Hotfix

- HTTP Status codes in the backend - User create rollback on unsuccessful creation - Database create rollback on unsuccessful creation

Hotfix
f9983c05 · Martin Weise · faf1b7f7 · f9983c05 · f9983c05 · f9983c05
Unverified Commit f9983c05 authored Sep 17, 2023 by Martin Weise
--- a/.env.unix.example
+++ b/.env.unix.example
@@ -12,7 +12,7 @@ METADATA_PASSWORD=dbrepo
 AUTH_DB=keycloak
 AUTH_USERNAME=root
 AUTH_PASSWORD=dbrepo
-BROKER_ENDPOINT=http://broker-service:15672/api/broker
+BROKER_ENDPOINT=http://broker-service:15672/admin/broker
 BROKER_USERNAME=fda
 BROKER_PASSWORD=fda
 KEYCLOAK_ADMIN=fda

--- a/dbrepo-broker-service/rabbitmq.conf
+++ b/dbrepo-broker-service/rabbitmq.conf
@@ -10,8 +10,8 @@ default_permissions.write = .*
 # enable http outside localhost
 listeners.tcp.1 = 0.0.0.0:5672
-# management ui (https://www.rabbitmq.com/management.html#path-prefix)
+# management prefix (https://www.rabbitmq.com/management.html#path-prefix)
-management.path_prefix = /api/broker
+management.path_prefix = /admin/broker
 # logging
 log.console = true

--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -34,8 +34,7 @@ server {
    listen 80 default_server;
    server_name _;
-    location /api/broker {
+    location /admin/broker {
-        rewrite /api/broker/(.*) /api/$1 break;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -44,22 +43,22 @@ server {
        proxy_read_timeout      90;
    }
-    location /api/analyse {
+    location /api/broker {
+        rewrite /api/broker/(.*) /admin/broker/api/$1 break;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://analyse;
+        proxy_pass              http://broker;
        proxy_read_timeout      90;
    }
-    location /pid {
+    location /api/analyse {
-        rewrite /pid/(.*) /api/pid/$1 break;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://metadata;
+        proxy_pass              http://analyse;
        proxy_read_timeout      90;
    }
@@ -91,17 +90,17 @@ server {
        proxy_read_timeout      90;
    }
-    location /retrieve {
+    location /api {
-        rewrite /retrieve/(.*) /$1 break;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://search;
+        proxy_pass              http://metadata;
        proxy_read_timeout      90;
    }
-    location /api {
+    location /pid {
+        rewrite /pid/(.*) /api/pid/$1 break;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -110,6 +109,16 @@ server {
        proxy_read_timeout      90;
    }
+    location /retrieve {
+        rewrite /retrieve/(.*) /$1 break;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_pass              http://search;
+        proxy_read_timeout      90;
+    }
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;

--- a/dbrepo-metadata-service/Dockerfile
+++ b/dbrepo-metadata-service/Dockerfile
@@ -36,7 +36,7 @@ ENV ADMIN_MAIL="noreply@localhost"
 ENV BASE_URL="http://localhost"
 ENV GRANT_PRIVILEGES="SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE"
 ENV BROKER_CONSUMERS=2
-ENV BROKER_ENDPOINT="http://broker-service:15672/api/broker"
+ENV BROKER_ENDPOINT="http://broker-service:15672/admin/broker"
 ENV BROKER_USERNAME=fda
 ENV BROKER_PASSWORD=fda
 ENV DELETED_RECORD=persistent

--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/BrokerRemoteException.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/BrokerRemoteException.java
+package at.tuwien.exception;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+@ResponseStatus(code = HttpStatus.SERVICE_UNAVAILABLE)
+public class BrokerRemoteException extends Exception {
+    public BrokerRemoteException(String msg) {
+        super(msg);
+    }
+    public BrokerRemoteException(String msg, Throwable thr) {
+        super(msg, thr);
+    }
+    public BrokerRemoteException(Throwable thr) {
+        super(thr);
+    }
+}
--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/KeycloakRemoteException.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/exception/KeycloakRemoteException.java
@@ -3,7 +3,7 @@ package at.tuwien.exception;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ResponseStatus;
-@ResponseStatus(code = HttpStatus.LOCKED)
+@ResponseStatus(code = HttpStatus.SERVICE_UNAVAILABLE)
 public class KeycloakRemoteException extends Exception {
    public KeycloakRemoteException(String msg) {

