test: added validation to stress test and mocks for entici and gpas

miracum · Nov 25, 2023 · 24dcbd5 · 24dcbd5
1 parent c44f759
commit 24dcbd5
Show file tree

Hide file tree

Showing 7 changed files with 154 additions and 5 deletions.
diff --git a/compose.dev.yaml b/compose.dev.yaml
@@ -76,6 +76,30 @@ services:
       # Http2-only for plaintext gRPC
       - "127.0.0.1:8081:8081"
 
+  gpas-entici-mock:
+    image: docker.io/mockserver/mockserver:5.15.0@sha256:0f9ef78c94894ac3e70135d156193b25e23872575d58e2228344964273b4af6b
+    ipc: none
+    security_opt:
+      - "no-new-privileges:true"
+    cap_drop:
+      - ALL
+    privileged: false
+    deploy:
+      resources:
+        limits:
+          memory: 512m
+          cpus: "1"
+        reservations:
+          memory: 512m
+          cpus: "1"
+    environment:
+      MOCKSERVER_INITIALIZATION_JSON_PATH: /config/initializer.json
+      MOCKSERVER_WATCH_INITIALIZATION_JSON: "true"
+    ports:
+      - 127.0.0.1:1080:1080
+    volumes:
+      - ./hack/mocks:/config:ro
+
   keycloak:
     image: quay.io/keycloak/keycloak:22.0.5@sha256:bfa8852e52c279f0857fe8da239c0ad6bbd2cc07793a28a6770f7e24c1e25444
     restart: unless-stopped

diff --git a/hack/mocks/README.md b/hack/mocks/README.md
@@ -0,0 +1,12 @@
+# Generating MockServer's initialization config
+
+Because it's easier to read, the initializers are managed as YAML and converted to JSON
+for MockServer.
+
+Run:
+
+```sh
+yq -o json hack/mocks/initializer.yaml > hack/mocks/initializer.json
+```
+
+to convert.
diff --git a/hack/mocks/initializer.json b/hack/mocks/initializer.json
@@ -0,0 +1,24 @@
+[
+  {
+    "id": "gpas-pseudonymize",
+    "httpRequest": {
+      "method": "POST",
+      "path": "/ttp-fhir/fhir/gpas/$pseudonymizeAllowCreate"
+    },
+    "httpResponseTemplate": {
+      "templateType": "VELOCITY",
+      "template": "{\n  \"body\": {\n    \"resourceType\": \"Parameters\",\n    \"parameter\": [\n      {\n        \"name\": \"pseudonym\",\n        \"part\": [\n          {\n            \"name\": \"original\",\n            \"valueIdentifier\": {\n              \"system\": \"https://ths-greifswald.de/gpas\",\n              \"value\": \"test\"\n            }\n          },\n          {\n            \"name\": \"target\",\n            \"valueIdentifier\": {\n              \"system\": \"https://ths-greifswald.de/gpas\",\n              \"value\": \"benchmark\"\n            }\n          },\n          {\n            \"name\": \"pseudonym\",\n            \"valueIdentifier\": {\n              \"system\": \"https://ths-greifswald.de/gpas\",\n              #set($jsonBody = $json.parse($!request.body))\n              #set($originalValue = \"\")\n              #foreach($parameter in $jsonBody.parameter)\n                  #if($parameter.name == 'original')\n                      #set($originalValue = $parameter.valueString)\n                  #end\n              #end\n              \"value\": \"pseuded-$originalValue\"\n            }\n          }\n        ]\n      }\n    ]\n  }\n}\n"
+    }
+  },
+  {
+    "id": "entici-pseudonymize",
+    "httpRequest": {
+      "method": "POST",
+      "path": "/entici/$pseudonymize"
+    },
+    "httpResponseTemplate": {
+      "templateType": "VELOCITY",
+      "template": "{\n  \"body\": {\n    \"resourceType\": \"Parameters\",\n    \"parameter\": [\n      {\n        \"name\": \"pseudonym\",\n        \"valueIdentifier\": {\n          \"use\": \"secondary\",\n          \"system\": \"urn:fdc:difuture.de:trustcenter.plain\",\n          #set($jsonBody = $json.parse($!request.body))\n            #set($originalValue = \"\")\n            #foreach($parameter in $jsonBody.parameter)\n              #if($parameter.name == 'identifier')\n                #set($originalValue = $parameter.valueIdentifier.value)\n              #end\n            #end\n          \"value\": \"pseuded-$originalValue\"\n        }\n      }\n    ]\n  }\n}\n"
+    }
+  }
+]
diff --git a/hack/mocks/initializer.yaml b/hack/mocks/initializer.yaml
@@ -0,0 +1,76 @@
+- id: gpas-pseudonymize
+  httpRequest:
+    method: POST
+    path: /ttp-fhir/fhir/gpas/$pseudonymizeAllowCreate
+  httpResponseTemplate:
+    templateType: VELOCITY
+    template: |
+      {
+        "body": {
+          "resourceType": "Parameters",
+          "parameter": [
+            {
+              "name": "pseudonym",
+              "part": [
+                {
+                  "name": "original",
+                  "valueIdentifier": {
+                    "system": "https://ths-greifswald.de/gpas",
+                    "value": "test"
+                  }
+                },
+                {
+                  "name": "target",
+                  "valueIdentifier": {
+                    "system": "https://ths-greifswald.de/gpas",
+                    "value": "benchmark"
+                  }
+                },
+                {
+                  "name": "pseudonym",
+                  "valueIdentifier": {
+                    "system": "https://ths-greifswald.de/gpas",
+                    #set($jsonBody = $json.parse($!request.body))
+                    #set($originalValue = "")
+                    #foreach($parameter in $jsonBody.parameter)
+                        #if($parameter.name == 'original')
+                            #set($originalValue = $parameter.valueString)
+                        #end
+                    #end
+                    "value": "pseuded-$originalValue"
+                  }
+                }
+              ]
+            }
+          ]
+        }
+      }
+- id: entici-pseudonymize
+  httpRequest:
+    method: POST
+    path: /entici/$pseudonymize
+  httpResponseTemplate:
+    templateType: VELOCITY
+    template: |
+      {
+        "body": {
+          "resourceType": "Parameters",
+          "parameter": [
+            {
+              "name": "pseudonym",
+              "valueIdentifier": {
+                "use": "secondary",
+                "system": "urn:fdc:difuture.de:trustcenter.plain",
+                #set($jsonBody = $json.parse($!request.body))
+                  #set($originalValue = "")
+                  #foreach($parameter in $jsonBody.parameter)
+                    #if($parameter.name == 'identifier')
+                      #set($originalValue = $parameter.valueIdentifier.value)
+                    #end
+                  #end
+                "value": "pseuded-$originalValue"
+              }
+            }
+          ]
+        }
+      }
diff --git a/src/FhirPseudonymizer.StressTests/StressTests.cs b/src/FhirPseudonymizer.StressTests/StressTests.cs
@@ -7,6 +7,8 @@
 using Microsoft.FSharp.Core;
 using NBomber.Http;
 using Task = System.Threading.Tasks.Task;
+using System.Text;
+using System.Security.Cryptography;
 
