Document potential issues if compartment inclusion criteria search parms are not in tenant's configured search parm list #1780
Assignees
Labels
Milestone
Comments
michaelwschroeder
added
documentation
michaelwschroeder
added a commit
that referenced
this issue
Dec 3, 2020
Signed-off-by: Mike Schroeder <mschroed@us.ibm.com>
michaelwschroeder
added a commit
that referenced
this issue
Dec 7, 2020
Issue #1780 - add compartment search/search parameter config section
JohnTimm
added a commit
that referenced
this issue
Dec 15, 2020
* Enable OpenLiberty override the fhiropenapi functionality #1760 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Issue #1780 - add compartment search/search parameter config section Signed-off-by: Mike Schroeder <mschroed@us.ibm.com> * issue #1789 refresh-tenants does not handle Db2 multi-tenant/multi-schema scenarios Signed-off-by: Robin Arnold <robin.arnold23@ibm.com> * Invalid SQL object name `--pool-size` exception when running Docker `fhir-persistence-schema` on PostgreSQL #1797 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Misleading error messages when using command line parameters and not `persistence.json` for Docker `fhir-persistence-schema` #1796 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Schema defined for `fhir` in `persistence.json` not used correctly when running Docker `fhir-persistence-schema` #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: update must gather to include open shift details Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * use the fhiruser password from helm (set by overrides from KeyProtect) Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Fix the definition for List-identifier search A workaround for https://jira.hl7.org/browse/FHIR-29937 Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * #1802 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * #1802 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Fix up the Must Gather Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * IBM FHIR Server audit does not log bundles correctly. #1803 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update documentation for the mustgather Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: per code review changed the compare, and added an additional ignore for the metadata endpoints Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Update fhir-server/src/main/java/com/ibm/fhir/server/util/RestAuditLogger.java Signed-off-by: Paul Bastide <pbastide@us.ibm.com> Co-authored-by: Lee Surprenant <lmsurpre@us.ibm.com> * doc: compilation errors are now fixed Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: compilation errors are now fixed Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1796 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1797 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests for cp and #1802 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: #1808 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests for plain and base64 encoded environment variables Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix per comments in code review and issue Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Prevent unauthorized reads before they happen This prevents us from leaking information about what patient resources exist / don't exist on the system, which was deemed as useful in case an implementer uses sensitive data for the Resource.id of the Patient resources (which still isn't advised). Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Prevent unauthorized vread and history operations against Patient too Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * doc: adding code of conduct md file to root of repository Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: update to clarify the experimental use of the ibm-fhir-schematool Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: update to clarify the experimental use of the ibm-fhir-schematool Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: adding code of conduct md file to root of repository Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * add communication method Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Audit Refactoring #1542 - Refactor to separate Configuration, Mapping and AuditService - Configuration to use EventStreams Binding by default - Add a MapperFactory to split between cadf and auditevent types - AuditEventMapper - Wraps the AuditLogEntry into AuditEvent format - CADFMapper - Wraps the AuditLogEntry into CADF format - Audit Service is now KafkaService, NoOpService separating the Streaming framework from the mapping actions. - Removed duplicate code for Event/EventStrams processing - Add Test Coverage for Uncovered Classes Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Clean up spare printStackTrace Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update the documentation for fhir-audit Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * updates per team code review - Change NoOp to Nop Service - Remove references to WHC/Disabled - Changed and clarified package names - Changed references to specific default places to generic/unknown places (e.g. dallas to unknown) - added examples for audit from config and audit from environment Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * issue #1818 reindex resource selection update slows down as reindex progresses Signed-off-by: Robin Arnold <robin.arnold23@ibm.com> * updates per team code review - changed package names to remove logging.api and .model (reconciling it to a flatter structure) Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update docs Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * change formatting slightly on MapperFactory Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: it tests were not running for drug formulary and c4bb Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix incorrect variable in minor startup log message Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Convert Strings to Constants for Kafka Key-Value in Properties objects - Per Code Review with Robin Arnold Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Code Review for FHIR Audit - CadfEvent doesn't write out target - Addresses Written Twice in CadfResource Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Added Test for FHIR Audit so it doesn't have multiple address blocks Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update docs Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Removed auditLogService <extension url="http://ibm.com/fhir/extension/auditLogProperties"> Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: referenced license was incorrect Signed-off-by: Paul Bastide <pbastide@us.ibm.com> Co-authored-by: Paul Bastide <pbastide@us.ibm.com> Co-authored-by: Mike Schroeder <mschroed@us.ibm.com> Co-authored-by: Robin Arnold <robin.arnold23@ibm.com> Co-authored-by: Lee Surprenant <lmsurpre@us.ibm.com> Co-authored-by: Michael W Schroeder <66479070+michaelwschroeder@users.noreply.github.com>
JohnTimm
added a commit
that referenced
this issue
Dec 22, 2020
