Add RS scripts to simplify set up

.secrets.baseline

@@ -132,40 +132,6 @@
         "is_secret": false
       }
     ],
-    "README.md": [
-      {
-        "type": "Secret Keyword",
-        "filename": "README.md",
-        "hashed_secret": "367e3228ed16bf72b36de9a4134ee8b825cafacb",
-        "is_verified": false,
-        "line_number": 314,
-        "is_secret": false
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "README.md",
-        "hashed_secret": "40bd7d88eae0468b048e62e1056ac390970b2b51",
-        "is_verified": false,
-        "line_number": 319,
-        "is_secret": false
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "README.md",
-        "hashed_secret": "0d46754ae17642645ca041edaac9a1c1569f5edc",
-        "is_verified": false,
-        "line_number": 324,
-        "is_secret": false
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "README.md",
-        "hashed_secret": "3c4da28c9bc45d01e4950ee6f8e67a8d1a1ec19b",
-        "is_verified": false,
-        "line_number": 334,
-        "is_secret": false
-      }
-    ],
     "docker-compose.postgres.yml": [
       {
         "type": "Secret Keyword",
@@ -277,5 +243,5 @@
       }
     ]
   },
-  "generated_at": "2024-03-11T15:51:37Z"
+  "generated_at": "2024-03-27T15:53:08Z"
 }

README.md

@@ -296,93 +296,62 @@ After enabling this option it is recommended that you delete all docker images a
 with this option enabled.
 
 1. Checkout `master` branch for `CDCgov/prime-reportstream`
-2. CD to `prime-reportstream/prime-router`
-3. Run the `./cleanslate` script. For more information you can refer to the [ReportStream docs](https://github.com/CDCgov/prime-reportstream/blob/master/prime-router/docs/docs-deprecated/getting-started/getting-started.md#building-the-baseline)
-4. Run RS with `docker compose up --build -d`
-5. Run `./gradlew resetDB && ./gradlew reloadTable && ./gradlew reloadSettings`
-6. Edit `/settings/staging/0166-flexion-staging-results-handling.yml`
-   1. Comment the lines related to staging settings, and uncomment the ones for local settings:
-      1. `authTokenUrl`, `reportUrl`, `authHeaders.host` under REST `transport` in `receivers`
-      2. `type` and `credentialName` under SFTP `transport` in `receivers`
-7. Run `./prime multiple-settings set -i ./settings/staging/0166-flexion-staging-results-handling.yml`
-8. Run `./prime organization addkey --public-key /path/to/trusted-intermediary/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.etor-service-sender --doit`
-9. Setup local vault secret
-   1. Go to: `http://localhost:8200/`
-   2. Use token in `prime-router/.vault/env/.env.local` to authenticate
-   3. Go to `Secrets engines` > `secret/` > `Create secret`
-      1. Create secret for `flexion.etor-service-receiver-orders`
-         1. Path for this secret: `FLEXION--ETOR-SERVICE-RECEIVER-ORDERS`
-         2. JSON data:
-         ```
-         {
-            "@type": "UserApiKey",
-            "apiKey": "Contents of file at trusted-intermediary/mock_credentials/organization-report-stream-private-key-local.pem",
-            "user": "flexion"
-         }
-         ```
-      2. Create secret for `flexion.etor-service-receiver-results`
-         1. Path for this secret: `FLEXION--ETOR-SERVICE-RECEIVER-RESULTS`
-         2. JSON data:
-         ```
-         {
-         "@type": "UserApiKey",
-         "apiKey": "Contents of file at trusted-intermediary/mock_credentials/organization-report-stream-private-key-local.pem",
-         "user": "flexion"
-         }
-         ```
-      3. Create secret for `DEFAULT-SFTP`
-         1. Path for this secret: `DEFAULT-SFTP`
-         2. JSON data:
-         ```
-         {
-         "@type": "UserPass",
-         "user": "user",
-         "pass": "pass"
-         }
-         ```
+2. Copy all the scripts found at `scripts/rs` to `prime-reportstream/prime-router`
+   - **Note**: update the `path_to_cdcti` variable in the scripts to point to the path for the `trusted-intermediary` codebase in your machine
+3. CD to `prime-reportstream/prime-router`
+4. Run the `./cleanslate` script. For more information you can refer to the [ReportStream docs](https://github.com/CDCgov/prime-reportstream/blob/master/prime-router/docs/docs-deprecated/getting-started/getting-started.md#building-the-baseline)
+5. Run RS with `docker compose up --build -d`
+6. Edit `/settings/staging/0166-flexion-staging-results-handling.yml` to comment the lines related to staging settings, and uncomment the ones for local settings:
+   - `authTokenUrl`, `reportUrl`, `authHeaders.host` under REST `transport` in `receivers`
+   - `type` and `credentialName` under SFTP `transport` in `receivers`
+7. Run the `./reset.sh` script to reset the database and apply the flexion org settings
+8. Run the `./setup-vault.sh` script to set up the local vault secrets
+   - You can verify that the script created the secrets succesfully by going to `http://localhost:8200/` in your browser, use the token in `prime-router/.vault/env/.env.local` to authenticate, and then go to `Secrets engines` > `secret/` to check the available secrets
 
