From fdee1be24f0828f71d6cad783b5e1356542d97ad Mon Sep 17 00:00:00 2001 From: Ott Sathngam Date: Tue, 27 Aug 2024 17:09:49 -0500 Subject: [PATCH 1/6] Update REST Transport to allow ApiKey for Oracle-RLN to read from vault --- .../settings/STLTs/Oracle/oracle-rln.yml | 22 +++++++--- .../main/kotlin/transport/RESTTransport.kt | 3 ++ .../RESTTransportIntegrationTests.kt | 43 +++++++++++++++++++ 3 files changed, 63 insertions(+), 5 deletions(-) diff --git a/prime-router/settings/STLTs/Oracle/oracle-rln.yml b/prime-router/settings/STLTs/Oracle/oracle-rln.yml index 150e2a1126b..2ea35773139 100644 --- a/prime-router/settings/STLTs/Oracle/oracle-rln.yml +++ b/prime-router/settings/STLTs/Oracle/oracle-rln.yml @@ -45,9 +45,21 @@ initialTime: "00:00" timeZone: "EASTERN" maxReportCount: 100 + description: "" transport: - type: "SFTP" - host: "172.17.6.20" - port: 22 - filePath: "./upload" - credentialName: null + reportUrl: "https://spaces.erxhubdevcert.cerner.com/etor" + authTokenUrl: "" + encryptionKeyUrl: "" + authType: "api key" + tlsKeystore: null + parameters: {} + jwtParams: {} + headers: + Content-Type: "text/plain" + shared-api-key: "From Vault" + authHeaders: {} + type: "REST" + externalName: null + enrichmentSchemaNames: [] + timeZone: null + dateTimeFormat: "OFFSET" diff --git a/prime-router/src/main/kotlin/transport/RESTTransport.kt b/prime-router/src/main/kotlin/transport/RESTTransport.kt index 46bc89ce262..ffdeaa41cd2 100644 --- a/prime-router/src/main/kotlin/transport/RESTTransport.kt +++ b/prime-router/src/main/kotlin/transport/RESTTransport.kt @@ -113,6 +113,9 @@ class RESTTransport(private val httpClient: HttpClient? = null) : ITransport { if (restTransportInfo.authType == "apiKey") { val apiKeyCredential = credential as UserApiKeyCredential + if (httpHeaders["shared-api-key"] == "From Vault") { + httpHeaders["shared-api-key"] = apiKeyCredential.apiKey + } httpHeaders["System_ID"] = apiKeyCredential.user httpHeaders["Key"] = apiKeyCredential.apiKey accessToken = apiKeyCredential.apiKey diff --git a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt index 94a523c8179..28e1184cd4f 100644 --- a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt +++ b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt @@ -977,6 +977,49 @@ hnm8COa8Kr+bnTqzScpQuOfujHcFEtfcYUGfSS6HusxidwXx+lYi1A== assertThat(retryItems).isNull() } + // Epic localhost end-to-end testing + private val oracleRlNRestTransport = RESTTransportType( + "https://sendURL", + "", + authType = "api key", + headers = mapOf( + "Content-Type" to "text/plain", + "shared-api-key" to "From Vault" + ) + ) + + @Test + fun `test transport postReport with valid message to oracle-rln--etor-nbs-results`() { + val header = makeHeader() + val mockRestTransport = spyk(RESTTransport(mockClientAuthOk())) + + // Given: + // lookupDefaultCredential returns mock UserApiKeyCredential object to allow + // the getAuthTokenWIthUserApiKey() to be called. + every { mockRestTransport.lookupDefaultCredential(any()) }.returns( + UserApiKeyCredential( + "test-user", + "oracle123" + ) + ) + + // When: + // RESTTransport is called WITH flexionRestTransportType which has transport.parameters + val retryItems = mockRestTransport.send( + oracleRlNRestTransport, header, reportId, "test", null, + context, actionHistory, mockk(relaxed = true) + ) + + // Then: + // getAuthTokenWithUserApiKey should be called with transport.parameters NOT empty + verify { + runBlocking { + mockRestTransport.getAuthTokenWithUserApiKey(flexionRestTransportType, any(), any(), any()) + } + } + assertThat(retryItems).isNull() + } + @Test fun `test post vs put http client`() { val logger = mockkClass(Logger::class) From 3f93fef37e5a7b4d7b93bd20a533fdb7b0c4ed4f Mon Sep 17 00:00:00 2001 From: Ott Sathngam Date: Tue, 27 Aug 2024 17:13:43 -0500 Subject: [PATCH 2/6] Update REST Transport to allow ApiKey for Oracle-RLN to read from vault --- prime-router/src/main/kotlin/transport/RESTTransport.