* Enable OpenLiberty override the fhiropenapi functionality #1760 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Issue #1780 - add compartment search/search parameter config section Signed-off-by: Mike Schroeder <mschroed@us.ibm.com> * issue #1789 refresh-tenants does not handle Db2 multi-tenant/multi-schema scenarios Signed-off-by: Robin Arnold <robin.arnold23@ibm.com> * Invalid SQL object name `--pool-size` exception when running Docker `fhir-persistence-schema` on PostgreSQL #1797 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Misleading error messages when using command line parameters and not `persistence.json` for Docker `fhir-persistence-schema` #1796 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Schema defined for `fhir` in `persistence.json` not used correctly when running Docker `fhir-persistence-schema` #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: update must gather to include open shift details Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * use the fhiruser password from helm (set by overrides from KeyProtect) Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Fix the definition for List-identifier search A workaround for https://jira.hl7.org/browse/FHIR-29937 Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * #1802 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * #1802 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Fix up the Must Gather Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * IBM FHIR Server audit does not log bundles correctly. #1803 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update documentation for the mustgather Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: per code review changed the compare, and added an additional ignore for the metadata endpoints Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Update fhir-server/src/main/java/com/ibm/fhir/server/util/RestAuditLogger.java Signed-off-by: Paul Bastide <pbastide@us.ibm.com> Co-authored-by: Lee Surprenant <lmsurpre@us.ibm.com> * doc: compilation errors are now fixed Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: compilation errors are now fixed Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1795 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1796 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests case and fixes for #1797 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests for cp and #1802 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: #1808 Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Add tests for plain and base64 encoded environment variables Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix per comments in code review and issue Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Prevent unauthorized reads before they happen This prevents us from leaking information about what patient resources exist / don't exist on the system, which was deemed as useful in case an implementer uses sensitive data for the Resource.id of the Patient resources (which still isn't advised). Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Prevent unauthorized vread and history operations against Patient too Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * doc: adding code of conduct md file to root of repository Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: update to clarify the experimental use of the ibm-fhir-schematool Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: update to clarify the experimental use of the ibm-fhir-schematool Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * doc: adding code of conduct md file to root of repository Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * add communication method Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Audit Refactoring #1542 - Refactor to separate Configuration, Mapping and AuditService - Configuration to use EventStreams Binding by default - Add a MapperFactory to split between cadf and auditevent types - AuditEventMapper - Wraps the AuditLogEntry into AuditEvent format - CADFMapper - Wraps the AuditLogEntry into CADF format - Audit Service is now KafkaService, NoOpService separating the Streaming framework from the mapping actions. - Removed duplicate code for Event/EventStrams processing - Add Test Coverage for Uncovered Classes Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Clean up spare printStackTrace Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update the documentation for fhir-audit Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * updates per team code review - Change NoOp to Nop Service - Remove references to WHC/Disabled - Changed and clarified package names - Changed references to specific default places to generic/unknown places (e.g. dallas to unknown) - added examples for audit from config and audit from environment Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * issue #1818 reindex resource selection update slows down as reindex progresses Signed-off-by: Robin Arnold <robin.arnold23@ibm.com> * updates per team code review - changed package names to remove logging.api and .model (reconciling it to a flatter structure) Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update docs Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * change formatting slightly on MapperFactory Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: it tests were not running for drug formulary and c4bb Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix incorrect variable in minor startup log message Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> * Convert Strings to Constants for Kafka Key-Value in Properties objects - Per Code Review with Robin Arnold Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Update to 4.6.0-SNAPSHOT Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Code Review for FHIR Audit - CadfEvent doesn't write out target - Addresses Written Twice in CadfResource Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Added Test for FHIR Audit so it doesn't have multiple address blocks Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update docs Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Removed auditLogService <extension url="http://ibm.com/fhir/extension/auditLogProperties"> Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * fix: referenced license was incorrect Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * Package name consistency issue after Code Review of FHIR-Audit Config Examples Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * issue #1831 - fix search parameter filtering issue Signed-off-by: Mike Schroeder <mschroed@us.ibm.com> * issue #1739 - Update _include and _revinclude parameter checking Signed-off-by: Troy Biesterfeld <tbieste@us.ibm.com> * Update .index.json Warning about invalid entry when discovering HREX profile. An example snuck into the .index.json. Signed-off-by: Paul Bastide <pbastide@us.ibm.com> * update changelog.md Signed-off-by: Paul Bastide <pbastide@us.ibm.com> Co-authored-by: Paul Bastide <pbastide@us.ibm.com> Co-authored-by: Mike Schroeder <mschroed@us.ibm.com> Co-authored-by: Robin Arnold <robin.arnold23@ibm.com> Co-authored-by: Lee Surprenant <lmsurpre@us.ibm.com> Co-authored-by: Michael W Schroeder <66479070+michaelwschroeder@users.noreply.github.com> Co-authored-by: Troy Biesterfeld <tbieste@us.ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
If compartment inclusion criteria search parameters are not specified in the
fhirServer/resources/<resourceType>/searchParameterslist for a given resource type, then the new generated compartment search token (if thefhirServer/search/useStoredCompartmentParamvalue is set to true - see issue #1708) or the tokens for the inclusion criteria search parameters, are not created/stored at resource create/update time, and thus that resource will not get returned on a compartment search as it should.Example:
fhir-server-config.json only specifies _id and _lastUpdated as valid search parameters for the Procedure resource type, not the patient and performer inclusion criteria search parameters:
A Procedure resource is created which contains the following Patient reference, meaning it should be associated with that Patient compartment:
However, the Patient compartment inclusion criteria search parameters for the Procedure resource type,
patientandperformer, are not in thefhirServer/resources/<resourceType>/searchParameterslist, so are not considered valid search parameters. This means the generated compartment search token (if enabled) or the inclusion criteria search tokens will not be created and indexed when the Procedure resource is stored.The following compartment search is performed:
The Procedure created in step 2 will not be returned in the search results because the necessary compartment search token(s), which are what's used in the compartment search SQL, were not created and indexed.
This should be clearly documented.
Describe the solution you'd like
See issue #1777 for the desired solution.
Describe alternatives you've considered
See issue #1707 for alternative solutions considered.
Acceptance Criteria
At least one acceptance criteria is included.
GIVEN [a precondition]
AND [another precondition] WHEN [test step]
AND [test step]
THEN [verification step]
AND [verification step]
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: