QC VM code (#82)

* added code for application and db containers only

* removed aidbox and added execution permissions for wizard script

* added database option to wizard, added profile to compose, and removed aidbox from README

* removed testing branch from scripts

* removed testing comment

* cleaned up readme

* feat: update env handling and add orchestration support (#65)

* refactor(shell): improve env var parsing and quoting logic, update docker-compose container names, and add GCP image upload script

* fix: update orchestration env service URLs to use dibbs container names

* fix: update wizard messages and clone branch in provision script

- Remove extra spaces and add quotes to schema options in wizard prompts.
- Clone dibbs-vm using the alis/gcp branch.
- Adjust environment variable formatting in provision.sh.

* chore(provision): remove deprecated docker compose vars export to .bashrc

* feat: export DIBBS_SERVICE and DIBBS_VERSION in bashrc

* feat: add macOS support for tar compression

Use gtar on macOS to compress the raw disk image, ensuring compatibility across systems.

* fix: remove branch specification from dibbs-vm clone command

The change removes the hardcoded branch (-b alis/gcp) flag to clone the default branch instead.

* removed aidbox and added execution permissions for wizard script

* update to readme

* feat: add support for NBS_API_PUB_KEY (#68)

* Add GCP VM setup documentation (#70)

* Add GCP VM setup documentation

* update on GCP documentation

* docs: update README with documentation and examples sections (#71)

(docs) Restructure docs within the docs directory, update links within the mkdocs site.
(docs) Reorganize docs and update section headers to improve navigation across the docs site.

* feat: add gitsha to build scripts and packer configuration (#73)

Add support for using the current git commit hash to uniquely tag build directories, image names, and output files. This update modifies build.sh, gcp_image.sh, and various packer configuration files to append the short gitsha to version identifiers.

---------

Co-authored-by: shanice-skylight <shanice@skylight.digital>
Co-authored-by: Mary McGrath <m.c.mcgrath13@gmail.com>
Co-authored-by: Chukwuemeka Emmanuel Nwakire <emmanuel@skylight.digital>

Author: 4 people

.gitignore

@@ -6,6 +6,6 @@ docker/dibbs-ecr-viewer/.env
 docker/dibbs-ecr-viewer/ecr-viewer.wizard
 docker/dibbs-ecr-viewer/ecr-viewer.bak
 
-docker/dibbs-query-connectory/.env
-docker/dibbs-query-connectory/query-connectory.wizard.env
-docker/dibbs-query-connectory/query-connectory.env.bak
+dibbs-query-connector/.env
+dibbs-query-connector/query-connector.wizard.env
+dibbs-query-connector/query-connector.env.bak

dibbs-query-connector/README.md

@@ -0,0 +1,42 @@
+### Development Database Disclaimer
+
+This virtual machine image includes a database intended **for development purposes only**.  
+It is **not configured for production use** and should not be used to store sensitive or live data.  
+Performance, security, and reliability settings may differ from production environments.  
+
+**Use this database only for testing and development.**
+
+
+### Query Connector Data for Query Building
+
+When initializing the backend database for the first time, the Query Connector makes the value sets associated with 200+ reportable conditions available to users tasked with building queries for their jurisdiction. To run this seeding script, you'll need to obtain the UMLS and eRSD API key's using the instructions below.
+
+To group value sets by condition and to group the conditions by type, the Query Connector obtains and organizes data from the eRSD and the VSAC in the following way:
+
+1. The Query Connector retrieves the 200+ reportable conditions from the eRSD as well as the value sets' associated IDs.
+2. Using the value set IDs from the eRSD, the Query Connector retrieves the value set's comprehensive information from the VSAC, i.e., the LOINC, SNOMED, etc. codes associated with each value set ID.
+3. The Query Connector then organizes these value sets according to the conditions with which they're associated, making the result available to users interested in building queries. The conditions are additionally organized by category, e.g., sexually transmitted diseases or respiratory conditions, using a mapping curated by HLN Consulting.
+
+
+#### Obtaining an eRSD API Key and UMLS API Key
+
+To obtain the free API keys, please visit the following URLs and follow the sign up instructions.
+
+- [https://ersd.aimsplatform.org/#/api-keys](https://ersd.aimsplatform.org/#/api-keys)
+- [https://uts.nlm.nih.gov/uts/login](https://uts.nlm.nih.gov/uts/login)
+
+
+
+Save your API keys and license to input during the wizard script , the environment variabels are  called `ERSD_API_KEY` and `UMLS_API_KEY` The wizard will assit you with updating these values for the `.env` file so that they can be accessed when running the Query Connector app. 
+
+Adjust your `DATABASE_URL` as needed.
+
+### Setup wizard script for Query Connector Application
+1. Logon to the virtual machine
+2. Run the wizard script to setup the Query Connector application:
+    ```bash
+    ./dibbs-query-connector-wizard.sh
+    ```
+3. Navigate to following urls:
+    - Query Connector at <IP.ADDRESS>:3000
+    - Portainer at <IP.ADDRESS>:9000

dibbs-query-connector/database.env

@@ -0,0 +1,3 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=pw
+POSTGRES_DB=tefca_db

dibbs-query-connector/dibbs-query-connector-wizard.sh.home

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# This script is a setup wizard for the Query Connector application. It guides the user through the process of configuring
+# environment variables and setting up the necessary configurations for running the application using Docker Compose.
+
+
+project_dir=$HOME/dibbs-vm/dibbs-query-connector
+dibbs_query_connector_env=$project_dir/dibbs-query-connector.env
+dibbs_query_connector_bak=$project_dir/dibbs-query-connector.bak
+dibbs_query_connector_wizard=$project_dir/dibbs-query-connector.wizard
+
+echo ""
+echo -e "m******************************************************"
+echo -e "WARNING: This virtual machine image includes a database intended for development purposes only. It is not configured for 
+production use and should not be used to store sensitive or live data.  Performance, security, and reliability settings may differ 
+from production environments."
+echo -e "m******************************************************"
+
+# Prompt function
+prompt() {
+  local key="$1"
+  local description="$2"
+  local default="$3"
+  local input
+
+  echo
+  echo "$description"
+  
+  # If the key looks like a secret, use silent prompt
+  if [[ "$key" == *"PASSWORD"* || "$key" == *"SECRET"* || "$key" == *"KEY"* ]]; then
+    read -s -p "$key [$default]: " input
+    echo
+  else
+    read -p "$key [$default]: " input
+  fi
+
+  # Fallback to default if input is empty
+  input="${input:-$default}"
+
+  # Remove existing entry
+  sed -i "/^$key=/d" "qc.env" 2>/dev/null
+  # Append new value
+  echo "$key=$input" >> "qc.env"
+  echo -e "Updating your configuration."
+  cat qc.env > dibbs-query-connector.env
+  cp dibbs-query-connector.env  "$dibbs_query_connector_env"
+  export $(cat dibbs-query-connector.env | xargs)
+  
+}
+
+prompt "DIBBS_SERVICE" "Name of DIBBS service that is being deployed (e.g. dibbs-query-connector). Default: dibbs-query-connector" "dibbs-query-connector" 
+prompt "DIBBS_VERSION" "Name of DIBBS version that is being deployed (e.g. 0.1.0). Default: 0.9.1" "0.9.1"
+prompt "NODE_ENV" "Specify the environment (e.g., development, production, test). Default: production" "production"
+prompt "EXISTING_DATABASE" "Do you have a pre-existing database available to connect to Query Connector(e.g. yes, no) Default: yes" "yes"
+prompt "DATABASE_URL" "Enter the full database connection string (db connection string format: postgres://username:password@host:port/db_name) Default: postgres://postgres:pw@db:5432/tefca_db." "postgres://postgres:pw@db:5432/tefca_db" 
+prompt "AUTH_DISABLED" "Enter 'true' to disable authentication, or 'false' to enable it. Default: true" "true"
+prompt "NODE_TLS_REJECT_UNAUTHORIZED" "Enter '0' to allow self-signed certs, '1' to reject them. Default: 0" "0"
+prompt "AUTH_SECRET" "Enter the secret key used to sign auth tokens for NEXTJS (keep it secure). " "Replace with auth token "
+prompt "AUTH_URL" "Enter the full URL of your authentication provider or auth endpoint. Default: http://query-connector:3000" "http://query-connector:3000"
+prompt "ERSD_API_KEY" "Enter the API key used to access the ERSD (Electronic Resources Service Directory). See README for detailed instructions" "Replace with ERSD API key"
+prompt "UMLS_API_KEY" "Enter your UMLS (Unified Medical Language System) API key. See README for detailed instructions" "Replace with UMLS API key"
+
+
+start_all_docker_containers() {
+  echo "Starting all Docker containers..."
+  cd "$project_dir"
+  docker compose up -d
+  docker compose up -d db
+}
+
+start_docker_containers() {
+  echo "Starting Docker containers..."
+  cd "$project_dir"
+  docker compose up -d
+}
+
+if [[ "$EXISTING_DATABASE" == "no" ]]; then
+  start_all_docker_containers
+else
+  start_docker_containers
+fi

dibbs-query-connector/docker-compose.yml

@@ -0,0 +1,56 @@
+services:
+  # PostgreSQL DB for custom query and value set storage
+  db:
+    image: "postgres:17.4"
+    restart: always
+    ports:
+      - "5432:5432"
+    env_file: "database.env"
+    volumes:
+      - ./vs_dump.sql:/docker-entrypoint-initdb.d/vs_dump.sql
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 2s
+      timeout: 30s
+      retries: 20
+    profiles: [deploy-db]  
+
+# Flyway migrations and DB version control
+  flyway:
+    image: flyway/flyway:11-alpine
+    command: -configFiles=/flyway/conf/flyway.conf -schemas=public -connectRetries=60 migrate
+    volumes:
+      - ./flyway/sql:/flyway/sql
+      - ./flyway/conf/flyway.conf:/flyway/conf/flyway.conf
+    depends_on:
+      db:
+        condition: service_started
+    profiles: [deploy-db]    
+
+  # Next.js app
+  query-connector:
+    image: ghcr.io/cdcgov/$DIBBS_SERVICE/query-connector:$DIBBS_VERSION
+    restart: always
+    tty: true
+    ports:
+      - "3000:3000"
+    env_file: "dibbs-query-connector.env"
+
+
+  #Portainer
+  portainer:
+    image: portainer/portainer-ce
+    restart: always
+    ports:
+      - "9000:9000"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  docs:
+    build:
+      context: ./../docs
+      dockerfile: Dockerfile
+    ports:
+      - "80:80"
+
+

dibbs-query-connector/flyway/conf/flyway.conf

@@ -0,0 +1,5 @@
+flyway.url=jdbc:postgresql://db:5432/tefca_db
+flyway.locations=filesystem:/flyway/sql
+flyway.user=postgres
+flyway.password=pw
+flyway.baselineOnMigrate=false

dibbs-query-connector/flyway/sql/V01_01__tcr_custom_query_schema.sql

@@ -0,0 +1,84 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS conditions (
+    id TEXT PRIMARY KEY,
+    system TEXT,
+    name TEXT,
+    version TEXT,
+    category TEXT
+);
+
+CREATE TABLE IF NOT EXISTS category_data (
+    condition_name TEXT,
+    condition_code TEXT PRIMARY KEY,
+    category TEXT,
+    FOREIGN KEY(condition_code) REFERENCES conditions(id)
+);
+
+CREATE TABLE IF NOT EXISTS valuesets (
+    id TEXT PRIMARY KEY,
+    oid TEXT,
+    version TEXT,
+    name TEXT,
+    author TEXT,
+    type TEXT,
+    dibbs_concept_type TEXT
+);
+
+CREATE TABLE IF NOT EXISTS concepts (
+    id TEXT PRIMARY KEY,
+    code TEXT,
+    code_system TEXT,
+    display TEXT,
+    gem_formatted_code TEXT,
+    version TEXT
+);
+
+CREATE TABLE IF NOT EXISTS condition_to_valueset (
+    id TEXT PRIMARY KEY,
+    condition_id TEXT,
+    valueset_id TEXT,
+    source TEXT,
+    FOREIGN KEY (condition_id) REFERENCES conditions(id),
+    FOREIGN KEY (valueset_id) REFERENCES valuesets(id)
+);
+
+CREATE TABLE IF NOT EXISTS valueset_to_concept (
+    id TEXT PRIMARY KEY,
+    valueset_id TEXT,
+    concept_id TEXT,
+    FOREIGN KEY (valueset_id) REFERENCES valuesets(id),
+    FOREIGN KEY (concept_id) REFERENCES concepts(id)
+);
+
+CREATE TABLE IF NOT EXISTS query (
+    id UUID DEFAULT uuid_generate_v4 (),
+    query_name VARCHAR(255) UNIQUE,
+    query_data JSON,
+    conditions_list TEXT[],
+    author VARCHAR(255),
+    date_created TIMESTAMP,
+    date_last_modified TIMESTAMP,
+    time_window_number INT,
+    time_window_unit VARCHAR(80),
+    PRIMARY KEY (id));
+
+-- Create indexes for all primary and foreign keys
+
+CREATE INDEX IF NOT EXISTS conditions_id_index ON conditions (id);
+CREATE INDEX IF NOT EXISTS conditions_name_index ON conditions (name);
+
+CREATE INDEX IF NOT EXISTS valuesets_id_index ON valuesets (id);
+
+CREATE INDEX IF NOT EXISTS concepts_id_index ON concepts (id);
+
+CREATE INDEX IF NOT EXISTS condition_to_valueset_id_index ON condition_to_valueset (id);
+CREATE INDEX IF NOT EXISTS condition_to_valueset_condition_id_index ON condition_to_valueset (condition_id);
+CREATE INDEX IF NOT EXISTS condition_to_valueset_valueset_id_index ON condition_to_valueset (valueset_id);
+
+CREATE INDEX IF NOT EXISTS valueset_to_concept_id_index ON valueset_to_concept (id);
+CREATE INDEX IF NOT EXISTS valueset_to_concept_valueset_id_index ON valueset_to_concept (valueset_id);
+CREATE INDEX IF NOT EXISTS valueset_to_concept_concept_id_index ON valueset_to_concept (concept_id);
+
+CREATE INDEX IF NOT EXISTS query_id_index ON query (id);
+CREATE INDEX IF NOT EXISTS query_name_index ON query (query_name);

dibbs-query-connector/flyway/sql/V02_01__add_fhir_servers.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS fhir_servers (
+    id UUID DEFAULT uuid_generate_v4 (),
+    name TEXT,
+    hostname TEXT,
+    headers JSON DEFAULT NULL
+);
+
+CREATE INDEX IF NOT EXISTS fhir_servers_id_index ON fhir_servers (id);
+CREATE INDEX IF NOT EXISTS fhir_servers_name_index ON fhir_servers (name);
+
+INSERT INTO fhir_servers (name, hostname) VALUES ('Public HAPI: Direct','https://hapi.fhir.org/baseR4');

