diff --git a/youcat/README.md b/youcat/README.md index ac685033..bb3babd3 100644 --- a/youcat/README.md +++ b/youcat/README.md @@ -50,9 +50,9 @@ org.opencadc.youcat.uws.url=jdbc:postgresql://{server}/{database} The `tapadm` pool manages (create, alter, drop) tap_schema tables and manages the tap_schema content. The `uws` pool manages (create, alter, drop) uws tables and manages the uws content (creates and modifies jobs in the uws -schema when jobs are created and executed by users. +schema when jobs are created and executed by users. If `youcat` is configured with to create schemas (server _createSchemaInDB_ below) then this pool must also have permission to create schemas. -The `tapuser` pool is used to run TAP queries, including creating tables in the tap_upload schema. +The `tapuser` pool is used to run TAP queries, including creating tables in the `tap_upload` schema. All three pools must have the same JDBC URL (e.g. use the same database) with PostgreSQL. This may be relaxed in future. @@ -80,6 +80,21 @@ See cadc-tap- ## youcat.properties +The youcat.properties configures some admin and optional functions of the service. +``` +# configure the admin user +org.opencadc.youcat.adminUser = {identity} + +# (optional) configure schema creation in the database (default: false) +org.opencadc.youcat.createSchemaInDB = true|false +``` +The admin user can use the youcat API to create a new schema for a user. This will add the +schema to the `tap_schema.schemas` table and enable the user to create tables in that +schema. If the optional _createSchemaInDB_ flag is set to true, a schema created by admin +will be created in the database in addition to being added to the `tap_schema`. If false, +`youcat` will not create the schema in the database and just assume it exists and that the +`tapadm` pool has permission to create objects (tables and indices) in it. + As hard-coded behaviours of `youcat` are extracted from the build and made configurable, the configuration options will usually be in this file (see **development plans** below). diff --git a/youcat/src/intTest/java/org/opencadc/youcat/AbstractTablesTest.java b/youcat/src/intTest/java/org/opencadc/youcat/AbstractTablesTest.java index f748a0ab..f0a8b3b4 100644 --- a/youcat/src/intTest/java/org/opencadc/youcat/AbstractTablesTest.java +++ b/youcat/src/intTest/java/org/opencadc/youcat/AbstractTablesTest.java @@ -119,16 +119,22 @@ abstract class AbstractTablesTest { private static final Logger log = Logger.getLogger(AbstractTablesTest.class); static { - Log4jInit.setLevel("ca.nrc.cadc.cat", Level.INFO); + Log4jInit.setLevel("org.opencadc.youcat", Level.INFO); Log4jInit.setLevel("ca.nrc.cadc.tap", Level.INFO); } + static final String YOUCAT_ADMIN = "youcat-admin.pem"; // to create test schema + static final String SCHEMA_OWNER_CERT = "youcat-owner.pem"; // own test schema + static final String SCHEMA_GROUP_MEMBER = "youcat-member.pem"; // member of group + static String VALID_TEST_GROUP = "ivo://cadc.nrc.ca/gms?YouCat-ReadWrite"; Subject anon; Subject schemaOwner; Subject subjectWithGroups; + protected String testSchemaName = "int_test_schema"; + URL anonQueryURL; URL certQueryURL; URL anonTablesURL; @@ -139,12 +145,12 @@ abstract class AbstractTablesTest { AbstractTablesTest() { try { - File cf = FileUtil.getFileFromResource("x509_CADCAuthtest1.pem", AbstractTablesTest.class); + File cf = FileUtil.getFileFromResource(SCHEMA_OWNER_CERT, AbstractTablesTest.class); schemaOwner = SSLUtil.createSubject(cf); anon = AuthenticationUtil.getAnonSubject(); log.debug("created schemaOwner: " + schemaOwner); - cf = FileUtil.getFileFromResource("x509_CADCAuthtest2.pem", AbstractTablesTest.class); + cf = FileUtil.getFileFromResource(SCHEMA_GROUP_MEMBER, AbstractTablesTest.class); subjectWithGroups = SSLUtil.createSubject(cf); log.debug("created subjectWithGroups: " + subjectWithGroups); @@ -161,6 +167,9 @@ abstract class AbstractTablesTest { } catch (Exception ex) { log.error("TEST SETUP BUG: failed to find TAP URL", ex); } + + // TODO: use youcat-admin to create the test schema owned by youcat-owner + } catch (Throwable t) { throw new RuntimeException("TEST SETUP FAILED", t); } @@ -192,7 +201,7 @@ TableDesc doCreateTable(Subject subject, String tableName) throws Exception { // cleanup just in case doDelete(subject, tableName, true); - final TableDesc orig = new TableDesc("cadcauthtest1", tableName); + final TableDesc orig = new TableDesc(testSchemaName, tableName); orig.description = "created by intTest"; orig.tableType = TableDesc.TableType.TABLE; orig.tableIndex = 1; @@ -292,7 +301,7 @@ void doCreateIndex(Subject subject, String tableName, String indexCol, boolean u protected void clearSchemaPerms() throws MalformedURLException { TapPermissions tp = new TapPermissions(); tp.isPublic = false; - setPerms(schemaOwner, "cadcauthtest1", tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); } protected void setPerms(Subject subject, String name, TapPermissions tp, int expectedCode) throws MalformedURLException { diff --git a/youcat/src/intTest/java/org/opencadc/youcat/CreateTableTest.java b/youcat/src/intTest/java/org/opencadc/youcat/CreateTableTest.java index 62c03793..a8e33565 100644 --- a/youcat/src/intTest/java/org/opencadc/youcat/CreateTableTest.java +++ b/youcat/src/intTest/java/org/opencadc/youcat/CreateTableTest.java @@ -67,11 +67,7 @@ package org.opencadc.youcat; - -import ca.nrc.cadc.auth.AuthMethod; -import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.RunnableAction; -import ca.nrc.cadc.auth.SSLUtil; import ca.nrc.cadc.dali.tables.TableData; import ca.nrc.cadc.dali.tables.votable.VOTableDocument; import ca.nrc.cadc.dali.tables.votable.VOTableField; @@ -79,34 +75,22 @@ import ca.nrc.cadc.dali.tables.votable.VOTableResource; import ca.nrc.cadc.dali.tables.votable.VOTableTable; import ca.nrc.cadc.dali.tables.votable.VOTableWriter; -import ca.nrc.cadc.net.HttpDelete; import ca.nrc.cadc.net.HttpDownload; -import ca.nrc.cadc.net.HttpPost; import ca.nrc.cadc.net.HttpUpload; import ca.nrc.cadc.net.InputStreamWrapper; import ca.nrc.cadc.net.OutputStreamWrapper; -import ca.nrc.cadc.reg.Standards; -import ca.nrc.cadc.reg.client.RegistryClient; import ca.nrc.cadc.tap.schema.ColumnDesc; import ca.nrc.cadc.tap.schema.TableDesc; import ca.nrc.cadc.tap.schema.TapDataType; import ca.nrc.cadc.tap.schema.TapPermissions; -import ca.nrc.cadc.util.FileUtil; import ca.nrc.cadc.util.Log4jInit; import ca.nrc.cadc.uws.ExecutionPhase; -import ca.nrc.cadc.uws.Job; -import ca.nrc.cadc.uws.JobReader; import ca.nrc.cadc.vosi.InvalidTableSetException; import ca.nrc.cadc.vosi.TableReader; -import ca.nrc.cadc.vosi.TableWriter; import ca.nrc.cadc.vosi.actions.TableDescHandler; -import java.io.ByteArrayOutputStream; -import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.StringReader; import java.net.URL; import java.util.Iterator; import java.util.List; @@ -117,7 +101,6 @@ import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; -import org.opencadc.tap.TapClient; /** * @@ -127,7 +110,7 @@ public class CreateTableTest extends AbstractTablesTest { private static final Logger log = Logger.getLogger(CreateTableTest.class); static { - Log4jInit.setLevel("ca.nrc.cadc.cat", Level.INFO); + Log4jInit.setLevel("org.opencadc.youcat", Level.INFO); Log4jInit.setLevel("ca.nrc.cadc.tap", Level.INFO); } @@ -187,9 +170,9 @@ public void testCreateQueryDropVOSI() { try { clearSchemaPerms(); TapPermissions tp = new TapPermissions(null, true, null, null); - super.setPerms(schemaOwner, "cadcauthtest1", tp, 200); + super.setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testCreateQueryDropVOSI"; + String testTable = testSchemaName + ".testCreateQueryDropVOSI"; final TableDesc orig = doCreateTable(schemaOwner, testTable); TableDesc td = doVosiCheck(testTable); compare(orig, td); @@ -214,9 +197,9 @@ public void testCreateQueryDropVOTable() { try { clearSchemaPerms(); TapPermissions tp = new TapPermissions(null, true, null, null); - super.setPerms(schemaOwner, "cadcauthtest1", tp, 200); + super.setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testCreateQueryDropVOTable"; + String testTable = testSchemaName + ".testCreateQueryDropVOTable"; // cleanup just in case doDelete(schemaOwner, testTable, true); @@ -286,9 +269,9 @@ public void testCreateIndex() { try { clearSchemaPerms(); TapPermissions tp = new TapPermissions(null, true, null, null); - super.setPerms(schemaOwner, "cadcauthtest1", tp, 200); + super.setPerms(schemaOwner, testSchemaName, tp, 200); - String tableName = "cadcauthtest1.testCreateIndex"; + String tableName = testSchemaName + ".testCreateIndex"; TableDesc td = doCreateTable(schemaOwner, tableName); for (ColumnDesc cd : td.getColumnDescs()) { log.info("testCreateIndex: " + cd.getColumnName()); @@ -312,9 +295,9 @@ public void testCreateUniqueIndex() { try { clearSchemaPerms(); TapPermissions tp = new TapPermissions(null, true, null, null); - super.setPerms(schemaOwner, "cadcauthtest1", tp, 200); + super.setPerms(schemaOwner, testSchemaName, tp, 200); - String tableName = "cadcauthtest1.testCreateUniqueIndex"; + String tableName = testSchemaName + ".testCreateUniqueIndex"; TableDesc td = doCreateTable(schemaOwner, tableName); for (ColumnDesc cd : td.getColumnDescs()) { diff --git a/youcat/src/intTest/java/org/opencadc/youcat/LoadTableDataTest.java b/youcat/src/intTest/java/org/opencadc/youcat/LoadTableDataTest.java index 3f34571d..89514c3a 100644 --- a/youcat/src/intTest/java/org/opencadc/youcat/LoadTableDataTest.java +++ b/youcat/src/intTest/java/org/opencadc/youcat/LoadTableDataTest.java @@ -146,7 +146,7 @@ public void testPostNoTableName() { try { log.info("start"); - String testTable = "cadcauthtest1.testPostNoTableName"; + String testTable = testSchemaName + ".testPostNoTableName"; doCreateTable(schemaOwner, testTable); StringBuilder data = new StringBuilder(); @@ -177,7 +177,7 @@ public void testPostInvalidColumnName() { try { log.info("start"); - String testTable = "cadcauthtest1.testPostInvalidColumnName"; + String testTable = testSchemaName + ".testPostInvalidColumnName"; doCreateTable(schemaOwner, testTable); StringBuilder data = new StringBuilder(); @@ -208,7 +208,7 @@ public void testWrongNumberOfColumns() { try { log.info("start"); - String testTable = "cadcauthtest1.testWrongNumberOfColumns"; + String testTable = testSchemaName + ".testWrongNumberOfColumns"; doCreateTable(schemaOwner, testTable); StringBuilder data = new StringBuilder(); @@ -243,7 +243,7 @@ public void testNoSuchTable() { data.append("c0\tc1\n"); data.append("string"); - URL postURL = new URL(certLoadURL.toString() + "/cadcauthtest1.noSuchTable"); + URL postURL = new URL(certLoadURL.toString() + "/" + testSchemaName + ".noSuchTable"); final HttpPost post = new HttpPost(postURL, new FileContent(data.toString(), TableContentHandler.CONTENT_TYPE_TSV, UTF8), false); Subject.doAs(schemaOwner, new PrivilegedExceptionAction() { public Object run() throws Exception { @@ -270,7 +270,7 @@ public void testInvalidTableName() { data.append("c0\tc1\n"); data.append("string"); - URL postURL = new URL(certLoadURL.toString() + "/cadcauthtest1.invalid.table.name"); + URL postURL = new URL(certLoadURL.toString() + "/" + testSchemaName + ".invalid.table.name"); final HttpPost post = new HttpPost(postURL, new FileContent(data.toString(), TableContentHandler.CONTENT_TYPE_TSV, UTF8), false); Subject.doAs(schemaOwner, new PrivilegedExceptionAction() { public Object run() throws Exception { @@ -294,7 +294,7 @@ public void testNotTableOwner() { clearSchemaPerms(); - String testTable = "cadcauthtest1.testNotTableOwner"; + String testTable = testSchemaName + ".testNotTableOwner"; doCreateTable(schemaOwner, testTable); StringBuilder data = new StringBuilder(); @@ -326,9 +326,9 @@ public void testAllDataTypesTSV() { log.info("start"); TapPermissions tp = new TapPermissions(null, true, null, null); - setPerms(schemaOwner, "cadcauthtest1", tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testAllDataTypesTSV"; + String testTable = testSchemaName + ".testAllDataTypesTSV"; doCreateTable(schemaOwner, testTable); setPerms(schemaOwner, testTable, tp, 200); @@ -397,9 +397,9 @@ public void testAllDataTypesFITS() { log.info("start"); TapPermissions tp = new TapPermissions(null, true, null, null); - setPerms(schemaOwner, "cadcauthtest1", tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testAllDataTypesFits"; + String testTable = testSchemaName + ".testAllDataTypesFits"; doCreateTable(schemaOwner, testTable); setPerms(schemaOwner, testTable, tp, 200); @@ -506,9 +506,9 @@ public void testMixedContentTypeASCII() { log.info("start"); TapPermissions tp = new TapPermissions(null, true, null, null); - setPerms(schemaOwner, "cadcauthtest1", tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testMixedContentTypeASCII"; + String testTable = testSchemaName + ".testMixedContentTypeASCII"; doCreateTable(schemaOwner, testTable); setPerms(schemaOwner, testTable, tp, 200); @@ -583,9 +583,9 @@ public void testMultipleBatches() { log.info("start"); TapPermissions tp = new TapPermissions(null, true, null, null); - setPerms(schemaOwner, "cadcauthtest1", tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testMultipleBatches"; + String testTable = testSchemaName + ".testMultipleBatches"; doCreateTable(schemaOwner, testTable); setPerms(schemaOwner, testTable, tp, 200); @@ -632,9 +632,9 @@ public void testErrorInMiddle() { log.info("start"); TapPermissions tp = new TapPermissions(null, true, null, null); - setPerms(schemaOwner, "cadcauthtest1", tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); - String testTable = "cadcauthtest1.testErrorInMiddle"; + String testTable = testSchemaName + ".testErrorInMiddle"; doCreateTable(schemaOwner, testTable); setPerms(schemaOwner, testTable, tp, 200); diff --git a/youcat/src/intTest/java/org/opencadc/youcat/PermissionsTest.java b/youcat/src/intTest/java/org/opencadc/youcat/PermissionsTest.java index 922721f9..b696b7b6 100644 --- a/youcat/src/intTest/java/org/opencadc/youcat/PermissionsTest.java +++ b/youcat/src/intTest/java/org/opencadc/youcat/PermissionsTest.java @@ -67,6 +67,18 @@ package org.opencadc.youcat; +import ca.nrc.cadc.auth.RunnableAction; +import ca.nrc.cadc.dali.tables.TableData; +import ca.nrc.cadc.dali.tables.votable.VOTableDocument; +import ca.nrc.cadc.dali.tables.votable.VOTableReader; +import ca.nrc.cadc.dali.tables.votable.VOTableResource; +import ca.nrc.cadc.dali.tables.votable.VOTableTable; +import ca.nrc.cadc.net.FileContent; +import ca.nrc.cadc.net.HttpDownload; +import ca.nrc.cadc.net.HttpPost; +import ca.nrc.cadc.tap.schema.TapPermissions; +import ca.nrc.cadc.uws.ExecutionPhase; +import ca.nrc.cadc.vosi.actions.TableContentHandler; import java.io.ByteArrayOutputStream; import java.net.MalformedURLException; import java.net.URI; @@ -77,29 +89,13 @@ import java.util.List; import java.util.Map; import java.util.TreeMap; - import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; - import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import org.opencadc.gms.GroupURI; -import ca.nrc.cadc.auth.HttpPrincipal; -import ca.nrc.cadc.auth.RunnableAction; -import ca.nrc.cadc.dali.tables.TableData; -import ca.nrc.cadc.dali.tables.votable.VOTableDocument; -import ca.nrc.cadc.dali.tables.votable.VOTableReader; -import ca.nrc.cadc.dali.tables.votable.VOTableResource; -import ca.nrc.cadc.dali.tables.votable.VOTableTable; -import ca.nrc.cadc.net.FileContent; -import ca.nrc.cadc.net.HttpDownload; -import ca.nrc.cadc.net.HttpPost; -import ca.nrc.cadc.tap.schema.TapPermissions; -import ca.nrc.cadc.uws.ExecutionPhase; -import ca.nrc.cadc.vosi.actions.TableContentHandler; - /** * * @author majorb @@ -118,12 +114,11 @@ public void testAnon() { try { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testGetAnon"; + String testTable = testSchemaName + ".testGetAnon"; doCreateTable(schemaOwner, testTable); ByteArrayOutputStream out = new ByteArrayOutputStream(); - URL schemaPerms = new URL(permsURL.toString() + "/" + testSchema); + URL schemaPerms = new URL(permsURL.toString() + "/" + testSchemaName); URL tablePerms = new URL(permsURL.toString() + "/" + testTable); // get schema perms @@ -169,8 +164,7 @@ public void testBadSetParams() { try { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testBadSetParams"; + String testTable = testSchemaName + ".testBadSetParams"; doCreateTable(schemaOwner, testTable); URL tablePerms = new URL(permsURL.toString() + "/" + testTable); @@ -223,14 +217,13 @@ public void testPublic() { try { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testPublic"; + String testTable = testSchemaName + ".testPublic"; doCreateTable(schemaOwner, testTable); this.doQuery(anon, anonQueryURL, testTable, 400); TapPermissions tp = new TapPermissions(null, true, null, null); - setPerms(schemaOwner, testSchema, tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); this.doQuery(anon, anonQueryURL, testTable, 403); setPerms(schemaOwner, testTable, tp, 200); @@ -252,8 +245,7 @@ public void testGroupRead() { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testGroupRead"; + String testTable = testSchemaName + ".testGroupRead"; doCreateTable(schemaOwner, testTable); this.doQuery(subjectWithGroups, certQueryURL, testTable, 400); @@ -262,8 +254,8 @@ public void testGroupRead() { GroupURI readGroup = new GroupURI(VALID_TEST_GROUP); TapPermissions tp = new TapPermissions(null, false, readGroup, null); - setPerms(schemaOwner, testSchema, tp, 200); - TapPermissions tp1 = getPermissions(schemaOwner, testSchema, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); + TapPermissions tp1 = getPermissions(schemaOwner, testSchemaName, 200); Assert.assertNotNull(tp1.isPublic); Assert.assertFalse(tp1.isPublic); Assert.assertEquals(readGroup, tp1.readGroup); @@ -297,8 +289,7 @@ public void testGroupReadWrite() { try { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testGroupReadWrite"; + String testTable = testSchemaName + ".testGroupReadWrite"; doCreateTable(schemaOwner, testTable); this.doQuery(subjectWithGroups, certQueryURL, testTable, 400); @@ -307,8 +298,8 @@ public void testGroupReadWrite() { GroupURI readWriteGroup = new GroupURI(VALID_TEST_GROUP); TapPermissions tp = new TapPermissions(null, false, null, readWriteGroup); - setPerms(schemaOwner, testSchema, tp, 200); - TapPermissions tp1 = getPermissions(schemaOwner, testSchema, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); + TapPermissions tp1 = getPermissions(schemaOwner, testSchemaName, 200); Assert.assertNotNull(tp1.isPublic); Assert.assertFalse(tp1.isPublic); Assert.assertNull(tp1.readGroup); @@ -342,11 +333,10 @@ public void testSchemaOwnerDropTable() { try { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testDropTable"; + String testTable = testSchemaName + ".testDropTable"; TapPermissions tp = new TapPermissions(null, true, null, new GroupURI(VALID_TEST_GROUP)); - setPerms(schemaOwner, testSchema, tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); doCreateTable(subjectWithGroups, testTable); this.doQuery(subjectWithGroups, certQueryURL, testTable, 200); @@ -368,11 +358,10 @@ public void testDropTable() { try { clearSchemaPerms(); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testDropTable"; + String testTable = testSchemaName + ".testDropTable"; TapPermissions tp = new