--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/mapper/DatabaseMapper.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/mapper/DatabaseMapper.java
@@ -163,9 +163,9 @@ public interface DatabaseMapper {
    }
    default PreparedStatement rawGrantCreatorAccessQuery(Connection connection, String databaseName, String username,
-                                                         String priviliges) throws QueryMalformedException {
+                                                         String privileges) throws QueryMalformedException {
        final StringBuilder statement = new StringBuilder("GRANT ")
-                .append(priviliges)
+                .append(privileges)
                .append(" ON ")
                .append(databaseName)
                .append(".* TO `")

--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/DatabaseEndpoint.java
@@ -84,7 +84,7 @@ public class DatabaseEndpoint {
    }
    @PostMapping
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @PreAuthorize("hasAuthority('create-database')")
    @Timed(value = "database.create", description = "Time needed to create a database")
    @Operation(summary = "Create database", security = @SecurityRequirement(name = "bearerAuth"))
@@ -141,7 +141,7 @@ public class DatabaseEndpoint {
            AmqpException, ContainerConnectionException, UserNotFoundException,
            DatabaseNotFoundException, DatabaseNameExistsException, DatabaseConnectionException,
            QueryMalformedException, NotAllowedException, BrokerVirtualHostCreationException, QueryStoreException,
-            BrokerVirtualHostGrantException, KeycloakRemoteException, AccessDeniedException {
+            BrokerVirtualHostGrantException, KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        log.debug("endpoint create database, createDto={}, principal={}", createDto,
                principal);
        final User user = userService.findByUsername(principal.getName());
@@ -272,7 +272,7 @@ public class DatabaseEndpoint {
    }
    @DeleteMapping("/{id}")
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @PreAuthorize("hasAuthority('delete-database')")
    @Timed(value = "database.delete", description = "Time needed to delete a database")
    @Operation(summary = "Delete some database", security = @SecurityRequirement(name = "bearerAuth"))
@@ -321,7 +321,7 @@ public class DatabaseEndpoint {
    public ResponseEntity<?> delete(@NotNull @PathVariable Long id, Principal principal)
            throws DatabaseNotFoundException, ImageNotSupportedException, DatabaseMalformedException, AmqpException,
            QueryMalformedException, UserNotFoundException, BrokerVirtualHostGrantException,
-            DatabaseConnectionException, KeycloakRemoteException, AccessDeniedException {
+            DatabaseConnectionException, KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        log.debug("endpoint delete database, id={}, principal={}", id,
                principal);
        final Database database = databaseService.findById(id);

--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
@@ -75,7 +75,7 @@ public class UserEndpoint {
    }
    @PostMapping
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @PreAuthorize("!isAuthenticated()")
    @Timed(value = "user.create", description = "Time needed to create a user in the metadata database")
    @Operation(summary = "Create user")
@@ -85,8 +85,11 @@ public class UserEndpoint {
                    content = {@Content(
                            mediaType = "application/json",
                            schema = @Schema(implementation = UserBriefDto.class))}),
+            @ApiResponse(responseCode = "400",
+                    description = "Parameters are not well-formed (likely email)",
+                    content = {@Content(mediaType = "application/json")}),
            @ApiResponse(responseCode = "404",
-                    description = "Realm or default role not found",
+                    description = "default role not found",
                    content = {@Content(
                            mediaType = "application/json",
                            schema = @Schema(implementation = ApiErrorDto.class))}),
@@ -102,8 +105,8 @@ public class UserEndpoint {
                            schema = @Schema(implementation = ApiErrorDto.class))}),
    })
    public ResponseEntity<UserBriefDto> create(@NotNull @Valid @RequestBody SignupRequestDto data)
-            throws RealmNotFoundException, UserAlreadyExistsException, UserEmailAlreadyExistsException,
+            throws UserAlreadyExistsException, UserEmailAlreadyExistsException, UserNotFoundException,
-            UserNotFoundException, KeycloakRemoteException, AccessDeniedException, BrokerVirtualHostCreationException {
+            KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        log.debug("endpoint create a user, data={}", data);
        /* check */
        userService.validateUsernameNotExists(data.getUsername());

