Merge branch 'main' into 86bzmr0pe

.env.local

@@ -28,4 +28,4 @@ JS_REPORT_PACKAGE_PATH=
 # Reverse Proxy - Traefik
 PLACEMENT_ROLE_CONSTRAINTS=manager
 ENABLE_TRAEFIK_DASHBOARD=true
-DOMAIN_NAME_HOST_TRAEFIK=domain
+DOMAIN_NAME_HOST_TRAEFIK=localhost

.env.traefik.remote

@@ -26,28 +26,33 @@ JS_REPORT_PACKAGE_PATH=
 # KAFKA_TOPICS=2xx,reprocess,3xx,metrics:3:1
 KAFKA_TOPICS=2xx,2xx-async,reprocess,3xx,metrics:3:3,patient,observation
 
-OPENHIM_CORE_MEDIATOR_HOSTNAME=c9a4-41-90-68-240.ngrok-free.app
+OPENHIM_CORE_MEDIATOR_HOSTNAME=<domain>
 OPENHIM_MEDIATOR_API_PORT=443/openhimcomms
 
 # Reverse Proxy - Nginx
 REVERSE_PROXY_INSTANCES=1
-DOMAIN_NAME=c9a4-41-90-68-240.ngrok-free.app
-SUBDOMAINS=openhimcomms.<domain>,openhimcore.<domain>,openhimconsole.<domain>,kibana.<domain>,reports.<domain>,santewww.<domain>,santempi.<domain>,superset.<domain>,keycloak.<domain>,grafana.<domain>,minio.<domain>,jempi-web.<domain>,jempi-api.<domain>
+DOMAIN_NAME_HOST_TRAEFIK=<domain>
 STAGING=false
 INSECURE=false
 
 # Identity Access Manager - Keycloak
-KC_FRONTEND_URL=https://keycloak.c9a4-41-90-68-240.ngrok-free.app
+KC_FRONTEND_URL=https://keycloak.<domain>
 KC_GRAFANA_ROOT_URL=https://grafana.<domain>
 KC_JEMPI_ROOT_URL=https://jempi-web.<domain>
 KC_SUPERSET_ROOT_URL=https://superset.<domain>
-KC_OPENHIM_ROOT_URL=https://c9a4-41-90-68-240.ngrok-free.app
+KC_OPENHIM_ROOT_URL=https://<domain>
 GF_SERVER_DOMAIN=grafana.<domain>
 
 REACT_APP_JEMPI_BASE_API_HOST=https://jempi-api.<domain>
 REACT_APP_JEMPI_BASE_API_PORT=443
-OPENHIM_CONSOLE_BASE_URL=https://c9a4-41-90-68-240.ngrok-free.app
-OPENHIM_API_HOST=https://c9a4-41-90-68-240.ngrok-free.app/openhimcomms
+OPENHIM_CONSOLE_BASE_URL=https://<domain>
+OPENHIM_API_HOST=https://<domain>/openhimcomms
 OPENHIM_API_PORT=443/openhimcomms
-OPENHIM_HOST_NAME=c9a4-41-90-68-240.ngrok-free.app
+OPENHIM_HOST_NAME=<domain>
 CERT_RESOLVER=le
+CA_SERVER=https://acme-v02.api.letsencrypt.org/directory
+OPENHIM_CORE_IMAGE=jembi/openhim-core:prerelease
+OPENHIM_CONSOLE_IMAGE=jembi/openhim-console:poc-microfrontend-prelease
+GF_SERVER_ROOT_URL=https://<domain>/grafana
+GF_SERVER_DOMAIN=<domain>
+MINIO_BROWSER_REDIRECT_URL=https://<domain>/minio

client-registry-jempi/docker-compose.api.yml

@@ -43,6 +43,7 @@ services:
       jempi:
       postgres:
 
+
   jempi-api-kc:
     image: jembi/jempi-api-kc:${JEMPI_API_KC_IMAGE_TAG}
     environment:
@@ -89,9 +90,11 @@ services:
       jempi:
       postgres:
 
+
 volumes:
   jempi-shared-data:
 
+
 networks:
   reverse-proxy:
     name: reverse-proxy_public

client-registry-jempi/docker-compose.web.yml

@@ -34,6 +34,7 @@ services:
       keycloak:
       default:
 
+
 networks:
   reverse-proxy:
     name: reverse-proxy_public

client-registry-jempi/package-metadata.json

@@ -80,7 +80,7 @@
     "POSTGRESQL_PASSWORD": "instant101",
     "JEMPI_SESSION_SECURE": false,
     "JEMPI_SESSION_DOMAIN_NAME": "localhost",
-    "DOMAIN_NAME": "",
+    "DOMAIN_NAME": "localhost",
     "KAFKA_APPLICATION_ID_API": "api-app-id",
     "DGRAPH_HOSTS": "jempi-alpha-01,jempi-alpha-02,jempi-alpha-03",
     "DGRAPH_PORTS": "9080,9081,9082",

client-registry-santempi/docker-compose.yml

@@ -47,10 +47,11 @@ services:
       reverse-proxy:
       traefik:
 
-# Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
+        # Sante's Match configuration is stored in the container. This will prevent the matching rules of the client registry from being lost. A docker config cannot be used for this case as the settings can be changed on Sante's UI.
 volumes:
   santedb-data:
 
+
 networks:
   mpi:
     name: mpi_public

dashboard-visualiser-jsreport/docker-compose.yml

@@ -49,9 +49,11 @@ services:
       elastic:
       default:
 
+
 volumes:
   jsreport-data:
 
+
 networks:
   reverse-proxy:
     name: reverse-proxy_public

dashboard-visualiser-kibana/docker-compose.yml

@@ -33,6 +33,7 @@ services:
       elastic:
       default:
 
+
 configs:
   kibana-kibana.yml:
     file: ./kibana.yml

dashboard-visualiser-superset/docker-compose.yml

@@ -46,6 +46,7 @@ services:
       postgres:
       default:
 
+
 configs:
   superset_config.py:
     file: ./config/superset_config.py
@@ -71,6 +72,7 @@ configs:
 volumes:
   superset_home:
 
+
 networks:
   clickhouse:
     name: clickhouse_public

fhir-ig-importer/docker-compose.yml

@@ -21,6 +21,8 @@ services:
       reverse-proxy:
     environment:
       FHIR_IG_IMPORTER_CORE_URL: ${FHIR_IG_IMPORTER_CORE_URL}
+      OPENHIM_API_USERNAME: ${OPENHIM_USERNAME}
+      OPENHIM_API_PASSWORD: ${OPENHIM_PASSWORD}
 
 networks:
   hapi-fhir:

fhir-ig-importer/importer/docker-compose.config.yml

@@ -9,9 +9,10 @@ services:
       default:
     environment:
       OPENHIM_API_USERNAME: ${OPENHIM_USERNAME}
-      OPENHIM_API_PASSWORD: ${OPENHIM_PASSWORD}
+      OPENHIM_IG_PASSWORD: ${OPENHIM_PASSWORD}
       # Reject unauthorised is only needed if the OpenHIM's SSL is not setup
       NODE_TLS_REJECT_UNAUTHORIZED: 0
+      OPENHIM_CONSOLE_BASE_URL: ${OPENHIM_CONSOLE_BASE_URL}
     command: sh -c "node openhimConfig.js"
     configs:
       - source: fhir-ig-importer-config-importer-openhimConfig.js

fhir-ig-importer/importer/volume/ig-importer-app.json

@@ -3,7 +3,7 @@
   "description": "FHIR IG microfrontend app",
   "category": "HIE Configuration",
   "type": "esmodule",
-  "url": "https://openhimconsole.<domain>/fhir-ig-importer",
+  "url": "<openhim-console-url>/fhir-ig-importer",
   "showInPortal": true,
   "showInSideBar": true,
   "access_roles": ["admin"],

fhir-ig-importer/importer/volume/openhimConfig.js

@@ -43,6 +43,18 @@ const appJsonData = JSON.parse(
   fs.readFileSync(path.resolve(__dirname, "ig-importer-app.json"))
 );
 
+//Substitute the url with environ variable
+
+let url = appJsonData.url;
+if (!process.env.OPENHIM_CONSOLE_BASE_URL) {
+  throw new Error("Environment variable OPENHIM_CONSOLE_BASE_URL is not set");
+}
+let newUrl = url.replace(
+  "<openhim-console-url>",
+  process.env.OPENHIM_CONSOLE_BASE_URL
+);
+
+appJsonData.url = newUrl;
 const data = JSON.stringify(jsonData);
 const appData = JSON.stringify(appJsonData);
 

fhir-ig-importer/package-metadata.json

@@ -15,6 +15,9 @@
     "FHIR_IG_IMPORTER_CORE_HOST": "0.0.0.0",
     "FHIR_IG_IMPORTER_CORE_URL": "http://0.0.0.0:3001/fhir/ig/v1.0",
     "FHIR_IG_IMPORTER_UI_VERSION": "latest",
-    "FHIR_IG_IMPORTER_CORE_VERSION": "latest"
+    "FHIR_IG_IMPORTER_CORE_VERSION": "latest",
+    "OPENHIM_CONSOLE_BASE_URL": "http://localhost:9000",
+    "OPENHIM_API_USERNAME": "[email protected]",
+    "OPENHIM_IG_PASSWORD": "instant101"
   }
 }

identity-access-manager-keycloak/docker-compose.yml

@@ -8,7 +8,7 @@ services:
         "start",
         "--proxy=edge",
         "--hostname-url=${KC_FRONTEND_URL}",
-        "--import-realm",
+        "--import-realm"
       ]
     hostname: identity-access-manager-keycloak
     healthcheck:
@@ -49,17 +49,20 @@ services:
         - traefik.enable=true
         - traefik.docker.network=reverse-proxy-traefik_public
         - traefik.http.routers.identity-access-manager-keycloak.service=identity-access-manager-keycloak
+        - traefik.http.services.identity-access-manager-keycloak.loadbalancer.server.scheme=http
         - traefik.http.services.identity-access-manager-keycloak.loadbalancer.server.port=8080
         - traefik.http.routers.identity-access-manager-keycloak.rule=Host(`${KC_TRAEFIK_SUBDOMAIN}.${DOMAIN_NAME_HOST_TRAEFIK}`)
         - traefik.http.routers.identity-access-manager-keycloak.tls=true
         - traefik.http.routers.identity-access-manager-keycloak.tls.certresolver=${CERT_RESOLVER}
+        - traefik.http.routers.identity-access-manager-keycloak.entrypoints=websecure
     networks:
       reverse-proxy:
       public:
       traefik:
       default:
       postgres:
 
+
 configs:
   realm.json:
     file: ./config/realm.json

interoperability-layer-openhim/docker-compose.yml

@@ -63,9 +63,6 @@ services:
         - traefik.http.routers.openhimcore.middlewares=openhimcore-stripprefix
         - traefik.http.routers.openhimcore.tls.certresolver=le
 
-
-
-
   openhim-console:
     image: ${OPENHIM_CONSOLE_IMAGE}
     environment:
@@ -95,7 +92,7 @@ services:
         - traefik.http.routers.openhim-console.service=openhim-console
         - traefik.http.routers.openhim-console.entrypoints=websecure
         - traefik.http.routers.openhim-console.tls=true
-        - traefik.http.routers.openhim-console.rule=Host(`${DOMAIN_NAME}`)
+        - traefik.http.routers.openhim-console.rule=Host(`${DOMAIN_NAME_HOST_TRAEFIK}`)
         - traefik.http.services.openhim-console.loadbalancer.server.port=80
       placement:
         max_replicas_per_node: ${OPENHIM_CONSOLE_MAX_REPLICAS_PER_NODE}

interoperability-layer-openhim/importer/docker-compose.config.yml

@@ -6,7 +6,7 @@ services:
     image: node:erbium-alpine
     environment:
       OPENHIM_API_USERNAME: '[email protected]'
-      OPENHIM_API_PASSWORD: 'openhim-password'
+      OPENHIM_DEFAULT_PASSWORD: 'openhim-password'
       # Reject unauthorised is only needed if the OpenHIM's SSL is not setup
       NODE_TLS_REJECT_UNAUTHORIZED: 0
     command: sh -c "node openhimConfig.js"

interoperability-layer-openhim/importer/volume/openhimConfig.js

@@ -1,54 +1,54 @@
-'use strict'
+"use strict";
 
-const fs = require('fs')
-const https = require('https')
-const path = require('path')
+const fs = require("fs");
+const https = require("https");
+const path = require("path");
 
-const OPENHIM_CORE_SERVICE_NAME = 'openhim-core'
-const OPENHIM_MEDIATOR_API_PORT = 8080
+const OPENHIM_CORE_SERVICE_NAME = "openhim-core";
+const OPENHIM_MEDIATOR_API_PORT = 8080;
 const OPENHIM_API_PASSWORD =
-  process.env.OPENHIM_API_PASSWORD || 'openhim-password'
+  process.env.OPENHIM_DEFAULT_PASSWORD || "openhim-password";
 const OPENHIM_API_USERNAME =
-  process.env.OPENHIM_API_USERNAME || '[email protected]'
+  process.env.OPENHIM_API_USERNAME || "[email protected]";
 
 const authHeader = new Buffer.from(
   `${OPENHIM_API_USERNAME}:${OPENHIM_API_PASSWORD}`
-).toString('base64')
+).toString("base64");
 
 const jsonData = JSON.parse(
-  fs.readFileSync(path.resolve(__dirname, 'openhim-import.json'))
-)
+  fs.readFileSync(path.resolve(__dirname, "openhim-import.json"))
+);
 
