NIAD-1268: release 0.1.0

CHANGELOG.md

@@ -6,6 +6,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.0] - 2021-04-07
+
+### Known Issues and Limitations
+
+- Incomplete GP2GP workflow. The adaptor only sends the EhrExtract message. It cannot yet send documents or acknowledgements.
+- Incomplete / invalid EhrExtract message. The adaptor does not yet support the complete message standard.
+- Only supports GP2GP transfers from a single organisation (ODS Code).
+- Denial of Service (DoS) [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499] in net.minidev:[email protected]
+- Information Disclosure [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-IONETTY-1082238] in io.netty:[email protected]
+- Improper Certificate Validation [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-IONETTY-1042268] in io.netty:[email protected]
+- HTTP Request Smuggling [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-IONETTY-1083991] in io.netty:[email protected]
+- Man-in-the-Middle (MitM) [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGMONGODB-1079241] in org.mongodb:[email protected]
+
+### Added
+
+- Spine Directory Service (SDS) and Spine Security Proxy (SSP) support via usage of GP Connect Consumer Adaptor
+- NIAD-1154: Fix fhir base and update readme
+- NIAD-840: Send application acknowledgement when all message parts are sent (no documents) (#131)
+- NIAD-1181: Create unit/component tests for EMIS test extracts (#132)
+- NIAD 913: Medication Request to Medication Statement (#130)
+- NIAD-1024: Generate agent directory (#139)
+- NIAD-1021: Translate Observation.interpretation in ObservationStatement (#136)
+- NIAD-1154: Add GPC-Consumer Configuration to Jenkinsfile (#133)
+- NIAD-1153: GP2GP Adaptor uses GPCC Adaptor for GP Connect requests (#129)
+- NIAD-1024: Generate agent directory (#127)
+- NIAD-1113: Map Encounter type to Ehr Composition code (#125)
+- NIAD-1178: Create /healthcheck Endpoint for Mock-MHS & Wiremock (#128)
+
+### Fixed
+
+- Improper Certificate Validation [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-IONETTY-1042268] in io.netty:[email protected]
+- [Issue 116](https://github.com/nhsconnect/integration-adaptor-gp2gp/issues/116) Spine SSL context used for outbound http calls
+
+
 ## [0.0.4] - 2021-03-10
 
 ### Known Issues and Limitations
@@ -156,4 +190,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Information Exposure [Medium Severity] https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292 in org.apache.tomcat.embed:[email protected]
 - Information Disclosure (new) [Medium Severity] https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939 in org.apache.tomcat.embed:[email protected]
 - Denial of Service (DoS) [High Severity] https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329 in com.fasterxml.jackson.dataformat:[email protected]
-- Use [Official Images](https://docs.docker.com/docker-hub/official_images/) for adaptor's base image.
+- Use [Official Images](https://docs.docker.com/docker-hub/official_images/) for adaptor's base image.

README.md

@@ -1,14 +1,22 @@
 # integration-adaptor-gp2gp
 National Integration Adaptor - GP2GP
 
-The existing GP2GP solution is based on a legacy messaging standard and infrastructure (HL7v3 and Spine TMS). Reliance on these standards going forward presents a significant barrier to successful GP2GP implementation by new suppliers, and perpetuation of these standards in the long term presents a risk to the continued operation of GP2GP across all suppliers.
+The existing GP2GP solution is based on a legacy messaging standard and infrastructure (HL7v3 and Spine TMS). Reliance 
+on these standards going forward presents a significant barrier to successful GP2GP implementation by new suppliers, 
+and perpetuation of these standards in the long term presents a risk to the continued operation of GP2GP across all 
+suppliers.
 
-A hybrid solution approach has been selected as the best option for GP2GP adoption by NMEs and transition by existing incumbent suppliers.
+A hybrid solution approach has been selected as the best option for GP2GP adoption by NMEs and transition by existing 
+incumbent suppliers.
 
-The "National Integration Adaptor - GP2GP" implements a GP2GP 2.2 producer using the supplier's existing GP Connect Provider implementation to extract the Electronic Health Record. Suppliers that have not already implemented a GP2GP 2.2 producer, or those wishing to decommission their existing producer, may deploy the GP2GP adaptor in its place.
+The "National Integration Adaptor - GP2GP" implements a GP2GP 2.2 producer using the supplier's existing GP Connect 
+Provider implementation to extract the Electronic Health Record. Suppliers that have not already implemented a 
+GP2GP 2.2 producer, or those wishing to decommission their existing producer, may deploy the GP2GP adaptor in its place.
 
 ## Requirements:
-1. JDK 11
+
+* JDK 11 - We develop the adaptor in Java with Spring Boot
+* Docker - We release the adaptor using Docker images on [Dockerhub](https://hub.docker.com/repository/docker/nhsdev/nia-gp2gp-adaptor)
 
 ## Configuration
 
@@ -51,6 +59,17 @@ The adaptor requires a Mongodb-compatible database to manage its internal state.
 | GP2GP_MONGO_TTL                      | P7D                       | (Optional) Time-to-live value for inbound and outbound state collection documents as an [ISO 8601 Duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
 | GP2GP_COSMOS_DB_ENABLED              | false                     | (Optional) If true the adaptor will enable features and workarounds to support Azure Cosmos DB.
 
+**Trust Store Configuration Options**
+
+You can configure a trust store with private CA certificates if required for TLS connections. The trust store does not 
+replace Java's default trust store. At runtime the application adds these additional certificates to the default trust 
+store. Only an s3:// url is currently supported, and the current use-case is to support AWS DocumentDb.
+
+| Environment Variable                | Default       | Description
+| ------------------------------------|---------------|-------------
+| GP2GP_SSL_TRUST_STORE_URL           |               | (Optional) URL of the trust store JKS. The only scheme currently supported is `s3://`
+| GP2GP_SSL_TRUST_STORE_PASSWORD      |               | (Optional) Password used to access the trust store
+
 ### File Storage Configuration Options
 
 The adaptor uses AWS S3 or Azure Storage Blob to stage translated GP2GP HL7 and ebXML documents.
@@ -75,7 +94,6 @@ queue its own internal asynchronous tasks
 | GP2GP_AMQP_USERNAME                  |                           | (Optional) username for the AMQP server
 | GP2GP_AMQP_PASSWORD                  |                           | (Optional) password for the AMQP server
 | GP2GP_AMQP_MAX_REDELIVERIES          | 3                         | The number of times an message will be retried to be delivered to consumer. After exhausting all retires, it will be put on DLQ.<queue_name> dead letter queue
-| GP2GP_MHS_INBOUND_QUEUE              | inbound                   | Name of the queue for MHS inbound
 | GP2GP_MHS_OUTBOUND_URL               |                           | URL of the MHS Outbound Endpoint
 | GP2GP_TASK_QUEUE                     | gp2gpTaskQueue            | Defines name of internal taskQueue.
 
@@ -84,53 +102,28 @@ will be used. At least one URL is required.
 
 ### GP Connect API Configuration Options
 
-The adaptor uses the GP Connect API to fetch patient records and documents.
+The adaptor fetches patient records and documents with the GP Connect Consumer Adaptor 
+([Github](https://github.com/nhsconnect/integration-adaptor-gpc-consumer) / 
+[Dockerhub](https://hub.docker.com/repository/docker/nhsdev/nia-gpc-consumer-adaptor)) consuming the 
+[GP Connect API](https://developer.nhs.uk/apis/gpconnect/).
 
