Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(mtls): trust store and mtls #1430

Merged
merged 21 commits into from
Feb 26, 2024
Merged

feat(mtls): trust store and mtls #1430

merged 21 commits into from
Feb 26, 2024

Conversation

jonahkaye
Copy link
Member

@jonahkaye jonahkaye commented Jan 18, 2024
edited
Loading

Refs: #1377

Dependencies

Description

Testing

  • Staging
    • branch to staging
    • test there with our own cert
    • verify that without the cert we cant get throug
    • have testing partner ping us (qvera). Or we could just get their certs from their endpoints and test ourselves hehe. That saves effort since I dont have to mock responses or wait on them so they dont freak out

Release Plan

  • Merge this. Note that in order for this to not fail on release to staging, will need to branch to staging first with a branch that removes IHE stack code, and then merge. See above for why. This should not be required when ship to prod since there is no IHE stack on prod yet
  • add to go Live that we need to add counterpart bucket and bundle to aws

@jonahkaye jonahkaye self-assigned this Jan 18, 2024
@jonahkaye jonahkaye requested a deployment to staging January 19, 2024 04:40 — with GitHub Actions Abandoned
@jonahkaye jonahkaye requested a deployment to staging January 19, 2024 04:40 — with GitHub Actions Abandoned
@jonahkaye jonahkaye requested a deployment to staging January 19, 2024 04:40 — with GitHub Actions Abandoned
@jonahkaye jonahkaye requested a deployment to staging January 19, 2024 05:06 — with GitHub Actions Abandoned
@jonahkaye jonahkaye requested a deployment to staging January 19, 2024 05:06 — with GitHub Actions Abandoned
Goncharo
Goncharo requested changes Feb 7, 2024
View reviewed changes
Copy link
Member

@Goncharo Goncharo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

flagging this a needs review, for bookkeeping due to this: #1430 (comment)

Goncharo
Goncharo reviewed Feb 26, 2024
View reviewed changes
Copy link
Member

@Goncharo Goncharo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added some Qs - also once this PR is approved I'd suggest just creating the prod resources as well, rather than waiting for go-live ( so we don't forget)

packages/lambdas/src/inbound-patient-discovery.ts
@@ -17,6 +17,7 @@ export const handler = Sentry.AWSLambda.wrapHandler(async (event: APIGatewayProx
id: payload.id,
timestamp: payload.timestamp,
samlAttributes: payload.samlAttributes,
patientResource: payload.patientResource,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what does this have to do with mTLS?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah nothing was just an improvement to the PD logic. Was a lingering change I just added herer

packages/infra/lib/ihe-stack/ihe-gateway.ts
Comment on lines +88 to +90
addProxyRoute("/v1/patient-discovery", buildInboundAddress(patientDiscoveryPort), apiGateway);
addProxyRoute("/v1/document-query", buildInboundAddress(documentQueryPort), apiGateway);
addProxyRoute("/v1/document-retrieval", buildInboundAddress(documentRetrievalPort), apiGateway);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did you remove const apiRootV1 = api.root.addResource("v1"); in favor of putting /v1 in every URL?

why not just build there from the apiRootV1?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

APIGatewayV2 doesnt support ".root" or the type that apiRoot was (an apig.IResource). This was the only way I could figure out to from the aws docs

Goncharo
Goncharo approved these changes Feb 26, 2024
View reviewed changes
Copy link
Member

@Goncharo Goncharo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jonahkaye jonahkaye merged commit 66428d4 into develop Feb 26, 2024
7 checks passed
@jonahkaye jonahkaye deleted the 1377-mutual-tls branch February 26, 2024 16:22
@RamilGaripov RamilGaripov mentioned this pull request Feb 26, 2024
Merged
16 tasks
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 5.63.0-develop.7 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 5.64.0-develop.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 5.64.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Goncharo Goncharo Goncharo approved these changes

@RamilGaripov RamilGaripov RamilGaripov approved these changes

@leite08 leite08 Awaiting requested review from leite08 leite08 is a code owner

@Orta21 Orta21 Awaiting requested review from Orta21 Orta21 is a code owner

Assignees

@jonahkaye jonahkaye

Labels
released on @develop released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jonahkaye @Goncharo @RamilGaripov