bulk_data_test_kit 0.12.0 → 0.12.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d4f7ca4af64076b35b17e35cde95ed92208d98cecb76053821e28e0bf946aee
-  data.tar.gz: 8e5960c4a3a0049b1c2aa81dbed7a1ad4650d69e5f417310f5a5dd2a263b65e4
+  metadata.gz: 4eacd2aaf76d78362df7d5c38ed1bc0fa9442f0e0220b7f313c7f010e65a3862
+  data.tar.gz: 6c6f356e9498f9ec75d867519ffe1a68816ec3b84a5c6717e6013c97b23a02a8
 SHA512:
-  metadata.gz: f4a8b6e4bfcdd3bfb52a5d5f685139c97beb03bedbfbde6d24eea782d9615fe5b6ca384c0a96286b9b5e1c03ad25526c92b42a41089789334260817ebc4f0108
-  data.tar.gz: 954254a8203f840fa52f723895082f5187311340812fa422a3d920e559742f96e3c5cc8d28b16f4a9b3b8e9efc216b2cbaf74b247f9072e8acd69a9e1bdf7283
+  metadata.gz: 324e9ecabb57d015668492caa5aa0c2fc2111aaaf240a9ea5de4219ba44e04c79bd71c373c5baa0a5109eebbf4b8807fdd2a7d98f3b8e5a91fd62bb31a123fd2
+  data.tar.gz: 44128142c560c2e64d099233fddfbdcf8c0a2a123dae07f0ffd2114b18f40dbfd48a7db8ea5a9d66c372e08d7de764dbeb27abf0b67da76e6714cdad20fd62ad

data/lib/bulk_data_test_kit/v1.0.1/bulk_data_valid_resources_test.rb

@@ -18,6 +18,7 @@ module BulkDataTestKit
         number of error messages it will display to 20.
       DESCRIPTION
 
+      input :smart_auth_info, type: :auth_info
       input :status_output
       input :requires_access_token
 

data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_auth_verification_group.rb

@@ -0,0 +1,19 @@
+require 'smart_app_launch_test_kit'
+require_relative 'bulk_data_client_token_verification_test'
+
+module BulkDataTestKit
+  module BulkDataV200Client
+    class BulkClientDataAuthVerification < Inferno::TestGroup
+      id :bulk_data_client_auth_verification
+      title 'Review Authentication Interactions'
+      run_as_group
+
+      test from: :bulk_data_client_token_smart_bsca_verification
+      test from: :smart_client_token_use_verification,
+           config: {
+             options: { access_request_tags: [KICKOFF_TAG, STATUS_TAG, OUTPUT_TAG, DELETE_TAG] }
+           }
+
+    end
+  end
+end

data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_registration_group.rb

@@ -0,0 +1,13 @@
+require 'smart_app_launch_test_kit'
+
+module BulkDataTestKit
+  module BulkDataV200Client
+    class BulkClientDataRegistration < Inferno::TestGroup
+      id :bulk_data_client_registration
+      title 'Client Registration'
+      run_as_group
+
+      test from: :smart_client_registration_bsca_verification
+    end
+  end
+end

data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_test_suite.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'smart_app_launch_test_kit'
 
 require_relative '../version'
 require_relative 'tags'
@@ -11,7 +12,9 @@ require_relative 'endpoints/kick_off'
 require_relative 'endpoints/output'
 require_relative 'endpoints/status'
 
+require_relative 'bulk_data_client_registration_group'
 require_relative 'bulk_data_client_export_group'
+require_relative 'bulk_data_client_auth_verification_group'
 
 module BulkDataTestKit
   module BulkDataV200Client
@@ -41,10 +44,6 @@ module BulkDataTestKit
         }
       ]
 
-      input :access_token,
-            title: 'Access Token',
-            description: 'The access token that will be included in all client requests during testing.'
-
       input :export_type,
             title: 'Export Type',
             description: 'The export endpoint type to test against.',
@@ -92,6 +91,12 @@ module BulkDataTestKit
               ]
             }
 
+      # SMART Backend Services server simulation
+      route(:get, SMARTAppLaunch::SMART_DISCOVERY_PATH, lambda { |_env|
+        SMARTAppLaunch::MockSMARTServer.smart_server_metadata(id)
+      })
+      suite_endpoint :post, SMARTAppLaunch::TOKEN_PATH, SMARTAppLaunch::MockSMARTServer::TokenEndpoint
+
       suite_endpoint :get, PATIENT_KICKOFF_ROUTE, Endpoints::KickOff
       suite_endpoint :get, GROUP_KICKOFF_ROUTE, Endpoints::KickOff
       suite_endpoint :get, SYSTEM_KICKOFF_ROUTE, Endpoints::KickOff
@@ -103,7 +108,9 @@ module BulkDataTestKit
         request.query_parameters['id']
       end
 
+      group from: :bulk_data_client_registration
       group from: :bulk_data_client_export_group
+      group from: :bulk_data_client_auth_verification
     end
   end
 end

data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_token_verification_test.rb

@@ -0,0 +1,14 @@
+require 'smart_app_launch_test_kit'
+
+module BulkDataTestKit
+  module BulkDataV200Client
+    class BulkClientDataTokenSMARTConfidentialAsymmetricVerification <
+      SMARTAppLaunch::SMARTClientTokenRequestBackendServicesConfidentialAsymmetricVerification
+      id :bulk_data_client_token_smart_bsca_verification
+
+      def client_suite_id
+        BulkDataClientTestSuite.id
+      end
+    end
+  end
+end

data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_wait_test.rb

@@ -13,11 +13,17 @@ module BulkDataTestKit
 
       id :bulk_data_client_wait
 
-      input :access_token, :export_type, :group_id
+      input :client_id,
+          title: 'Client Id',
+          type: 'text',
+          optional: true,
+          locked: true,
+          description: SMARTAppLaunch::INPUT_CLIENT_ID_DESCRIPTION_LOCKED
+      input :export_type, :group_id
 
       run do
         wait(
-          identifier: access_token,
+          identifier: client_id,
           message: %(
             Perform a **#{export_type}** endpoint type bulk export kick-off using the following base URL:
 
@@ -25,7 +31,8 @@ module BulkDataTestKit
 
             #{export_type == GROUP_EXPORT_TYPE ? "Ensure the Group ID is set to **#{group_id}**." : ''}
 
-            Include the following bearer access token with all requests: **#{access_token}**
+            Use client id `#{client_id}` to obtain a backend services access token from the SMART authorization
+            server for this FHIR server and include the access token on all subsequent requests.
 
             After the kick-off is made, subsequent status request(s) (using the URL provided in the response
             to the kick-off request), a download request (using the URL provided in the response to
@@ -34,7 +41,7 @@ module BulkDataTestKit
             The entire request sequence will be recorded and verified to check conformance to the
             [Bulk Data IG](https://build.fhir.org/ig/HL7/bulk-data/export.html#sequence-overview).
 
-            [Click here](#{resume_pass_url}?id=#{access_token}) when finished.
+            [Click here](#{resume_pass_url}?id=#{client_id}) when finished.
           ),
           timeout: 900
         )

data/lib/bulk_data_test_kit/v2.0.0_client/docs/suite_description.md

@@ -13,20 +13,48 @@ requirements and may change the test verification logic.
 
 ### Quick Start
 
-Inferno needs to be able to identify when requests come from the client under test. Testers must provide a bearer access token that will be provided within the Authentication header (Bearer <token>) on all requests made to Inferno endpoints during the test. Inferno uses this information to associate the message with the test session and determine how to respond. How the token provided to Inferno is generated is up to the tester.
+Bulk data access requires the use of SMART Backend Services for authentication.
+In order to interact with Inferno's simulated bulk server, the tester must provide
+the JSON Web Key Set (JWKS) containing the asymmetric signing key in the
+**SMART JSON Web Key Set (JWKS)** input as either a URL that resolves
+to a JWKS or a raw JWKS in JSON format. Additionally, testers may provide
+a **Client Id** if they want their client assigned a specific one.
 
-Note: authentication options for these tests have not been finalized and are subject to change as the requirements evolve. If the implemented approach prevents you from using these tests, please provide feedback so the limitations can be addressed.
+Once the client has been registered, it will need to obtain an access token
+following the SMART Backend Services flow and use it when making bulk data requests.
+f the client is not able to obtain an access token, see the *Demonstration* section
+below for how to use the SMART server tests to obtain an access token that the client can use.
 
-### Sample Execution - Postman
+### Demonstration
 
 To try out these tests without a Bulk Data client implementation, you may
-run them using the [`Bulk Data Client - System Export Postman`](https://github.com/inferno-framework/bulk-data-test-kit/blob/main/lib/bulk_data_test_kit/v2.0.0_client/postman/collection.json) collection. This will kick-off an export, poll the status endpoint (respecting the `retry-after` header), download the first output result, and then delete the export.
+run them using
+- The SMART App Launch test suite to obtain an access token
+- The [`Bulk Data Client - System Export Postman`](https://github.com/inferno-framework/bulk-data-test-kit/blob/main/lib/bulk_data_test_kit/v2.0.0_client/postman/collection.json)
+  collection for making bulk data requests.
 
-To run client tests against this Postman collection:
+This collection includes requests to kick-off an export, poll the status endpoint
+(respecting the `retry-after` header), download the first output result, and then delete the export.
+
+To run the demonstration:
 1. Start an Inferno session of the Bulk Data Client test suite.
-2. Click the "Run All Tests" button in the upper right, enter any value (e.g. `SAMPLE_TOKEN`) as the access token, and select the "System Level Export" option for export type.
-3. Click the "Submit" button. The simulated server will start waiting for requests.
-4. Open Postman and import the relevant Postman collection.
-5. Set the `access_token` variable equal to the value entered in step 2 (the value is also displayed on the test modal in the Inferno UI for reference).
-6. Run the collection.
-7. Once the postman collection has run, click the "Click here" link in the Inferno wait dialog modal to evaluate the requests and generate the results.
+1. In a second tab, start an instance of the SMART App Launch STU2.2 test suite and select the "Demo: Run Against the SMART 
+   Client Suite (Confidential Asymmetric)" preset.
+1. Select the "Backend Services" group and click the "RUN TESTS" button, but don't run the tests yet.
+1. Back in the Bulk Data test session, click the "RUN ALL TESTS" button and fill in the following inputs
+   using the values from the SMART App Tests:
+   - **Client Id**: from the SMART **Client ID** input
+   - **SMART Confidential Asymmetric JSON Web Key Set (JWKS)**: from the "JWK Set URL" in the top of the open input
+     dialog in the SMART test session.
+1. Click the "Submit" button. The simulated server will start waiting for requests.
+1. Copy the base url that appears in the bulk data wait dialog and put it into the **FHIR Endpoint** input in the
+   SMART test session and click the "SUBMIT" button. The tests should complete with some failures and some passes.
+1. Copy the access token from the `bearer_token` output of test **3.2.06** "Authorization request response body
+   contains required information encoded in JSON".
+1. Open Postman and import the [Postman collection](https://github.com/inferno-framework/bulk-data-test-kit/blob/main/lib/bulk_data_test_kit/v2.0.0_client/postman/collection.json)
+   if not already done.
+1. Set the `access_token` variable equal to the value extracted from the SMART tests.
+1. Run the collection.
+1. Once the postman collection has run, click the "Click here" link in the Inferno wait dialog modal to evaluate the requests and generate the results.
+
+The tests should pass except for expected errors in the "Verify SMART Token Requests" test.

data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/delete.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'smart_app_launch_test_kit'
 
 module BulkDataTestKit
   module BulkDataV200Client
@@ -7,7 +8,11 @@ module BulkDataTestKit
         include ServerProxy
 
         def test_run_identifier
-          request.get_header('HTTP_AUTHORIZATION')&.split&.last
+          return request.params[:session_path] if request.params[:session_path].present?
+
+          SMARTAppLaunch::MockSMARTServer.issued_token_to_client_id(
+            request.headers['authorization']&.delete_prefix('Bearer ')
+          )
         end
 
         def make_response

data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/kick_off.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'smart_app_launch_test_kit'
 
 module BulkDataTestKit
   module BulkDataV200Client
@@ -8,7 +9,11 @@ module BulkDataTestKit
         include ServerProxy
 
         def test_run_identifier
-          request.get_header('HTTP_AUTHORIZATION')&.split&.last
+          return request.params[:session_path] if request.params[:session_path].present?
+
+          SMARTAppLaunch::MockSMARTServer.issued_token_to_client_id(
+            request.headers['authorization']&.delete_prefix('Bearer ')
+          )
         end
 
         # Proxy the request to the reference server, and re-use the returned '_jobId' as
@@ -29,11 +34,11 @@ module BulkDataTestKit
         def tags
           case request_type
           when PATIENT_EXPORT_TYPE
-            [PATIENT_KICKOFF_TAG]
+            [KICKOFF_TAG, PATIENT_KICKOFF_TAG]
           when GROUP_EXPORT_TYPE
-            [GROUP_KICKOFF_TAG]
+            [KICKOFF_TAG, GROUP_KICKOFF_TAG]
           when SYSTEM_EXPORT_TYPE
-            [SYSTEM_KICKOFF_TAG]
+            [KICKOFF_TAG, SYSTEM_KICKOFF_TAG]
           end
         end
 
@@ -54,7 +59,14 @@ module BulkDataTestKit
         end
 
         def request_type
-          (request.params[:type] || SYSTEM_EXPORT_TYPE).titleize
+          path_component_before_export = request.path_info.split('/')[-2].downcase
+          if path_component_before_export == 'fhir'
+            SYSTEM_EXPORT_TYPE
+          elsif path_component_before_export == 'patient'
+            PATIENT_EXPORT_TYPE
+          else
+            GROUP_EXPORT_TYPE
+          end
         end
 
         def group_id

data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/output.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'smart_app_launch_test_kit'
 
 module BulkDataTestKit
   module BulkDataV200Client
@@ -7,7 +8,11 @@ module BulkDataTestKit
         include ServerProxy
 
         def test_run_identifier
-          request.get_header('HTTP_AUTHORIZATION')&.split&.last
+          return request.params[:session_path] if request.params[:session_path].present?
+
+          SMARTAppLaunch::MockSMARTServer.issued_token_to_client_id(
+            request.headers['authorization']&.delete_prefix('Bearer ')
+          )
         end
 