 #### Submit request to ReportStream
 
-In order to submit a request, you'll need to authenticate with ReportStream using JWT auth:
-1. Create a JWT for the sender (e.g. `flexion.simulated-hospital`) using the sender's private key. You may use [this CLI tool](https://github.com/mike-engel/jwt-cli) to create the JWT:
-   ```
-   jwt encode --exp='+5min' --jti $(uuidgen) --alg RS256 -k <sender> -i <sender> -s <sender> -a staging.prime.cdc.gov --no-iat -S @/path/to/sender_private.pem
-   ```
-2. Use the generated JWT to authenticate with ReportStream and get the token, which will be in the `access_token` response
-   ```
-   curl --header 'Content-Type: application/x-www-form-urlencoded' --data 'scope=flexion.*.report' --data 'client_assertion=<jwt>' --data 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' --data 'grant_type=client_credentials' 'http://localhost:7071/api/token'
-   ```
-3. Submit an Order or Result using the returned token
+##### Locally
 
-##### Orders
+###### Orders
 
 To test sending from a simulated hospital:
 ```
-curl --header 'Content-Type: application/hl7-v2' --header 'Client: flexion.simulated-hospital' --header 'Authorization: Bearer <token>' --data-binary '@/path/to/orm_message.hl7' 'http://localhost:7071/api/waters'
+curl --header 'Content-Type: application/hl7-v2' --header 'Client: flexion.simulated-hospital' --header 'Authorization: Bearer dummy_token' --data-binary '@/path/to/orm_message.hl7' 'http://localhost:7071/api/waters'
 ```
 
 
 To test sending from TI:
 ```
-curl --header 'Content-Type: application/fhir+ndjson' --header 'Client: flexion.etor-service-sender' --header 'Authorization: Bearer <token>' --data-binary '@/path/to/oml_message.fhir' 'http://localhost:7071/api/waters'
+curl --header 'Content-Type: application/fhir+ndjson' --header 'Client: flexion.etor-service-sender' --header 'Authorization: Bearer dummy_token' --data-binary '@/path/to/oml_message.fhir' 'http://localhost:7071/api/waters'
 ```
 
-##### Results
+###### Results
 
 To test sending from a simulated lab:
 ```
-curl --header 'Content-Type: application/hl7-v2' --header 'Client: flexion.simulated-lab' --header 'Authorization: Bearer <token>' --data-binary '@/path/to/oru_message.hl7' 'http://localhost:7071/api/waters'
+curl --header 'Content-Type: application/hl7-v2' --header 'Client: flexion.simulated-lab' --header 'Authorization: Bearer dummy_token' --data-binary '@/path/to/oru_message.hl7' 'http://localhost:7071/api/waters'
 ```
 
