1.3.6.1.4.1.12559.11.25.1.10                 
+      query: 1.3.6.1.4.1.21367.2017.2.1.104
+  iua:
+     idp:
+        name: idp-ehealthsuisse
+        metadata-url: https://ehealthsuisse.ihe-europe.net/metadata/idp-metadata.xml
+        key-store: /secret/client.jks
+        key-store-password: a1b2c3
+        key-alias: gateway         
+        key-password: a1b2c3
+     sp:
+        entity-id: mobileaccessgateway.pagekite.me
+     ap:        
+        url: https://ehealthsuisse.ihe-europe.net/STS
+        wsdl: https://ehealthsuisse.ihe-europe.net/STS?wsdl                
+     clients:
+        oauthdebugger:
+           secret: demosecret
+           redirect: https://oauthdebugger.com/debug
+
+  audit:
+    audit-enabled: true 
+    audit-tls-enabled: false
+    # in productive system audit-source-id must be same as audit-enterprise-site-id
+    audit-enterprise-site-id: 1.3.6.1.4.1.21367.2017.2.7.109
+    audit-repository-host: 147.135.232.177
+    audit-repository-port: 3001
+    audit-repostiory-transport: UDP             
+
+# https://docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html#server-properties
+
+server:
+  max-http-header-size: 10000
+  ssl:
+    key-store: /secret/server.p12
+    key-store-password: a1b2c3    
+    key-store-type: pkcs12
+    key-alias: bfh1             
+
diff --git a/src/main/resources/270.jks → example-config/client-certificate.jks b/src/main/resources/270.jks → example-config/client-certificate.jks
diff --git a/example-config/kubernetes-config.yml b/example-config/kubernetes-config.yml
@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mobile-access-gateway
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mobile-access-gateway
+  template:
+    metadata:
+      labels:
+        app: mobile-access-gateway
+    spec:
+      volumes:    
+      - name: mobile-access-gateway-config-volume
+        configMap:        
+          name: mobile-access-gateway-configmap
+      - name: mobile-access-gateway-secret-volume
+        secret:
+          secretName: mobile-access-gateway-secret
+      containers:
+      - name: mobile-access-gateway
+        image: gateway:latest
+        imagePullPolicy: Never  
+        resources:
+          requests:
+            memory: "0.6Gi"
+        ports:
+        - containerPort: 9090
+        - containerPort: 9091
+        volumeMounts:        
+        - name: mobile-access-gateway-config-volume
+          mountPath: /config
+        - name: mobile-access-gateway-secret-volume
+          mountPath: /secret
+        livenessProbe:
+          httpGet:
+            path: /fhir/metadata
+            port: 9090
+          initialDelaySeconds: 60
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /fhir/metadata
+            port: 9090
+          initialDelaySeconds: 90
+          periodSeconds: 10
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mobile-access-gateway-service
+spec:
+  type: NodePort
+  ports:
+  - port: 8080
+    name: http
+    targetPort: 9090    
+  - port: 8081
+    name: https
+    targetPort: 9091
+  selector:
+    app: mobile-access-gateway
+---
diff --git a/src/main/resources/271.p12 → example-config/server-certificate.p12 b/src/main/resources/271.p12 → example-config/server-certificate.p12
diff --git a/pom.xml b/pom.xml
@@ -5,9 +5,9 @@
 	<modelVersion>4.0.0</modelVersion>
 
 	<groupId>ch.bfh</groupId>
-	<artifactId>i4mi-ipf-hapifhir-gateway</artifactId>
+	<artifactId>mobile-access-gateway</artifactId>
 	<version>1.0-SNAPSHOT</version>
-	<description>IPF HAPI-FHIR IHE ITI springboot example</description>
+	<description>FHIR Gateway supporting the PMIR and MHD server actors and uses XDS/PIXV3 to communicate with an XDS Affinity Domain</description>
 	<packaging>jar</packaging>
 
 	<properties>

diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/MobileAccessGateway.java b/src/main/java/ch/bfh/ti/i4mi/mag/MobileAccessGateway.java
@@ -43,7 +43,7 @@ public class MobileAccessGateway {
      * @param args The list of CLI parameters.
      */
     public static void main(final String[] args) {
-        log.info("Configuring IPF app for a JAR deployment");
+        log.info("Configuring MobileAccessGateway");
 
         final SpringApplication application = new SpringApplication(MobileAccessGateway.class);
         addApplicationStartupHook(application);
@@ -56,7 +56,7 @@ public static void main(final String[] args) {
      */
     public static void addApplicationStartupHook(final SpringApplication application) {
         application.addListeners((ApplicationListener<ApplicationReadyEvent>) event -> {
-            log.info("IPF app has been configured and has started");
+            log.info("MobileAccessGateway has been configured and has started");
         });
     }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -1,108 +1,75 @@
-# General configuration of the IPF application.
+# General configuration of the Mobile Access Gateway
 
