Merge branch 'master' into demo-rfc80-poc

.gitignore

@@ -109,3 +109,4 @@ Dockerfile.local
 security.properties
 *.crt
 *.key
+*~

docs/Data-Loading.md

@@ -48,10 +48,14 @@ There are just a few rules to follow:
 ## Validating your study data
 Once all files are in place and follow the proper format, you can [validate your files using the dataset validator script](/Using-the-dataset-validator.md). 
 
-The validation can be run standalone, but it is also integrated into the [metaImport script](/Using-the-metaImport-script.md), which validates the data and then loads it if validation succeeds. 
+The validation can be run standalone, but it is also integrated into the [metaImport script](./Using-the-metaImport-script.md), which validates the data and then loads it if validation succeeds. 
 
 ## Loading Data
-To load the data into cBioPortal, the [metaImport script](/Using-the-metaImport-script.md) has to be used. This script first validates the data and, if validation succeeds, loads the data. 
+To load the data into cBioPortal, the [metaImport script](./Using-the-metaImport-script.md) has to be used. This script first validates the data and, if validation succeeds, loads the data.
+
+### Loading Data to a portal that has Authentication enabled
+
+See also [Offline validation](./Using-the-dataset-validator.md#offline-validation).
 
 ### Incremental Loading
 
@@ -65,4 +69,4 @@ To remove a study, the [cbioportalImporter script](/Data-Loading-Maintaining-Stu
 Examples for the different types of data are available on the [File Formats](/File-Formats.md) page. The Provisional TCGA studies, downloadable from the [Data Sets section](https://www.cbioportal.org/datasets) are complete studies that can be used as reference when creating data files.
 
 ## Public Virtual Studies
-If your new study data is a subset or a combination of existing studies in the system, consider using [Public Virtual Studies](./Create-And-Publish-Virtual-Study.md) instead of duplicating data. 
+If your new study data is a subset or a combination of existing studies in the system, consider using [Public Virtual Studies](./Create-And-Publish-Virtual-Study.md) instead of duplicating data. 

docs/Donate.md

@@ -0,0 +1,21 @@
+## The cBioPortal Foundation
+
+The mission of cBioPortal Foundation is to support the development and adoption of the cBioPortal for Cancer Genomics, open-source software for the interactive exploration of multidimensional cancer genomics data sets. The cBioPortal aims to significantly lower the barriers between complex genomic data and cancer researchers by providing rapid, intuitive, and high-quality access to molecular profiles and clinical attributes from large-scale cancer genomics projects, and by doing so, empower researchers to translate these rich data sets into biologic insights and clinical applications.
+
+The cBioPortal Foundation will help further the mission of cBioPortal by supporting hackathons, user meetings, internships and other activities. 
+
+## Contribute to cBioPortal Foundation
+
+**TAX-DEDUCTIBLE CONTRIBUTIONS**
+
+**Grants or distributions accepted from:**  
+Individuals • Corporations • Donor-Advised Funds • Foundations  
+Retirement Accounts • Charitable Trusts
+
+**Donate any asset with established or appraisable value, such as:**  
+Stocks • Bonds • Real Estate • Collectibles • Art  
+Cryptocurrency • Privately Held Business Interests  
+
+[Asset & Large Contributions](https://lohas.org/client/cbioportal-foundation/#donation_form)
+
+[!button Donate](https://abqwvktl.donorsupport.co/page/FUNFLDNZDHK)

docs/Downloads.md

@@ -32,7 +32,7 @@ TCGA Provisional studies often contain many different data types. These are exce
 
 #### Complete cBioPortal database
 
-A MySQL database dump of the complete cbioportal.org database can be found here: http://download.cbioportal.org/mysql-snapshots/public-portal-dump.latest.sql.gz
+A MySQL database dump of the complete cbioportal.org database can be found here: https://public-db-dump.assets.cbioportal.org/
 
