youcat: configure admin account

configure int-test certificates for admin, owner, member
opencadc · Jul 17, 2024 · 0f142c7 · 0f142c7
1 parent 8511e59
commit 0f142c7
Show file tree

Hide file tree

Showing 6 changed files with 160 additions and 102 deletions.
diff --git a/youcat/README.md b/youcat/README.md
@@ -50,9 +50,9 @@ org.opencadc.youcat.uws.url=jdbc:postgresql://{server}/{database}
 
 The `tapadm` pool manages (create, alter, drop) tap_schema tables and manages the tap_schema content. The `uws` 
 pool manages (create, alter, drop) uws tables and manages the uws content (creates and modifies jobs in the uws
-schema when jobs are created and executed by users.
+schema when jobs are created and executed by users. If `youcat` is configured with to create schemas (server _createSchemaInDB_ below) then this pool must also have permission to create schemas.
 
-The `tapuser` pool is used to run TAP queries, including creating tables in the tap_upload schema. 
+The `tapuser` pool is used to run TAP queries, including creating tables in the `tap_upload` schema. 
 
 All three pools must have the same JDBC URL (e.g. use the same database) with PostgreSQL. This may be 
 relaxed in future.
@@ -80,6 +80,21 @@ See <a href="https://github.com/opencadc/tap/tree/master/cadc-tap-tmp">cadc-tap-
 
 ## youcat.properties
 
+The youcat.properties configures some admin and optional functions of the service.
+```
+# configure the admin user
+org.opencadc.youcat.adminUser = {identity}
+
+# (optional) configure schema creation in the database (default: false)
+org.opencadc.youcat.createSchemaInDB = true|false
+```
+The admin user can use the youcat API to create a new schema for a user. This will add the
+schema to the `tap_schema.schemas` table and enable the user to create tables in that 
+schema. If the optional _createSchemaInDB_ flag is set to true, a schema created by admin
+will be created in the database in addition to being added to the `tap_schema`. If false,
+`youcat` will not create the schema in the database and just assume it exists and that the 
+`tapadm` pool has permission to create objects (tables and indices) in it.
+
 As hard-coded behaviours of `youcat` are extracted from the build and made configurable,
 the configuration options will usually be in this file (see **development plans** below).
 

diff --git a/youcat/src/intTest/java/org/opencadc/youcat/AbstractTablesTest.java b/youcat/src/intTest/java/org/opencadc/youcat/AbstractTablesTest.java
@@ -119,16 +119,22 @@ abstract class AbstractTablesTest {
     private static final Logger log = Logger.getLogger(AbstractTablesTest.class);
 
     static {
-        Log4jInit.setLevel("ca.nrc.cadc.cat", Level.INFO);
+        Log4jInit.setLevel("org.opencadc.youcat", Level.INFO);
         Log4jInit.setLevel("ca.nrc.cadc.tap", Level.INFO);
     }
 
+    static final String YOUCAT_ADMIN = "youcat-admin.pem";         // to create test schema
+    static final String SCHEMA_OWNER_CERT = "youcat-owner.pem";    // own test schema
+    static final String SCHEMA_GROUP_MEMBER = "youcat-member.pem"; // member of group
+
     static String VALID_TEST_GROUP = "ivo://cadc.nrc.ca/gms?YouCat-ReadWrite";
 
     Subject anon;
     Subject schemaOwner;
     Subject subjectWithGroups;
 
+    protected String testSchemaName = "int_test_schema"; 
+
     URL anonQueryURL;
     URL certQueryURL;
     URL anonTablesURL;
@@ -139,12 +145,12 @@ abstract class AbstractTablesTest {
 
     AbstractTablesTest() { 
         try {
-            File cf = FileUtil.getFileFromResource("x509_CADCAuthtest1.pem", AbstractTablesTest.class);
+            File cf = FileUtil.getFileFromResource(SCHEMA_OWNER_CERT, AbstractTablesTest.class);
             schemaOwner = SSLUtil.createSubject(cf);
             anon = AuthenticationUtil.getAnonSubject();
             log.debug("created schemaOwner: " + schemaOwner);
 
-            cf = FileUtil.getFileFromResource("x509_CADCAuthtest2.pem", AbstractTablesTest.class);
+            cf = FileUtil.getFileFromResource(SCHEMA_GROUP_MEMBER, AbstractTablesTest.class);
             subjectWithGroups = SSLUtil.createSubject(cf);
             log.debug("created subjectWithGroups: " + subjectWithGroups);
 
@@ -161,6 +167,9 @@ abstract class AbstractTablesTest {
             } catch (Exception ex) {
                 log.error("TEST SETUP BUG: failed to find TAP URL", ex);
             }
+
+            // TODO: use youcat-admin to create the test schema owned by youcat-owner
+
         } catch (Throwable t) {
             throw new RuntimeException("TEST SETUP FAILED", t);
         }
@@ -192,7 +201,7 @@ TableDesc doCreateTable(Subject subject, String tableName) throws Exception {
         // cleanup just in case
         doDelete(subject, tableName, true);
 
