In this article, we’ll explore the key components of an EHR infrastructure, including servers, databases, and networking, and discuss best practices for designing and implementing a scalable, secure, and reliable system.
๐ง Draft / Work in Progress#
This page is currently a draft and a work in progress. Please check back soon for updates (and/or connect with me on LinkedIn)!
Infrastructure is the backbone of any software system, and an Electronic Health Record (EHR) is no exception.
GitHub Integration#
1
2
3
4
5
6
7
8
9
10
11
12
| PROJECT_ID=ehr-system-426323
PN=$(gcloud projects describe ${PROJECT_ID} --format="value(projectNumber)")
CLOUD_BUILD_SERVICE_AGENT="service-${PN}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
CONDITION_EXPRESSION="request.time < timestamp('2028-01-01T00:00:00.000Z')"
CONDITION_TITLE="cloudbuild-connection-setup"
CONDITION_DESCRIPTION="Temporary access for Cloud Build setup"
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member="serviceAccount:${CLOUD_BUILD_SERVICE_AGENT}" \
--role="roles/secretmanager.admin" \
--condition=expression="${CONDITION_EXPRESSION}",title="${CONDITION_TITLE}",description="${CONDITION_DESCRIPTION}"
|
Test the Cloud Run service#
Test your private service
Use the following script to properly decode the JWT token payload:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| # Generate the Token
TOKEN=$(gcloud auth print-identity-token --audiences=https://appointment-scheduler-xtxfjdrdea-uc.a.run.app)
# Extract the Payload Part
PAYLOAD=$(echo $TOKEN | cut -d '.' -f 2)
# Add Necessary Padding:
# The JWT base64-encoded payload needs padding. The script checks the
# length of the payload and adds the appropriate padding:
MOD=$((${#PAYLOAD} % 4))
if [ $MOD -eq 2 ]; then
PAYLOAD="$PAYLOAD"'=='
elif [ $MOD -eq 3 ]; then
PAYLOAD="$PAYLOAD"'='
fi
# Decode and Pretty Print with jq
echo $PAYLOAD | base64 --decode | jq
# Validate the Token
curl -H "Authorization: Bearer $TOKEN" https://oauth2.googleapis.com/tokeninfo?id_token=$TOKEN
# Call the Cloud Run Service
curl -H "Authorization: Bearer $TOKEN" https://appointment-scheduler-xtxfjdrdea-uc.a.run.app
curl -H "Authorization: Bearer $(gcloud auth print-identity-token --audiences=https://appointment-scheduler-xtxfjdrdea-uc.a.run.app)" https://appointment-scheduler-xtxfjdrdea-uc.a.run.app
|