         # Proxy the request to the reference server for a completed output file,

data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/status.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require 'smart_app_launch_test_kit'
 
 module BulkDataTestKit
   module BulkDataV200Client
@@ -8,7 +9,11 @@ module BulkDataTestKit
         include ServerProxy
 
         def test_run_identifier
-          request.get_header('HTTP_AUTHORIZATION')&.split&.last
+          return request.params[:session_path] if request.params[:session_path].present?
+
+          SMARTAppLaunch::MockSMARTServer.issued_token_to_client_id(
+            request.headers['authorization']&.delete_prefix('Bearer ')
+          )
         end
 
         # Proxy the request to the reference server using the same `_jobId`` we received

data/lib/bulk_data_test_kit/v2.0.0_client/tags.rb

@@ -3,6 +3,7 @@
 module BulkDataTestKit
   module BulkDataV200Client
     METADATA_TAG = 'bulk_data_metadata'
+    KICKOFF_TAG = 'bulk_data_kickoff'
     PATIENT_KICKOFF_TAG = 'bulk_data_kickoff_patient'
     GROUP_KICKOFF_TAG = 'bulk_data_kickoff_group'
     SYSTEM_KICKOFF_TAG = 'bulk_data_kickoff_system'

data/lib/bulk_data_test_kit/v2.0.0_client/urls.rb

@@ -4,8 +4,8 @@ module BulkDataTestKit
   module BulkDataV200Client
     RESUME_PASS_ROUTE = '/resume_pass'
     BASE_ROUTE = '/fhir'
-    PATIENT_KICKOFF_ROUTE = "#{BASE_ROUTE}/:type/$export".freeze
-    GROUP_KICKOFF_ROUTE = "#{BASE_ROUTE}/:type/:group_id/$export".freeze
+    PATIENT_KICKOFF_ROUTE = "#{BASE_ROUTE}/Patient/$export".freeze
+    GROUP_KICKOFF_ROUTE = "#{BASE_ROUTE}/Group/:group_id/$export".freeze
     SYSTEM_KICKOFF_ROUTE = "#{BASE_ROUTE}/$export".freeze
     STATUS_ROUTE = '/status/:job_id'
     OUTPUT_ROUTE = "#{BASE_ROUTE}/Binary/:binary_id".freeze
@@ -13,7 +13,7 @@ module BulkDataTestKit
     # URLs for use in Bulk Data Client tests and endpoints
     module URLs
       def base_url
-        "#{Inferno::Application['base_url']}/custom/bulk_data_v200_client"
+        "#{Inferno::Application['base_url']}/custom/#{suite_id}"
       end
 
       def resume_pass_url
@@ -31,6 +31,10 @@ module BulkDataTestKit
       def output_url
         base_url + OUTPUT_ROUTE
       end
+
+      def suite_id
+        BulkDataClientTestSuite.id
+      end
     end
   end
 end

data/lib/bulk_data_test_kit/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module BulkDataTestKit
-  VERSION = '0.12.0'
-  LAST_UPDATED = '2025-03-25'
+  VERSION = '0.12.2'
+  LAST_UPDATED = '2025-05-20'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bulk_data_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.12.2
 platform: ruby
 authors:
 - Inferno Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-25 00:00:00.000000000 Z
+date: 2025-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -112,16 +112,16 @@ dependencies:
   name: smart_app_launch_test_kit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.6.3
 - !ruby/object:Gem::Dependency
   name: tls_test_kit
   requirement: !ruby/object:Gem::Requirement
@@ -264,12 +264,15 @@ files:
 - lib/bulk_data_test_kit/v2.0.0/patient/bulk_data_patient_export_parameters_group.rb
 - lib/bulk_data_test_kit/v2.0.0/system_export/bulk_data_system_export_cancel_group.rb
 - lib/bulk_data_test_kit/v2.0.0/system_export/bulk_data_system_export_parameters_group.rb
+- lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_auth_verification_group.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_delete_test.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_export_group.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_kick_off_test.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_output_test.rb
+- lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_registration_group.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_status_test.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_test_suite.rb
+- lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_token_verification_test.rb
 - lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_wait_test.rb
 - lib/bulk_data_test_kit/v2.0.0_client/docs/suite_description.md
 - lib/bulk_data_test_kit/v2.0.0_client/endpoints/delete.rb