New post
AllAccepted answers
sween · Mar 3

Thank you for getting this out there, has been super frustrating understanding some of these errors while using these drivers with the promise of DB-API.  At least the distribution has gone public with maven, pypi, etc as a step in the right direction and hopefully will help things, especially with the drivers being the "front door" to alot of the cloud offerings.

The alchemy workaround for compatibility is especially great.

sween · Oct 21, 2024

Hi Luca,

Admittedly I am swimming in a pretty good amount of Kool Aid at the moment (by design) as I am attracted to solutions that check a lot of boxes in one full swoop (much like IRIS!), but one of the things I was attracted to in the eBPF space is the promise that it is more "lightweight" on resources and the promise was the "Death of the Sidecar" 

A: My pre answer with a little hand waving is, more efficient with the network stuff.

Layer 5 downloadward, less resource intensive.
Layer 7, more resource intensive... sidecar did not die here.

eBPF less intensive than Kube Proxy (iptables) uses sequential processing (isovalent benched this and stands by it).

Wish I could have looked over your shoulder in the Sysdig eval to see what you were experiencing, if you could paraphrase it and send it my way, Ill take it to the booth.

Will circle back to this after KubeCon next month and see if I can get you a real answer backed with my own evaluation, Im a meeting or two away from Tetragon Enterprise eval too, and setup on bare metal so Ill add it to the take aways to get my moneys worth.
 

sween · Jul 29, 2024

Hi Adam,

Consider setting up a rule in your pipeline, so that it only executes if you merge to a particular branch.  I know your use case seems to be "PR approval" not merge, but the below rule will only execute on merges to main.

There are other free variables in the pipeline to maybe accomplish what you want.
 

  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'`

This is a very good post on the subject that is exhaustive you may want to checkout:

https://community.intersystems.com/post/continuous-delivery-your-intersy...

variables:
  SESSION_NAME:
    value: "IRIS"
  NAMESPACE:
    value: "ACME"

stages:
  - deploy

deploy main:
  stage: deploy
  tags:
    - dev
  before_script:
    - export WORKING_DIR=$(pwd)
  script:
    - echo "Initializing ACME CI/CD Build DEV..."
    - echo "Deploying code ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} branch to instance..."
    - |
      /usr/bin/irissession ${SESSION_NAME} <<EODEPLOY
      ${IrisUser}
      ${IrisPass}
      zn "${NAMESPACE}"
      w ##class(%SYSTEM.OBJ).LoadDir("${WORKING_DIR}/src","ck",,1)
      set sc = ##class(Ens.Director).UpdateProduction()
      EOFDEPLOY
  rules:
    # only runs if merged to main
    - if: '$CI_COMMIT_BRANCH == "main"'
sween · Jun 4, 2024

Reduced the backup list to mvd  for a quick test...

*** The time is: 2024-06-04 16:03:43 ***

              InterSystems IRIS Backup Utility
              --------------------------------
Performing a Full backup.
Backing up to device: /media/FullDBList_20240604_001.cbk
Description
Full backup of all databases that are in the backup database list.

WARNING - the following directories could not be backed up
 /data/IRIS/mgr/mvd/ Multi-volume database not supported


Nothing to Backup

I agree its a big feature with a lot of edges

sween · May 16, 2024

I use these globals to take a peak at the calls:

	zn "YOURFHIRNAMESPACE"
	Set ^FSLogChannel("all")=1
    zn "%SYS"
    Kill ^%ISCLOG 
	Kill ^ISCLOG 
	Set ^%ISCLOG=5 
	Set ^%ISCLOG("Category","HSFHIR")=5 
	Set ^%ISCLOG("Category","HSFHIRServer")=5 
	Set ^%ISCLOG("Category","OAuth2")=5 
	Set ^%ISCLOG("Category","OAuth2Server")=5

then
 

zw ^FSLOG

in the fhir namespace.