--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java
@@ -40,17 +40,29 @@ public class ApiExceptionHandler extends ResponseEntityExceptionHandler {
    }
    @Hidden
-    @ResponseStatus(HttpStatus.LOCKED)
+    @ResponseStatus(HttpStatus.SERVICE_UNAVAILABLE)
    @ExceptionHandler(KeycloakRemoteException.class)
    public ResponseEntity<ApiErrorDto> handle(KeycloakRemoteException e, WebRequest request) {
        final ApiErrorDto response = ApiErrorDto.builder()
-                .status(HttpStatus.LOCKED)
+                .status(HttpStatus.SERVICE_UNAVAILABLE)
                .message(e.getLocalizedMessage())
                .code("error.metadata.keycloak")
                .build();
        return new ResponseEntity<>(response, new HttpHeaders(), response.getStatus());
    }
+    @Hidden
+    @ResponseStatus(HttpStatus.SERVICE_UNAVAILABLE)
+    @ExceptionHandler(BrokerRemoteException.class)
+    public ResponseEntity<ApiErrorDto> handle(BrokerRemoteException e, WebRequest request) {
+        final ApiErrorDto response = ApiErrorDto.builder()
+                .status(HttpStatus.SERVICE_UNAVAILABLE)
+                .message(e.getLocalizedMessage())
+                .code("error.metadata.broker")
+                .build();
+        return new ResponseEntity<>(response, new HttpHeaders(), response.getStatus());
+    }
    @Hidden
    @ResponseStatus(HttpStatus.CONFLICT)
    @ExceptionHandler(ContainerAlreadyExistsException.class)

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/DatabaseEndpointUnitTest.java
@@ -117,7 +117,7 @@ public class DatabaseEndpointUnitTest extends BaseUnitTest {
            DatabaseNameExistsException, NotAllowedException, ContainerConnectionException, DatabaseMalformedException,
            QueryStoreException, DatabaseConnectionException, QueryMalformedException, DatabaseNotFoundException,
            ImageNotSupportedException, AmqpException, BrokerVirtualHostCreationException, ContainerNotFoundException,
-            KeycloakRemoteException, AccessDeniedException {
+            KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        final DatabaseCreateDto request = DatabaseCreateDto.builder()
                .cid(CONTAINER_1_ID)
                .name(DATABASE_1_NAME)
@@ -399,7 +399,7 @@ public class DatabaseEndpointUnitTest extends BaseUnitTest {
    @WithMockUser(username = USER_2_USERNAME, authorities = {"delete-database"})
    public void delete_hasRole_succeeds() throws UserNotFoundException, BrokerVirtualHostGrantException,
            DatabaseConnectionException, QueryMalformedException, DatabaseNotFoundException, ImageNotSupportedException,
-            AmqpException, DatabaseMalformedException, KeycloakRemoteException, AccessDeniedException {
+            AmqpException, DatabaseMalformedException, KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        /* test */
        delete_generic(DATABASE_2_ID, DATABASE_2, USER_2_PRINCIPAL);
@@ -430,7 +430,7 @@ public class DatabaseEndpointUnitTest extends BaseUnitTest {
            NotAllowedException, ContainerConnectionException, DatabaseMalformedException, QueryStoreException,
            DatabaseConnectionException, QueryMalformedException, DatabaseNotFoundException, ImageNotSupportedException,
            AmqpException, BrokerVirtualHostCreationException, ContainerNotFoundException,
-            BrokerVirtualHostGrantException, KeycloakRemoteException, AccessDeniedException {
+            BrokerVirtualHostGrantException, KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        /* mock */
        doNothing()
@@ -499,7 +499,7 @@ public class DatabaseEndpointUnitTest extends BaseUnitTest {
    public void delete_generic(Long databaseId, Database database, Principal principal)
            throws DatabaseNotFoundException, UserNotFoundException, DatabaseConnectionException,
            QueryMalformedException, ImageNotSupportedException, AmqpException, DatabaseMalformedException,
-            BrokerVirtualHostGrantException, KeycloakRemoteException, AccessDeniedException {
+            BrokerVirtualHostGrantException, KeycloakRemoteException, AccessDeniedException, BrokerRemoteException {
        /* mock */
        if (database != null) {

