Fix JKS secrets startup check (#550)

* Fix JKS secrets startup check

* Provide a method to check for config files in config manager / loader

* Use config manager to decide how to init the JKS secret service

* Init sequence for JKS secret service

Author: martin-traverse

tracdap-libs/tracdap-lib-common/src/main/java/org/finos/tracdap/common/config/ConfigManager.java

@@ -171,6 +171,26 @@ public URI resolveConfigFile(URI relativePath) {
     // -----------------------------------------------------------------------------------------------------------------
 
 
+    /**
+     * Check whether a config file with the given URL exists
+     *
+     * <p>Config URLs may be relative or absolute. Relative URLs are resolved relative to the
+     * root config directory, absolute URLs may either be a local file path or a full URL
+     * including a protocol. Absolute URLs can use a different protocol from the root config
+     * file, so long as a config loader is available that can handle that protocol and the required
+     * access has been set up.</p>
+     *
+     * @param configUrl URL of the config file to check for
+     * @return True if the file is available from the underlying config store, false otherwise
+     * @throws EStartup The requested config file could not be checked for any reason
+     */
+    public boolean hasConfig(String configUrl) {
+
+        var parsed = parseUrl(configUrl);
+        var resolved = resolveUrl(parsed);
+        return checkUrl(resolved);
+    }
+
     /**
      * Load a config file as an array of bytes
      *
@@ -469,6 +489,20 @@ private URI resolveRootUrl(URI url, Path workingDir) {
         }
     }
 
+    private boolean checkUrl(URI absoluteUrl) {
+
+        // Display relative URLs in the log if possible
+        var relativeUrl = rootConfigDir.relativize(absoluteUrl);
+
+        var message = String.format("Checking for config file: [%s]", relativeUrl);
+        StartupLog.log(this, Level.INFO, message);
+
+        var protocol = absoluteUrl.getScheme();
+        var loader = configLoaderForProtocol(protocol);
+
+        return loader.hasFile(absoluteUrl);
+    }
+
     private byte[] loadUrl(URI absoluteUrl) {
 
         // Display relative URLs in the log if possible

tracdap-libs/tracdap-lib-common/src/main/java/org/finos/tracdap/common/config/IConfigLoader.java

@@ -43,6 +43,14 @@
  */
 public interface IConfigLoader {
 
+    /**
+     * Check whether a given config file exists.
+     *
+     * @param configUrl The config file to check
+     * @return True if the file exists, false otherwise
+     */
+    boolean hasFile(URI configUrl);
+
     /**
      * Use the loader to load a text file.
      *

tracdap-libs/tracdap-lib-common/src/main/java/org/finos/tracdap/common/config/local/JksSecretService.java

@@ -26,8 +26,6 @@
 
 import java.io.IOException;
 import java.net.URI;
-import java.nio.file.Files;
-import java.nio.file.Path;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
@@ -47,17 +45,24 @@ public JksSecretService(Properties properties) {
     @Override
     public void init(ConfigManager configManager, boolean createIfMissing) {
 
-        if (Files.exists(Path.of(keystoreUrl)) || !createIfMissing) {
+        if (ready) {
+            StartupLog.log(this, Level.ERROR, "JKS secret service initialized twice");
+            throw new EStartup("JKS secret service initialized twice");
+        }
+
+        if (configManager.hasConfig(keystoreUrl) || !createIfMissing) {
 
             init(configManager);
             return;
         }
 
         try {
 
+            this.configManager = configManager;
+
             this.keystore.load(null, keystoreKey.toCharArray());
+            this.commit();
 
-            this.configManager = configManager;
             this.ready = true;
         }
         catch (IOException e) {

tracdap-libs/tracdap-lib-common/src/main/java/org/finos/tracdap/common/config/local/LocalConfigLoader.java

@@ -33,6 +33,12 @@
  */
 public class LocalConfigLoader implements IConfigLoader {
 
+    @Override
+    public boolean hasFile(URI configUrl) {
+
+        return Files.exists(Paths.get(configUrl));
+    }
+
     @Override
     public String loadTextFile(URI url) {
 

tracdap-libs/tracdap-lib-common/src/test/java/org/finos/tracdap/common/config/test/TestConfigLoader.java

@@ -35,6 +35,16 @@ public TestConfigLoader(Path tempDir) {
         this.tempDir = tempDir;
     }
 
+    @Override
+    public boolean hasFile(URI uri) {
+
+        // Match the logic of loadBinaryFile()
+        var relativePath = uri.getPath().substring(1);
+        var absolutePath = tempDir.resolve(relativePath);
+
+        return Files.exists(absolutePath);
+    }
+
     @Override
     public byte[] loadBinaryFile(URI uri) {