Merge pull request #156 from patientsknowbest/feature/PHR-16180-structure-definiton-override

Structure definiton override PHR-16180

Author: adrns

aidbox/api_client.go

@@ -88,9 +88,9 @@ func (apiClient *ApiClient) send(ctx context.Context, requestBody interface{}, r
 	// Deletes in general return the resource you deleted in the response body, but sometimes not (e.g. SearchParameter)
 	if httpMethod == http.MethodDelete && len(body) == 0 {
 		return nil
-	} else {
-		return json.Unmarshal(body, responseT)
 	}
+
+	return json.Unmarshal(body, responseT)
 }
 
 func (apiClient *ApiClient) get(ctx context.Context, relativePath string, responseT interface{}) error {

aidbox/api_client_test.go

@@ -3,10 +3,12 @@ package aidbox
 import (
 	"context"
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 type TestResponse struct {
@@ -58,10 +60,28 @@ Service Unavailable
 		client := NewApiClient(server.URL, "foo", "bar")
 		err := client.post(context.TODO(), "", "/endpoint", "")
 
+		sensitiveDetails := ""
+		if os.Getenv("TF_ACC") == "1" {
+			sensitiveDetails = fmt.Sprintf(`
+===== REQUEST HEADERS =====
+{
+  "Authorization": [
+    "Basic Zm9vOmJhcg=="
+  ],
+  "Content-Type": [
+    "application/json"
+  ]
+}
+
+===== REQUEST BODY =====
+""
+`)
+		}
+
 		expectedError := fmt.Sprintf(`unexpected status code (422) received: 422 Unprocessable Entity
 
 ===== POST %s/endpoint =====
-
+%s
 ===== RESPONSE BODY =====
 {
   "name": "Ankh-Morpork City Watch",
@@ -75,7 +95,7 @@ Service Unavailable
     "Reg Shoe"
   ]
 }
-`, server.URL)
+`, server.URL, sensitiveDetails)
 
 		assert.Equal(t, expectedError, err.Error())
 	})

aidbox/fhir.go

@@ -0,0 +1,11 @@
+package aidbox
+
+import "encoding/json"
+
+type Bundle struct {
+	Entry []BundleEntry `json:"entry"`
+}
+
+type BundleEntry struct {
+	Resource json.RawMessage `json:"resource"`
+}

aidbox/structure_definition.go

@@ -3,10 +3,17 @@ package aidbox
 import (
 	"context"
 	"encoding/json"
+	"fmt"
+	"net/url"
 )
 
 // StructureDefinition Represents a subset of the FHIR R4 spec "StructureDefinition", this is not a full support
-// for the resource. Used only to allow testing and temporarily support defining profiles
+// for the resource.
+// This supports two ways of interacting with the StructureDefinition
+// - the "regular" methods as seen in other resource implementations only parse and write a subset of the resource,
+// this is for setting up custom profiles in the "FHIR-way"
+// - the "byUrl" methods, these parse and write the entirety of the resource but provide no type checking, and used
+// for overriding core FHIR spec StructureDefinitions, which is an aidbox specific feature
 type StructureDefinition struct {
 	ResourceBase
 	ResourceType   string `json:"resourceType,omitempty"`
@@ -48,3 +55,29 @@ func (apiClient *ApiClient) UpdateStructureDefinition(ctx context.Context, q *St
 func (apiClient *ApiClient) DeleteStructureDefinition(ctx context.Context, id string) error {
 	return apiClient.deleteResource(ctx, id, &StructureDefinition{})
 }
+
+func (apiClient *ApiClient) GetStructureDefinitionByUrl(ctx context.Context, canonicalUrl string) (*map[string]interface{}, error) {
+	response := &Bundle{}
+	err := apiClient.get(ctx, fmt.Sprintf("/fhir/StructureDefinition?url=%s", url.QueryEscape(canonicalUrl)), response)
+	if err != nil {
+		return nil, err
+	}
+	if len(response.Entry) == 0 {
+		return nil, fmt.Errorf("StructureDefinition with canonical url '%s' does not exist", canonicalUrl)
+	}
+	if len(response.Entry) > 1 {
+		return nil, fmt.Errorf("found %d StructureDefinition entries for canonical url '%s', expected 1", len(response.Entry), canonicalUrl)
+	}
+	resource := response.Entry[0].Resource
+	var structureDefinition = map[string]interface{}{}
+	err = json.Unmarshal(resource, &structureDefinition)
+	if err != nil {
+		return nil, err
+	}
+	return &structureDefinition, nil
+}
+
+func (apiClient *ApiClient) UpdateStructureDefinitionByUrl(ctx context.Context, sd *map[string]interface{}, canonicalUrl string) (*map[string]interface{}, error) {
+	response := &map[string]interface{}{}
+	return response, apiClient.put(ctx, sd, fmt.Sprintf("/fhir/StructureDefinition?url=%s", url.QueryEscape(canonicalUrl)), response)
+}