 mag:
-  baseurl: http://test.ahdis.ch
+  baseurl: http://localhost
   client-ssl:
     enabled: true
-    key-store: 270.jks
+    key-store: example-client-certificate.jks    
     key-store-password: a1b2c3
-    cert-alias: gateway
-    #cert-alias: adswissnet
+    cert-alias: gateway    
   xds:
     https: true
-    iti-18:
-      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/reg/sq  
-      #url: epd-test.ith-icoserve.com:7443/Registry/services/RegistryService  
-    iti-43:
-      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/rep/ret 
-      #url: epd-test.ith-icoserve.com:6443/Repository/services/RepositoryService    
-    iti-41:
+    iti-18:     
+      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/reg/sq         
+    iti-43:      
+      url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/rep/ret          
+    iti-41:      
       url: ehealthsuisse.ihe-europe.net:10443/xdstools7/sim/default__ahdis/rep/prb
     retrieve:
-      url: http://test.ahdis.ch/camel/xdsretrieve
-      repositoryUniqueId: 1.1.4567332.1.2
-      #repositoryUniqueId: 1.3.6.1.4.1.21367.2017.2.3.54
+      url: http://localhost:9090/camel/xdsretrieve
+      repositoryUniqueId: 1.1.4567332.1.2    
   pix:
     https: true
-    iti-45:
-      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType
-      #url: gazelle.ihe.net/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType
-      #url: 10.2.101.10:11006/PIXPDQ/services/PIXPDQV3ManagerService
-      #url: 10.2.101.10:11170/mpi/pixmanager
-      #url: epd-core.int.adswissnet.healthcare/mpi/pixmanager
-    iti-44:
-      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType
-      #url: gazelle.ihe.net/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType
-      #url: 10.2.101.10:11006/PIXPDQ/services/PIXPDQV3ManagerService
-      #url: 10.2.101.10:11170/mpi/pixmanager
-      #url: epd-core.int.adswissnet.healthcare/mpi/pixmanager
-    iti-47:      
+    iti-45:      
+      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType      
+    iti-44:      
+      url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PIXManager_Service/PIXManager_PortType      
+    iti-47:            
       url: ehealthsuisse.ihe-europe.net:10443/PAMSimulator-ejb/PDQSupplier_Service/PDQSupplier_PortType
     oids:
-      sender: 1.3.6.1.4.1.21367.2017.2.2.108
-      #receiver: 1.3.6.1.4.1.12559.11.20.1.10
-      #receiver: 1.3.6.1.4.1.12559.11.25.1.10 
-      receiver: 1.3.6.1.4.1.21367.2017.2.4.98                
+      sender: 1.3.6.1.4.1.21367.2017.2.2.108      
+      receiver: 1.3.6.1.4.1.12559.11.25.1.10                 
       query: 1.3.6.1.4.1.21367.2017.2.1.104
   iua:
      idp:
         name: idp-ehealthsuisse
         metadata-url: https://ehealthsuisse.ihe-europe.net/metadata/idp-metadata.xml
-        key-store: classpath:samlKeystore.jks
-        key-store-password: samlidp
-        key-alias: saml
-        key-password: samlidp
+        key-store: example-client-certificate.jks    
+        key-store-password: a1b2c3
+        key-alias: gateway         
+        key-password: a1b2c3
      sp:
         entity-id: mobileaccessgateway.pagekite.me
-     ap:
+     ap:        
         url: https://ehealthsuisse.ihe-europe.net/STS
-        wsdl: https://ehealthsuisse.ihe-europe.net/STS?wsdl
+        wsdl: https://ehealthsuisse.ihe-europe.net/STS?wsdl                
      clients:
         oauthdebugger:
            secret: demosecret
            redirect: https://oauthdebugger.com/debug
 
   audit:
-    audit-enabled: false 
+    audit-enabled: true 
+    audit-tls-enabled: false
     # in productive system audit-source-id must be same as audit-enterprise-site-id
-    audit-source-id: CCC_BFH_MAG
     audit-enterprise-site-id: 1.3.6.1.4.1.21367.2017.2.7.109
-    # gazelle
-    audit-repository-host: 10.2.101.10
-    # post
-    # audit-repository-host: 81.223.215.43
-    # nexus
-    # audit-repository-host: 10.2.200.29
-    #audit-repository-host: epd-core.int.adswissnet.healthcare
-    #audit-repository-port: 3001
-    audit-repository-port: 3202
-    #post audit-repository-port: 6514
-    #nexus audit-repository-port: 11001
-    #audit-repository-transport: UDP
-    audit-repository-transport: TLS        
-
+    audit-repository-host: 147.135.232.177
+    audit-repository-port: 3001
+    audit-repostiory-transport: UDP             
 
 # https://docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html#server-properties
 
 server:
   max-http-header-size: 10000
   ssl:
-    key-store: classpath:277.p12
-    key-store-password: a1b2c3
-    #key-password: password
+    key-store: classpath:example-server-certificate.p12    
+    key-store-password: a1b2c3    
     key-store-type: pkcs12
-    key-alias: mobileaccessgateway.pagekite.me        
-    #client-auth: need
-    #trust-store: classpath:270.jks
-    #trust-store-password: a1b2c3        
+    key-alias: bfh1             
   port: 9091 # Application listening port for HTTPS
   http:
     port: 9090 # Application listening port for HTTP. Remove line to disable.
 
-#ipf:
-  # https://oehf.github.io/ipf-docs/docs/ihe/atna/
-  #atna:
-    #audit-enabled: false # Disable ATNA logging as it requires more efforts to work
 logging:
   level:
     root: info
@@ -114,4 +81,4 @@ camel:
 # https://docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html#core-properties
 spring:
   application:
-    name: ipf-hapifhir-iti-example
+    name: mobile-access-gateway
diff --git a/src/main/resources/example-client-certificate.jks b/src/main/resources/example-client-certificate.jks
diff --git a/src/main/resources/example-server-certificate.p12 b/src/main/resources/example-server-certificate.p12