 namespace FhirPseudonymizer.StressTests;
 
@@ -63,6 +65,11 @@ private async Task<Response<object>> RunPseudonymizeResource(IScenarioContext sc
             scenarioContext,
             run: async () =>
             {
+                var originalRecordNumber = Guid.NewGuid().ToString();
+                var inputAsBytes = Encoding.UTF8.GetBytes(originalRecordNumber);
+                var sha256Bytes = SHA256.HashData(inputAsBytes);
+                var expectedPseudonym = $"stress-{Convert.ToHexString(sha256Bytes)}";
+
                 var resource = new Patient()
                 {
                     Id = Guid.NewGuid().ToString(),
@@ -77,7 +84,7 @@ private async Task<Response<object>> RunPseudonymizeResource(IScenarioContext sc
                     },
                     Identifier = new()
                     {
-                        new("https://fhir.example.com/identifiers/mrn", Guid.NewGuid().ToString())
+                        new("https://fhir.example.com/identifiers/mrn", originalRecordNumber)
                         {
                             Type = new("http://terminology.hl7.org/CodeSystem/v2-0203", "MR"),
                         }
@@ -93,6 +100,12 @@ private async Task<Response<object>> RunPseudonymizeResource(IScenarioContext sc
                         new Dictionary<string, object> { ["stepContext"] = scenarioContext }
                     );
 
+                    var pseudonymizedPatient = response as Patient;
+
+                    pseudonymizedPatient.Should().NotBeNull();
+                    pseudonymizedPatient!.Identifier.Should().HaveCount(1);
+                    pseudonymizedPatient!.Identifier.First().Value.Should().Be(expectedPseudonym);
+
                     return Response.Ok(statusCode: "200");
                 }
                 catch (Exception exc)

diff --git a/src/FhirPseudonymizer/appsettings.Development.json b/src/FhirPseudonymizer/appsettings.Development.json
@@ -16,14 +16,14 @@
     "Enabled": true
   },
   "gPAS": {
-    "Url": "http://localhost:8080/ttp-fhir/fhir/gpas/",
+    "Url": "http://localhost:1080/ttp-fhir/fhir/gpas/",
     "Version": "2023.1.0"
   },
   "Vfps": {
     "Address": "dns:///localhost:8081"
   },
   "Entici": {
-    "Url": "http://localhost:8083/entici",
+    "Url": "http://localhost:1080/entici/$pseudonymize",
     "Auth": {
       "OAuth": {
         "TokenEndpoint": "",

diff --git a/tests/chaos/fhir-pseudonymizer-values.yaml b/tests/chaos/fhir-pseudonymizer-values.yaml
@@ -38,8 +38,8 @@ vfps:
             {
               "Name": "stress",
               "Description": "a namespace for stress testing",
-              "PseudonymGenerationMethod": "SecureRandomBase64UrlEncoded",
-              "PseudonymLength": 32,
+              "PseudonymGenerationMethod": "Sha256HexEncoded",
+              "PseudonymLength": 64,
               "PseudonymPrefix": "stress-"
             }
           ]