CSAPI Service should include more flexible config for its write database

[earocorn]

Current State

Currently, the CSAPI Service allows you to specify a filtered view of the federated database to read from and a single database module to write to. If no filtered view is specified, the entire federated database is exposed. If no database module is specified to write to, the entire system state database is exposed for writing.

Issues

• If you want to send POST requests to a system that is not part of the system state database/specified database, but is exposed in the database view, the data will not update, but still send a HTTP 200 response code. In theory, this could be fine as you may only want to write data to one database, but allow reads for other systems. However, if multiple systems are spread across multiple databases, this could cause issues.
• If database module id OR filtered view are unspecified, the entire system is exposed. This should show some warning in the admin UI to be cautious of unsafe rules.

doStart() of ConSysApiService

// get handle to obs system database
        if (!Strings.isNullOrEmpty(config.databaseID))
        {
            writeDb = (IObsSystemDatabase)getParentHub().getModuleRegistry()
                .getModuleById(config.databaseID);
            if (writeDb != null && !writeDb.isOpen())
                writeDb = null;
        }
        else
            writeDb = getParentHub().getSystemDriverRegistry().getSystemStateDatabase();

        // get existing or create new FilteredView from config
        if (config.exposedResources != null)
        {
            if (writeDb != null)
            {
                var obsFilter = config.exposedResources.getObsFilter();
                var cmdFilter = config.exposedResources.getCommandFilter();
                readDb = new FilteredFederatedDatabase(
                    getParentHub().getDatabaseRegistry(),
                    obsFilter, cmdFilter, new ProcedureFilter.Builder().build(), writeDb.getDatabaseNum());
            }
            else
                readDb = config.exposedResources.getFilteredView(getParentHub());
        }
        else
            readDb = getParentHub().getDatabaseRegistry().getFederatedDatabase();

Solution

• ConSysApiService should allow a more flexible configuration for the databases it's allowed to write to.
• The filtered view could also have a more flexible configuration to allow filtered views for multiple databases.
• Warning messages in Admin UI when no read or write databases are specified.