 #### Seed Database
 

docs/News.md

@@ -1,3 +1,13 @@
+## December 11, 2024
+*   **Added data** consisting of 5,567 samples from 6 TARGET studies from the [Genomic Data Commons (GDC)](https://gdc.cancer.gov) as part of the [Cancer Research Data Commons (NCI-CRDC)](https://datacommons.cancer.gov) initiative.
+    * [Acute Myeloid Leukemia (TARGET, GDC)](https://www.cbioportal.org/study/summary?id=aml_target_gdc) *2482 samples*
+    * [B-Lymphoblastic Leukemia/Lymphoma - Phase II (TARGET, GDC)](https://www.cbioportal.org/study/summary?id=bll_target_gdc) *1004 samples*
+    * [Neuroblastoma (TARGET, GDC)](https://www.cbioportal.org/study/summary?id=nbl_target_gdc) *840 samples*
+    * [Wilms' Tumor (TARGET, GDC)](https://www.cbioportal.org/study/summary?id=wt_target_gdc) *655 samples*
+    * [Acute Leukemias of Ambiguous Lineage - Phase III (TARGET, GDC)](https://www.cbioportal.org/study/summary?id=alal_target_gdc) *351 samples*
+    * [Osteosarcoma (TARGET, GDC)](https://www.cbioportal.org/study/summary?id=os_target_gdc) *235 samples*
+
+
 ## November 18, 2024
 *   **New Feature:** New data source [AlphaMissense](https://alphamissense.hegelab.org/) is now integrated in Mutations tab. View the AlphaMissense data in the [Mutation Table](https://bit.ly/48yOi7A) and the [Mutation Mapper Tool](https://www.cbioportal.org/mutation_mapper).
 

docs/SUMMARY.md

@@ -26,12 +26,14 @@
     * [Importing the Seed Database](deployment/deploy-without-docker/Import-the-Seed-Database.md)
     * [Deploying the Web Application](deployment/deploy-without-docker/Deploying.md)
     * [Loading a Sample Study](deployment/deploy-without-docker/Load-Sample-Cancer-Study.md)
+  * [Deploy on Kubernetes](deployment/kubernetes/README.md)
   * [Authorization and Authentication](deployment/authorization-and-authentication/README.md)
     * [User Authorization](deployment/authorization-and-authentication/User-Authorization.md)
     * [Authenticating Users via SAML](deployment/authorization-and-authentication/Authenticating-Users-via-SAML.md)
     * [Authenticating Users via LDAP](deployment/authorization-and-authentication/Authenticating-Users-via-LDAP.md)
     * [Authenticating and Authorizing Users via Keycloak](deployment/authorization-and-authentication/Authenticating-and-Authorizing-Users-via-keycloak.md)
     * [Authenticating Users via Tokens](deployment/authorization-and-authentication/Authenticating-Users-via-Tokens.md)
+    * [Keycloak Management via API and User creation](deployment/authorization-and-authentication/Keycloak-API-Access-and-User-Creation.md)
   * [Customization]()
     * [Customizing your cBioPortal Instance via application.properties](deployment/customization/Customizing-your-instance-of-cBioPortal.md)
     * [More application.properties Settings](deployment/customization/application.properties-Reference.md)
@@ -71,4 +73,4 @@
   * [Release Procedure](development/Release-Procedure.md)
   * [Deployment Procedure](development/Deployment-Procedure.md)
   * [This documentation site](development/Documentation-site.md)
-
+* [Donate](Donate.md)

docs/deployment/README.md

@@ -4,6 +4,8 @@ Private instances of cBioPortal are maintained by institutions and companies [ar
 
 An instance can be deployed using Docker **(recommended)** or by building and deploying from source. The source code of cBioPortal is [available](https://github.com/cBioPortal/cbioportal) on GitHub under the terms of [Affero GPL V3](https://www.gnu.org/licenses/agpl-3.0.en.html).
 
-This section contains instructions for both of these paths.
+To deploy cBioPortal instance on a Kubernetes cluster, we also provide [official Helm charts](https://artifacthub.io/packages/search?org=cbioportal). You can follow the installation guide [here](./kubernetes/README.md).
+
+This section contains instructions for all of the above paths.
 
