Merge pull request #119 from icanbwell/SU-EFS-1228

EFS-1228 Update to latest fhir server image

docker-compose.yml

@@ -21,48 +21,89 @@ services:
   fhir:
     depends_on:
       - mongo
-    image: imranq2/node-fhir-server-mongo:3.2.52
+      - keycloak
+    image: imranq2/node-fhir-server-mongo:5.6.7
     # To use local fhir code, comment above line and uncomment below
 #    build:
 #      dockerfile: Dockerfile
 #      context: ../node-fhir-server-mongo
     environment:
       SERVER_PORT: 3000
-      MONGO_HOSTNAME: mongo
-      MONGO_PORT: 27017
+      MONGO_URL: mongodb://mongo:27017
+      AUDIT_EVENT_MONGO_DB_NAME: fhir
+      AUDIT_EVENT_MONGO_URL: mongodb://mongo:27017
       RESOURCE_SERVER: http://fhir:3000/
       AUTH_SERVER_URI: http://myauthzserver.com
-      CLIENT_ID: client
-      CLIENT_SECRET: secret
+      AUTH_CUSTOM_SCOPE: "custom:scope"
+      CLIENT_ID: bwell-client-id
+      CLIENT_SECRET: bwell-secret
       INTROSPECTION_URL: https://myauthzserver.com/introspect
       MONGO_DB_NAME: fhir
-      CHECK_ACCESS_TAG_ON_SAVE: 1
-      IS_PRODUCTION:
+      AUTH_CONFIGURATION_URI: http://keycloak:8080/realms/bwell-realm/.well-known/openid-configuration
+      AUTH_JWKS_URL: http://keycloak:8080/realms/bwell-realm/protocol/openid-connect/certs
+      EXTERNAL_AUTH_JWKS_URLS: http://keycloak:8080/realms/bwell-realm/protocol/openid-connect/certs
       RETURN_BUNDLE: "1"
       VALIDATE_SCHEMA: "1"
-      AUTH_ENABLED: "0"
       ENABLE_GRAPHQL: "1"
+      ENABLE_GRAPHQLV2: "1"
       LOGLEVEL: "DEBUG"
       SET_INDEX_HINTS: 0
       CREATE_INDEX_ON_COLLECTION_CREATION: 1
-      USE_TWO_STEP_SEARCH_OPTIMIZATION: "1"
+      USE_TWO_STEP_SEARCH_OPTIMIZATION: "0"
+      STREAM_RESPONSE: "1"
     ports:
       - '3000:3000'
     command: yarn start
     restart: on-failure
     healthcheck:
-        test: ["CMD-SHELL", "curl --silent --fail localhost:3000/health || exit 1"]
+        test: ["CMD-SHELL", "wget --spider --quiet localhost:3000/health || exit 1"]
 
   mongo:
-      image: mongo:5.0.15
+      image: mongo:7.0.12
       ports:
           - '27017:27017'
       environment:
           - ALLOW_EMPTY_PASSWORD=yes
       volumes:
           - mongo_data:/data/db
       healthcheck:
-          test: echo 'db.runCommand("ping").ok' | mongo mongo:27017/test --quiet
+          test: echo 'db.runCommand("ping").ok' | mongosh mongo:27017/test --quiet
+
+  keycloak:
+    # https://github.com/keycloak/keycloak/releases
+    image: quay.io/keycloak/keycloak:25.0.1
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: password
+      # The below settings are for test data creation
+      # This is the user and password that will be created in the realm
+      MY_ADMIN_USER_NAME: admin
+      MY_ADMIN_USER_PASSWORD: password
+      MY_ADMIN_USER_SCOPE: user/*.* access/*.*
+      MY_ADMIN_USER_TOKEN_USERNAME: admin
+      # This is the user and password that will be created in the realm
+      MY_USER_NAME: tester
+      MY_USER_PASSWORD: password
+      MY_USER_SCOPE: user/*.* access/*.* patient/*.read
+      MY_USER_TOKEN_USERNAME: tester
+      # This is the client setup
+      CLIENT_ID: bwell-client-id
+      CLIENT_SECRET: bwell-secret
+      # This is the service account that will be created in the realm
+      SERVICE_ACCOUNT_NAME: service-account
+      SERVICE_ACCOUNT_PASSWORD: password
+      SERVICE_ACCOUNT_SCOPE: user/*.* access/*.*
+      # These are the custom claims that will be added to any generated token
+      MY_USER_CLIENT_PERSON_ID: 0b2ad38a-20bc-5cf5-9739-13f242b05892
+      MY_USER_CLIENT_PATIENT_ID: 22aa18af-af51-5799-bc55-367c22c85407
+      MY_USER_BWELL_PERSON_ID: 0eb80391-0f61-5ce6-b221-a5428f2f38a7
+      MY_USER_BWELL_PATIENT_ID: patient2
+      KC_FEATURES: dynamic-scopes
+    ports:
+      - "8080:8080"
+    command: ["start-dev", "--import-realm", "--verbose"]
+    volumes:
+      - ./keycloak-config/realm-import.json:/opt/keycloak/data/import/realm-import.json
 
 volumes:
   mongo_data: