Release v0.14.0

Author: alexanderkiel

DEVELOPMENT.md

@@ -27,5 +27,5 @@ go test ./...
 ## Build Releases
 
 ```sh
-VERSION=0.13.1 ./build-releases.sh
+VERSION=0.14.0 ./build-releases.sh
 ```

README.md

@@ -16,13 +16,13 @@ blazectl is written in Go. All you need is a single binary which is available fo
 1. Download the latest release with the command:
 
    ```bash
-   curl -LO https://github.com/samply/blazectl/releases/download/v0.13.1/blazectl-0.13.1-linux-amd64.tar.gz
+   curl -LO https://github.com/samply/blazectl/releases/download/v0.14.0/blazectl-0.14.0-linux-amd64.tar.gz
    ```
 
 1. Untar the binary:
 
    ```bash
-   tar xzf blazectl-0.13.1-linux-amd64.tar.gz
+   tar xzf blazectl-0.14.0-linux-amd64.tar.gz
    ```
 
 1. Move the binary in to your PATH.
@@ -42,13 +42,13 @@ blazectl is written in Go. All you need is a single binary which is available fo
 1. Download the latest release with the command:
 
    ```bash
-   curl -LO https://github.com/samply/blazectl/releases/download/v0.13.1/blazectl-0.13.1-darwin-amd64.tar.gz
+   curl -LO https://github.com/samply/blazectl/releases/download/v0.14.0/blazectl-0.14.0-darwin-amd64.tar.gz
    ```
 
 1. Untar the binary:
 
    ```bash
-   tar xzf blazectl-0.13.1-darwin-amd64.tar.gz
+   tar xzf blazectl-0.14.0-darwin-amd64.tar.gz
    ```
 
 1. Move the binary in to your PATH.
@@ -69,13 +69,13 @@ blazectl is written in Go. All you need is a single binary which is available fo
 1. Download the latest release with the command:
 
    ```bash
-   curl -LO https://github.com/samply/blazectl/releases/download/v0.13.1/blazectl-0.13.1-darwin-arm64.tar.gz
+   curl -LO https://github.com/samply/blazectl/releases/download/v0.14.0/blazectl-0.14.0-darwin-arm64.tar.gz
    ```
 
 1. Untar the binary:
 
    ```bash
-   tar xzf blazectl-0.13.1-darwin-arm64.tar.gz
+   tar xzf blazectl-0.14.0-darwin-arm64.tar.gz
    ```
 
 1. Move the binary in to your PATH.
@@ -95,13 +95,13 @@ blazectl is written in Go. All you need is a single binary which is available fo
 1. Download the latest release with the command:
 
    ```bash
-   curl -LO https://github.com/samply/blazectl/releases/download/v0.13.1/blazectl-0.13.1-linux-arm64.tar.gz
+   curl -LO https://github.com/samply/blazectl/releases/download/v0.14.0/blazectl-0.14.0-linux-arm64.tar.gz
    ```
 
 1. Untar the binary:
 
    ```bash
-   tar xzf blazectl-0.13.1-linux-arm64.tar.gz
+   tar xzf blazectl-0.14.0-linux-arm64.tar.gz
    ```
 
 1. Move the binary in to your PATH.
@@ -145,18 +145,20 @@ Usage:
 Available Commands:
   completion       Generate the autocompletion script for the specified shell
   count-resources  Counts all resources by type
-  download         Download FHIR resources into an NDJSON file
+  download         Download FHIR resources in NDJSON format
   evaluate-measure Evaluates a Measure
   help             Help about any command
   upload           Upload transaction bundles
 
 Flags:
-  -h, --help              help for blazectl
-  -k, --insecure          allow insecure server connections when using SSL
-      --no-progress       don't show progress bar
-      --password string   password information for basic authentication
-      --user string       user information for basic authentication
-  -v, --version           version for blazectl
+      --certificate-authority string   path to a cert file for the certificate authority
+  -h, --help                           help for blazectl
+  -k, --insecure                       allow insecure server connections when using SSL
+      --no-progress                    don't show progress bar
+      --password string                password information for basic authentication
+      --token string                   bearer token for authentication
+      --user string                    user information for basic authentication
+  -v, --version                        version for blazectl
 
 Use "blazectl [command] --help" for more information about a command.
 ```
@@ -280,7 +282,7 @@ Procedure                :  418310
 
 ## License
 
-Copyright 2019 - 2023 The Samply Community
+Copyright 2019 - 2024 The Samply Community
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 
@@ -290,7 +292,7 @@ Unless required by applicable law or agreed to in writing, software distributed
 
 [1]: <http://docs.simplifier.net/vonkloader/>
 [2]: <https://github.com/synthetichealth/uploader>
-[3]: <https://github.com/samply/blazectl/releases/download/v0.13.1/blazectl-0.13.1-windows-amd64.zip>
+[3]: <https://github.com/samply/blazectl/releases/download/v0.14.0/blazectl-0.14.0-windows-amd64.zip>
 [4]: <https://github.com/samply/blaze>
 [5]: <https://github.com/synthetichealth/synthea>
 [6]: <https://github.com/tsenart/vegeta>

cmd/countResources_test.go

@@ -68,7 +68,7 @@ func TestFetchResourcesTotal(t *testing.T) {
 	defer ts.Close()
 
 	baseURL, _ := url.ParseRequestURI(ts.URL)
-	client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+	client := fhir.NewClient(*baseURL, nil)
 	result, err := fetchResourcesTotal(client, []fm.ResourceType{fm.ResourceTypePatient})
 	if err != nil {
 		t.Error(err)

cmd/download_test.go

@@ -33,7 +33,7 @@ func TestDownloadResources(t *testing.T) {
 
 	t.Run("RequestToFHIRServerFails", func(t *testing.T) {
 		baseURL, _ := url.ParseRequestURI("http://localhost")
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)
@@ -53,7 +53,7 @@ func TestDownloadResources(t *testing.T) {
 		defer server.Close()
 
 		baseURL, _ := url.ParseRequestURI(server.URL)
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)
@@ -73,7 +73,7 @@ func TestDownloadResources(t *testing.T) {
 		defer server.Close()
 
 		baseURL, _ := url.ParseRequestURI(server.URL)
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)
@@ -105,7 +105,7 @@ func TestDownloadResources(t *testing.T) {
 		defer server.Close()
 
 		baseURL, _ := url.ParseRequestURI(server.URL)
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)
@@ -168,7 +168,7 @@ func TestDownloadResources(t *testing.T) {
 		defer server.Close()
 
 		baseURL, _ := url.ParseRequestURI(server.URL)
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)
@@ -209,7 +209,7 @@ func TestDownloadResources(t *testing.T) {
 		defer server.Close()
 
 		baseURL, _ := url.ParseRequestURI(server.URL)
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)
@@ -290,7 +290,7 @@ func TestDownloadResources(t *testing.T) {
 		server.Start()
 
 		baseURL, _ := url.ParseRequestURI(server.URL)
-		client := fhir.NewClient(*baseURL, fhir.ClientAuth{})
+		client := fhir.NewClient(*baseURL, nil)
 
 		var bundles int
 		bundleChannel := make(chan downloadBundle)

cmd/root.go

@@ -24,8 +24,10 @@ import (
 
 var server string
 var disableTlsSecurity bool
+var caCert string
 var basicAuthUser string
 var basicAuthPassword string
+var bearerToken string
 var noProgress bool
 
 var client *fhir.Client
@@ -36,15 +38,29 @@ func createClient() error {
 		return fmt.Errorf("could not parse server's base URL: %v", err)
 	}
 
-	clientAuth := fhir.ClientAuth{BasicAuthUser: basicAuthUser, BasicAuthPassword: basicAuthPassword}
 	if disableTlsSecurity {
-		client = fhir.NewClientInsecure(*fhirServerBaseUrl, clientAuth)
+		client = fhir.NewClientInsecure(*fhirServerBaseUrl, clientAuth())
+	} else if caCert != "" {
+		client, err = fhir.NewClientCa(*fhirServerBaseUrl, clientAuth(), caCert)
+		if err != nil {
+			return err
+		}
 	} else {
-		client = fhir.NewClient(*fhirServerBaseUrl, clientAuth)
+		client = fhir.NewClient(*fhirServerBaseUrl, clientAuth())
 	}
 	return nil
 }
 
+func clientAuth() fhir.Auth {
+	if basicAuthUser != "" && basicAuthPassword != "" {
+		return fhir.BasicAuth{User: basicAuthUser, Password: basicAuthPassword}
+	} else if bearerToken != "" {
+		return fhir.TokenAuth{Token: bearerToken}
+	} else {
+		return nil
+	}
+}
+
 // rootCmd represents the base command when called without any subcommands
 var rootCmd = &cobra.Command{
 	Use:   "blazectl",
@@ -53,7 +69,7 @@ var rootCmd = &cobra.Command{
 
 Currently you can upload transaction bundles from a directory, download
 and count resources and evaluate measures.`,
-	Version: "0.13.1",
+	Version: "0.14.0",
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -67,7 +83,9 @@ func Execute() {
 
 func init() {
 	rootCmd.PersistentFlags().BoolVarP(&disableTlsSecurity, "insecure", "k", false, "allow insecure server connections when using SSL")
+	rootCmd.PersistentFlags().StringVar(&caCert, "certificate-authority", "", "path to a cert file for the certificate authority")
 	rootCmd.PersistentFlags().StringVar(&basicAuthUser, "user", "", "user information for basic authentication")
 	rootCmd.PersistentFlags().StringVar(&basicAuthPassword, "password", "", "password information for basic authentication")
+	rootCmd.PersistentFlags().StringVar(&bearerToken, "token", "", "bearer token for authentication")
 	rootCmd.PersistentFlags().BoolVarP(&noProgress, "no-progress", "", false, "don't show progress bar")
 }

fhir/client.go

@@ -15,12 +15,15 @@
 package fhir
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
 	fm "github.com/samply/golang-fhir-models/fhir-models/fhir"
 	"io"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
 )
 
@@ -30,29 +33,73 @@ import (
 type Client struct {
 	httpClient http.Client
 	baseURL    url.URL
-	auth       ClientAuth
+	auth       Auth
 }
 
-// ClientAuth comprises the authentication information used by the Client in
+type Auth interface {
+	setAuth(req *http.Request)
+}
+
+// BasicAuth comprises basic authentication information used by the Client in
+// order to communicate with a FHIR server.
+type BasicAuth struct {
+	User     string
+	Password string
+}
+
+func (auth BasicAuth) setAuth(req *http.Request) {
+	req.SetBasicAuth(auth.User, auth.Password)
+}
+
+// TokenAuth comprises bearer token authentication information used by the Client in
 // order to communicate with a FHIR server.
-type ClientAuth struct {
-	BasicAuthUser     string
-	BasicAuthPassword string
+type TokenAuth struct {
+	Token string
 }
 
-// NewClient creates a new Client with the given base URL and ClientAuth configuration.
-func NewClient(fhirServerBaseUrl url.URL, auth ClientAuth) *Client {
+func (auth TokenAuth) setAuth(req *http.Request) {
+	req.Header.Set("Authorization", "Bearer "+auth.Token)
+}
+
+// NewClient creates a new Client with the given base URL and BasicAuth configuration.
+func NewClient(fhirServerBaseUrl url.URL, auth Auth) *Client {
 	return createClient(fhirServerBaseUrl, auth, false)
 }
 
 // NewClientInsecure creates a new Client as NewClient does but disables TLS security checks. I.e. the client will
 // accept any connection to a servers without verifying its certificate.
 // Use this with great caution as it opens up man-in-the-middle attacks.
-func NewClientInsecure(fhirServerBaseUrl url.URL, auth ClientAuth) *Client {
+func NewClientInsecure(fhirServerBaseUrl url.URL, auth Auth) *Client {
 	return createClient(fhirServerBaseUrl, auth, true)
 }
 
-func createClient(fhirServerBaseUrl url.URL, auth ClientAuth, insecure bool) *Client {
+func NewClientCa(fhirServerBaseUrl url.URL, auth Auth, caCertFilename string) (*Client, error) {
+	caCert, err := os.ReadFile(caCertFilename)
+	if err != nil {
+		return nil, err
+	}
+
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	tlsConfig := &tls.Config{
+		RootCAs: caCertPool,
+	}
+
+	t := http.DefaultTransport.(*http.Transport).Clone()
+	t.MaxIdleConns = 100
+	t.MaxConnsPerHost = 100
+	t.MaxIdleConnsPerHost = 100
+	t.TLSClientConfig = tlsConfig
+
+	return &Client{
+		httpClient: http.Client{Transport: t},
+		baseURL:    fhirServerBaseUrl,
+		auth:       auth,
+	}, nil
+}
+
+func createClient(fhirServerBaseUrl url.URL, auth Auth, insecure bool) *Client {
 	t := http.DefaultTransport.(*http.Transport).Clone()
 	t.MaxIdleConns = 100
 	t.MaxConnsPerHost = 100
@@ -158,8 +205,8 @@ func (c *Client) NewTypeOperationRequest(resourceType string, operationName stri
 
 // Do calls Do on the HTTP client of the FHIR client.
 func (c *Client) Do(req *http.Request) (*http.Response, error) {
-	if len(c.auth.BasicAuthUser) != 0 {
-		req.SetBasicAuth(c.auth.BasicAuthUser, c.auth.BasicAuthPassword)
+	if c.auth != nil {
+		c.auth.setAuth(req)
 	}
 
 	return c.httpClient.Do(req)