chore: disable introspection by default (#222)

hypertrace · Apr 8, 2024 · c1967b6 · c1967b6
1 parent 675c429
commit c1967b6
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 35 deletions.
diff --git a/hypertrace-core-graphql b/hypertrace-core-graphql
diff --git a/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlFactory.java b/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlFactory.java
@@ -5,21 +5,25 @@
 import graphql.kickstart.servlet.GraphQLConfiguration;
 import graphql.schema.GraphQLSchema;
 import org.hypertrace.core.graphql.context.GraphQlRequestContextBuilder;
+import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig;
 import org.hypertrace.core.graphql.spi.lifecycle.GraphQlServiceLifecycle;
 import org.hypertrace.core.grpcutils.client.GrpcChannelRegistry;
 import org.hypertrace.graphql.config.HypertraceGraphQlServiceConfig;
 
 public class GraphQlFactory {
   public static GraphQLConfiguration build(
-      HypertraceGraphQlServiceConfig config,
+      HypertraceGraphQlServiceConfig serviceConfig,
+      GraphQlEndpointConfig endpointConfig,
       GraphQlServiceLifecycle serviceLifecycle,
       GrpcChannelRegistry grpcChannelRegistry) {
     final Injector injector =
-        Guice.createInjector(new GraphQlModule(config, serviceLifecycle, grpcChannelRegistry));
+        Guice.createInjector(
+            new GraphQlModule(
+                serviceConfig, endpointConfig, serviceLifecycle, grpcChannelRegistry));
 
     return GraphQLConfiguration.with(injector.getInstance(GraphQLSchema.class))
         .with(injector.getInstance(GraphQlRequestContextBuilder.class))
-        .asyncTimeout(config.getGraphQlTimeout().toMillis())
+        .asyncTimeout(endpointConfig.getTimeout().toMillis())
         .build();
   }
 }
diff --git a/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlModule.java b/hypertrace-graphql-impl/src/main/java/org/hypertrace/graphql/impl/GraphQlModule.java
@@ -13,6 +13,7 @@
 import org.hypertrace.core.graphql.rx.RxUtilModule;
 import org.hypertrace.core.graphql.schema.registry.GraphQlSchemaRegistryModule;
 import org.hypertrace.core.graphql.span.SpanSchemaModule;
+import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig;
 import org.hypertrace.core.graphql.spi.config.GraphQlServiceConfig;
 import org.hypertrace.core.graphql.spi.lifecycle.GraphQlServiceLifecycle;
 import org.hypertrace.core.graphql.trace.TraceSchemaModule;
@@ -35,24 +36,28 @@
 
 class GraphQlModule extends AbstractModule {
 
-  private final HypertraceGraphQlServiceConfig config;
+  private final HypertraceGraphQlServiceConfig serviceConfig;
+  private final GraphQlEndpointConfig endpointConfig;
   private final GraphQlServiceLifecycle serviceLifecycle;
 
   private final GrpcChannelRegistry grpcChannelRegistry;
 
   public GraphQlModule(
-      final HypertraceGraphQlServiceConfig config,
+      final HypertraceGraphQlServiceConfig serviceConfig,
+      final GraphQlEndpointConfig endpointConfig,
       final GraphQlServiceLifecycle serviceLifecycle,
       final GrpcChannelRegistry grpcChannelRegistry) {
-    this.config = config;
+    this.serviceConfig = serviceConfig;
+    this.endpointConfig = endpointConfig;
     this.serviceLifecycle = serviceLifecycle;
     this.grpcChannelRegistry = grpcChannelRegistry;
   }
 
   @Override
   protected void configure() {
-    bind(GraphQlServiceConfig.class).toInstance(this.config);
-    bind(HypertraceGraphQlServiceConfig.class).toInstance(this.config);
+    bind(GraphQlServiceConfig.class).toInstance(this.serviceConfig);
+    bind(HypertraceGraphQlServiceConfig.class).toInstance(this.serviceConfig);
+    bind(GraphQlEndpointConfig.class).toInstance(this.endpointConfig);
     bind(GraphQlServiceLifecycle.class).toInstance(this.serviceLifecycle);
     bind(GrpcChannelRegistry.class).toInstance(this.grpcChannelRegistry);
     bind(Clock.class).toInstance(Clock.systemUTC());

diff --git a/hypertrace-graphql-impl/src/test/java/org/hypertrace/graphql/impl/GraphQlModuleTest.java b/hypertrace-graphql-impl/src/test/java/org/hypertrace/graphql/impl/GraphQlModuleTest.java
@@ -5,6 +5,7 @@
 
 import com.google.inject.Guice;
 import graphql.schema.GraphQLSchema;
+import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig;
 import org.hypertrace.core.graphql.spi.lifecycle.GraphQlServiceLifecycle;
 import org.hypertrace.core.grpcutils.client.GrpcChannelRegistry;
 import org.hypertrace.graphql.config.HypertraceGraphQlServiceConfig;
@@ -19,6 +20,7 @@ public void testResolveBindings() {
             Guice.createInjector(
                     new GraphQlModule(
                         mock(HypertraceGraphQlServiceConfig.class),
+                        mock(GraphQlEndpointConfig.class),
                         mock(GraphQlServiceLifecycle.class),
                         mock(GrpcChannelRegistry.class)))
                 .getAllBindings());
@@ -31,6 +33,7 @@ public void testResolveSchema() {
             Guice.createInjector(
                     new GraphQlModule(
                         mock(HypertraceGraphQlServiceConfig.class),
+                        mock(GraphQlEndpointConfig.class),
                         mock(GraphQlServiceLifecycle.class),
                         mock(GrpcChannelRegistry.class)))
                 .getInstance(GraphQLSchema.class));

diff --git a/...ql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlEndpointConfig.java b/...ql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlEndpointConfig.java
@@ -0,0 +1,39 @@
+package org.hypertrace.graphql.service;
+
+import com.typesafe.config.Config;
+import java.time.Duration;
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Value;
+import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig;
+
+@Value
+@AllArgsConstructor(access = AccessLevel.PRIVATE)
+@Builder(access = AccessLevel.PRIVATE)
+class DefaultGraphQlEndpointConfig implements GraphQlEndpointConfig {
+  private static final String URL_PATH_PROP_KEY = "graphql.urlPath";
+  private static final String TIMEOUT_PROP_KEY = "graphql.timeout";
+  private static final String MAX_IO_THREADS_PROP_KEY = "threads.io.max";
+  private static final String MAX_REQUEST_THREADS_PROP_KEY = "threads.request.max";
+  private static final String CORS_ENABLED_PROP_KEY = "graphql.corsEnabled";
+  private static final String INTROSPECTION_ENABLED_PROP_KEY = "introspection.enabled";
+
+  String urlPath;
+  Duration timeout;
+  int maxRequestThreads;
+  int maxIoThreads;
+  boolean corsEnabled;
+  boolean introspectionAllowed;
+
+  static GraphQlEndpointConfig fromConfig(Config config) {
+    return new DefaultGraphQlEndpointConfigBuilder()
+        .urlPath(config.getString(URL_PATH_PROP_KEY))
+        .timeout(config.getDuration(TIMEOUT_PROP_KEY))
+        .maxRequestThreads(config.getInt(MAX_REQUEST_THREADS_PROP_KEY))
+        .maxIoThreads(config.getInt(MAX_IO_THREADS_PROP_KEY))
+        .corsEnabled(config.getBoolean(CORS_ENABLED_PROP_KEY))
+        .introspectionAllowed(config.getBoolean(INTROSPECTION_ENABLED_PROP_KEY))
+        .build();
+  }
+}
diff --git a/...hql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlServiceConfig.java b/...hql-service/src/main/java/org/hypertrace/graphql/service/DefaultGraphQlServiceConfig.java
@@ -14,16 +14,8 @@ class DefaultGraphQlServiceConfig implements HypertraceGraphQlServiceConfig {
 
   private static final String SERVICE_NAME_CONFIG = "service.name";
   private static final String SERVICE_PORT_CONFIG = "service.port";
-
-  private static final String GRAPHQL_URL_PATH = "graphql.urlPath";
-  private static final String GRAPHQL_CORS_ENABLED = "graphql.corsEnabled";
-  private static final String GRAPHQL_TIMEOUT = "graphql.timeout";
-
   private static final String DEFAULT_TENANT_ID = "defaultTenantId";
 
-  private static final String MAX_IO_THREADS_PROPERTY = "threads.io.max";
-  private static final String MAX_REQUEST_THREADS_PROPERTY = "threads.request.max";
-
   private static final String ATTRIBUTE_SERVICE_HOST_PROPERTY = "attribute.service.host";
   private static final String ATTRIBUTE_SERVICE_PORT_PROPERTY = "attribute.service.port";
   private static final String ATTRIBUTE_SERVICE_CLIENT_TIMEOUT = "attribute.service.timeout";
@@ -44,12 +36,7 @@ class DefaultGraphQlServiceConfig implements HypertraceGraphQlServiceConfig {
 
