New post
AllAccepted answers
Ron Sweeney · Oct 21

Hi Luca,

Admittedly I am swimming in a pretty good amount of Kool Aid at the moment (by design) as I am attracted to solutions that check a lot of boxes in one full swoop (much like IRIS!), but one of the things I was attracted to in the eBPF space is the promise that it is more "lightweight" on resources and the promise was the "Death of the Sidecar" 

A: My pre answer with a little hand waving is, more efficient with the network stuff.

Layer 5 downloadward, less resource intensive.
Layer 7, more resource intensive... sidecar did not die here.

eBPF less intensive than Kube Proxy (iptables) uses sequential processing (isovalent benched this and stands by it).

Wish I could have looked over your shoulder in the Sysdig eval to see what you were experiencing, if you could paraphrase it and send it my way, Ill take it to the booth.

Will circle back to this after KubeCon next month and see if I can get you a real answer backed with my own evaluation, Im a meeting or two away from Tetragon Enterprise eval too, and setup on bare metal so Ill add it to the take aways to get my moneys worth.
 

Ron Sweeney · Jul 29

Hi Adam,

Consider setting up a rule in your pipeline, so that it only executes if you merge to a particular branch.  I know your use case seems to be "PR approval" not merge, but the below rule will only execute on merges to main.

There are other free variables in the pipeline to maybe accomplish what you want.
 

  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'`

This is a very good post on the subject that is exhaustive you may want to checkout:

https://community.intersystems.com/post/continuous-delivery-your-intersy...

variables:
  SESSION_NAME:
    value: "IRIS"
  NAMESPACE:
    value: "ACME"

stages:
  - deploy

deploy main:
  stage: deploy
  tags:
    - dev
  before_script:
    - export WORKING_DIR=$(pwd)
  script:
    - echo "Initializing ACME CI/CD Build DEV..."
    - echo "Deploying code ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} branch to instance..."
    - |
      /usr/bin/irissession ${SESSION_NAME} <<EODEPLOY
      ${IrisUser}
      ${IrisPass}
      zn "${NAMESPACE}"
      w ##class(%SYSTEM.OBJ).LoadDir("${WORKING_DIR}/src","ck",,1)
      set sc = ##class(Ens.Director).UpdateProduction()
      EOFDEPLOY
  rules:
    # only runs if merged to main
    - if: '$CI_COMMIT_BRANCH == "main"'
Ron Sweeney · Jun 4

Reduced the backup list to mvd  for a quick test...

*** The time is: 2024-06-04 16:03:43 ***

              InterSystems IRIS Backup Utility
              --------------------------------
Performing a Full backup.
Backing up to device: /media/FullDBList_20240604_001.cbk
Description
Full backup of all databases that are in the backup database list.

WARNING - the following directories could not be backed up
 /data/IRIS/mgr/mvd/ Multi-volume database not supported


Nothing to Backup

I agree its a big feature with a lot of edges

Ron Sweeney · May 16

I use these globals to take a peak at the calls:

	zn "YOURFHIRNAMESPACE"
	Set ^FSLogChannel("all")=1
    zn "%SYS"
    Kill ^%ISCLOG 
	Kill ^ISCLOG 
	Set ^%ISCLOG=5 
	Set ^%ISCLOG("Category","HSFHIR")=5 
	Set ^%ISCLOG("Category","HSFHIRServer")=5 
	Set ^%ISCLOG("Category","OAuth2")=5 
	Set ^%ISCLOG("Category","OAuth2Server")=5

then
 

zw ^FSLOG

in the fhir namespace.

Shows the route, params and helpful with oauth2/SMART where the route has to match the patientid in the token.
 

Ron Sweeney · Mar 22

Michael, if you drop the generated token into https://jwt.io, does Okta have the the list of scopes in an `scp` parameter?

I recall having to do something like this in an Interaction Strategy to get ValidateToken() to work with Okta, wondering if the same is necessary for ValidateJWT().

 

		Do JWTObj.%Set("client_id", OktaJWTObj.cid)
        Do JWTObj.%Set("scope",OktaJWTObj.scp)
Ron Sweeney · Mar 8

Great discussion/question...

Disadvantages that come to mind:

  • support of $all operation is on the patient resource
  • yet another resource to consider for merges and outside of newer ops like $merge
  • "RelatedPerson" is built on a codified Relationship type you should ensure meets the use case.
  • Patient has a relationship that rolls up to the Account object (guarantor), Person does not.