 | Environment Variable                 | Default                                       | Description
 | -------------------------------------|-----------------------------------------------|-------------
-| GP2GP_GPC_GET_URL                    | http://localhost:8090/GP0001/STU3/1/gpconnect | The base URL of the GP Connect API provider
-| GP2GP_GPC_STRUCTURED_FHIR_BASE       | /structured/fhir                              | Structured fhir base.
-| GP2GP_GPC_DOCUMENTS_FHIR_BASE        | /documents/fhir                               | Document fhir base.
-| GP2GP_SPINE_CLIENT_CERT              |                                               | The content of the PEM-formatted client endpoint certificate
-| GP2GP_SPINE_CLIENT_KEY               |                                               | The content of the PEM-formatted client private key
-| GP2GP_SPINE_ROOT_CA_CERT             |                                               | The content of the PEM-formatted certificate of the issuing Root CA.
-| GP2GP_SPINE_SUB_CA_CERT              |                                               | The content of the PEM-formatted certificate of the issuing Sub CA.
+| GP2GP_GPC_GET_URL                    | http://localhost:8090/GP0001/STU3/1/gpconnect | (*) The base URL of the GP Connect Consumer Adaptor
+| GP2GP_GPC_STRUCTURED_FHIR_BASE       | /structured/fhir                              | The path segment for Get Access Structured FHIR server
+| GP2GP_GPC_DOCUMENTS_FHIR_BASE        | /documents/fhir                               | The path segment for Get Access Documents FHIR server
 | GP2GP_GPC_OVERRIDE_NHS_NUMBER        |                                               | The variable to overwrite nhs number used for gpc requests.
 
-Configure these if you access the OpenTest or HSCN networks via an HTTP proxy. This is NOT the configuration for Spine
-Secure Proxy (SSP).
-
-| Environment Variable                 | Default                   | Description
-| -------------------------------------|---------------------------|-------------
-| GP2GP_GPC_ENABLE_HTTP_PROXY          | false                     | Enable your environment requires you to access HSCN or OpenTest networks via an HTTP proxy
-| GP2GP_GPC_HTTP_PROXY                 | gp2gp                     | HTTP proxy address
-| GP2GP_GPC_HTTP_PROXY_PORT            | gp2gp                     | HTTP proxy port
+(*) `GP2GP_GPC_GET_URL` could be set to the base URL of a GP Connect Producer for limited testing purposes 
 
 ### MHS Adaptor Configuration Options
 
-The GP2GP uses the [MHS Adaptor]() to send/receive messages to/from Spine.
+The GP2GP uses the [MHS Adaptor](https://github.com/nhsconnect/integration-adaptor-mhs) to send/receive messages to/from Spine.
 
 | Environment Variable                 | Default                                       | Description
 | -------------------------------------|-----------------------------------------------|-------------
 | GP2GP_MHS_OUTBOUND_URL               | http://localhost:8081/mock-mhs-endpoint       | URL to the MHS adaptor's outbound endpoint
-
-### SDS API Configuration Options
-
-The GP2GP uses the [SDS API]() to discover GPC endpoints.
-
-| Environment Variable                 | Default                                       | Description
-| -------------------------------------|-----------------------------------------------|-------------
-| GP2GP_SDS_URL                        | http://localhost:8110/                        | URL to the SDS API
-| GP2GP_SDS_APIKEY                     |                                               | Secret key used to authenticate with the API
-
-### Trust Store Configuration Options
-
-You can configure a trust store with private CA certificates if required for TLS connections. The trust store does not replace Java's default trust store. At runtime the application adds these additional certificates to the default trust store. Only an s3:// url is currently supported, and the current use-case is to support AWS DocumentDb.
-
-| Environment Variable                | Default       | Description
-| ------------------------------------|---------------|-------------
-| GP2GP_SSL_TRUST_STORE_URL           |               | (Optional) URL of the trust store JKS. The only scheme currently supported is `s3://`
-| GP2GP_SSL_TRUST_STORE_PASSWORD      |               | (Optional) Password used to access the trust store
+| GP2GP_MHS_INBOUND_QUEUE              | inbound                   | Name of the queue for MHS inbound
 
 ## How to run service:
 
@@ -182,7 +175,6 @@ To override environment variables choose an example file e.g.
 (service/env.opentest.example.yml)[service/env.opentest.example.yml] and copy it to `service/env.yml`. Make your 
 changes in this copy. 
 
