add apiExclusionPath

cli/katutil.py

@@ -26,7 +26,7 @@
 init_service_cmd.add_argument(
     "--token", type=str, help="access token", required=True)
 init_service_cmd.add_argument(
-    "--print_output", type=bool, help="print response from server", default=False)
+    "--auth_exclusion_paths", type=str, help="List of paths for which we do not require authentication")
 
 get_token_cmd = sub_parsers.add_parser(
     "login-with-password", help="get token for service")
@@ -118,8 +118,14 @@ def get_api_client():
 
 
 if args.sub_parser == "init-service":
+    print(args.auth_exclusion_paths)
+    auth_exclusion_paths = None
+    if args.auth_exclusion_paths:
+        auth_exclusion_paths = json.loads(args.auth_exclusion_paths)
+    print("auth_exclusion_paths")
+    print(auth_exclusion_paths)
     resp = katanemo_sdk.ServiceApi(get_api_client()).create_service(
-        name=args.service_name, redirect_url=args.redirect_uri, api_spec_file=args.api_spec, description=args.service_description)
+        name=args.service_name, redirect_url=args.redirect_uri, api_spec_file=args.api_spec, description=args.service_description, auth_exclusion_paths=auth_exclusion_paths)
     print(resp.json(by_alias=True))
 
     service_id = resp.service_id
@@ -173,7 +179,7 @@ def get_api_client():
 if args.sub_parser == "create-client-key":
     client_key_req = katanemo_sdk.ClientKeyRequest(
         defaultRoleId=args.role_id, clientName=args.client_name)
-    api_instance = katanemo_sdk.SignUpLoginApi(get_api_client())
+    api_instance = katanemo_sdk.IdentityApi(get_api_client())
     resp = api_instance.create_client_key(args.account_id, client_key_req)
     print(resp.json(by_alias=True))
 

katanemo-aaa.code-workspace

@@ -0,0 +1,24 @@
+{
+	"folders": [
+    {
+      "name": "root",
+      "path": "."
+    },
+    {
+      "name": "pythonsdk",
+      "path": "pythonsdk"
+    },
+    {
+      "name": "ehr-service",
+      "path": "samples/ehr-service"
+    },
+    {
+      "name": "arc-ecs",
+      "path": "arc-ecs"
+    },
+  ],
+	"settings": {
+    "python.defaultInterpreterPath": "python3",
+    "python.formatting.provider": "black",
+	}
+}

samples/ehr-service/deploy.sh

@@ -67,7 +67,7 @@ log cdk bootstrap
 cdk bootstrap
 
 log cdk deploy --parameters clientKey=$EHR_CLIENT_ID --parameters clientSecret=$EHR_CLIENT_SECRET --parameters apiEndpoint="$API_ENDPOINT" --parameters authEndpoint="$ARC_AUTH_ENDPOINT"
-cdk deploy --parameters clientKey=$EHR_CLIENT_ID --parameters clientSecret=$EHR_CLIENT_SECRET --parameters apiEndpoint="$API_ENDPOINT" --parameters authEndpoint="$ARC_AUTH_ENDPOINT"
+cdk deploy --parameters clientKey=$EHR_CLIENT_ID --parameters clientSecret=$EHR_CLIENT_SECRET --parameters apiEndpoint="$API_ENDPOINT" --parameters authEndpoint="$ARC_AUTH_ENDPOINT" --parameters serviceId=$EHR_SERVICE_ID
 
 API_GATEWAY=$(aws cloudformation describe-stacks --query "Stacks[*].Outputs" --output json | jq '.[]' | jq '.[] | select(.OutputKey | test("patientRecordServiceEndpoint")) | .OutputValue' -r)
 

samples/ehr-service/helper_scripts/ehr_service_init.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 set -o errexit -o pipefail
-
+set -x
 . ../common.sh
 . .ehr_admin_details
 
@@ -32,9 +32,9 @@ log katutil login-with-password --service_id $KATANEMO_SERVICE_ID --email $EHR_A
 EHR_ADMIN_TOKEN=$($KATUTIL login-with-password --service_id $KATANEMO_SERVICE_ID --email $EHR_ADMIN_EMAIL --password $EHR_ADMIN_PASSWORD | jq -r .token)
 
 log registering service with api spec $1 to katanemo
-log katutil init-service --service_name 'patient records service' --service_description 'patient records service' --api_spec $API_SPEC --redirect_uri www.google.com --print_output True --token XXXXX
-EHR_SERVICE_ID=$($KATUTIL init-service --service_name 'patient records service' --service_description 'patient records service' --api_spec $API_SPEC --redirect_uri www.google.com --print_output True --token $EHR_ADMIN_TOKEN | jq -r .serviceId)
+log katutil init-service --service_name 'patient records service' --service_description 'patient records service' --api_spec $API_SPEC --redirect_uri www.google.com --token XXXXX
+EHR_SERVICE_ID=$($KATUTIL init-service --service_name 'patient records service' --service_description 'patient records service' --api_spec $API_SPEC --redirect_uri www.google.com --token $EHR_ADMIN_TOKEN --auth_exclusion_paths '["GET:/callback"]' | jq -r .serviceId)
 
-echo EHR_SERVICE_ID=$EHR_SERVICE_ID > .ehr_service_details
+# echo EHR_SERVICE_ID=$EHR_SERVICE_ID > .ehr_service_details
 
 log "=== patients record service initialized with katanemo $EHR_SERVICE_ID ==="

samples/ehr-service/index.ts

@@ -12,6 +12,7 @@ export class ApiLambdaEhrServiceStack extends Stack {
 
     const clientKey = new CfnParameter(this, 'clientKey');
     const clientSecret = new CfnParameter(this, 'clientSecret');
+    const serviceId = new CfnParameter(this, 'serviceId');
     const apiEndpoint = new CfnParameter(this, 'apiEndpoint');
     const authEndpoint = new CfnParameter(this, 'authEndpoint');
 
@@ -69,6 +70,7 @@ export class ApiLambdaEhrServiceStack extends Stack {
         API_ENDPOINT: apiEndpoint.valueAsString,
         CLIENT_KEY: clientKey.valueAsString,
         CLIENT_SECRET: clientSecret.valueAsString,
+        SERVICE_ID: serviceId.valueAsString,
       }
     }
 

samples/ehr-service/lambda/auth/index.js

@@ -5,6 +5,7 @@ const url = require('url');
 const arcEndpoint = process.env.AUTH_ENDPOINT
 const apiEndpoint = process.env.API_ENDPOINT
 const clientKey = process.env.CLIENT_KEY
+const serviceId = process.env.SERVICE_ID
 
 console.log(apiEndpoint)
 
@@ -46,6 +47,7 @@ function authorizeRequest(userToken, serviceToken, path, method, methodArn, call
       if(!userToken) {
         const apiAuthPath = apiEndpoint + '/authorize'
         const queryParams = {
+          'serviceId': serviceId,
           'clientId': clientKey,
           'state': 'value2',
         };