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
@@ -67,7 +67,7 @@ public class UserEndpointUnitTest extends BaseUnitTest {
    @WithAnonymousUser
    public void create_anonymous_succeeds() throws UserNotFoundException, UserEmailAlreadyExistsException,
            RealmNotFoundException, UserAlreadyExistsException, KeycloakRemoteException,
-            at.tuwien.exception.AccessDeniedException, BrokerVirtualHostCreationException {
+            at.tuwien.exception.AccessDeniedException, BrokerRemoteException {
        final SignupRequestDto request = SignupRequestDto.builder()
                .email(USER_1_EMAIL)
                .username(USER_1_USERNAME)
@@ -304,7 +304,7 @@ public class UserEndpointUnitTest extends BaseUnitTest {
    protected void create_generic(SignupRequestDto data, User user) throws UserEmailAlreadyExistsException,
            RealmNotFoundException, UserAlreadyExistsException, UserNotFoundException, KeycloakRemoteException,
-            AccessDeniedException, BrokerVirtualHostCreationException {
+            AccessDeniedException, BrokerRemoteException {
        /* mock */
        when(userService.create(data))

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/BrokerServiceGatewayTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/BrokerServiceGatewayTest.java
@@ -3,6 +3,7 @@ package at.tuwien.gateway;
 import at.tuwien.BaseUnitTest;
 import at.tuwien.annotations.MockAmqp;
 import at.tuwien.annotations.MockOpensearch;
+import at.tuwien.exception.BrokerRemoteException;
 import at.tuwien.exception.BrokerVirtualHostCreationException;
 import at.tuwien.exception.BrokerVirtualHostGrantException;
 import lombok.extern.log4j.Log4j2;
@@ -37,7 +38,7 @@ public class BrokerServiceGatewayTest extends BaseUnitTest {
    private BrokerServiceGateway brokerServiceGateway;
    @Test
-    public void createVirtualHost_succeeds() throws BrokerVirtualHostCreationException {
+    public void createVirtualHost_succeeds() throws BrokerVirtualHostCreationException, BrokerRemoteException {
        final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.CREATED)
                .build();
@@ -65,7 +66,7 @@ public class BrokerServiceGatewayTest extends BaseUnitTest {
    }
    @Test
-    public void grantPermission_exchangeNoRightsBefore_succeeds() throws BrokerVirtualHostGrantException {
+    public void grantPermission_exchangeNoRightsBefore_succeeds() throws BrokerVirtualHostGrantException, BrokerRemoteException {
        final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.CREATED)
                .build();
@@ -78,7 +79,7 @@ public class BrokerServiceGatewayTest extends BaseUnitTest {
    }
    @Test
-    public void grantPermission_exchangeRightsSame_succeeds() throws BrokerVirtualHostGrantException {
+    public void grantPermission_exchangeRightsSame_succeeds() throws BrokerVirtualHostGrantException, BrokerRemoteException {
        final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.NO_CONTENT)
                .build();
@@ -106,7 +107,7 @@ public class BrokerServiceGatewayTest extends BaseUnitTest {
    }
    @Test
-    public void grantPermission_virtualHostNoRightsBefore_succeeds() throws BrokerVirtualHostGrantException {
+    public void grantPermission_virtualHostNoRightsBefore_succeeds() throws BrokerRemoteException {
        final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.CREATED)
                .build();
@@ -119,7 +120,7 @@ public class BrokerServiceGatewayTest extends BaseUnitTest {
    }
    @Test
-    public void grantPermission_virtualHostRightsSame_succeeds() throws BrokerVirtualHostGrantException {
+    public void grantPermission_virtualHostRightsSame_succeeds() throws BrokerRemoteException {
        final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.NO_CONTENT)
                .build();
@@ -147,7 +148,7 @@ public class BrokerServiceGatewayTest extends BaseUnitTest {
    }
    @Test
-    public void createUser_succeeds() throws BrokerVirtualHostCreationException {
+    public void createUser_succeeds() throws BrokerRemoteException {
        final ResponseEntity<Void> mock = ResponseEntity.status(HttpStatus.NO_CONTENT)
                .build();

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/SwaggerComponentTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/SwaggerComponentTest.java
-package at.tuwien.endpoints;
+package at.tuwien.mvc;
 import at.tuwien.BaseUnitTest;
 import at.tuwien.annotations.MockAmqp;
 import at.tuwien.annotations.MockOpensearch;
-import at.tuwien.repository.sdb.DatabaseIdxRepository;
 import lombok.extern.log4j.Log4j2;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.web.servlet.MockMvc;
@@ -24,7 +22,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @MockAmqp
 @MockOpensearch
-public class SwaggerComponentTest extends BaseUnitTest {
+public class SwaggerEndpointMvcTest extends BaseUnitTest {
    @Autowired
    private MockMvc mockMvc;

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/UserEndpointMvcTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/UserEndpointMvcTest.java
+package at.tuwien.mvc;
+import at.tuwien.BaseUnitTest;
+import at.tuwien.annotations.MockAmqp;
+import at.tuwien.annotations.MockOpensearch;
+import at.tuwien.api.auth.CreateUserDto;
+import at.tuwien.api.auth.SignupRequestDto;
+import at.tuwien.api.keycloak.UserCreateDto;
+import at.tuwien.exception.BrokerRemoteException;
+import at.tuwien.exception.KeycloakRemoteException;
+import at.tuwien.gateway.BrokerServiceGateway;
+import at.tuwien.gateway.KeycloakGateway;
+import at.tuwien.gateway.impl.KeycloakGatewayImpl;
+import lombok.extern.log4j.Log4j2;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import static at.tuwien.test.utils.ObjectUtil.asJsonString;
+import static org.mockito.Mockito.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+@Log4j2
+@ExtendWith(SpringExtension.class)
+@AutoConfigureMockMvc
+@SpringBootTest
+@MockAmqp
+@MockOpensearch
+public class UserEndpointMvcTest extends BaseUnitTest {
+    @MockBean
+    private BrokerServiceGateway brokerServiceGateway;
+    @MockBean
+    private KeycloakGatewayImpl keycloakGateway;
+    @Autowired
+    private MockMvc mockMvc;
+    @Test
+    public void createUser_malformed_fails() throws Exception {
+        final SignupRequestDto request = SignupRequestDto.builder()
+                .username(USER_1_USERNAME)
+                .password(USER_1_PASSWORD)
+                .email("invalid_email")
+                .build();
+        /* mock */
+        doNothing()
+                .when(brokerServiceGateway)
+                .createUser(USER_1_USERNAME);
+        /* test */
+        this.mockMvc.perform(post("/api/user")
+                        .content(asJsonString(request))
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .accept(MediaType.APPLICATION_JSON))
+                .andDo(print())
+                .andExpect(status().is(400));
+    }
+    @Test
+    public void createUser_keycloakOffline_503_fails() throws Exception {
+        /* mock */
+        doThrow(KeycloakRemoteException.class)
+                .when(keycloakGateway)
+                .createUser(any(UserCreateDto.class));
+        /* test */
+        this.mockMvc.perform(post("/api/user")
+                        .content(asJsonString(USER_1_SIGNUP_REQUEST_DTO))
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .accept(MediaType.APPLICATION_JSON))
+                .andDo(print())
+                .andExpect(status().is(503));
+    }
+    @Test
+    public void createUser_brokerOffline_503_fails() throws Exception {
+        /* mock */
+        doNothing()
+                .when(keycloakGateway)
+                .createUser(any(UserCreateDto.class));
