Skip to content

Latest commit

 

History

History

participant-datastore

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
consent-mgmt-module
consent-mgmt-module
 
 
enroll-mgmt-module
enroll-mgmt-module
 
 
sqlscript
sqlscript
 
 
user-mgmt-module
user-mgmt-module
 
 
README.md
README.md
 
 

README.md

Overview

The FDA MyStudies Participant datastore is a set of three modules that provide APIs to store and manage participant registration, enrollment and consent. The Android and iOS mobile applications interact with the Participant datastore to store and retrieve profile information specific to participants, and to establish enrollment and consent. The Response datastore interacts with the Participant datastore to determine enrollment state of participants. Pseudonymized study response data is stored in the Response datastore without participant identifiers (for example, answers to survey questions and activity data). Identifiable participant data is stored in the Participant datastore without study response data (for example, consent forms and participant contact information). This separation is designed to allow the deploying organization to configure distinct access control for each class of data. The Participant datastore uses basic authentication client_id and client_secret that are provided to client applications and managed by Hydra.

The Participant datastore is composed of three applications that share a common database:

Module Purpose Client applications Directory
User module Maintains participant state and information Study builder
Study datastore
iOS application
Android application		 /participant-datastore/user-mgmt-module/
Enrollment module Maintains participant enrollment status Response datastore
iOS application
Android application		 /participant-datastore/enroll-mgmt-module/
Consent module Maintains participant consent version status and provides access to generated consent documents iOS application
Android application		 /participant-datastore/consent-mgmt-module/

Deployment

NOTE: Holistic deployment of the FDA MyStudies platform with Terraform and infrastructure-as-code is the recommended approach to deploying this component. A step-by-step guide to semi-automated deployment can be found in the deployment/ directory. The following instructions are provided in case manual deployment in a VM is required. Google Cloud infrastructure is indicated, but equivalent alternative infrastructure can be used as well. It is important for the deploying organization to consider the identity and access control choices made when configuring the selected services. If pursuing a manual deployment, a convenient sequence is hydra/auth-server/participant-datastore/participant-manager-datastore/participant-manager/study-datastore/response-datastore/study-builder/Android/iOS/.

To deploy the Participant datastore manually:

  1. Create a Compute Engine VM instance with a static IP and read/write access scopes for Cloud Storage
  2. Verify that your VM instance has the Stackdriver Logging API write access scope (on by default) and that your VM’s service account has the Logs Writer role (off by default)
  3. Check out the latest code from the FDA MyStudies repository
  4. Create a Cloud SQL instance with MySQL v5.7 (instructions)
  5. Configure the Participant datastore database on the Cloud SQL instance
    • Create a user account that the User module, Enrollment module and Consent module will use to access this instance
    • Run ./create_superadmin.sh <email> <password> in the sqlscript/ directory to create pm-superadmin.sql, which you will use to create the first admin user for Participant manager (you may need to install htpasswd, for example sudo apt-get install apache2-utils)
    • Run the mystudies_participant_datastore_db_script.sql script to create a database named mystudies_participant_datastore (instructions)
    • Run the pm-superadmin.sql script that you created in the step above
    • Enable the database’s private IP connectivity in the same network as your VM (instructions)
  6. Configure blob storage for participant consent forms by creating a Google Cloud Storage bucket and granting your VM’s GCE service account the Storage Object Admin role
  7. Configure the Firebase Cloud Messaging API for your deployment (documentation)
  8. Deploy the container for each Participant datastore module to the VM
    • Create Docker images for each of the modules (you may need to install Docker and Maven, for example sudo apt install maven): 
      sudo mvn -B package -Pprod com.google.cloud.tools:jib-maven-plugin:2.5.2:dockerBuild -f user-mgmt-module/pom.xml -Dimage=user-mgmt-image && \
sudo mvn -B package -Pprod com.google.cloud.tools:jib-maven-plugin:2.5.2:dockerBuild -f enroll-mgmt-module/pom.xml -Dimage=enroll-mgmt-image && \
sudo mvn -B package -Pprod com.google.cloud.tools:jib-maven-plugin:2.5.2:dockerBuild -f consent-mgmt-module/pom.xml -Dimage=consent-mgmt-image
    • Update the Docker environment files user-mgmt-module/variables.env, enroll-mgmt-module/variables.env and consent-mgmt-module/variables.env, which will configure the application.properties files for your deployment
    • Run the containers on the VM using: 
      sudo docker run --detach --env-file user-mgmt-module/variables.env -p 8080:8080 --name user-mgmt user-mgmt-image && \
sudo docker run --detach --env-file enroll-mgmt-module/variables.env -p 8081:8080 --name enroll-mgmt enroll-mgmt-image && \
sudo docker run --detach --env-file consent-mgmt-module/variables.env -p 8082:8080 --name consent-mgmt consent-mgmt-image
    • If your Hydra instance is a using self-signed certificate, add that certificate to each of the container keystores, for example with sudo docker exec -it <container_name> bash -c "openssl s_client -connect <your_hydra_instance> | sed -ne '/-BEGIN CERTIFICATE/,/END CERTIFICATE/p' > hydra.crt; keytool -import -trustcacerts -alias hydra -file hydra.crt -keystore /usr/local/openjdk-11/lib/security/cacerts -storepass changeit", then restart the containers
  9. Test if the applications are running with 
    curl http://0.0.0.0:8080/participant-user-datastore/healthCheck
curl http://0.0.0.0:8081/participant-enroll-datastore/healthCheck
curl http://0.0.0.0:8082/participant-consent-datastore/healthCheck
  10. You can review application logs in the logging directories you specified, or with sudo docker logs <container_name>; audit logs are available in Cloud Logging

Copyright 2020 Google LLC