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prime-router/src/main/kotlin/transport/RESTTransport.kt b/prime-router/src/main/kotlin/transport/RESTTransport.kt index ffdeaa41cd2..c70fe36342c 100644 --- a/prime-router/src/main/kotlin/transport/RESTTransport.kt +++ b/prime-router/src/main/kotlin/transport/RESTTransport.kt @@ -111,7 +111,7 @@ class RESTTransport(private val httpClient: HttpClient? = null) : ITransport { val httpHeaders = getHeaders(restTransportInfo, reportId) var accessToken: String? = null - if (restTransportInfo.authType == "apiKey") { + if (restTransportInfo.authType == "api key") { val apiKeyCredential = credential as UserApiKeyCredential if (httpHeaders["shared-api-key"] == "From Vault") { httpHeaders["shared-api-key"] = apiKeyCredential.apiKey From a18751c8ab23ea6cacb9d2777150ac3e2c3f9966 Mon Sep 17 00:00:00 2001 From: Ott Sathngam Date: Tue, 27 Aug 2024 17:18:49 -0500 Subject: [PATCH 3/6] Update REST Transport to allow ApiKey for Oracle-RLN to read from vault --- prime-router/settings/STLTs/Oracle/oracle-rln.yml | 2 +- prime-router/src/main/kotlin/transport/RESTTransport.kt | 2 +- .../kotlin/transport/RESTTransportIntegrationTests.kt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/prime-router/settings/STLTs/Oracle/oracle-rln.yml b/prime-router/settings/STLTs/Oracle/oracle-rln.yml index 2ea35773139..1c8b5f8debb 100644 --- a/prime-router/settings/STLTs/Oracle/oracle-rln.yml +++ b/prime-router/settings/STLTs/Oracle/oracle-rln.yml @@ -50,7 +50,7 @@ reportUrl: "https://spaces.erxhubdevcert.cerner.com/etor" authTokenUrl: "" encryptionKeyUrl: "" - authType: "api key" + authType: "Api Key" tlsKeystore: null parameters: {} jwtParams: {} diff --git a/prime-router/src/main/kotlin/transport/RESTTransport.kt b/prime-router/src/main/kotlin/transport/RESTTransport.kt index c70fe36342c..0dc734bef9c 100644 --- a/prime-router/src/main/kotlin/transport/RESTTransport.kt +++ b/prime-router/src/main/kotlin/transport/RESTTransport.kt @@ -111,7 +111,7 @@ class RESTTransport(private val httpClient: HttpClient? = null) : ITransport { val httpHeaders = getHeaders(restTransportInfo, reportId) var accessToken: String? = null - if (restTransportInfo.authType == "api key") { + if (restTransportInfo.authType == "Api Key") { val apiKeyCredential = credential as UserApiKeyCredential if (httpHeaders["shared-api-key"] == "From Vault") { httpHeaders["shared-api-key"] = apiKeyCredential.apiKey diff --git a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt index 28e1184cd4f..9103b0c36ff 100644 --- a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt +++ b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt @@ -981,7 +981,7 @@ hnm8COa8Kr+bnTqzScpQuOfujHcFEtfcYUGfSS6HusxidwXx+lYi1A== private val oracleRlNRestTransport = RESTTransportType( "https://sendURL", "", - authType = "api key", + authType = "Api Key", headers = mapOf( "Content-Type" to "text/plain", "shared-api-key" to "From Vault" From 814eb8d6e8ceb33ea5918d49b2501a95d336ab07 Mon Sep 17 00:00:00 2001 From: Ott Sathngam Date: Thu, 29 Aug 2024 10:31:57 -0500 Subject: [PATCH 4/6] Update REST Transport to allow Oracle-RLN to read apiKey from the vault --- .environment/gitleaks/gitleaks-config.toml | 1 + prime-router/src/main/kotlin/transport/RESTTransport.kt | 6 ++---- .../kotlin/transport/RESTTransportIntegrationTests.kt | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.environment/gitleaks/gitleaks-config.toml b/.environment/gitleaks/gitleaks-config.toml index 469d0793cd8..6b04f782334 100644 --- a/.environment/gitleaks/gitleaks-config.toml +++ b/.environment/gitleaks/gitleaks-config.toml @@ -203,6 +203,7 @@ title = "PRIME ReportStream Gitleaks Configuration" 'authority\", \"extension\"', # FHIR extension URL also shows up in normal FHIR test data 'ApiKeyCredential\(\"flexion\"', 'authType: \"two-legged\"', + '\"apiKey\"', 'Authorization-Type: \"username/password\"', ] paths = [ diff --git a/prime-router/src/main/kotlin/transport/RESTTransport.kt b/prime-router/src/main/kotlin/transport/RESTTransport.kt index 0dc734bef9c..7f7f0c8e448 