Inject Mongo credentials optionally based on a helm flag (#192)

Co-authored-by: Aaron Steinfeld <[email protected]>
hypertrace · Oct 13, 2023 · 0a6c5b9 · 0a6c5b9
1 parent f1c9f7b
commit 0a6c5b9
Show file tree

Hide file tree

Showing 14 changed files with 72 additions and 59 deletions.
diff --git a/attribute-projection-registry/gradle.lockfile b/attribute-projection-registry/gradle.lockfile
@@ -19,6 +19,6 @@ io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
 io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service-api/gradle.lockfile b/attribute-service-api/gradle.lockfile
@@ -18,6 +18,6 @@ io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
 io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=compileClasspath,runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service-client/gradle.lockfile b/attribute-service-client/gradle.lockfile
@@ -31,9 +31,9 @@ io.perfmark:perfmark-api:0.26.0=runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
 org.codehaus.mojo:animal-sniffer-annotations:1.23=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-client-utils:0.12.5=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-context-utils:0.12.5=runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 org.slf4j:slf4j-api:1.7.36=runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service-factory/gradle.lockfile b/attribute-service-factory/gradle.lockfile
@@ -67,25 +67,25 @@ org.apache.logging.log4j:log4j-core:2.19.0=runtimeClasspath
 org.apache.logging.log4j:log4j-slf4j-impl:2.19.0=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
 org.codehaus.mojo:animal-sniffer-annotations:1.23=runtimeClasspath
-org.eclipse.jetty:jetty-http:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-io:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-security:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-server:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-servlet:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-util-ajax:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-util:9.4.52.v20230823=runtimeClasspath
+org.eclipse.jetty:jetty-http:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-io:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-security:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-server:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.documentstore:document-store:0.7.37=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.documentstore:document-store:0.7.44=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-client-utils:0.12.5=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-context-utils:0.12.5=runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-server-utils:0.12.2=runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:docstore-metrics:0.1.60=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.60=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.60=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-service-framework:0.1.60=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:service-framework-spi:0.1.60=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:docstore-metrics:0.1.61=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.61=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.61=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-service-framework:0.1.61=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:service-framework-spi:0.1.61=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.mongodb:bson-record-codec:4.9.0=runtimeClasspath
 org.mongodb:bson:4.9.0=runtimeClasspath

diff --git a/attribute-service-impl/gradle.lockfile b/attribute-service-impl/gradle.lockfile
@@ -59,21 +59,21 @@ org.apache.logging.log4j:log4j-core:2.19.0=runtimeClasspath
 org.apache.logging.log4j:log4j-slf4j-impl:2.19.0=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
 org.codehaus.mojo:animal-sniffer-annotations:1.23=runtimeClasspath
-org.eclipse.jetty:jetty-http:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-io:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-security:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-server:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-servlet:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-util-ajax:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-util:9.4.52.v20230823=runtimeClasspath
+org.eclipse.jetty:jetty-http:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-io:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-security:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-server:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.documentstore:document-store:0.7.37=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.documentstore:document-store:0.7.44=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-context-utils:0.12.5=compileClasspath,runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:docstore-metrics:0.1.60=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.60=runtimeClasspath
-org.hypertrace.core.serviceframework:service-framework-spi:0.1.60=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:docstore-metrics:0.1.61=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.61=runtimeClasspath
+org.hypertrace.core.serviceframework:service-framework-spi:0.1.61=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.mongodb:bson-record-codec:4.9.0=runtimeClasspath
 org.mongodb:bson:4.9.0=runtimeClasspath

diff --git a/...ervice-impl/src/main/java/org/hypertrace/core/attribute/service/AttributeServiceImpl.java b/...ervice-impl/src/main/java/org/hypertrace/core/attribute/service/AttributeServiceImpl.java
@@ -118,6 +118,9 @@ private Datastore initDataStore(
             .usernameKey(dataStoreType + ".user")
             .passwordKey(dataStoreType + ".password")
             .applicationNameKey("appName")
+            .poolMaxConnectionsKey("maxPoolSize")
+            .poolConnectionAccessTimeoutKey("connectionAccessTimeout")
+            .poolConnectionSurrenderTimeoutKey("connectionIdleTime")
             .extract();
 
     final Datastore datastore = DatastoreProvider.getDatastore(datastoreConfig);