dibbs-query-connector/flyway/sql/V03_01__add_fhir_server_connection_columns.sql

@@ -0,0 +1,82 @@
+-- Add columns for connection tracking
+ALTER TABLE fhir_servers
+ADD COLUMN last_connection_attempt TIMESTAMP WITH TIME ZONE,
+ADD COLUMN last_connection_successful BOOLEAN DEFAULT FALSE;
+
+-- Update existing rows to have null values for new columns
+UPDATE fhir_servers
+SET last_connection_attempt = NULL,
+    last_connection_successful = NULL;
+
+-- Convert name index to unique constraint
+DROP INDEX fhir_servers_name_index;
+CREATE UNIQUE INDEX fhir_servers_name_index ON fhir_servers (name);
+
+-- Truncate existing table
+TRUNCATE TABLE fhir_servers;
+
+-- Direct FHIR servers
+INSERT INTO fhir_servers (name, hostname, last_connection_attempt, last_connection_successful)
+VALUES 
+    ('Public HAPI: Direct', 'https://hapi.fhir.org/baseR4', current_timestamp, true),
+    ('HELIOS Meld: Direct', 'https://gw.interop.community/HeliosConnectathonSa/open', current_timestamp, true),
+    ('JMC Meld: Direct', 'https://gw.interop.community/JMCHeliosSTISandbox/open', current_timestamp, true),
+    ('Local e2e HAPI Server: Direct', 'http://hapi-fhir-server:8080/fhir', current_timestamp, true),
+    ('OPHDST Meld: Direct', 'https://gw.interop.community/CDCSepHL7Connectatho/open', current_timestamp, true);
+
+-- eHealthExchange FHIR servers
+INSERT INTO fhir_servers (name, hostname, headers, last_connection_attempt, last_connection_successful)
+VALUES 
+    ('HELIOS Meld: eHealthExchange', 
+     'https://concept01.ehealthexchange.org:52780/fhirproxy/r4/',
+     '{
+        "Accept": "application/json, application/*+json, */*",
+        "Accept-Encoding": "gzip, deflate, br",
+        "Content-Type": "application/fhir+json; charset=UTF-8",
+        "X-DESTINATION": "MeldOpen",
+        "X-POU": "PUBHLTH",
+        "prefer": "return=representation",
+        "Cache-Control": "no-cache"
+     }',
+     current_timestamp,
+     true),
+    ('JMC Meld: eHealthExchange',
+     'https://concept01.ehealthexchange.org:52780/fhirproxy/r4/',
+     '{
+        "Accept": "application/json, application/*+json, */*",
+        "Accept-Encoding": "gzip, deflate, br",
+        "Content-Type": "application/fhir+json; charset=UTF-8",
+        "X-DESTINATION": "JMCHelios",
+        "X-POU": "PUBHLTH",
+        "prefer": "return=representation",
+        "Cache-Control": "no-cache"
+     }',
+     current_timestamp,
+     true),
+    ('OpenEpic: eHealthExchange',
+     'https://concept01.ehealthexchange.org:52780/fhirproxy/r4/',
+     '{
+        "Accept": "application/json, application/*+json, */*",
+        "Accept-Encoding": "gzip, deflate, br",
+        "Content-Type": "application/fhir+json; charset=UTF-8",
+        "X-DESTINATION": "OpenEpic",
+        "X-POU": "PUBHLTH",
+        "prefer": "return=representation",
+        "Cache-Control": "no-cache"
+     }',
+     current_timestamp,
+     true),
+    ('CernerHelios: eHealthExchange',
+     'https://concept01.ehealthexchange.org:52780/fhirproxy/r4/',
+     '{
+        "Accept": "application/json, application/*+json, */*",
+        "Accept-Encoding": "gzip, deflate, br",
+        "Content-Type": "application/fhir+json; charset=UTF-8",
+        "X-DESTINATION": "CernerHelios",
+        "X-POU": "PUBHLTH",
+        "prefer": "return=representation",
+        "Cache-Control": "no-cache",
+        "OAUTHSCOPES": "system/Condition.read system/Encounter.read system/Immunization.read system/MedicationRequest.read system/Observation.read system/Patient.read system/Procedure.read system/MedicationAdministration.read system/DiagnosticReport.read system/RelatedPerson.read"
+     }',
+     current_timestamp,
+     true);

dibbs-query-connector/flyway/sql/V04_01__add_fhir_server_disable_cert_validation.sql

@@ -0,0 +1,12 @@
+ALTER TABLE fhir_servers
+ADD COLUMN disable_cert_validation BOOLEAN DEFAULT FALSE;
+
+-- Update rows with eHealthExchange in the server name to have disable_cert_validation set to true
+UPDATE fhir_servers
+SET disable_cert_validation = TRUE
+WHERE name LIKE '%eHealthExchange%';
+
+-- Update rows with eHealthExchange in the server name to strip the trailing slash from the hostname
+UPDATE fhir_servers
+SET hostname = regexp_replace(hostname, '/$', '')
+WHERE name LIKE '%eHealthExchange%';