Skip to content

PR: Ensure Admin scope/collections at startup so Admin user can be seeded#26

Open
swapnil-medblocks wants to merge 5 commits intocouchbaselabs:masterfrom
swapnil-medblocks:master
Open

PR: Ensure Admin scope/collections at startup so Admin user can be seeded#26
swapnil-medblocks wants to merge 5 commits intocouchbaselabs:masterfrom
swapnil-medblocks:master

Conversation

@swapnil-medblocks
Copy link
Contributor

@swapnil-medblocks swapnil-medblocks commented Dec 26, 2025

Summary

  • Admin collections must exist at application startup so the system can reliably seed the initial Admin user and persist authentication configuration (OAuth signing key) before any other runtime features depend on them.
  • This PR restores a clean FhirBucketService and adds idempotent helpers that guarantee the Admin scope and required admin collections are created early in the startup flow.

What changed

  • Replaced corrupted FhirBucketService.java with a focused, tested implementation that supports admin-first startup.

  • Key admin-focused methods added / restored:

    • ensureAdminCollections(connectionName, bucketName) — idempotently creates the Admin scope and configured admin collections.
    • areAdminCollectionsPresent(connectionName, bucketName) — checks presence so startup logic can decide whether to seed.
    • getAdminCollections() — resolves configured admin collections (falls back to config, users, tokens, clients, cache, bulk_groups).
    • createInitialAdminUserIfNeeded() — seeds admin user from config.yaml only after admin collections exist.
    • createOAuthSigningKey(...) — persists in-memory OAuth key to Admin.config after admin collections exist and verifies it was saved.

  • Conversion & indexing helpers were restored but intentionally limited so admin provisioning can be executed independently of full FHIR conversion.

Why admin collections must be created at startup

  • Admin seeding depends on durable storage:
    • The initial Admin user is stored in Admin.users — if Admin scope/collections do not exist, seeding will fail or be inconsistent.
    • OAuth signing key persistence requires Admin.config to be present so tokens survive restarts.
  • Startup ordering: separating admin collection creation from resource conversion prevents a race where admin seeding is skipped or attempted on missing collections.
  • Idempotence: ensureAdminCollections is safe to run at every startup — it no-ops when collections already exist, enabling robust automated provisioning (CI, dev VMs, ephemeral environments).
  • Operational control: Operators can choose to run full FHIR conversion later (manually or via controller) without blocking basic admin provisioning.

Behavior guarantees

  • Admin collection creation and admin user seeding are:
    • Idempotent — repeated runs do not error if collections or user already exist.
    • Conditional — initial admin user only created when admin.email is set and the user does not already exist.
    • Verifiable — OAuth key persistence reads the saved document back and attempts to parse the JWKSet.

Files changed

  • backend/src/main/java/com/couchbase/admin/fhirBucket/service/FhirBucketService.java (rewritten)
    • Focus: admin creation & seeding helpers plus safe support methods.

@swapnil-medblocks
Fix FhirBucketService: restore clean implementation and admin helpers
dd947f5 
Replace corrupted FhirBucketService.java with a clean, consistent implementation.
Use FhirBucketProperties.ScopeConfiguration to derive collection names (resources-only conversion).
Restore admin helpers: ensureAdminCollections, areAdminCollectionsPresent, getAdminCollections, and initial admin user seeding.
Consolidate OAuth signing-key persistence and verification (single implementation).
Re-add index/build/FTS/GSI helper methods and status updates.
Build verified: ./mvnw -DskipTests package succeeded.
@swapnil-medblocks
Merge remote-tracking branch 'upstream/master'
4d07c3d
@swapnil-medblocks
# Cache admin token JTI on issuance for in-memory validation
a1bcd48 
Inject JwtTokenCacheService into AuthController.java.
When issuing admin/login JWTs, generate a JTI (UUID), include it in the token claims, and add the JTI to the JwtTokenCacheService so JwtValidationInterceptor accepts issued tokens.
Log cache-add failures non-fatally so login still succeeds if cache update fails.
Keeps token issuance/persistence behaviour unchanged otherwise; adds in-memory revocation tracking for admin/api tokens issued via embedded auth.
@swapnil-medblocks
updated documentation for smart on fhir and keycloak
4d5a9c7
@swapnil-medblocks
updated docs
9747ed5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@swapnil-medblocks