internal/provider/provider.go

@@ -52,19 +52,20 @@ func New(apiClient *aidbox.ApiClient) func() *schema.Provider {
 				"aidbox_user": dataSourceUser(),
 			},
 			ResourcesMap: map[string]*schema.Resource{
-				"aidbox_token_introspector":        resourceTokenIntrospector(),
-				"aidbox_access_policy":             resourceAccessPolicy(),
-				"aidbox_client":                    resourceClient(),
-				"aidbox_db_migration":              resourceDbMigration(),
-				"aidbox_search":                    resourceSearch(),
-				"aidbox_search_parameter":          resourceSearchParameter(),
-				"aidbox_fhir_search_parameter":     resourceSearchParameterV2(),
-				"aidbox_aidbox_subscription_topic": resourceAidboxSubscriptionTopic(),
-				"aidbox_aidbox_topic_destination":  resourceAidboxTopicDestination(),
-				"aidbox_identity_provider":         resourceIdentityProvider(),
-				"aidbox_structure_definition":      resourceStructureDefinition(),
-				"aidbox_sdc_config":                resourceSDCConfig(),
-				"aidbox_gcp_service_account":       resourceGcpServiceAccount(),
+				"aidbox_token_introspector":            resourceTokenIntrospector(),
+				"aidbox_access_policy":                 resourceAccessPolicy(),
+				"aidbox_client":                        resourceClient(),
+				"aidbox_db_migration":                  resourceDbMigration(),
+				"aidbox_search":                        resourceSearch(),
+				"aidbox_search_parameter":              resourceSearchParameter(),
+				"aidbox_fhir_search_parameter":         resourceSearchParameterV2(),
+				"aidbox_aidbox_subscription_topic":     resourceAidboxSubscriptionTopic(),
+				"aidbox_aidbox_topic_destination":      resourceAidboxTopicDestination(),
+				"aidbox_identity_provider":             resourceIdentityProvider(),
+				"aidbox_structure_definition":          resourceStructureDefinition(),
+				"aidbox_structure_definition_override": resourceStructureDefinitionOverride(),
+				"aidbox_sdc_config":                    resourceSDCConfig(),
+				"aidbox_gcp_service_account":           resourceGcpServiceAccount(),
 			},
 		}
 

internal/provider/resource_structure_definition.go

@@ -11,7 +11,9 @@ import (
 
 func resourceStructureDefinition() *schema.Resource {
 	return &schema.Resource{
-		Description:   "FHIR R4 SearchParameter https://hl7.org/fhir/R4/searchparameter.html",
+		Description: "FHIR R4 StructureDefinition https://hl7.org/fhir/R4/structuredefinition.html Provides " +
+			"limited support to specify custom StructureDefinitions, that express customized rules extending the core " +
+			"FHIR spec, and get evaluated only if the caller specifies the SD's url in the request's meta.profile",
 		CreateContext: resourceStructureDefinitionCreate,
 		ReadContext:   resourceStructureDefinitionRead,
 		UpdateContext: resourceStructureDefinitionUpdate,