-        final TableDesc orig = new TableDesc("cadcauthtest1", tableName);
+        final TableDesc orig = new TableDesc(testSchemaName, tableName);
         orig.description = "created by intTest";
         orig.tableType = TableDesc.TableType.TABLE;
         orig.tableIndex = 1;
@@ -292,7 +301,7 @@ void doCreateIndex(Subject subject, String tableName, String indexCol, boolean u
     protected void clearSchemaPerms() throws MalformedURLException {
         TapPermissions tp = new TapPermissions();
         tp.isPublic = false;
-        setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+        setPerms(schemaOwner, testSchemaName, tp, 200);
     }
 
     protected void setPerms(Subject subject, String name, TapPermissions tp, int expectedCode) throws MalformedURLException {

diff --git a/youcat/src/intTest/java/org/opencadc/youcat/CreateTableTest.java b/youcat/src/intTest/java/org/opencadc/youcat/CreateTableTest.java
@@ -67,46 +67,30 @@
 
 package org.opencadc.youcat;
 
-
-import ca.nrc.cadc.auth.AuthMethod;
-import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.auth.RunnableAction;
-import ca.nrc.cadc.auth.SSLUtil;
 import ca.nrc.cadc.dali.tables.TableData;
 import ca.nrc.cadc.dali.tables.votable.VOTableDocument;
 import ca.nrc.cadc.dali.tables.votable.VOTableField;
 import ca.nrc.cadc.dali.tables.votable.VOTableReader;
 import ca.nrc.cadc.dali.tables.votable.VOTableResource;
 import ca.nrc.cadc.dali.tables.votable.VOTableTable;
 import ca.nrc.cadc.dali.tables.votable.VOTableWriter;
-import ca.nrc.cadc.net.HttpDelete;
 import ca.nrc.cadc.net.HttpDownload;
-import ca.nrc.cadc.net.HttpPost;
 import ca.nrc.cadc.net.HttpUpload;
 import ca.nrc.cadc.net.InputStreamWrapper;
 import ca.nrc.cadc.net.OutputStreamWrapper;
-import ca.nrc.cadc.reg.Standards;
-import ca.nrc.cadc.reg.client.RegistryClient;
 import ca.nrc.cadc.tap.schema.ColumnDesc;
 import ca.nrc.cadc.tap.schema.TableDesc;
 import ca.nrc.cadc.tap.schema.TapDataType;
 import ca.nrc.cadc.tap.schema.TapPermissions;
-import ca.nrc.cadc.util.FileUtil;
 import ca.nrc.cadc.util.Log4jInit;
 import ca.nrc.cadc.uws.ExecutionPhase;
-import ca.nrc.cadc.uws.Job;
-import ca.nrc.cadc.uws.JobReader;
 import ca.nrc.cadc.vosi.InvalidTableSetException;
 import ca.nrc.cadc.vosi.TableReader;
-import ca.nrc.cadc.vosi.TableWriter;
 import ca.nrc.cadc.vosi.actions.TableDescHandler;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.StringReader;
 import java.net.URL;
 import java.util.Iterator;
 import java.util.List;
@@ -117,7 +101,6 @@
 import org.apache.log4j.Logger;
 import org.junit.Assert;
 import org.junit.Test;
-import org.opencadc.tap.TapClient;
 
 /**
  *
@@ -127,7 +110,7 @@ public class CreateTableTest extends AbstractTablesTest {
     private static final Logger log = Logger.getLogger(CreateTableTest.class);
 
     static {
-        Log4jInit.setLevel("ca.nrc.cadc.cat", Level.INFO);
+        Log4jInit.setLevel("org.opencadc.youcat", Level.INFO);
         Log4jInit.setLevel("ca.nrc.cadc.tap", Level.INFO);
     }
 
@@ -187,9 +170,9 @@ public void testCreateQueryDropVOSI() {
         try {
             clearSchemaPerms();
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            super.setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            super.setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testCreateQueryDropVOSI";
+            String testTable = testSchemaName + ".testCreateQueryDropVOSI";
             final TableDesc orig = doCreateTable(schemaOwner, testTable);
             TableDesc td = doVosiCheck(testTable);
             compare(orig, td);
@@ -214,9 +197,9 @@ public void testCreateQueryDropVOTable() {
         try {
             clearSchemaPerms();
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            super.setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            super.setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testCreateQueryDropVOTable";
+            String testTable = testSchemaName + ".testCreateQueryDropVOTable";
 
             // cleanup just in case
             doDelete(schemaOwner, testTable, true);
@@ -286,9 +269,9 @@ public void testCreateIndex() {
         try {
             clearSchemaPerms();
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            super.setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            super.setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String tableName = "cadcauthtest1.testCreateIndex";
+            String tableName = testSchemaName + ".testCreateIndex";
             TableDesc td = doCreateTable(schemaOwner, tableName);
             for (ColumnDesc cd : td.getColumnDescs()) {
                 log.info("testCreateIndex: " + cd.getColumnName());
@@ -312,9 +295,9 @@ public void testCreateUniqueIndex() {
         try {
             clearSchemaPerms();
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            super.setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            super.setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String tableName = "cadcauthtest1.testCreateUniqueIndex";
+            String tableName = testSchemaName + ".testCreateUniqueIndex";
             TableDesc td = doCreateTable(schemaOwner, tableName);
             for (ColumnDesc cd : td.getColumnDescs()) {
 

diff --git a/youcat/src/intTest/java/org/opencadc/youcat/LoadTableDataTest.java b/youcat/src/intTest/java/org/opencadc/youcat/LoadTableDataTest.java
@@ -146,7 +146,7 @@ public void testPostNoTableName() {
         try {
             log.info("start");
 