TapPermissions(null, true, null, new GroupURI(VALID_TEST_GROUP)); - setPerms(schemaOwner, testSchema, tp, 200); + setPerms(schemaOwner, testSchemaName, tp, 200); doCreateTable(subjectWithGroups, testTable); this.doQuery(subjectWithGroups, certQueryURL, testTable, 200); @@ -394,21 +383,19 @@ public void testNoInheritance() { log.info("testNoInheritance()"); try { - String testSchema = "cadcauthtest1"; - GroupURI group1 = new GroupURI("ivo://cadc.nrc.ca/gms?group1"); GroupURI group2 = new GroupURI("ivo://cadc.nrc.ca/gms?group2"); TapPermissions tp = new TapPermissions(null, true, group1, group2); - this.setPerms(schemaOwner, testSchema, tp, 200); + this.setPerms(schemaOwner, testSchemaName, tp, 200); - TapPermissions actual = this.getPermissions(schemaOwner, testSchema, 200); + TapPermissions actual = this.getPermissions(schemaOwner, testSchemaName, 200); Assert.assertTrue(actual.owner.getPrincipals(X500Principal.class).iterator().next() .getName().equals("CN=cadcauthtest1_24c,OU=cadc,O=hia,C=ca")); Assert.assertEquals(true, actual.isPublic); Assert.assertEquals(group1, actual.readGroup); Assert.assertEquals(group2, actual.readWriteGroup); - String testTable = testSchema + ".testNoInheritance"; + String testTable = testSchemaName + ".testNoInheritance"; doCreateTable(schemaOwner, testTable); actual = this.getPermissions(schemaOwner, testTable, 200); @@ -435,8 +422,7 @@ public void testQueriesChangingPerms() { // query tap_schema.schemas -- null owner so should be public this.doQuery(anon, anonQueryURL, "tap_schema.schemas", 200); - String testSchema = "cadcauthtest1"; - String testTable = testSchema + ".testQueriesChangingPerms"; + String testTable = testSchemaName + ".testQueriesChangingPerms"; doCreateTable(schemaOwner, testTable); // initially private @@ -446,7 +432,7 @@ public void testQueriesChangingPerms() { // set schema and table to public TapPermissions tp = new TapPermissions(null, true, null, null); - this.setPerms(schemaOwner, testSchema, tp, 200); + this.setPerms(schemaOwner, testSchemaName, tp, 200); this.setPerms(schemaOwner, testTable, tp, 200); this.doQuery(anon, certQueryURL, testTable, 200); this.doQuery(subjectWithGroups, certQueryURL, testTable, 200); @@ -524,7 +510,7 @@ public void testGroupAccessQuerySchemasTable() { GroupURI readGroup = new GroupURI(VALID_TEST_GROUP); TapPermissions tp = new TapPermissions(null, false, readGroup, null); - this.setPerms(this.schemaOwner, "cadcauthtest1", tp, 200); + this.setPerms(this.schemaOwner, testSchemaName, tp, 200); String query = "select schema_name from tap_schema.schemas"; @@ -581,7 +567,7 @@ public void testGroupAccessQueryTablesTable() { GroupURI readGroup = new GroupURI(VALID_TEST_GROUP); TapPermissions tp = new TapPermissions(null, false, readGroup, null); - this.setPerms(this.schemaOwner, "cadcauthtest1", tp, 200); + this.setPerms(this.schemaOwner, testSchemaName, tp, 200); String query = "select schema_name from tap_schema.tables"; @@ -641,7 +627,7 @@ public void testGroupQueryColumnsTable() { GroupURI readGroup = new GroupURI(VALID_TEST_GROUP); TapPermissions tp = new TapPermissions(null, false, readGroup, null); - this.setPerms(this.schemaOwner, "cadcauthtest1", tp, 200); + this.setPerms(this.schemaOwner, testSchemaName, tp, 200); String query = "select t.schema_name from tap_schema.tables t " + "join tap_schema.columns c on t.table_name=c.table_name"; @@ -678,7 +664,7 @@ private void assertAnonymousSchemaResults(VOTableDocument doc) { if (((String) row.get(0)).equals("tap_schema")) { foundTapSchemaSchema = true; } - if (((String) row.get(0)).equals("cadcauthtest1")) { + if (((String) row.get(0)).equals(testSchemaName)) { foundCadcauthtest1Schema = true; } } @@ -686,7 +672,7 @@ private void assertAnonymousSchemaResults(VOTableDocument doc) { Assert.fail("failed to find tap schema schema"); } if (foundCadcauthtest1Schema) { - Assert.fail("mistakenly