 
 To test sending from TI:
 ```
-curl --header 'Content-Type: application/fhir+ndjson' --header 'Client: flexion.etor-service-sender' --header 'Authorization: Bearer <token>' --data-binary '@/path/to/oru_message.fhir' 'http://localhost:7071/api/waters'
+curl --header 'Content-Type: application/fhir+ndjson' --header 'Client: flexion.etor-service-sender' --header 'Authorization: Bearer dummy_token' --data-binary '@/path/to/oru_message.fhir' 'http://localhost:7071/api/waters'
 ```
 
 After one or two minutes, check that hl7 files have been dropped to `prime-reportstream/prime-router/build/sftp` folder
 
-**Note**: `<token>` should be replaced by the bearer token received from the `/api/token` endpoint
+##### Staging
+
+In order to submit a request, you'll need to authenticate with ReportStream using JWT auth:
+1. Create a JWT for the sender (e.g. `flexion.simulated-hospital`) using the sender's private key, which should be stored in Keybase. You may use [this CLI tool](https://github.com/mike-engel/jwt-cli) to create the JWT:
+   ```
+   jwt encode --exp='+5min' --jti $(uuidgen) --alg RS256 -k <sender> -i <sender> -s <sender> -a staging.prime.cdc.gov --no-iat -S @/path/to/sender_private.pem
+   ```
+2. Use the generated JWT to authenticate with ReportStream and get the token, which will be in the `access_token` response
+   ```
+   curl --header 'Content-Type: application/x-www-form-urlencoded' --data 'scope=flexion.*.report' --data 'client_assertion=<jwt>' --data 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' --data 'grant_type=client_credentials' 'http://localhost:7071/api/token'
+   ```
+3. Submit an Order or Result using the returned token in the `'Authorization: Bearer <token>'` header
 
 ## DORA Metrics
 

scripts/rs/readme.md

@@ -0,0 +1,5 @@
+# ReportStream Scripts
+
+The scripts in this folders are meant to be copied and run in the [prime-reportstream](https://github.com/CDCgov/prime-reportstream) codebase inside the `prime-router` folder. You can also create symbolic link instead of copying the files in order to keep them up-to-date.
+
+These scripts rely in a `CDCTI_HOME` environment variable that needs to be set in your environment to your local path to the CDC-TI codebase. You may update and run the `start-here.sh` script to set it. You may also want to add it to your shell's startup file to persist it.

scripts/rs/reset.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# NOTE: Remember to run this script inside the prime-router directory of the prime-reportstream codebase
+# Make sure to add a CDCTI_HOME environment variable pointing to the trusted-intermediary directory
+# export CDCTI_HOME="/path/to/trusted-intermediary"
+
+./gradlew resetDB
+./gradlew reloadTable
+./gradlew flywayRepair
+./gradlew reloadSettings
+./prime multiple-settings set -s -i ./settings/staging/0166-flexion-staging-results-handling.yml
+./prime organization addkey --public-key $CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.etor-service-sender --doit
+./prime organization addkey --public-key $CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.simulated-hospital --doit
+./prime organization addkey --public-key $CDCTI_HOME/mock_credentials/organization-trusted-intermediary-public-key-local.pem --scope "flexion.*.report" --orgName flexion --kid flexion.simulated-lab --doit

scripts/rs/setup-vault.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+# NOTE: Remember to run this script inside the prime-router directory of the prime-reportstream codebase
+# Make sure to add a CDCTI_HOME environment variable pointing to the trusted-intermediary directory
+# export CDCTI_HOME="/path/to/trusted-intermediary"
+
+private_key=$(cat $CDCTI_HOME/mock_credentials/organization-report-stream-private-key-local.pem)
+
+export $(xargs <.vault/env/.env.local)
+
+./prime create-credential --type UserPass --user foo --pass pass --persist DEFAULT-SFTP
+./prime create-credential --type UserApiKey --apikey-user flexion --apikey "$private_key" --persist FLEXION--ETOR-SERVICE-RECEIVER-ORDERS
+./prime create-credential --type UserApiKey --apikey-user flexion --apikey "$private_key" --persist FLEXION--ETOR-SERVICE-RECEIVER-RESULTS

scripts/rs/start-here.sh

@@ -0,0 +1 @@
+export CDCTI_HOME="/path/to/trusted-intermediary"