 Please note that installing a local version requires system administration skills; for example, installing and configuring Tomcat and MySQL. With limited resources, we cannot provide technical support on system administration.

docs/deployment/authorization-and-authentication/Keycloak-API-Access-and-User-Creation.md

@@ -0,0 +1,95 @@
+# Keycloak Management via API Access and User Creation
+
+**⚠️ This documentation is for keycloak <v20, see related [ticket](https://github.com/cBioPortal/cbioportal/issues/10360) ⚠️**
+
+## Introduction
+You may wish to programmatically manage aspects of your Keycloak setup via the Keycloak API. 
+This is particularly useful for tasks such as:
+1. Bulk User Creation
+2. Modifying group membership
+3. Assigning roles to many users
+
+The following instructions will show you how to configure a Keycloak Client Service Account and assign appropriate permissions required for the management task.
+
+> [!NOTE]
+> Important URLS
+> https://\<KEYCLOAK_HOST\>/auth/admin/master/console/#/realms/\<REALM\>/clients
+> https://\<KEYCLOAK_HOST\>/auth/realms/\<REALM\>/protocol/openid-connect/token
+
+## Configure a Keycloak Client
+Navigate to: <Realm> -> Clients -> Select Client: `realm-management` -> Settings tab
+
+We’re using the `realm-management` client here but you can configure any other client. Make sure the following options are set.
+
+![](/images/previews/keycloak-api-access-settings.png)
+
+| parameter        | value  | comment  |
+| ------------- |:-------------:| -----:|
+| Enabled | true ||
+| Client Protocol | openid-connect | (default value) |
+| Access Type | confidential | This will allow us to make a call to the token service endpoint and follow an openid login flow. |
+| Valid Redirect URIs | _url_ | _url_ refers to base url of keycloak instance. Access Type must be set to confidential for this option to show |
+| Service Accounts Enabled | true | (default value). Access Type must be set to confidential for this option to show |
+
+> [!NOTE]
+> 1. The redirect url and service accounts enabled options will not appear on the UI until the Access Type -> confidential
+> 2. The Service Account Roles TAB will not show until Service Accounts Enabled: True
+
+> [!TIP]
+> 1. Configure ONE client per application/script (set of scripts) that will make calls against the Keycloak API. That way you can manage/revoke permissions and also regenerate the client_secret if needed. 
+
+## Obtain Client Credentials
+Navigate to: <Realm> -> Clients -> Select Client: `realm-management` -> Credentials tab
+
+1. Select `Client Id and Secret`
+2. Click `Regenerate Secret` to generate a secret
+3. Keep `ClientId` and `Secret` for obtaining an access token from keycloak
+
+![](/images/previews/keycloak-api-access-credentials.png)
+
+| parameter        | value  | comment  |
+| ------------- |:-------------:| -----:|
+| Client Authenticator | Client Id and Secret |  |
+
+## Configure Service Account Roles
+Navigate to: <Realm> -> Clients -> Select Client: `realm-management` -> `Service Account Roles` Tab
+
+Under `Client Roles` -> Select the `realm-management` from the dropdown menu
+
+From here scroll through the available roles for the `view-users` roles. Click `Add selected >>` 
+Assign additional roles if needed.
+
+![](/images/previews/keycloak-api-access-service-account.png)
+
+> [!NOTE]
+> 1. For managing users, we want to assign “manage-users” and “view-users” roles to “realm-management”
+> 2. Only add the permissions you require for the tasks that will be performed.
+
+
+## Make API calls to the Keycloak 12 REST API
+See Keycloak REST-API [documentation](https://www.keycloak.org/docs-api/latest/rest-api/index.html)
+
+Provide `client_id`, `client_secret`, `grant_type=”client_credentials”` as `x-www-form-urlencoded`
+
+1. Make a call to the token service to obtain an access token
+```bash
+# Obtain an access token
+curl -X POST https://<KEYCLOAK_HOST>/auth/realms/<REALM>/protocol/openid-connect/token \
+    -H 'Content-type: application/x-www-form-urlencoded' \
+    -d "client_id=$(KC_CLIENT_ID)" \
+    -d "client_secret=$(KC_CLIENT_SECRET)" \
+    -d "grant_type=$(KC_GRANT_TYPE)" | jq '.access_token'
+```
+
+2. Send the token which each request
+```bash
+# Get keycloak users
+curl -X GET https://<KEYCLOAK_HOST>/auth/admin/realms/<REALM>/users \
+    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+    -H 'cache-control: no-cache'
+```
+
+
+> [!NOTE]
+> 1. The access token by default only has a life of 300s (5min). This can be adjusted under the Settings Tab -> Advanced Settings Access Token Lifespan.
+> 2. These calls were made against Keycloak version 12 so they must include <KEYCLOAK_HOST>`/auth/`

docs/deployment/deploy-without-docker/Import-the-Seed-Database.md

@@ -17,23 +17,23 @@ After download, the files can be unzipped by entering the following command:
 1. Import the database schema (/db-scripts/src/main/resources/cgds.sql):
 
     ```
-    mysql --user=cbio_user --password=somepassword cbioportal < cgds.sql
+    mysql --user=cbio --password=P@ssword1 cbioportal < cgds.sql
     ```
 
     Note that this may currently fail when using the default character encoding on MySQL 8.0 (`utf8mb4`); this is why MySQL 5.7 (which uses `latin1`) is recommended.
 
 2. Import the main part of the seed database:
 
     ```
-    mysql --user=cbio_user --password=somepassword cbioportal < seed-cbioportal_RefGenome_vX.Y.Z.sql
+    mysql --user=cbio --password=P@ssword1 cbioportal < seed-cbioportal_RefGenome_vX.Y.Z.sql
     ```
 
     **Important:** Replace `seed-cbioportal_RefGenome_vX.Y.Z.sql` with the downloaded version of the seed database, such as `seed-cbioportal_hg19_v2.3.1.sql` or `seed-cbioportal_mm10_v2.3.1.sql`.
 
 3. (Human only) Import the Protein Data Bank (PDB) part of the seed database. This will enable the visualization of PDB structures in the mutation tab. Loading this file takes more time than loading the previous files, and is optional for users that do not require PDB structures.
 
     ```
-    mysql --user=cbio_user --password=somepassword cbioportal < seed-cbioportal_hg19_vX.Y.Z_only-pdb.sql
+    mysql --user=cbio --password=P@ssword1 cbioportal < seed-cbioportal_hg19_vX.Y.Z_only-pdb.sql
     ```
     **Important:** Replace `seed-cbioportal_hg19_vX.Y.Z_only-pdb.sql` with the downloaded version of the PDB database, such as `seed-cbioportal_hg19_v2.3.1_only-pdb.sql`.
 

docs/deployment/kubernetes/README.md

@@ -0,0 +1,71 @@
+# Deploy on Kubernetes
+
+## Prerequisites
+
+Official [cBioPortal Helm chart](https://artifacthub.io/packages/search?org=cbioportal) can be used to easily deploy an instance on a Kubernetes cluster. Make sure you meet the following prerequisites before continuing with the usage instructions:
+
+- You have access to a cluster (e.g. Minikube or AWS EKS). We recommend [setting up a Minikube cluster](https://minikube.sigs.k8s.io/docs/start/) on your local machine for development purposes.
+- You have installed [Helm](https://helm.sh/docs/intro/install/) on your system.
+- You have read and write access to a mysql database server.
+
+## Usage instructions
+
+
+### Cluster & Database Setup
+
+#### Step 1 - Add cBioPortal label to your cluster
+
+Make sure your cluster is already set up and you have access to a node running on it. Instructions for this can vary, depending on your Kubernetes provider. Once your cluster is active, run the following command to add a label to the node on your cluster.
+
+```
+kubectl label nodes <your-node-name> node-group=cbioportal
+```
+
+#### Step 2 - Export database access credentials
+cBioPortal needs access to a mysql database server hosting cancer study data. As mentioned in the prerequisites, you need access to a mysql database server for this. Instructions for this can vary, depending on your database server provider. Once you have a server available, download MSK's latest database dump [here](https://public-db-dump.assets.cbioportal.org/) and add the data to your database server. Then, continue with the instructions below using your mysql server credentials.
+
+Create a new values file called _values.secret.yaml_ and add your database credential values.
+```yaml
+container:
+    env:
+        - name: DB_USER
+          value: <your-db-user>
+        - name: DB_PASSWORD
+          value: <your-db-password>
+        - name: DB_CONNECTION_STRING
+          value: <your-db-connection_string>
+```
+
+### Install cBioPortal
+
+Now that your cluster and data sources have been successfully configured, you can install the cBioPortal helm chart.
+
+#### Step 1 - Install Helm Chart
+
+Add repository.
+```
+helm repo add cbioportal https://cbioportal.github.io/cbioportal-helm/
+```
+
+Install chart
+```
+helm install my-cbioportal cbioportal/cbioportal --version 0.1.6 -f path/to/values.secret.yaml
+```
+
+You should see something similar to this, indicating that the installation was successful.
+```
+NAME: my-cbioportal
+LAST DEPLOYED: Thu Nov 14 14:15:18 2024
+NAMESPACE: default
+STATUS: deployed
+REVISION: 1
+TEST SUITE: None
+```
+
+#### Step 2 - Access cBioPortal through localhost
+Run the following command to port-forward cBioPortal from the cluster to your local network.
+```
+kubectl port-forward deployment/cbioportal 10000:8080
+```
+
+cBioPortal should now be available at localhost on port 10000. Navigate to [http://localhost:10000](http://localhost:10000) in your browser to view it.