-const data = JSON.stringify(jsonData)
+const data = JSON.stringify(jsonData);
 
 const options = {
-  protocol: 'https:',
+  protocol: "https:",
   hostname: OPENHIM_CORE_SERVICE_NAME,
   port: OPENHIM_MEDIATOR_API_PORT,
-  path: '/metadata',
-  method: 'POST',
+  path: "/metadata",
+  method: "POST",
   headers: {
-    'Content-Type': 'application/json',
-    'Content-Length': data.length,
-    Authorization: `Basic ${authHeader}`
-  }
-}
+    "Content-Type": "application/json",
+    "Content-Length": data.length,
+    Authorization: `Basic ${authHeader}`,
+  },
+};
 
-const req = https.request(options, res => {
+const req = https.request(options, (res) => {
   if (res.statusCode == 401) {
-    throw new Error(`Incorrect OpenHIM API credentials`)
+    throw new Error(`Incorrect OpenHIM API credentials`);
   }
 
   if (res.statusCode != 201) {
-    throw new Error(`Failed to import OpenHIM config: ${res.statusCode}`)
+    throw new Error(`Failed to import OpenHIM config: ${res.statusCode}`);
   }
 
-  console.log('Successfully Imported OpenHIM Config')
-})
+  console.log("Successfully Imported OpenHIM Config");
+});
 
-req.on('error', error => {
-  console.error('Failed to import OpenHIM config: ', error)
-})
+req.on("error", (error) => {
+  console.error("Failed to import OpenHIM config: ", error);
+});
 
-req.write(data)
-req.end()
+req.write(data);
+req.end();

interoperability-layer-openhim/package-metadata.json

@@ -43,7 +43,7 @@
     "KC_OPENHIM_CLIENT_SECRET": "tZKfEbWf0Ka5HBNZwFrdSyQH2xT1sNMR",
     "KC_OPENHIM_ROOT_URL": "http://localhost:9000",
     "KC_API_URL": "http://identity-access-manager-keycloak:8080",
-    "OPENHIM_CONSOLE_BASE_URL": "https://localhost:9000",
+    "OPENHIM_CONSOLE_BASE_URL": "http://localhost:9000",
     "OPENHIM_API_HOST": "localhost",
     "OPENHIM_API_PORT": "5001"
   }

kafka-mapper-consumer/consumer-ui-app.json

@@ -3,7 +3,7 @@
   "description": "Kafka mapper consumer microfrontends app",
   "category": "HIE Configuration",
   "type": "esmodule",
-  "url": "http://localhost:8091/jembi-kafka-mapper-consumer-ui.js",
+  "url": "<openhim-console-url>/kafka-mapper-consumer-ui",
   "showInPortal": true,
   "showInSideBar": false,
   "access_roles": ["admin"],

kafka-mapper-consumer/docker-compose.config.yml

@@ -12,6 +12,7 @@ services:
       OPENHIM_API_PASSWORD: ${OPENHIM_PASSWORD}
       # Reject unauthorised is only needed if the OpenHIM's SSL is not setup
       NODE_TLS_REJECT_UNAUTHORIZED: 0
+      OPENHIM_CONSOLE_BASE_URL: ${OPENHIM_CONSOLE_BASE_URL}
     command: sh -c "node openhimConfig.js"
     configs:
       - source: kafka-mapper-consumer-openhimConfig.js

kafka-mapper-consumer/openhimConfig.js

@@ -37,6 +37,20 @@ function makeRequest(options, data) {
 const appJsonData = JSON.parse(
   fs.readFileSync(path.resolve(__dirname, "consumer-ui-app.json"))
 );
+//Substitute the url with environ variable
+
+let url = appJsonData.url;
+
+if (!process.env.OPENHIM_CONSOLE_BASE_URL) {
+  throw new Error("Environment variable OPENHIM_CONSOLE_BASE_URL is not set");
+}
+
+let newUrl = url.replace(
+  "<openhim-console-url>",
+  process.env.OPENHIM_CONSOLE_BASE_URL
+);
+
+appJsonData.url = newUrl;
 const appData = JSON.stringify(appJsonData);
 
 const options = {

kafka-mapper-consumer/package-metadata.json

@@ -17,7 +17,8 @@
     "REGISTER_MEDIATOR": "true",
     "CLICKHOUSE_HOST": "analytics-datastore-clickhouse",
     "CLICKHOUSE_PORT": "8123",
-    "KAFKA_CONSUMER_MAPPER_MEDIATOR_VERSION": "jembi/kafka-mapper-consumer:v0.0.1",
-    "KAFKA_CONSUMER_MAPPER_UI_VERSION": "jembi/kafka-mapper-consumer-ui:v0.0.1"
+    "KAFKA_CONSUMER_MAPPER_MEDIATOR_VERSION": "jembi/kafka-mapper-consumer:latest",
+    "KAFKA_CONSUMER_MAPPER_UI_VERSION": "jembi/kafka-mapper-consumer-ui:latest",
+    "OPENHIM_CONSOLE_BASE_URL": "http://localhost:9000"
   }
 }