Added pgadmin from @leeevans commits and updated the content page to …

…show it

Also borrowed some WebAPI DB security improvements from @leeevans

.env

@@ -120,6 +120,7 @@ SECURITY_DB_DATASOURCE_URL="jdbc:postgresql://broadsea-atlasdb:5432/postgres"
 SECURITY_DB_DATASOURCE_DRIVERCLASSNAME="org.postgresql.Driver"
 SECURITY_DB_DATASOURCE_USERNAME="postgres"
 SECURITY_DB_DATASOURCE_PASSWORD_FILE="./secrets/webapi/SECURITY_DB_DATASOURCE_PASSWORD"
+SECURITY_DB_DATASOURCE_AUTHENTICATIONQUERY="select password from webapi_security.security where lower(email) = lower(?)"
 
 # LDAP
 SECURITY_AUTH_LDAP_ENABLED="false"
@@ -301,6 +302,7 @@ CONTENT_ARES_DISPLAY="show"
 CONTENT_ATLAS_DISPLAY="show"
 CONTENT_HADES_DISPLAY="show"
 CONTENT_OPENSHINYSERVER_DISPLAY="show"
+CONTENT_PGADMIN4_DISPLAY="show"
 CONTENT_POSITCONNECT_DISPLAY="none" # requires commercial license, see Section 15
 CONTENT_PERSEUS_DISPLAY="none"
 
@@ -413,4 +415,15 @@ DQD_CONCEPT_CHECK_THRESHOLD_LOC="default"
 
 # Specific AresIndexer Config Items
 
-ARES_RUN_NETWORK="FALSE" # should the full Ares network analysis be run?
+ARES_RUN_NETWORK="FALSE" # should the full Ares network analysis be run?
+
+
+############################################################################################################################################################
+# Section 18:
+# pgAdmin4 config
+############################################################################################################################################################
+
+# default admin user login userid and password
+
+PGADMIN_ADMIN_USER="user@domain.com"
+PGADMIN_DEFAULT_PASSWORD_FILE="./secrets/pgadmin4/PGADMIN_DEFAULT_PASSWORD"

README.md

@@ -174,6 +174,7 @@ We also offer profiles for Perseus and other useful services, but please note, *
 | perseus-white-rabbit    | <ul><li>Deploys the White Rabbit instance for Perseus</li></ul> |
 | open-shiny-server    | <ul><li>An open source version of Shiny Server, where you can drop shiny apps into a mounted folder.</li><li>Recommended if your organization does not have a Posit Connect license.</li></ul> |
 | posit-connect        | <ul><li>For sites with commercial Posit Connect licenses
+| pgadmin4                | <ul><li>Deploys the pgAdmin4 web application with a single admin user.</li></ul>
 | jupyter-notebook        | <ul><li>Deploys a simple Jupyter Data Science Notebook with no authentication.</li></ul>
 
 ### Traefik Dashboard
@@ -270,10 +271,14 @@ To mount files prepared for Ares (see [CDM Post Processing](#cdm-post-processing
 
 DBT provides a command-line tool for ETL design. See Section 16 for configuring DBT.
 
-#### Perseus (Experimental Only)
+#### Perseus (Experimental)
 
 Perseus offers a full suite of services for data profiling, vocabulary mapping, ETL design, and ETL execution. See Section 16 for configuring Perseus.
 
+#### pgAdmin4 (Experimental) 
+
+New to Broadsea, there's now a profile for deploying the pgAdmin4 web application for database management of Postgres. See Section 18 for setting up the initial default admin username and the password secret file.
+
 ### CDM Post Processing
 
 Once you have a CDM database available, it is important to run summary level statistics and data quality analyses prior to publishing the source to users. Broadsea provides services for running Achilles, DataQualityDashboard, and AresIndexer. See Section 17 for setting up the CDM connection details and the various application settings needed.
@@ -284,7 +289,7 @@ Once you have a CDM database available, it is important to run summary level sta
 
 The credentials for the RStudio user can be established in Section 8 of the .env file (with a password stored in a secrets file).
 
