PR: Ensure Admin scope/collections at startup so Admin user can be seeded#26
Open
swapnil-medblocks wants to merge 5 commits intocouchbaselabs:masterfrom
Open
PR: Ensure Admin scope/collections at startup so Admin user can be seeded#26swapnil-medblocks wants to merge 5 commits intocouchbaselabs:masterfrom
swapnil-medblocks wants to merge 5 commits intocouchbaselabs:masterfrom
Conversation
Replace corrupted FhirBucketService.java with a clean, consistent implementation. Use FhirBucketProperties.ScopeConfiguration to derive collection names (resources-only conversion). Restore admin helpers: ensureAdminCollections, areAdminCollectionsPresent, getAdminCollections, and initial admin user seeding. Consolidate OAuth signing-key persistence and verification (single implementation). Re-add index/build/FTS/GSI helper methods and status updates. Build verified: ./mvnw -DskipTests package succeeded.
Inject JwtTokenCacheService into AuthController.java. When issuing admin/login JWTs, generate a JTI (UUID), include it in the token claims, and add the JTI to the JwtTokenCacheService so JwtValidationInterceptor accepts issued tokens. Log cache-add failures non-fatally so login still succeeds if cache update fails. Keeps token issuance/persistence behaviour unchanged otherwise; adds in-memory revocation tracking for admin/api tokens issued via embedded auth.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
FhirBucketServiceand adds idempotent helpers that guarantee theAdminscope and required admin collections are created early in the startup flow.What changed
Replaced corrupted
FhirBucketService.javawith a focused, tested implementation that supports admin-first startup.Key admin-focused methods added / restored:
ensureAdminCollections(connectionName, bucketName)— idempotently creates theAdminscope and configured admin collections.areAdminCollectionsPresent(connectionName, bucketName)— checks presence so startup logic can decide whether to seed.getAdminCollections()— resolves configured admin collections (falls back toconfig,users,tokens,clients,cache,bulk_groups).createInitialAdminUserIfNeeded()— seeds admin user fromconfig.yamlonly after admin collections exist.createOAuthSigningKey(...)— persists in-memory OAuth key toAdmin.configafter admin collections exist and verifies it was saved.Conversion & indexing helpers were restored but intentionally limited so admin provisioning can be executed independently of full FHIR conversion.
Why admin collections must be created at startup
Admin.users— ifAdminscope/collections do not exist, seeding will fail or be inconsistent.Admin.configto be present so tokens survive restarts.ensureAdminCollectionsis safe to run at every startup — it no-ops when collections already exist, enabling robust automated provisioning (CI, dev VMs, ephemeral environments).Behavior guarantees
admin.emailis set and the user does not already exist.Files changed
backend/src/main/java/com/couchbase/admin/fhirBucket/service/FhirBucketService.java(rewritten)