-
 ## How to run tests
 
 **Warning**: Gradle uses a [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) to re-use compile and
@@ -306,4 +298,4 @@ If gradle-wrapper.jar doesn't exist run in terminal:
 ### Licensing
 This code is dual licensed under the MIT license and the OGL (Open Government License). Any new work added to this repository must conform to the conditions of these licenses. In particular this means that this project may not depend on GPL-licensed or AGPL-licensed libraries, as these would violate the terms of those libraries' licenses.
 
-The contents of this repository are protected by Crown Copyright (C).
+The contents of this repository are protected by Crown Copyright (C).

e2e-tests/build.gradle

@@ -12,14 +12,15 @@ repositories {
 }
 
 dependencies {
-    implementation 'org.apache.qpid:qpid-jms-client:0.55.0'
+    implementation 'org.apache.qpid:qpid-jms-client:0.57.0'
     implementation "org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.0"
     implementation 'org.mongodb:mongo-java-driver:3.12.7'
 
     testImplementation 'commons-io:commons-io:2.6'
     testImplementation 'org.awaitility:awaitility:4.0.3'
     testImplementation 'org.junit.jupiter:junit-jupiter-api:5.7.1'
     testImplementation "org.assertj:assertj-core:3.18.1"
+    testImplementation 'ch.qos.logback:logback-classic:1.2.3'
 
     testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.3.1'
 

e2e-tests/src/test/resources/logback.xml

@@ -0,0 +1,17 @@
+<configuration>
+    <appender name="TEXT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>${GP2GP_LOGGING_FORMAT:-%d{yyyy-MM-dd HH:mm:ss.SSS} Level=%-5level Logger=%logger{36} Thread="%thread" Message="%msg"%n}
+            </pattern>
+        </encoder>
+    </appender>
+
+
+    <root level="${GP2GP_ROOT_LOGGING_LEVEL:-WARN}">
+        <appender-ref ref="TEXT}"/>
+    </root>
+
+    <logger name="uk.nhs.adaptors.gp2gp" level="${GP2GP_LOGGING_LEVEL:-INFO}" />
+    <logger name="reactor.netty.http.client" level="${GP2GP_LOGGING_LEVEL:-WARN}" />
+    <logger name="io.netty.util.internal.logging.InternalLoggerFactory" level="${GP2GP_LOGGING_LEVEL:-INFO}" />
+</configuration>

release/DOCKERHUB.md

@@ -31,7 +31,7 @@ you are testing to ensure compatibility with configurations and scripts.
 
 ```bash
 git pull
-git checkout 0.0.4
+git checkout 0.1.0
 ```
 
 ## Find the docker directory
@@ -53,7 +53,7 @@ cp vars.local.sh vars.sh
 ```
 
 Make any required changes to the `vars.sh` file. If using `vars.local.sh` you do not need to modify anything. Refer
-to the [README](https://github.com/nhsconnect/integration-adaptor-gp2gp/blob/0.0.3/README.md) for possible configuration
+to the [README](https://github.com/nhsconnect/integration-adaptor-gp2gp/blob/0.1.0/README.md) for possible configuration
 options.
 
 ## Find the release directory

release/version.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-export RELEASE_VERSION=0.0.4
+export RELEASE_VERSION=0.1.0

service/build.gradle

@@ -75,6 +75,9 @@ dependencies {
 		implementation('io.netty:netty-codec-http:4.1.59.Final') {
 			because 'to fix SNYK-JAVA-IONETTY-1070799'
 		}
+		implementation('com.azure:azure-core-http-netty:1.9.1') {
+			because 'to fix SNYK-JAVA-IONETTY-1083991'
+		}
 	}
 }