+        when(keycloakGateway.findByUsername(USER_1_USERNAME))
+                .thenReturn(USER_1_KEYCLOAK_DTO);
+        doThrow(BrokerRemoteException.class)
+                .when(brokerServiceGateway)
+                .createUser(USER_1_USERNAME);
+        /* test */
+        this.mockMvc.perform(post("/api/user")
+                        .content(asJsonString(USER_1_SIGNUP_REQUEST_DTO))
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .accept(MediaType.APPLICATION_JSON))
+                .andDo(print())
+                .andExpect(status().is(503));
+    }
+}
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceIntegrationTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceIntegrationTest.java
@@ -6,10 +6,12 @@ import at.tuwien.annotations.MockOpensearch;
 import at.tuwien.api.database.*;
 import at.tuwien.config.MariaDbConfig;
 import at.tuwien.config.MariaDbContainerConfig;
+import at.tuwien.config.QueryConfig;
 import at.tuwien.entities.database.Database;
 import at.tuwien.entities.user.User;
 import at.tuwien.exception.*;
 import at.tuwien.gateway.KeycloakGateway;
+import at.tuwien.mapper.DatabaseMapper;
 import at.tuwien.repository.mdb.*;
 import at.tuwien.repository.sdb.DatabaseIdxRepository;
 import at.tuwien.service.impl.MariaDbServiceImpl;
@@ -17,6 +19,7 @@ import lombok.extern.log4j.Log4j2;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
@@ -26,13 +29,14 @@ import org.testcontainers.containers.MariaDBContainer;
 import org.testcontainers.junit.jupiter.Container;
 import org.testcontainers.junit.jupiter.Testcontainers;
+import java.sql.Connection;
 import java.sql.SQLException;
 import java.sql.SQLInvalidAuthorizationSpecException;
 import java.util.List;
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
 @Log4j2
 @Testcontainers
@@ -46,6 +50,9 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
    @MockBean
    private DatabaseIdxRepository databaseIdxRepository;
+    @MockBean
+    private QueryConfig queryConfig;
    @Autowired
    private UserRepository userRepository;
@@ -109,6 +116,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
                .thenReturn(DATABASE_1_DTO);
        when(databaseIdxRepository.save(any(DatabaseDto.class)))
                .thenReturn(DATABASE_1_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_create(DATABASE_1_CREATE, DATABASE_1);
@@ -123,6 +132,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
                .thenReturn(DATABASE_1_DTO);
        when(databaseIdxRepository.save(any(DatabaseDto.class)))
                .thenReturn(DATABASE_1_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_create(DATABASE_1_CREATE, DATABASE_1);
@@ -139,6 +150,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
        when(databaseIdxRepository.save(any(DatabaseDto.class)))
                .thenReturn(DATABASE_2_DTO)
                .thenReturn(DATABASE_3_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_create(DATABASE_2_CREATE, DATABASE_2);
@@ -155,6 +168,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
        when(databaseIdxRepository.save(any(DatabaseDto.class)))
                .thenReturn(DATABASE_3_DTO)
                .thenReturn(DATABASE_2_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_create(DATABASE_3_CREATE, DATABASE_3);
@@ -169,6 +184,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
        databaseRepository.deleteAll();
        when(databaseIdxRepository.save(any(DatabaseDto.class)))