docs/development/cBioPortal-ER-Diagram.md

@@ -1,4 +1,4 @@
 # cBioPortal ER Diagram
-[cBioPortal ER Diagram - PDF Version](https://github.com/cBioPortal/cbioportal/blob/master/db-scripts/src/main/resources/cbioportal-er-diagram.pdf)
+[cBioPortal ER Diagram - PDF Version](https://github.com/cBioPortal/cbioportal/blob/master/src/main/resources/db-scripts/cbioportal-er-diagram.pdf)
 
-![cBioPortal ER Diagram](https://raw.githubusercontent.com/cBioPortal/cbioportal/master/db-scripts/src/main/resources/cbioportal-er-diagram.png)
+![cBioPortal ER Diagram](https://github.com/cBioPortal/cbioportal/blob/master/src/main/resources/db-scripts/cbioportal-er-diagram.png)

docs/development/feature-development-guide.md

@@ -23,7 +23,7 @@ See more thoughts about these topics further below
 
 ## Starting Implementation
 
-Once you are ready to start implementing, the first thing is to set up the development environment. We strive to make this as easy as possible, but it can often still take some time so definitely reach out if you run into issues. If you haven't submitted a Pull Request to cBioPortal before, it might make sense to look at some [good first issues](https://github.com/cBioPortal/cbioportal/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) before starting with your feature. This will help to get some familiarity with the process of proposing a change, getting it reviewed, making edits and getting it to production. Don't pick anything to complicated for a first issue, it could be as simple as fixing some typos in the `README`.
+Once you are ready to start implementing, the first thing is to set up the development environment. We strive to make this as easy as possible, but it can often still take some time so definitely reach out if you run into issues. If you haven't submitted a Pull Request to cBioPortal before, it might make sense to look at some [good first issues](https://github.com/cBioPortal/cbioportal/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22) before starting with your feature. This will help to get some familiarity with the process of proposing a change, getting it reviewed, making edits and getting it to production. Don't pick anything too complicated for a first issue, it could be as simple as fixing some typos in the `README`.
 
 ## During Implementation
 

pom.xml

@@ -12,7 +12,7 @@
 
 	<groupId>org.cbioportal</groupId>
 	<artifactId>cbioportal</artifactId>
-	<version>6.0.21-SNAPSHOT</version>
+	<version>6.0.23-SNAPSHOT</version>
 
 	<description>cBioPortal for Cancer Genomics</description>
 
@@ -27,7 +27,7 @@
 		<!--        TODO replace with version of cbioportal frontend with compatible
         login url-->
 		<frontend.groupId>com.github.cbioportal</frontend.groupId>
-		<frontend.version>v6.0.20</frontend.version>
+		<frontend.version>v6.0.22</frontend.version>
 
         <!-- THIS SHOULD BE KEPT IN SYNC TO VERSION IN CGDS.SQL -->
 		<db.version>2.13.1</db.version>