-#### Sharing/Saving files between RStudio and Docker host machine
+##### Sharing/Saving files between RStudio and Docker host machine
 
 To permanently retain the "rstudio" user files in the "rstudio" user home directory, and make local R packages available to RStudio in the Broadsea Methods container the following steps are required:
 
@@ -302,6 +307,10 @@ Any files added to the home/rstudio or site-library sub-directories on the Docke
 
 The Broadsea Methods container RStudio /usr/lib/R/site-library originally contains the "littler" and "rgl" R packages. Volume mapping masks the original files in the directory so you will need to add those 2 packages to your Docker host site-library sub-directory if you need them.
 
+#### Jupyter Data Science Notebook (Experimental)
+
+New to Broadsea, there's now a profile for launching a simple, single user instance of Jupyter Data Science Notebook.
+
 ### Evidence Dissemination
 
 #### Open Shiny Server

compose/ohdsi-webapi.yml

@@ -71,8 +71,8 @@ services:
       SECURITY_DB_DATASOURCE_URL: ${SECURITY_DB_DATASOURCE_URL}
       SECURITY_DB_DATASOURCE_DRIVERCLASSNAME: ${SECURITY_DB_DATASOURCE_DRIVERCLASSNAME}
       SECURITY_DB_DATASOURCE_USERNAME: ${SECURITY_DB_DATASOURCE_USERNAME}
-      SECURITY_DB_DATASOURCE_AUTHENTICATIONQUERY: 'select password from "${SECURITY_DB_DATASOURCE_SCHEMA}"."${SECURITY_DB_DATASOURCE_TABLE}" where lower(email) = lower(?);'
-
+      SECURITY_DB_DATASOURCE_AUTHENTICATIONQUERY: ${SECURITY_DB_DATASOURCE_AUTHENTICATIONQUERY}
+      
       # Security env variables - LDAP
 
       SECURITY_LDAP_DN: ${SECURITY_LDAP_DN}

content/apps.csv

@@ -2,10 +2,7 @@ APP_ID,APP_NAME,ENV_VAR,LOGO_FILE,TEXT,APP_URL
 atlas,Atlas,CONTENT_ATLAS_DISPLAY,atlas.png,"ATLAS is an open source software tool for researchers to conduct scientific analyses on standardized observational data converted to the OMOP Common Data Model V5. Researchers can create cohorts by defining groups of people based on an exposure to a drug or diagnosis of a particular condition using healthcare claims data. ATLAS has vocabulary searching of medical concepts to identify people with specific conditions, drug exposures etc. Patient profiles can be viewed within a specific cohort allowing visualization of a particular subject's health care records. Population effect level estimation analyses allows for comparison of two different cohorts and leverages R packages.","../atlas"
 ares,Ares,CONTENT_ARES_DISPLAY,ares.png,"ARES is a web-based reporting tool designed to offer integrated characterization and data quality assessment for observational health data sources adhering to the OMOP Common Data Model. It provides access to analyses for a network of observational health data sources, as well as detailed data source and historical analyses, enabling informed decision-making based on reliable data. With its user-friendly interface and powerful reporting capabilities, ARES is an ideal platform for healthcare professionals and researchers seeking deeper insights into their data.","../ares"
 hades,HADES,CONTENT_HADES_DISPLAY,hades.png,"HADES (formally known as the OHDSI Methods Library) is a set of open source R packages for large scale analytics, including population characterization, population-level causal effect estimation, and patient-level prediction. The packages offer R functions that together can be used to perform an observation study from data to estimates and supporting statistics, figures, and tables.","../hades"
+pgadmin4,pgAdmin4,CONTENT_PGADMIN4_DISPLAY,pgadmin4.png,"pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.","../pgadmin4"
 perseus,Perseus,CONTENT_PERSEUS_DISPLAY,perseus.png,"(EXPERIMENTAL) Perseus combines intuitive and easy to use Web-based UI for design and implement ETL (extract, transform, and load) configuration and service for conversion the native/raw data to the OMOP Common Data Model (CDM). Additionally, Perseus has embedded tools for search in the standardized vocabularies, generates documentation for the ETL process, create the code mappings and data quality check.","../perseus"
 posit_connect,Posit Connect,CONTENT_POSITCONNECT_DISPLAY,posit-connect-logo.png,"Get insights off your desktop and into the hands of stakeholders and collaborators. Deploy your R & Python content easily and securely, including applications (Shiny, Streamlit, Dash), reports, dashboards, and APIs. Then give people the right level of access they need with flexible and customizable content permissions.","../connect"
 open_shiny_server,Open Shiny Server,CONTENT_OPENSHINYSERVER_DISPLAY,shiny_logo.png,"Shiny Server is an open source back end program that makes a big difference. It builds a web server specifically designed to host Shiny apps. With Shiny Server you can host your apps in a controlled environment, like inside your organization, so your Shiny app (and whatever data it needs) will never leave your control. You can also use Shiny Server to make your apps available across the Internet when you choose.","../shiny/apps/"
-
-
-
-