internal/provider/resource_structure_definition_override.go

@@ -0,0 +1,185 @@
+package provider
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/patientsknowbest/terraform-provider-aidbox/aidbox"
+)
+
+func resourceStructureDefinitionOverride() *schema.Resource {
+	// Note there's no import functionality here. Since the initial create has to read the original spec, it's impossible
+	// to import that as that would be already overwritten. This would be probably possible if we asked the user
+	// to store the core SD in an attribute, but that adds extra complexity and handling.
+	return &schema.Resource{
+		Description: "A specialization of StructureDefinition which allows you to override the default version of" +
+			" StructureDefinitions that are specified inside the core FHIR IG used on the server. This means default " +
+			"rules of resources can be changed without having the client specify a meta.profile in their request.",
+		CreateContext: resourceStructureDefinitionOverrideCreate,
+		ReadContext:   resourceStructureDefinitionOverrideRead,
+		UpdateContext: resourceStructureDefinitionOverrideUpdate,
+		DeleteContext: resourceStructureDefinitionOverrideDelete,
+		Schema:        resourceFullSchema(resourceSchemaStructureDefinitionOverride()),
+	}
+}
+
+func resourceSchemaStructureDefinitionOverride() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"url": {
+			Description: "Canonical URL that's unique to this StructureDefinition",
+			Type:        schema.TypeString,
+			Required:    true,
+			// url is essentially the logical id, hence it's impossible to update it
+			// if you change it, what you mean is: destroy the changed override, and add a new one under this url
+			ForceNew: true,
+		},
+		"structure_definition_override": {
+			Description:           "A customized StructureDefinition, based on the original one from the core FHIR spec",
+			Type:                  schema.TypeString,
+			Required:              true,
+			DiffSuppressOnRefresh: true,
+			DiffSuppressFunc:      jsonDiffSuppressFunc,
+		},
+		"original_structure_definition": {
+			Description: "Backup of the original StructureDefinition, which will be restored upon deleting the override",
+			Type:        schema.TypeString,
+			Computed:    true,
+			Sensitive:   true,
+		},
+	}
+}
+
+func resourceStructureDefinitionOverrideCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	apiClient := meta.(*aidbox.ApiClient)
+
+	// look up the original, FHIR spec StructureDefinition by the canonical URL
+	// this is required to create a backup in tf state so we can restore it if we want to delete the
+	// customized one - we must never delete  the original as it would break FHIR functionality
+	canonicalUrl := d.Get("url").(string)
+
+	originalSD, err := apiClient.GetStructureDefinitionByUrl(ctx, canonicalUrl)
+
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	originalSDBytes, err := json.Marshal(originalSD)
+	d.Set("original_structure_definition", string(originalSDBytes))
+
+	overrideSDString := d.Get("structure_definition_override").(string)
+
+	overrideSD := map[string]interface{}{}
+	err = json.Unmarshal([]byte(overrideSDString), &overrideSD)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	// now update the SD to our customized version
+	updatedSD, err := apiClient.UpdateStructureDefinitionByUrl(ctx, &overrideSD, canonicalUrl)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	var updatedUrl = (*updatedSD)["url"].(string)
+	if updatedUrl != canonicalUrl {
+		return diag.FromErr(fmt.Errorf("canonical url of resource unexpectedly changed after update, %s was set on the resource but server responded with %s", canonicalUrl, updatedUrl))
+	}
+	d.Set("url", updatedUrl)
+	// throw away the id we didn't know upfront, it just adds unnecessary complexity here when comparing states
+	delete(*updatedSD, "id")
+	// terraform mandates that we have an id though, so use the url for that
+	d.SetId(updatedUrl)
+
+	updatedSDBytes, err := json.Marshal(updatedSD)
+	updatedSDString := string(updatedSDBytes)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.Set("structure_definition_override", updatedSDString)
+
+	return nil
+}
+
+func resourceStructureDefinitionOverrideRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	apiClient := meta.(*aidbox.ApiClient)
+
+	canonicalUrl := d.Get("url").(string)
+	overrideSD, err := apiClient.GetStructureDefinitionByUrl(ctx, canonicalUrl)
+	if err != nil {
+		if handleNotFoundError(err, d) {
+			return nil
+		}
+		return diag.FromErr(err)
+	}
+
+	var overrideSDUrl = (*overrideSD)["url"].(string)
+	if overrideSDUrl != canonicalUrl {
+		return diag.FromErr(fmt.Errorf("canonical url of resource unexpectedly changed during state refresh, %s was set on the resource but server responded with %s", canonicalUrl, overrideSDUrl))
+	}
+	d.Set("url", overrideSDUrl)
+	// throw away the id we didn't know upfront, it just adds unnecessary complexity here when comparing states
+	delete(*overrideSD, "id")
+	// terraform mandates that we have an id though, so use the url for that
+	d.SetId(overrideSDUrl)
+
+	overrideSDBytes, err := json.Marshal(overrideSD)
+	overrideSDString := string(overrideSDBytes)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.Set("structure_definition_override", overrideSDString)
+
+	return nil
+}
+
+func resourceStructureDefinitionOverrideUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	apiClient := meta.(*aidbox.ApiClient)
+
+	canonicalUrl := d.Get("url").(string)
+	overrideSDString := d.Get("structure_definition_override").(string)
+
+	overrideSD := map[string]interface{}{}
+	err := json.Unmarshal([]byte(overrideSDString), &overrideSD)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	// update the SD to our new customized version
+	updatedSD, err := apiClient.UpdateStructureDefinitionByUrl(ctx, &overrideSD, canonicalUrl)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	// throw away the id we didn't know upfront, it just adds unnecessary complexity here when comparing states
+	delete(*updatedSD, "id")
+
+	updatedSDBytes, err := json.Marshal(updatedSD)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.Set("structure_definition_override", string(updatedSDBytes))
+
+	return nil
+}
+
+func resourceStructureDefinitionOverrideDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	apiClient := meta.(*aidbox.ApiClient)
+
+	// no such thing as deleting from the core fhir spec, this just means we restore the original spec
+	canonicalUrl := d.Get("url").(string)
+	originalSDString := d.Get("original_structure_definition").(string)
+
+	originalSD := map[string]interface{}{}
+	err := json.Unmarshal([]byte(originalSDString), &originalSD)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	// restore the SD to the spec version
+	if _, err := apiClient.UpdateStructureDefinitionByUrl(ctx, &originalSD, canonicalUrl); err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}