From 353a134bdedc87fb779f06229d23c1e6322f5a4a Mon Sep 17 00:00:00 2001 From: Aaron Steinfeld Date: Fri, 5 Apr 2024 11:04:10 -0400 Subject: [PATCH] chore: disable introspection by default --- hypertrace-core-graphql | 2 +- .../graphql/impl/GraphQlFactory.java | 10 +++-- .../graphql/impl/GraphQlModule.java | 15 ++++--- .../graphql/impl/GraphQlModuleTest.java | 3 ++ .../service/DefaultGraphQlEndpointConfig.java | 39 +++++++++++++++++++ .../service/DefaultGraphQlServiceConfig.java | 18 --------- .../service/GraphQlServiceFactory.java | 21 ++++++---- .../resources/configs/common/application.conf | 1 + 8 files changed, 74 insertions(+), 35 deletions(-) create mode 100644 hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlEndpointConfig.java diff --git a/hypertrace-core-graphql b/hypertrace-core-graphql index 8a357d63..861071c3 160000 --- a/hypertrace-core-graphql +++ b/hypertrace-core-graphql @@ -1 +1 @@ -Subproject commit 8a357d6366c790b9705334be064a83476d85bb04 +Subproject commit 861071c376f1cba87fe3dd98342e3113978fe06f diff --git a/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlFactory.java b/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlFactory.java index a640697b..c0c0aec2 100644 --- a/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlFactory.java +++ b/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlFactory.java @@ -5,21 +5,25 @@ import graphql.kickstart.servlet.GraphQLConfiguration; import graphql.schema.GraphQLSchema; import org.hypertrace.core.graphql.context.GraphQlRequestContextBuilder; +import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig; import org.hypertrace.core.graphql.spi.lifecycle.GraphQlServiceLifecycle; import org.hypertrace.core.grpcutils.client.GrpcChannelRegistry; import org.hypertrace.graphql.config.HypertraceGraphQlServiceConfig; public class GraphQlFactory { public static GraphQLConfiguration build( - HypertraceGraphQlServiceConfig config, + HypertraceGraphQlServiceConfig serviceConfig, + GraphQlEndpointConfig endpointConfig, GraphQlServiceLifecycle serviceLifecycle, GrpcChannelRegistry grpcChannelRegistry) { final Injector injector = - Guice.createInjector(new GraphQlModule(config, serviceLifecycle, grpcChannelRegistry)); + Guice.createInjector( + new GraphQlModule( + serviceConfig, endpointConfig, serviceLifecycle, grpcChannelRegistry)); return GraphQLConfiguration.with(injector.getInstance(GraphQLSchema.class)) .with(injector.getInstance(GraphQlRequestContextBuilder.class)) - .asyncTimeout(config.getGraphQlTimeout().toMillis()) + .asyncTimeout(endpointConfig.getTimeout().toMillis()) .build(); } } diff --git a/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlModule.java b/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlModule.java index 2d72e54e..d6f8b919 100644 --- a/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlModule.java +++ b/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlModule.java @@ -13,6 +13,7 @@ import org.hypertrace.core.graphql.rx.RxUtilModule; import org.hypertrace.core.graphql.schema.registry.GraphQlSchemaRegistryModule; import org.hypertrace.core.graphql.span.SpanSchemaModule; +import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig; import org.hypertrace.core.graphql.spi.config.GraphQlServiceConfig; import org.hypertrace.core.graphql.spi.lifecycle.GraphQlServiceLifecycle; import org.hypertrace.core.graphql.trace.TraceSchemaModule; @@ -35,24 +36,28 @@ class GraphQlModule extends AbstractModule { - private final HypertraceGraphQlServiceConfig config; + private final HypertraceGraphQlServiceConfig serviceConfig; + private final GraphQlEndpointConfig endpointConfig; private final GraphQlServiceLifecycle serviceLifecycle; private final GrpcChannelRegistry grpcChannelRegistry; public GraphQlModule( - final HypertraceGraphQlServiceConfig config, + final HypertraceGraphQlServiceConfig serviceConfig, + final GraphQlEndpointConfig endpointConfig, final GraphQlServiceLifecycle serviceLifecycle, final GrpcChannelRegistry grpcChannelRegistry) { - this.config = config; + this.serviceConfig = serviceConfig; + this.endpointConfig = endpointConfig; this.serviceLifecycle = serviceLifecycle; this.grpcChannelRegistry = grpcChannelRegistry; } @Override protected void configure() { - bind(GraphQlServiceConfig.class).toInstance(this.config); - bind(HypertraceGraphQlServiceConfig.class).toInstance(this.config); + bind(GraphQlServiceConfig.class).toInstance(this.serviceConfig); + bind(HypertraceGraphQlServiceConfig.class).toInstance(this.serviceConfig); + bind(GraphQlEndpointConfig.class).toInstance(this.endpointConfig); bind(GraphQlServiceLifecycle.class).toInstance(this.serviceLifecycle); bind(GrpcChannelRegistry.class).toInstance(this.grpcChannelRegistry); bind(Clock.class).toInstance(Clock.systemUTC()); diff --git a/hypertrace-graphql-impl/src/test/java/org/hypertrace/graphql/impl/GraphQlModuleTest.java b/hypertrace-graphql-impl/src/test/java/org/hypertrace/graphql/impl/GraphQlModuleTest.java index a6714759..360e5488 100644 --- a/hypertrace-graphql-impl/src/test/java/org/hypertrace/graphql/impl/GraphQlModuleTest.java +++ b/hypertrace-graphql-impl/src/test/java/org/hypertrace/graphql/impl/GraphQlModuleTest.java @@ -5,6 +5,7 @@ import com.google.inject.Guice; import graphql.schema.GraphQLSchema; +import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig; import org.hypertrace.core.graphql.spi.lifecycle.GraphQlServiceLifecycle; import org.hypertrace.core.grpcutils.client.GrpcChannelRegistry; import org.hypertrace.graphql.config.HypertraceGraphQlServiceConfig; @@ -19,6 +20,7 @@ public void testResolveBindings() { Guice.createInjector( new GraphQlModule( mock(HypertraceGraphQlServiceConfig.class), + mock(GraphQlEndpointConfig.class), mock(GraphQlServiceLifecycle.class), mock(GrpcChannelRegistry.class))) .getAllBindings()); @@ -31,6 +33,7 @@ public void testResolveSchema() { Guice.createInjector( new GraphQlModule( mock(HypertraceGraphQlServiceConfig.class), + mock(GraphQlEndpointConfig.class), mock(GraphQlServiceLifecycle.class), mock(GrpcChannelRegistry.class))) .getInstance(GraphQLSchema.class)); diff --git a/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlEndpointConfig.java b/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlEndpointConfig.java new file mode 100644 index 00000000..10cb6bc5 --- /dev/null +++ b/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlEndpointConfig.java @@ -0,0 +1,39 @@ +package org.hypertrace.graphql.service; + +import com.typesafe.config.Config; +import java.time.Duration; +import lombok.AccessLevel; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Value; +import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig; + +@Value +@AllArgsConstructor(access = AccessLevel.PRIVATE) +@Builder(access = AccessLevel.PRIVATE) +class DefaultGraphQlEndpointConfig implements GraphQlEndpointConfig { + private static final String URL_PATH_PROP_KEY = "graphql.urlPath"; + private static final String TIMEOUT_PROP_KEY = "graphql.timeout"; + private static final String MAX_IO_THREADS_PROP_KEY = "threads.io.max"; + private static final String MAX_REQUEST_THREADS_PROP_KEY = "threads.request.max"; + private static final String CORS_ENABLED_PROP_KEY = "graphql.corsEnabled"; + private static final String INTROSPECTION_ENABLED_PROP_KEY = "introspection.enabled"; + + String urlPath; + Duration timeout; + int maxRequestThreads; + int maxIoThreads; + boolean corsEnabled; + boolean introspectionAllowed; + + static GraphQlEndpointConfig fromConfig(Config config) { + return new DefaultGraphQlEndpointConfigBuilder() + .urlPath(config.getString(URL_PATH_PROP_KEY)) + .timeout(config.getDuration(TIMEOUT_PROP_KEY)) + .maxRequestThreads(config.getInt(MAX_REQUEST_THREADS_PROP_KEY)) + .maxIoThreads(config.getInt(MAX_IO_THREADS_PROP_KEY)) + .corsEnabled(config.getBoolean(CORS_ENABLED_PROP_KEY)) + .introspectionAllowed(config.getBoolean(INTROSPECTION_ENABLED_PROP_KEY)) + .build(); + } +} diff --git a/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlServiceConfig.java b/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlServiceConfig.java index 38a5fada..bd71a9c3 100644 --- a/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlServiceConfig.java +++ b/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlServiceConfig.java @@ -14,16 +14,8 @@ class DefaultGraphQlServiceConfig implements HypertraceGraphQlServiceConfig { private static final String SERVICE_NAME_CONFIG = "service.name"; private static final String SERVICE_PORT_CONFIG = "service.port"; - - private static final String GRAPHQL_URL_PATH = "graphql.urlPath"; - private static final String GRAPHQL_CORS_ENABLED = "graphql.corsEnabled"; - private static final String GRAPHQL_TIMEOUT = "graphql.timeout"; - private static final String DEFAULT_TENANT_ID = "defaultTenantId"; - private static final String MAX_IO_THREADS_PROPERTY = "threads.io.max"; - private static final