diff --git a/attribute-service-tenant-api/gradle.lockfile b/attribute-service-tenant-api/gradle.lockfile
@@ -3,6 +3,6 @@
 # This file is expected to be part of source control.
 com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
 io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service/gradle.lockfile b/attribute-service/gradle.lockfile
@@ -80,25 +80,25 @@ org.apache.logging.log4j:log4j-slf4j-impl:2.19.0=runtimeClasspath
 org.apache.logging.log4j:log4j-slf4j2-impl:2.20.0=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
 org.codehaus.mojo:animal-sniffer-annotations:1.23=runtimeClasspath
-org.eclipse.jetty:jetty-http:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-io:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-security:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-server:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-servlet:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-util-ajax:9.4.52.v20230823=runtimeClasspath
-org.eclipse.jetty:jetty-util:9.4.52.v20230823=runtimeClasspath
+org.eclipse.jetty:jetty-http:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-io:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-security:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-server:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
+org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.documentstore:document-store:0.7.37=runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.documentstore:document-store:0.7.44=runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-client-utils:0.12.5=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-context-utils:0.12.5=runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-server-utils:0.12.2=runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:docstore-metrics:0.1.60=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.60=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.60=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-service-framework:0.1.60=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:service-framework-spi:0.1.60=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:docstore-metrics:0.1.61=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.61=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.61=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-service-framework:0.1.61=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:service-framework-spi:0.1.61=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.mongodb:bson-record-codec:4.9.0=runtimeClasspath
 org.mongodb:bson:4.9.0=runtimeClasspath

diff --git a/attribute-service/src/main/resources/configs/common/application.conf b/attribute-service/src/main/resources/configs/common/application.conf
@@ -4,6 +4,7 @@ service.admin.port = 9013
 document.store {
   dataStoreType = mongo
   appName = attribute-service-local
+  maxPoolSize = 10
   mongo {
     database = default_db
     user = ${?MONGO_SERVICE_USERNAME}

diff --git a/caching-attribute-service-client/gradle.lockfile b/caching-attribute-service-client/gradle.lockfile
@@ -31,11 +31,11 @@ io.reactivex.rxjava3:rxjava:3.1.7=compileClasspath,runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
 org.codehaus.mojo:animal-sniffer-annotations:1.23=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.2.6=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.2.7=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-client-rx-utils:0.12.5=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-client-utils:0.12.5=compileClasspath,runtimeClasspath
 org.hypertrace.core.grpcutils:grpc-context-utils:0.12.5=compileClasspath,runtimeClasspath
-org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.8=compileClasspath,runtimeClasspath
+org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 org.projectlombok:lombok:1.18.28=annotationProcessor,compileClasspath
 org.reactivestreams:reactive-streams:1.0.4=compileClasspath,runtimeClasspath
 org.slf4j:slf4j-api:2.0.7=compileClasspath,runtimeClasspath

diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -79,6 +79,7 @@ spec:
               value: "/var/{{ .Chart.Name }}/log/log4j2.properties"
             - name: JAVA_OPTS
               value: {{ .Values.javaOpts | quote }}
+            {{- if .Values.database.mongoAuthEnabled }}
             {{- with .Values.configMap.mongo.credentials }}
             - name: MONGO_SERVICE_USERNAME
               valueFrom:
@@ -91,6 +92,7 @@ spec:
                   name: {{ .secretName }}
                   key: {{ .secretPasswordKey }}
             {{- end }}
+            {{- end }}
           volumeMounts:
             - name: service-config
               mountPath: /app/resources/configs/{{ .Chart.Name }}/application.conf

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -100,3 +100,6 @@ hpa:
   minReplicas: 1
   maxReplicas: 5
   targetCPUUtilizationPercentage: 80
+
+database:
+  mongoAuthEnabled: true
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -8,12 +8,16 @@
     <cpe>cpe:/a:grpc:grpc</cpe>
     <cpe>cpe:/a:utils_project:utils</cpe>
   </suppress>
-  <suppress until="2023-09-30Z">
+  <suppress until="2023-11-30Z">
     <notes><![CDATA[
-   Doesn't appear to be a real vulnerability, jackson maintainers discuss at https://github.com/FasterXML/jackson-databind/issues/3973
-   Revisit when suppression expires
+  This vulnerability is disputed, with the argument that SSL configuration is the responsibility of the client rather
+  than the transport. The change in default is under consideration for the next major Netty release, revisit then.
+  Regardless, our client (which is what brings in this dependency) enables the concerned feature, hostname verification
+  Ref:
+  https://github.com/grpc/grpc-java/issues/10033
+  https://github.com/netty/netty/issues/8537#issuecomment-1527896917
    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
-    <vulnerabilityName>CVE-2023-35116</vulnerabilityName>
+    <packageUrl regex="true">^pkg:maven/io\.netty/netty.*@.*$</packageUrl>
+    <vulnerabilityName>CVE-2023-4586</vulnerabilityName>
   </suppress>
 </suppressions> 
diff --git a/settings-gradle.lockfile b/settings-gradle.lockfile
@@ -1,5 +1,5 @@
 # This is a Gradle generated file for dependency locking.
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
-org.hypertrace.bom:hypertrace-version-catalog:0.2.6=incomingCatalogForCommonLibs0
+org.hypertrace.bom:hypertrace-version-catalog:0.2.7=incomingCatalogForCommonLibs0
 empty=