-            String testTable = "cadcauthtest1.testPostNoTableName";
+            String testTable = testSchemaName + ".testPostNoTableName";
             doCreateTable(schemaOwner, testTable);
 
             StringBuilder data = new StringBuilder();
@@ -177,7 +177,7 @@ public void testPostInvalidColumnName() {
         try {
             log.info("start");
 
-            String testTable = "cadcauthtest1.testPostInvalidColumnName";
+            String testTable = testSchemaName + ".testPostInvalidColumnName";
             doCreateTable(schemaOwner, testTable);
 
             StringBuilder data = new StringBuilder();
@@ -208,7 +208,7 @@ public void testWrongNumberOfColumns() {
         try {
             log.info("start");
 
-            String testTable = "cadcauthtest1.testWrongNumberOfColumns";
+            String testTable = testSchemaName + ".testWrongNumberOfColumns";
             doCreateTable(schemaOwner, testTable);
 
             StringBuilder data = new StringBuilder();
@@ -243,7 +243,7 @@ public void testNoSuchTable() {
             data.append("c0\tc1\n");
             data.append("string");
 
-            URL postURL = new URL(certLoadURL.toString() + "/cadcauthtest1.noSuchTable");
+            URL postURL = new URL(certLoadURL.toString() + "/" + testSchemaName + ".noSuchTable");
             final HttpPost post = new HttpPost(postURL, new FileContent(data.toString(), TableContentHandler.CONTENT_TYPE_TSV, UTF8), false);
             Subject.doAs(schemaOwner, new PrivilegedExceptionAction<Object>() {
                 public Object run() throws Exception {
@@ -270,7 +270,7 @@ public void testInvalidTableName() {
             data.append("c0\tc1\n");
             data.append("string");
 
-            URL postURL = new URL(certLoadURL.toString() + "/cadcauthtest1.invalid.table.name");
+            URL postURL = new URL(certLoadURL.toString() + "/" + testSchemaName + ".invalid.table.name");
             final HttpPost post = new HttpPost(postURL, new FileContent(data.toString(), TableContentHandler.CONTENT_TYPE_TSV, UTF8), false);
             Subject.doAs(schemaOwner, new PrivilegedExceptionAction<Object>() {
                 public Object run() throws Exception {
@@ -294,7 +294,7 @@ public void testNotTableOwner() {
 
             clearSchemaPerms();
 
-            String testTable = "cadcauthtest1.testNotTableOwner";
+            String testTable = testSchemaName + ".testNotTableOwner";
             doCreateTable(schemaOwner, testTable);
 
             StringBuilder data = new StringBuilder();
@@ -326,9 +326,9 @@ public void testAllDataTypesTSV() {
             log.info("start");
 
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testAllDataTypesTSV";
+            String testTable = testSchemaName + ".testAllDataTypesTSV";
             doCreateTable(schemaOwner, testTable);
             setPerms(schemaOwner, testTable, tp, 200);
 
@@ -397,9 +397,9 @@ public void testAllDataTypesFITS() {
             log.info("start");
 
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testAllDataTypesFits";
+            String testTable = testSchemaName + ".testAllDataTypesFits";
             doCreateTable(schemaOwner, testTable);
             setPerms(schemaOwner, testTable, tp, 200);
 
@@ -506,9 +506,9 @@ public void testMixedContentTypeASCII() {
             log.info("start");
 
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testMixedContentTypeASCII";
+            String testTable = testSchemaName + ".testMixedContentTypeASCII";
             doCreateTable(schemaOwner, testTable);
             setPerms(schemaOwner, testTable, tp, 200);
 
@@ -583,9 +583,9 @@ public void testMultipleBatches() {
             log.info("start");
 
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testMultipleBatches";
+            String testTable = testSchemaName + ".testMultipleBatches";
             doCreateTable(schemaOwner, testTable);
             setPerms(schemaOwner, testTable, tp, 200);
 
@@ -632,9 +632,9 @@ public void testErrorInMiddle() {
             log.info("start");
 
             TapPermissions tp = new TapPermissions(null, true, null, null);
-            setPerms(schemaOwner, "cadcauthtest1", tp, 200);
+            setPerms(schemaOwner, testSchemaName, tp, 200);
 
-            String testTable = "cadcauthtest1.testErrorInMiddle";
+            String testTable = testSchemaName + ".testErrorInMiddle";
             doCreateTable(schemaOwner, testTable);
             setPerms(schemaOwner, testTable, tp, 200);