found cadcauthtest1 schema"); + Assert.fail("mistakenly found " + testSchemaName + " schema"); } } catch (Throwable t) { @@ -716,7 +702,7 @@ private void assertAuthtest1ReadResults(VOTableDocument doc) { if (((String) row.get(0)).equals("tap_schema")) { foundTapSchemaSchema = true; } - if (((String) row.get(0)).equals("cadcauthtest1")) { + if (((String) row.get(0)).equals(testSchemaName)) { foundCadcauthtest1Schema = true; } } @@ -724,7 +710,7 @@ private void assertAuthtest1ReadResults(VOTableDocument doc) { Assert.fail("failed to find tap schema schema"); } if (!foundCadcauthtest1Schema) { - Assert.fail("failed to find cadcauthtest1 schema"); + Assert.fail("failed to find " + testSchemaName + " schema"); } } catch (Throwable t) { log.error("unexpected", t); diff --git a/youcat/src/main/java/org/opencadc/youcat/YoucatInitAction.java b/youcat/src/main/java/org/opencadc/youcat/YoucatInitAction.java index 8d777e1d..a4a31712 100644 --- a/youcat/src/main/java/org/opencadc/youcat/YoucatInitAction.java +++ b/youcat/src/main/java/org/opencadc/youcat/YoucatInitAction.java @@ -67,10 +67,17 @@ package org.opencadc.youcat; +import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.db.DBUtil; import ca.nrc.cadc.rest.InitAction; import ca.nrc.cadc.tap.schema.InitDatabaseTS; +import ca.nrc.cadc.util.InvalidConfigException; +import ca.nrc.cadc.util.MultiValuedProperties; +import ca.nrc.cadc.util.PropertiesReader; import ca.nrc.cadc.uws.server.impl.InitDatabaseUWS; +import ca.nrc.cadc.vosi.actions.TablesAction; +import javax.naming.Context; +import javax.naming.InitialContext; import javax.sql.DataSource; import org.apache.log4j.Logger; @@ -81,12 +88,68 @@ public class YoucatInitAction extends InitAction { private static final Logger log = Logger.getLogger(YoucatInitAction.class); + private static final String YOUCAT = YoucatInitAction.class.getPackageName(); + private static final String YOUCAT_ADMIN = YOUCAT + ".adminUser"; + private static final String YOUCAT_CREATE = YOUCAT + ".createSchemaInDB"; + + private String jndiAdminKey; + private String jndiCreateSchemaKey; + public YoucatInitAction() { } + private void initConfig() { + this.jndiAdminKey = appName + TablesAction.ADMIN_KEY; + this.jndiCreateSchemaKey = appName + TablesAction.CREATE_SCHEMA_KEY; + + PropertiesReader r = new PropertiesReader("youcat.properties"); + MultiValuedProperties mvp = r.getAllProperties(); + + StringBuilder sb = new StringBuilder(); + sb.append("incomplete config: "); + boolean ok = true; + + String username = mvp.getFirstPropertyValue(YOUCAT_ADMIN); + sb.append("\n\t" + YOUCAT_ADMIN + ": "); + if (username == null) { + sb.append("MISSING"); + ok = false; + } else { + sb.append("OK"); + } + + String yc = mvp.getFirstPropertyValue(YOUCAT_CREATE); + sb.append("\n\t" + YOUCAT_CREATE + ": "); + if (yc == null) { + sb.append("MISSING"); + } else { + sb.append("OK"); + } + + if (!ok) { + throw new InvalidConfigException(sb.toString()); + } + + HttpPrincipal hp = new HttpPrincipal(username); + Boolean createSchemaInDB = true; + if (yc != null && "false".equals(yc)) { + createSchemaInDB = false; + } + try { + Context ctx = new InitialContext(); + ctx.bind(jndiAdminKey, hp); + ctx.bind(jndiCreateSchemaKey, createSchemaInDB); + log.info("init: admin=" + hp + " createSchemaInDB=" + createSchemaInDB); + } catch (Exception ex) { + log.error("Failed to create JNDI key(s): " + jndiAdminKey + "|" + jndiCreateSchemaKey, ex); + } + } + @Override public void doInit() { try { + initConfig(); + // tap_schema log.info("InitDatabaseTS: START"); DataSource tapadm = DBUtil.findJNDIDataSource("jdbc/tapadm"); @@ -100,6 +163,8 @@ public void doInit() { InitDatabaseUWS uwsi = new InitDatabaseUWS(uws, null, "uws"); uwsi.doInit(); log.info("InitDatabaseUWS: OK"); + + } catch (Exception ex) { throw new RuntimeException("INIT FAIL: " + ex.getMessage(), ex); }