String MAX_REQUEST_THREADS_PROPERTY = "threads.request.max"; - private static final String ATTRIBUTE_SERVICE_HOST_PROPERTY = "attribute.service.host"; private static final String ATTRIBUTE_SERVICE_PORT_PROPERTY = "attribute.service.port"; private static final String ATTRIBUTE_SERVICE_CLIENT_TIMEOUT = "attribute.service.timeout"; @@ -44,12 +36,7 @@ class DefaultGraphQlServiceConfig implements HypertraceGraphQlServiceConfig { String serviceName; int servicePort; - String graphQlUrlPath; - boolean corsEnabled; - Duration graphQlTimeout; Optional defaultTenantId; - int maxIoThreads; - int maxRequestThreads; String attributeServiceHost; int attributeServicePort; Duration attributeServiceTimeout; @@ -67,12 +54,7 @@ class DefaultGraphQlServiceConfig implements HypertraceGraphQlServiceConfig { DefaultGraphQlServiceConfig(Config untypedConfig) { this.serviceName = untypedConfig.getString(SERVICE_NAME_CONFIG); this.servicePort = untypedConfig.getInt(SERVICE_PORT_CONFIG); - this.graphQlUrlPath = untypedConfig.getString(GRAPHQL_URL_PATH); - this.corsEnabled = untypedConfig.getBoolean(GRAPHQL_CORS_ENABLED); - this.graphQlTimeout = untypedConfig.getDuration(GRAPHQL_TIMEOUT); this.defaultTenantId = optionallyGet(() -> untypedConfig.getString(DEFAULT_TENANT_ID)); - this.maxIoThreads = untypedConfig.getInt(MAX_IO_THREADS_PROPERTY); - this.maxRequestThreads = untypedConfig.getInt(MAX_REQUEST_THREADS_PROPERTY); this.attributeServiceHost = untypedConfig.getString(ATTRIBUTE_SERVICE_HOST_PROPERTY); this.attributeServicePort = untypedConfig.getInt(ATTRIBUTE_SERVICE_PORT_PROPERTY); diff --git a/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/GraphQlServiceFactory.java b/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/GraphQlServiceFactory.java index 0fccb867..494231a7 100644 --- a/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/GraphQlServiceFactory.java +++ b/hypertrace-graphql-service/src/main/java/org/hypertrace/graphql/service/GraphQlServiceFactory.java @@ -1,7 +1,8 @@ package org.hypertrace.graphql.service; +import com.typesafe.config.Config; import java.util.List; -import org.hypertrace.core.graphql.spi.config.GraphQlServiceConfig; +import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig; import org.hypertrace.core.serviceframework.http.HttpContainerEnvironment; import org.hypertrace.core.serviceframework.http.HttpHandlerDefinition; import org.hypertrace.core.serviceframework.http.HttpHandlerDefinition.CorsConfig; @@ -14,25 +15,29 @@ public class GraphQlServiceFactory implements HttpHandlerFactory { @Override public List buildHandlers(HttpContainerEnvironment environment) { - HypertraceGraphQlServiceConfig config = - new DefaultGraphQlServiceConfig(environment.getConfig(SERVICE_NAME)); + Config rawConfig = environment.getConfig(SERVICE_NAME); + HypertraceGraphQlServiceConfig serviceConfig = new DefaultGraphQlServiceConfig(rawConfig); + GraphQlEndpointConfig endpointConfig = DefaultGraphQlEndpointConfig.fromConfig(rawConfig); DefaultGraphQlServiceLifecycle serviceLifecycle = new DefaultGraphQlServiceLifecycle(); environment.getLifecycle().shutdownComplete().thenRun(serviceLifecycle::shutdown); return List.of( HttpHandlerDefinition.builder() .name("graphql") - .port(config.getServicePort()) - .contextPath(config.getGraphQlUrlPath()) - .corsConfig(buildCorsConfig(config)) + .port(serviceConfig.getServicePort()) + .contextPath(endpointConfig.getUrlPath()) + .corsConfig(buildCorsConfig(endpointConfig)) .servlet( new GraphQlServiceHttpServlet( GraphQlFactory.build( - config, serviceLifecycle, environment.getChannelRegistry()))) + serviceConfig, + endpointConfig, + serviceLifecycle, + environment.getChannelRegistry()))) .build()); } - private CorsConfig buildCorsConfig(GraphQlServiceConfig config) { + private CorsConfig buildCorsConfig(GraphQlEndpointConfig config) { if (!config.isCorsEnabled()) { return null; } diff --git a/hypertrace-graphql-service/src/main/resources/configs/common/application.conf b/hypertrace-graphql-service/src/main/resources/configs/common/application.conf index 8254ce35..27d194f5 100644 --- a/hypertrace-graphql-service/src/main/resources/configs/common/application.conf +++ b/hypertrace-graphql-service/src/main/resources/configs/common/application.conf @@ -6,6 +6,7 @@ service.admin.port = 23432 graphql.urlPath = /graphql graphql.corsEnabled = true graphql.timeout = 30s +introspection.enabled = false defaultTenantId = ${?DEFAULT_TENANT_ID}