In general on the mapping of known classifications implemented in our practices:

Account = Guarantor
Patient = A "Person" with at least one: visit or encounter or claim or social need/fulfillment.
Person = Established identity with no visits or encounter, used for proxy access to records, not tied to the account , but exists for oauth2 scopes.
RelatedPersons = known children or persons without workload relevance. (use this in SDOH heavily)

As an example of our lastest use case of the Person resources:

Social needs web wizard, that collected QuestionairreResource responses and tied them to a "Person" as the identity was not proofed until contact was met with the "Person" by the Social Navigator.  Upon contact, a more formal "Patient" record was created to attach the ServiceRequest to.

hope some of that helps, mostly brain dumping here...

Ron Sweeney · Mar 6

This illustrates a particular subject that seems to be getting some traction in the FHIR community as a "FHIR Interceptor"... personally I have implemented this competency using an api manager (Kong, API Gateway) through an integration layer (function) prior to hitting IRIS which works but splits the business logic in two differnet places.

Your way here keeps the "intercepts" in IRIS and the resource server which I like.

Here is the "intercept layer" concept ablaze: https://darrendevitt.com/building-a-fhir-intercept-layer/ 

Ron Sweeney · Feb 29

This is ridiculously good work, the implementation of the custom operation and the fact it is a patient merge is fantastic.  I have found native object de-duping, deepdiff, and two line list de-duping in python to be a way to quickly get to the point with FHIR Resource pair manipulation. 

Thank you for taking the time on this, most likely going to have to read it a few times and load it up on my eReader.

One thing I'd add to tips and tricks from something I stole from someone somewhere:

     zn "<FHIRNAMESPACE>"	
    Set ^FSLogChannel("all")=1
    zn "%SYS"
    Kill ^%ISCLOG 
	Set ^%ISCLOG=5 
	Set ^%ISCLOG("Category","HSFHIR")=5 
	Set ^%ISCLOG("Category","HSFHIRServer")=5 
	Set ^%ISCLOG("Category","OAuth2")=5 
	Set ^%ISCLOG("Category","OAuth2Server")=5

Seems to give up a good mix of  token processing and fhir calls debuggery.
 

Ron Sweeney · Aug 22, 2023

Thats really good work, even follows the adapter guidelines.  Pointing the community your way before preceding down the post.

Looks like my process for pre-post searches to look for duplicate content needs a re-think:

https://community.intersystems.com/smartsearch?search=dbt

https://openexchange.intersystems.com/?search=dbt&sort=r

These were goose eggs, so I proceeded down the path... however glad I played with duckdb and the plugins anyway.

Ron Sweeney · Oct 7, 2022

@Regilo Regilio Guedes de Souza , late 2020 dropbox deprecated long lived tokens , and went to a refresh_token approach instead.  If you use the dropbox sdk the transition gets handled for you, but if not (and pretty sure we do not), what it entails is adding `token_access_type=offline` to the token request... this may need to be included a little deeper under the hood.

I see the MFT api has "IsAuthorized()" so it would be possible to do a check before hand in a process and manually invoke something, but I dont see the magic behind the UI's "GetAccessToken" in the UI.

Ill keep you posted!

 

Ron Sweeney · Jul 13, 2022

This is a great resource, nice work and a top chapter in this series for sure.

There seems to be different ways to approach declared IRIS state by codifying things, you can codify the exported objects and import them or like you mentioned, use the installer method that builds things as code.... which I have had pretty good success with in the past, like Tasks below.

<Method name="CreateClaims">
<ClassMethod>1</ClassMethod>
<FormalSpec>pVars,pLogLevel,tInstaller</FormalSpec>
<ReturnType>%Status</ReturnType>
<Implementation><![CDATA[


Set configItems = $LISTBUILD(

$LISTBUILD(1,
"Return payload from customer",
"create 835 from adjudicated claims",
"NS.Package.Task.CreateClaim")


for i = 1:1:$LISTLENGTH(configItems) {

    Set item = $LISTGET(configItems, i)
    Set Task=##Class(%SYS.Task).%OpenId($LISTGET(item,1))

    if 'Task {

        Set Task = ##Class(%SYS.Task).%New()
        Set Task.Name = $LISTGET(item,2)
        Set Task.Description = $LISTGET(item,3)
        Set Task.NameSpace = "USER"
        Set Task.Type = 2
        Set Task.TaskClass= $LISTGET(item,4)
        Set Task.TimePeriod = 5
        Do Task.idSet($LISTGET(item,1))
        Set Task.RunAsUser = "intersystems"
        Set status=Task.%Save()
        $$$ThrowOnError(status)

    }

}

]]></Implementation>
</Method>
Ron Sweeney · Apr 11, 2022

In the FHIR Accelerator you can head to "Data Management -> Bundle Operations" and find sample scenarios in there.  At the end of the day theses are bundles generated by Synthea so you can upload populations you create from that tool directly in for your use.  If you want some help generating a specific population give us a hint and can help with that during that hack.