Added consentConfig to healthcare FHIR store. (#15039)

Author: canuck3141

mmv1/products/healthcare/FhirStore.yaml

@@ -69,6 +69,13 @@ examples:
       dataset_name: 'example-dataset'
       fhir_store_name: 'example-fhir-store'
       pubsub_topic: 'fhir-notifications'
+  - name: 'healthcare_fhir_store_consent_config'
+    primary_resource_id: 'default'
+    min_version: "beta"
+    vars:
+      dataset_name: 'example-dataset'
+      fhir_store_name: 'example-fhir-store'
+      pubsub_topic: 'fhir-notifications'
 parameters:
   - name: 'dataset'
     type: ResourceRef
@@ -113,6 +120,60 @@ properties:
       - 'DSTU2'
       - 'STU3'
       - 'R4'
+  - name: 'consentConfig'
+    type: NestedObject
+    description: |
+      Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources. Not supported for R5 FHIR version.
+    min_version: beta
+    properties:
+      - name: 'version'
+        type: Enum
+        description: |
+          Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either [fhirStores.create][] or [fhirStores.patch][]. After that, you must call [fhirStores.applyConsents][] to change the version.
+        required: true
+        enum_values:
+          - 'CONSENT_ENFORCEMENT_VERSION_UNSPECIFIED'
+          - 'V1'
+      - name: 'accessEnforced'
+        type: Boolean
+        description: |
+          The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+      - name: 'consentHeaderHandling'
+        type: NestedObject
+        description: |
+          Different options to configure the behaviour of the server when handling the X-Consent-Scope header.
+        properties:
+          - name: 'profile'
+            type: Enum
+            description: |
+              Specifies the default server behavior when the header is empty. If not specified, the ScopeProfile.PERMIT_EMPTY_SCOPE option is used.
+            enum_values:
+              - 'SCOPE_PROFILE_UNSPECIFIED'
+              - 'PERMIT_EMPTY_SCOPE'
+              - 'REQUIRED_ON_READ'
+            default_value: "PERMIT_EMPTY_SCOPE"
+      - name: 'accessDeterminationLogConfig'
+        type: NestedObject
+        description: |
+          Specifies how the server logs the consent-aware requests. If not specified, the AccessDeterminationLogConfig.LogLevel.MINIMUM option is used.
+        properties:
+          - name: 'logLevel'
+            type: Enum
+            description: |
+              Controls the amount of detail to include as part of the audit logs.
+            enum_values:
+              - 'LOG_LEVEL_UNSPECIFIED'
+              - 'DISABLED'
+              - 'MINIMUM'
+              - 'VERBOSE'
+            default_value: "MINIMUM"
+      - name: 'enforcedAdminConsents'
+        type: Array
+        description: |
+          The versioned names of the enforced admin Consent resource(s), in the format projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Consent/{resourceId}/_history/{version_id}. For FHIR stores with disableResourceVersioning=true, the format is projects/{projectId}/locations/{location}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/Consent/{resourceId}. This field can only be updated using [fhirStores.applyAdminConsents][].
+        output: true
+        item_type:
+          type: String
   - name: 'complexDataTypeReferenceParsing'
     type: Enum
     description: |

mmv1/templates/terraform/examples/healthcare_fhir_store_consent_config.tf.tmpl

@@ -0,0 +1,46 @@
+resource "google_healthcare_fhir_store" "default" {
+  name    = "{{index $.Vars "fhir_store_name"}}"
+  dataset = google_healthcare_dataset.dataset.id
+  version = "R4"
+  complex_data_type_reference_parsing = "DISABLED"
+
+  enable_update_create           = false
+  disable_referential_integrity  = false
+  disable_resource_versioning    = false
+  enable_history_import          = false
+  default_search_handling_strict = false
+
+  notification_configs {
+    pubsub_topic = google_pubsub_topic.topic.id
+  }
+
+  labels = {
+    label1 = "labelvalue1"
+  }
+
+  consent_config {
+    version = "V1"
+    access_enforced = true
+    consent_header_handling {
+        profile = "REQUIRED_ON_READ"
+    }
+    access_determination_log_config {
+        log_level = "VERBOSE"
+    }
+  }
+
+  provider = google-beta
+}
+
+resource "google_pubsub_topic" "topic" {
+  name     = "{{index $.Vars "pubsub_topic"}}"
+
+  provider = google-beta
+}
+
+resource "google_healthcare_dataset" "dataset" {
+  name     = "{{index $.Vars "dataset_name"}}"
+  location = "us-central1"
+
+  provider = google-beta
+}

mmv1/third_party/terraform/services/healthcare/resource_healthcare_fhir_store_test.go.tmpl

@@ -135,6 +135,19 @@ resource "google_healthcare_fhir_store" "default" {
 {{- if ne $.TargetVersionName "ga" }}
   enable_history_modifications = false
 {{- end }}
+
+{{- if ne $.TargetVersionName "ga" }}
+  consent_config {
+    version = "V1"
+    access_enforced = false
+    consent_header_handling {
+        profile = "PERMIT_EMPTY_SCOPE"
+    }
+    access_determination_log_config {
+        log_level = "DISABLED"
+    }
+  }
+{{- end }}
 }
 
 resource "google_healthcare_dataset" "dataset" {
@@ -163,6 +176,19 @@ resource "google_healthcare_fhir_store" "default" {
   enable_history_modifications = true
 {{- end }}
 
+{{- if ne $.TargetVersionName "ga" }}
+  consent_config {
+    version = "V1"
+    access_enforced = true
+    consent_header_handling {
+        profile = "REQUIRED_ON_READ"
+    }
+    access_determination_log_config {
+        log_level = "VERBOSE"
+    }
+  }
+{{- end }}
+
   labels = {
     label1 = "labelvalue1"
   }
@@ -200,6 +226,27 @@ func testAccCheckGoogleHealthcareFhirStoreUpdate(t *testing.T, pubsubTopic strin
 				return fmt.Errorf("Unexpected failure while verifying 'updated' dataset: %s", err)
 			}
 
+			{{- if ne $.TargetVersionName "ga" }}
+			if response.ConsentConfig == nil {
+				return fmt.Errorf("fhirStore 'ConsentConfig' missing: %s", gcpResourceUri)
+			}
+			if !response.ConsentConfig.AccessEnforced {
+				return fmt.Errorf("fhirStore 'ConsentConfig.AccessEnforced' not updated: %s", gcpResourceUri)
+			}
+			if response.ConsentConfig.ConsentHeaderHandling == nil {
+				return fmt.Errorf("fhirStore 'ConsentConfig.ConsentHeaderHandling' missing: %s", gcpResourceUri)
+			}
+			if response.ConsentConfig.ConsentHeaderHandling.Profile != "REQUIRED_ON_READ" {
+				return fmt.Errorf("fhirStore 'ConsentConfig.ConsentHeaderHandling.Profile' not updated: %s", gcpResourceUri)
+			}
+			if response.ConsentConfig.AccessDeterminationLogConfig == nil {
+				return fmt.Errorf("fhirStore 'ConsentConfig.AccessDeterminationLogConfig' missing: %s", gcpResourceUri)
+			}
+			if response.ConsentConfig.AccessDeterminationLogConfig.LogLevel != "VERBOSE" {
+				return fmt.Errorf("fhirStore 'ConsentConfig.AccessDeterminationLogConfig.LogLevel' not updated: %s", gcpResourceUri)
+			}
+			{{- end }}
+
 			if !response.EnableUpdateCreate {
 				return fmt.Errorf("fhirStore 'EnableUpdateCreate' not updated: %s", gcpResourceUri)
 			}