Inbound OML Support

[JohnNKing]

This PR adds support for inbound OML (laboratory order) messages. These are similar to the ORM (generic order) messages that are already supported.

Test Steps:

1. Send a test OML message to the Waters API (e.g. https://github.com/CDCgov/prime-reportstream/blob/d453a322cdd9a06990dc9bef5c639474a919c491/prime-router/src/testIntegration/resources/datatests/HL7_to_FHIR/sample_oml_20240319-001.hl7)
2. Message will be received successfully (HTTP 201), whereas previously this would fail
3. The message should then be delivered to the CDC TI service

Changes

• OML_021 messages are now allowed
• The Flexion / CDC-TI receiver now accepts both ORM and OML messages
• Tests have been added to cover inbound OML messages

Checklist

Testing

• Tested locally?
• Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
• (For Changes to /frontend-react/...) Ran npm run lint:write? n/a
• Added tests?

Process

• Are there licensing issues with any new dependencies introduced? n/a
• Includes a summary of what a code reviewer should test/verify?
• Updated the release notes? n/a?
• Database changes are submitted as a separate PR? n/a
• DevOps team has been notified if PR requires ops support? n/a

Linked Issues

• Accomplishes Inbound OML Accepted by ReportStream trusted-intermediary#962

To Be Done

• Inbound OML Processing trusted-intermediary#819

Specific Security-related subjects a reviewer should pay specific attention to

• Does this PR introduce new endpoints? No
• Does this PR include changes in authentication and/or authorization of existing endpoints? No
• Does this change introduce new dependencies that need vetting? No
• Does this change require changes to our infrastructure? No
• Does logging contain sensitive data? No
• Does this PR include or remove any sensitive information itself? No

If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:

• What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
  • Spoofing (faking authenticity)
    • Threat T, which could be achieved by A, is mitigated by M
  • Tampering (influence or sabotage the integrity of information, data, or system)
  • Repudiation (the ability to dispute the origin or originator of an action)
  • Information disclosure (data made available to entities who should not have it)
  • Denial of service (make a resource unavailable)
  • Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
• Have you ensured logging does not contain sensitive data?
• Have you received any additional approvals needed for this change?

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Manifest Files

[github-actions]

Test Results

1 098 tests  +1   1 094 ✅ +1   5m 19s ⏱️ -5s
  133 suites ±0       4 💤 ±0 
  133 files   ±0       0 ❌ ±0 

Results for commit 93df8dd. ± Comparison against base commit af1e190.

♻️ This comment has been updated with latest results.

[github-actions]

Integration Test Results

 52 files   52 suites   13m 43s ⏱️
356 tests 346 ✅ 10 💤 0 ❌
359 runs  349 ✅ 10 💤 0 ❌

Results for commit 93df8dd.

♻️ This comment has been updated with latest results.

[JohnNKing]

Note: This is suppose to fail. Adding support for OML_O21 means I had to change this to a different, still unsupported message type.

[oslynn]

Is this for fail test?

[JohnNKing]

@oslynn -- I believe so, yes. There's a test for a valid ORU message before this -- then this message is used as part of an assertFailure.

[JohnNKing]

I'm not actually using this test mapping at present... should I? Or should this change be removed?

[JohnNKing]

I'm confused why OML needed to be added here to avoid a warning, yet ORM is nowhere to be found.

[MauriceReeves-usds]

@victor-chaparro @arnejduranovic are you able to provide some insight on this?

[victor-chaparro]

ORM should also be added. I just tried processing an ORM message and got the warning.

[JohnNKing]

@victor-chaparro Any objections to me making that part of a separate PR? I was going to add it, but attempting to do so is inexplicably causes unit tests to fail:

Failed to map supported failure 'org.opentest4j.AssertionFailedError: expected to be true' with mapper 'org.gradle.api.internal.tasks.testing.failure.mappers.OpenTestAssertionFailedMapper@17bc1586': Cannot invoke "Object.getClass()" because "obj" is null

> Task :test
gov.cdc.prime.router.fhirengine.utils.FHIRBundleHelpersTests Test enhance bundle metadata 2-7() FAILED

  org.opentest4j.AssertionFailedError: expected to be true
      at app//gov.cdc.prime.router.fhirengine.utils.FHIRBundleHelpersTests.Test enhance bundle metadata 2-7(FHIRBundleHelpersTests.kt:672)


FAILURE: Executed 1097 tests in 1m 36s (1 failed, 4 skipped)

[github-actions]

Deploying branch Storybook to Chromatic...

[MauriceReeves-usds]

This all looks fine to me, but I would love if @oslynn @victor-chaparro or @arnejduranovic could also review.

[oslynn]

Looking good to me.

[sonarcloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud