Skip to content

Releases: GoogleCloudPlatform/fda-mystudies

FDA MyStudies 2.0.1

08 Jan 00:32
@jkrogers18 jkrogers18
v2.0.1
7627c0a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
FDA MyStudies 2.0.1
  • Simplified semi-automated deployment
  • Published an updated deployment guide
  • Fixed an issue that was causing flaky build tests in some environments
  • Fixed an issue that was preventing a database setup script from running during deployment
Assets 2
Loading

FDA MyStudies 2.0.0

18 Dec 00:12
@zohrehj zohrehj
v2.0.0
94808ec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
FDA MyStudies 2.0.0

What’s changed?

The overall goals, compliance principles and functionality of this FDA MyStudies release are similar to previous releases. Notable changes from version 2019.10 of FDA MyStudies include:

Functionality

  • Removed dependencies on the LabKey framework
  • Added the Response datastore as a platform-agnostic service to handle study response storage and access
  • Added the Participant manager graphical user interface and Participant datastore backend to manage participant enrollment
  • Added support for OAuth 2.0 and OIDC
  • Added templates for semi-automated deployment
  • Added support for infrastructure-as-code and CICD
  • Upgraded the Android application for compatibility with Android 10
  • Improved exception handling
  • Improved request and data validation
  • Introduced unit tests and test frameworks to the codebase

Architecture

  • Migrated to a modular container-based architecture
  • Refactored and extended mobileAppStudy-ResponseServer to Response datastore
  • Refactored UserReg-WS to Participant datastore
  • Refactored WCP-WS and Resources-WCP to Study datastore
  • Reduced code duplication by extracting Common modules that are used by all new services
  • Migrated restrictive open-source dependencies to alternatives with permissive licenses
  • Removed dependencies that require commercial licenses
  • Simplified mobile application calls and moved some functionality server-side to reduce dependencies between services
  • Adjusted data storage based on usage and security requirements (for example, study and participant status storage and calls were moved to Response datastore; enrollment generation logic was moved to Participant datastore)

Security

  • Replaced hard-coded credentials with scripts that inject initial users into each component
  • Fixed potential cross-site scripting vulnerabilities
  • Added query binding to all existing queries to prevent SQL injection
  • Enhanced auth throughout codebase:
    • Unified distributed auth implementation into a single Auth server (Study builder retains built-in auth)
    • Integrated with Hydra, an OAuth 2.0 and OpenID Connect provider for OAuth 2.0 Access & Refresh token generation and authentication
    • Improved remaining authentication (for example, removed client_secret from being transmitted in all calls)
  • Created deployment templates that support security best practices, such as:
    • Automation of secret generation and handling:
      • Configured secrets to be generated and stored with a Secret Manager instance deployed in an isolated cloud project
      • Configured secret values to be transmitted automatically within the private Kubernetes cluster
    • Implementation of centralized network control:
      • Configured deployment to use a VPC host project to manage networks and subnets in a centralized way (enabling network administration to be separated from project administration)
      • Enabled resources in different projects to communicate securely with internal IPs
    • Separation of projects with the security principle of least privilege:
      • Configured dedicated projects for different purposes (secrets, networks, applications, audit) for management by teams with isolated permissions - for example, a centralized network team can administer the network without having access the secrets project)
    • Implementation of external access limitations:
      • Configured databases and VMs to be isolated from the internet with only internal IP addresses (Private Google Access)
      • Established bastion host for secure on-demand connections to private instances
    • Implementation of DevOps best practices:
    • Delegation of responsibility through groups and service accounts:
      • Configured deployment to assign IAM roles to groups and service accounts so that individuals obtain permissions through groups rather than direct IAM roles

Usability

  • Made interactions more intuitive for participants using the Android and iOS mobile applications
  • Updated text for clarity in user interfaces and messages throughout the platform
  • Moved hard-coded values to centralized configuration files to streamline platform customization
  • Improved code readability to simplify usability and extensibility for developers
  • Added support for unit testing, linter and CICD
  • Added detailed documentation and deployment instructions

Bug fixes

  • Fixed stability and usability bugs throughout the applications and platform
Assets 2
Loading