100644 --- a/prime-router/src/main/kotlin/transport/RESTTransport.kt +++ b/prime-router/src/main/kotlin/transport/RESTTransport.kt @@ -111,11 +111,9 @@ class RESTTransport(private val httpClient: HttpClient? = null) : ITransport { val httpHeaders = getHeaders(restTransportInfo, reportId) var accessToken: String? = null - if (restTransportInfo.authType == "Api Key") { + if (restTransportInfo.authType == "apiKey") { val apiKeyCredential = credential as UserApiKeyCredential - if (httpHeaders["shared-api-key"] == "From Vault") { - httpHeaders["shared-api-key"] = apiKeyCredential.apiKey - } + httpHeaders["shared-api-key"] = apiKeyCredential.apiKey httpHeaders["System_ID"] = apiKeyCredential.user httpHeaders["Key"] = apiKeyCredential.apiKey accessToken = apiKeyCredential.apiKey diff --git a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt index 9103b0c36ff..5eb840b0ed1 100644 --- a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt +++ b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt @@ -981,7 +981,7 @@ hnm8COa8Kr+bnTqzScpQuOfujHcFEtfcYUGfSS6HusxidwXx+lYi1A== private val oracleRlNRestTransport = RESTTransportType( "https://sendURL", "", - authType = "Api Key", + authType = "apiKey", headers = mapOf( "Content-Type" to "text/plain", "shared-api-key" to "From Vault" From 421b6ce50ac3745ff0462416ef91451afd14a341 Mon Sep 17 00:00:00 2001 From: Ott Sathngam Date: Thu, 29 Aug 2024 11:02:58 -0500 Subject: [PATCH 5/6] Update REST Transport to allow Oracle-RLN to read apiKey from the vault --- prime-router/settings/STLTs/Oracle/oracle-rln.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prime-router/settings/STLTs/Oracle/oracle-rln.yml b/prime-router/settings/STLTs/Oracle/oracle-rln.yml index 1c8b5f8debb..bc6b9639009 100644 --- a/prime-router/settings/STLTs/Oracle/oracle-rln.yml +++ b/prime-router/settings/STLTs/Oracle/oracle-rln.yml @@ -50,7 +50,7 @@ reportUrl: "https://spaces.erxhubdevcert.cerner.com/etor" authTokenUrl: "" encryptionKeyUrl: "" - authType: "Api Key" + authType: "apiKey" tlsKeystore: null parameters: {} jwtParams: {} From 9773894901ffff8bbe7c34a7dca1699dee7c25f4 Mon Sep 17 00:00:00 2001 From: Ott Sathngam Date: Fri, 30 Aug 2024 05:26:05 -0500 Subject: [PATCH 6/6] Fixed RestTransport Integration Test --- .environment/gitleaks/gitleaks-config.toml | 1 + .../RESTTransportIntegrationTests.kt | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.environment/gitleaks/gitleaks-config.toml b/.environment/gitleaks/gitleaks-config.toml index 6b04f782334..9180e1e007c 100644 --- a/.environment/gitleaks/gitleaks-config.toml +++ b/.environment/gitleaks/gitleaks-config.toml @@ -204,6 +204,7 @@ title = "PRIME ReportStream Gitleaks Configuration" 'ApiKeyCredential\(\"flexion\"', 'authType: \"two-legged\"', '\"apiKey\"', + 'api-key\" to \"oracle123\"', 'Authorization-Type: \"username/password\"', ] paths = [ diff --git a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt index 5eb840b0ed1..a78b3729a53 100644 --- a/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt +++ b/prime-router/src/testIntegration/kotlin/transport/RESTTransportIntegrationTests.kt @@ -988,6 +988,13 @@ hnm8COa8Kr+bnTqzScpQuOfujHcFEtfcYUGfSS6HusxidwXx+lYi1A== ) ) + val expectedHttpHeaders = mapOf( + "Content-Type" to "text/plain", + "shared-api-key" to "oracle123", + "System_ID" to "test-user", + "Key" to "oracle123" + ) + @Test fun `test transport postReport with valid message to oracle-rln--etor-nbs-results`() { val header = makeHeader() @@ -1011,10 +1018,18 @@ hnm8COa8Kr+bnTqzScpQuOfujHcFEtfcYUGfSS6HusxidwXx+lYi1A== ) // Then: - // getAuthTokenWithUserApiKey should be called with transport.parameters NOT empty + // postReport should be called with correct httpheaders' values as given. verify { runBlocking { - mockRestTransport.getAuthTokenWithUserApiKey(flexionRestTransportType, any(), any(), any()) + mockRestTransport.postReport( + any(), + any(), + any(), + expectedHttpHeaders, + any(), + any(), + any() + ) } } assertThat(retryItems).isNull()