                .thenReturn(DATABASE_1_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        final Database database = generic_create(DATABASE_1_CREATE, DATABASE_1);
@@ -176,6 +193,24 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
        MariaDbConfig.getPrivileges(mariaDBContainer.getHost(), mariaDBContainer.getMappedPort(3306), database.getInternalName(), USER_1_USERNAME, USER_1_PASSWORD);
    }
+    @Test
+    public void create_existsRollbackSucceeds_fails() throws Exception {
+        /* mock */
+        MariaDbConfig.dropDatabase(CONTAINER_1, DATABASE_1_INTERNALNAME);
+        databaseRepository.deleteAll();
+        when(databaseIdxRepository.save(any(DatabaseDto.class)))
+                .thenReturn(DATABASE_1_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenReturn("" /* (1) */, "ALL"/* (2) */);
+        /* test */
+        assertThrows(DatabaseMalformedException.class, () -> {
+            databaseService.create(DATABASE_1_CREATE, USER_1_PRINCIPAL); // (1)
+        });
+        generic_create(DATABASE_1_CREATE, DATABASE_1); // (2)
+    }
    @Test
    public void updatePassword_canLogin_succeeds() throws Exception {
@@ -184,6 +219,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
        databaseAccessRepository.save(DATABASE_1_USER_3_READ_ACCESS);
        when(databaseIdxRepository.save(any(DatabaseDto.class)))
                .thenReturn(DATABASE_1_DTO);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        assertThrows(SQLInvalidAuthorizationSpecException.class, () -> {
@@ -200,6 +237,10 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
    @Test
    public void create_queryStore_succeeds() throws Exception {
+        /* mock */
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_insert(QUERY_4_STATEMENT, 1L);
    }
@@ -207,6 +248,10 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
    @Test
    public void create_queryStoreSameQueryHash_succeeds() throws Exception {
+        /* mock */
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_insert(QUERY_4_STATEMENT, 1L);
        generic_insert(QUERY_5_STATEMENT, 2L);
@@ -216,6 +261,10 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
    @Test
    public void create_systemProcedure_succeeds() throws Exception {
+        /* mock */
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_system_insert(CONTAINER_1_PRIVILEGED_USERNAME, CONTAINER_1_PRIVILEGED_PASSWORD);
    }
@@ -223,6 +272,10 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
    @Test
    public void create_systemProcedure_fails() {
+        /* mock */
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        assertThrows(SQLException.class, () -> {
            generic_system_insert("junit1", "junit1");
@@ -232,6 +285,10 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
    @Test
    public void create_userProcedureRoot_succeeds() throws SQLException, QueryMalformedException {
+        /* mock */
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_user_insert(CONTAINER_1_PRIVILEGED_USERNAME, CONTAINER_1_PRIVILEGED_PASSWORD);
    }
@@ -244,6 +301,8 @@ public class DatabaseServiceIntegrationTest extends BaseUnitTest {
        MariaDbConfig.createInitDatabase(CONTAINER_1, DATABASE_3);
        mariaDbConfig.grantUserPermissions(CONTAINER_1, DATABASE_3, "junit1");
        databaseAccessRepository.save(DATABASE_3_USER_1_WRITE_ALL_ACCESS);
+        when(queryConfig.getGrantPrivileges())
+                .thenCallRealMethod();
        /* test */
        generic_user_insert("junit1", "junit1");