docker-compose.yml

@@ -21,6 +21,8 @@ volumes:
     name: perseus-solr
   jupyter-notebook:
     name: jupyter-notebook
+  pgadmin-data:
+    name: pgadmin-data
 
 services:
 
@@ -615,6 +617,25 @@ services:
       - "traefik.enable=true"
 
 
+  broadsea-pgadmin4:
+    profiles: [ "pgadmin4" ]
+    user: "5050:5050"
+    image: dpage/pgadmin4:8.5
+    platform: ${DOCKER_ARCH}
+    secrets:
+      - PGADMIN_DEFAULT_PASSWORD
+    restart: unless-stopped
+    container_name: broadsea-pgadmin4
+    environment:
+      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_ADMIN_USER}
+      PGADMIN_DEFAULT_PASSWORD_FILE: /run/secrets/PGADMIN_DEFAULT_PASSWORD
+      SCRIPT_NAME: /pgadmin4
+    volumes:
+      - pgadmin-data:/var/lib/pgadmin
+    labels:
+      - "traefik.enable=true"
+
+
 secrets:
   GITHUB_PAT:
     file: ${GITHUB_PAT_SECRET_FILE}
@@ -654,7 +675,8 @@ secrets:
     file: ${CDM_CONNECTIONDETAILS_PASSWORD_FILE}
   WEBAPI_CDM_SNOWFLAKE_PRIVATE_KEY:
     file: ${WEBAPI_CDM_SNOWFLAKE_PRIVATE_KEY_FILE}
-
+  PGADMIN_DEFAULT_PASSWORD:
+    file: ${PGADMIN_DEFAULT_PASSWORD_FILE}
 
 
 

secrets/pgadmin4/PGADMIN_DEFAULT_PASSWORD

@@ -0,0 +1 @@
+secret

traefik/routers.yml

@@ -126,6 +126,13 @@ http:
       service: "broadsea-jupyter-notebook"
       rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/jupyter`)'
 
+
+    broadsea-pgadmin4:
+      entryPoints: '{{ env "HTTP_TYPE" }}'
+      service: "broadsea-pgadmin4"
+      rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/pgadmin4`)'
+
+
   middlewares:
 
     broadsea-backend-header:
@@ -252,8 +259,12 @@ http:
         servers:
           - url: http://perseus-athena:5002
 
-
     broadsea-jupyter-notebook:
       loadBalancer:
         servers:
-          - url: http://broadsea-jupyter-notebook:8888
+          - url: http://broadsea-jupyter-notebook:8888
+
+    broadsea-pgadmin4:
+      loadBalancer:
+        servers:
+          - url: http://broadsea-pgadmin4