Shows the route, params and helpful with oauth2/SMART where the route has to match the patientid in the token.
 

sween · Mar 22, 2024

Michael, if you drop the generated token into https://jwt.io, does Okta have the the list of scopes in an `scp` parameter?

I recall having to do something like this in an Interaction Strategy to get ValidateToken() to work with Okta, wondering if the same is necessary for ValidateJWT().

 

		Do JWTObj.%Set("client_id", OktaJWTObj.cid)
        Do JWTObj.%Set("scope",OktaJWTObj.scp)
sween · Mar 8, 2024

Great discussion/question...

Disadvantages that come to mind:

  • support of $all operation is on the patient resource
  • yet another resource to consider for merges and outside of newer ops like $merge
  • "RelatedPerson" is built on a codified Relationship type you should ensure meets the use case.
  • Patient has a relationship that rolls up to the Account object (guarantor), Person does not.

In general on the mapping of known classifications implemented in our practices:

Account = Guarantor
Patient = A "Person" with at least one: visit or encounter or claim or social need/fulfillment.
Person = Established identity with no visits or encounter, used for proxy access to records, not tied to the account , but exists for oauth2 scopes.
RelatedPersons = known children or persons without workload relevance. (use this in SDOH heavily)

As an example of our lastest use case of the Person resources:

Social needs web wizard, that collected QuestionairreResource responses and tied them to a "Person" as the identity was not proofed until contact was met with the "Person" by the Social Navigator.  Upon contact, a more formal "Patient" record was created to attach the ServiceRequest to.

hope some of that helps, mostly brain dumping here...

sween · Mar 6, 2024

This illustrates a particular subject that seems to be getting some traction in the FHIR community as a "FHIR Interceptor"... personally I have implemented this competency using an api manager (Kong, API Gateway) through an integration layer (function) prior to hitting IRIS which works but splits the business logic in two differnet places.

Your way here keeps the "intercepts" in IRIS and the resource server which I like.

Here is the "intercept layer" concept ablaze: https://darrendevitt.com/building-a-fhir-intercept-layer/ 

sween · Feb 29, 2024

This is ridiculously good work, the implementation of the custom operation and the fact it is a patient merge is fantastic.  I have found native object de-duping, deepdiff, and two line list de-duping in python to be a way to quickly get to the point with FHIR Resource pair manipulation. 

Thank you for taking the time on this, most likely going to have to read it a few times and load it up on my eReader.

One thing I'd add to tips and tricks from something I stole from someone somewhere:

     zn "<FHIRNAMESPACE>"	
    Set ^FSLogChannel("all")=1
    zn "%SYS"
    Kill ^%ISCLOG 
	Set ^%ISCLOG=5 
	Set ^%ISCLOG("Category","HSFHIR")=5 
	Set ^%ISCLOG("Category","HSFHIRServer")=5 
	Set ^%ISCLOG("Category","OAuth2")=5 
	Set ^%ISCLOG("Category","OAuth2Server")=5

Seems to give up a good mix of  token processing and fhir calls debuggery.
 

sween · Aug 22, 2023

Thats really good work, even follows the adapter guidelines.  Pointing the community your way before preceding down the post.

Looks like my process for pre-post searches to look for duplicate content needs a re-think:

https://community.intersystems.com/smartsearch?search=dbt

https://openexchange.intersystems.com/?search=dbt&sort=r

These were goose eggs, so I proceeded down the path... however glad I played with duckdb and the plugins anyway.

sween · Oct 7, 2022

@Regilo Regilio Guedes de Souza , late 2020 dropbox deprecated long lived tokens , and went to a refresh_token approach instead.  If you use the dropbox sdk the transition gets handled for you, but if not (and pretty sure we do not), what it entails is adding `token_access_type=offline` to the token request... this may need to be included a little deeper under the hood.

I see the MFT api has "IsAuthorized()" so it would be possible to do a check before hand in a process and manually invoke something, but I dont see the magic behind the UI's "GetAccessToken" in the UI.

Ill keep you posted!