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/DatabaseServiceUnitTest.java
@@ -100,7 +100,7 @@ public class DatabaseServiceUnitTest extends BaseUnitTest {
    }
    @Test
-    public void create_notFound_fails() throws UserNotFoundException, KeycloakRemoteException, AccessDeniedException {
+    public void create_notFound_fails() throws UserNotFoundException {
        final DatabaseCreateDto request = DatabaseCreateDto.builder()
                .cid(CONTAINER_1_ID)
                .name(DATABASE_1_NAME)

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/MessageQueueServiceIntegrationTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/MessageQueueServiceIntegrationTest.java
@@ -4,6 +4,7 @@ import at.tuwien.BaseUnitTest;
 import at.tuwien.annotations.MockOpensearch;
 import at.tuwien.api.amqp.PermissionDto;
 import at.tuwien.exception.AmqpException;
+import at.tuwien.exception.BrokerRemoteException;
 import at.tuwien.exception.BrokerVirtualHostCreationException;
 import at.tuwien.exception.BrokerVirtualHostGrantException;
 import at.tuwien.repository.mdb.DatabaseRepository;
@@ -85,14 +86,14 @@ public class MessageQueueServiceIntegrationTest extends BaseUnitTest {
    }
    @Test
-    public void createUser_succeeds() throws BrokerVirtualHostCreationException {
+    public void createUser_succeeds() throws BrokerRemoteException {
        /* test */
        messageQueueService.createUser(USER_1_USERNAME);
    }
    @Test
-    public void updatePermissions_empty_succeeds() throws BrokerVirtualHostGrantException {
+    public void updatePermissions_empty_succeeds() throws BrokerRemoteException {
        /* test */
        final PermissionDto permissions = updatePermissions_generic();
@@ -104,7 +105,7 @@ public class MessageQueueServiceIntegrationTest extends BaseUnitTest {
    }
    @Test
-    public void updatePermissions_owner_succeeds() throws BrokerVirtualHostGrantException {
+    public void updatePermissions_owner_succeeds() throws BrokerRemoteException {
        /* mock */
        when(databaseRepository.findConfigureAccess(USER_1_ID))
@@ -124,7 +125,7 @@ public class MessageQueueServiceIntegrationTest extends BaseUnitTest {
    }
    @Test
-    public void updatePermissions_ownerNoAccess_succeeds() throws BrokerVirtualHostGrantException {
+    public void updatePermissions_ownerNoAccess_succeeds() throws BrokerRemoteException {
        /* mock */
        when(databaseRepository.findConfigureAccess(USER_1_ID))
@@ -163,7 +164,7 @@ public class MessageQueueServiceIntegrationTest extends BaseUnitTest {
    /* ## GENERIC TEST CASES                                                                            ## */
    /* ################################################################################################### */
-    protected PermissionDto updatePermissions_generic() throws BrokerVirtualHostGrantException {
+    protected PermissionDto updatePermissions_generic() throws BrokerRemoteException {
        /* mock */
        amqpUtils.createUser(USER_1_USERNAME, USER_1_RABBITMQ_CREATE_DTO);

--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/QueueServiceIntegrationTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/QueueServiceIntegrationTest.java
@@ -10,6 +10,7 @@ import at.tuwien.config.MariaDbConfig;
 import at.tuwien.config.MariaDbContainerConfig;
 import at.tuwien.config.RabbitMqConfig;
 import at.tuwien.exception.AmqpException;
+import at.tuwien.exception.BrokerRemoteException;
 import at.tuwien.gateway.BrokerServiceGateway;
 import at.tuwien.listener.impl.RabbitMqListenerImpl;
 import at.tuwien.repository.mdb.DatabaseRepository;
@@ -208,7 +209,7 @@ public class QueueServiceIntegrationTest extends BaseUnitTest {
    @Test
    @Disabled("Not testable")
-    public void restore_succeeds() throws AmqpException, IOException {
+    public void restore_succeeds() throws AmqpException, IOException, BrokerRemoteException {
        /* mock */
        when(tableRepository.findAll())

--- a/dbrepo-metadata-service/rest-service/src/test/resources/application.properties
+++ b/dbrepo-metadata-service/rest-service/src/test/resources/application.properties
@@ -16,7 +16,7 @@ spring.jpa.hibernate.ddl-auto=create
 # logging
 logging.level.root=error
-logging.level.at.tuwien.=debug
+logging.level.at.tuwien.=${LOG_LEVEL:-debug}
 # rabbitmq
 fda.broker.endpoint=http://localhost:15672