   String serviceName;
   int servicePort;
-  String graphQlUrlPath;
-  boolean corsEnabled;
-  Duration graphQlTimeout;
   Optional<String> defaultTenantId;
-  int maxIoThreads;
-  int maxRequestThreads;
   String attributeServiceHost;
   int attributeServicePort;
   Duration attributeServiceTimeout;
@@ -67,12 +54,7 @@ class DefaultGraphQlServiceConfig implements HypertraceGraphQlServiceConfig {
   DefaultGraphQlServiceConfig(Config untypedConfig) {
     this.serviceName = untypedConfig.getString(SERVICE_NAME_CONFIG);
     this.servicePort = untypedConfig.getInt(SERVICE_PORT_CONFIG);
-    this.graphQlUrlPath = untypedConfig.getString(GRAPHQL_URL_PATH);
-    this.corsEnabled = untypedConfig.getBoolean(GRAPHQL_CORS_ENABLED);
-    this.graphQlTimeout = untypedConfig.getDuration(GRAPHQL_TIMEOUT);
     this.defaultTenantId = optionallyGet(() -> untypedConfig.getString(DEFAULT_TENANT_ID));
-    this.maxIoThreads = untypedConfig.getInt(MAX_IO_THREADS_PROPERTY);
-    this.maxRequestThreads = untypedConfig.getInt(MAX_REQUEST_THREADS_PROPERTY);
 
     this.attributeServiceHost = untypedConfig.getString(ATTRIBUTE_SERVICE_HOST_PROPERTY);
     this.attributeServicePort = untypedConfig.getInt(ATTRIBUTE_SERVICE_PORT_PROPERTY);

diff --git a/...e-graphql-service/src/main/java/org/hypertrace/graphql/service/GraphQlServiceFactory.java b/...e-graphql-service/src/main/java/org/hypertrace/graphql/service/GraphQlServiceFactory.java
@@ -1,7 +1,8 @@
 package org.hypertrace.graphql.service;
 
+import com.typesafe.config.Config;
 import java.util.List;
-import org.hypertrace.core.graphql.spi.config.GraphQlServiceConfig;
+import org.hypertrace.core.graphql.spi.config.GraphQlEndpointConfig;
 import org.hypertrace.core.serviceframework.http.HttpContainerEnvironment;
 import org.hypertrace.core.serviceframework.http.HttpHandlerDefinition;
 import org.hypertrace.core.serviceframework.http.HttpHandlerDefinition.CorsConfig;
@@ -14,25 +15,29 @@ public class GraphQlServiceFactory implements HttpHandlerFactory {
 
   @Override
   public List<HttpHandlerDefinition> buildHandlers(HttpContainerEnvironment environment) {
-    HypertraceGraphQlServiceConfig config =
-        new DefaultGraphQlServiceConfig(environment.getConfig(SERVICE_NAME));
+    Config rawConfig = environment.getConfig(SERVICE_NAME);
+    HypertraceGraphQlServiceConfig serviceConfig = new DefaultGraphQlServiceConfig(rawConfig);
+    GraphQlEndpointConfig endpointConfig = DefaultGraphQlEndpointConfig.fromConfig(rawConfig);
     DefaultGraphQlServiceLifecycle serviceLifecycle = new DefaultGraphQlServiceLifecycle();
     environment.getLifecycle().shutdownComplete().thenRun(serviceLifecycle::shutdown);
 
     return List.of(
         HttpHandlerDefinition.builder()
             .name("graphql")
-            .port(config.getServicePort())
-            .contextPath(config.getGraphQlUrlPath())
-            .corsConfig(buildCorsConfig(config))
+            .port(serviceConfig.getServicePort())
+            .contextPath(endpointConfig.getUrlPath())
+            .corsConfig(buildCorsConfig(endpointConfig))
             .servlet(
                 new GraphQlServiceHttpServlet(
                     GraphQlFactory.build(
-                        config, serviceLifecycle, environment.getChannelRegistry())))
+                        serviceConfig,
+                        endpointConfig,
+                        serviceLifecycle,
+                        environment.getChannelRegistry())))
             .build());
   }
 
-  private CorsConfig buildCorsConfig(GraphQlServiceConfig config) {
+  private CorsConfig buildCorsConfig(GraphQlEndpointConfig config) {
     if (!config.isCorsEnabled()) {
       return null;
     }

diff --git a/hypertrace-graphql-service/src/main/resources/configs/common/application.conf b/hypertrace-graphql-service/src/main/resources/configs/common/application.conf
@@ -6,6 +6,7 @@ service.admin.port = 23432
 graphql.urlPath = /graphql
 graphql.corsEnabled = true
 graphql.timeout = 30s
+introspection.enabled = false
 
 defaultTenantId = ${?DEFAULT_TENANT_ID}
+2 −2		hypertrace-core-graphql-attribute-scope-constants/gradle.lockfile
+2 −2		hypertrace-core-graphql-attribute-scope/gradle.lockfile
+2 −2		hypertrace-core-graphql-attribute-store/gradle.lockfile
+2 −0		...trace-core-graphql-attribute-store/src/main/java/org/hypertrace/core/graphql/attributes/AttributeStore.java
+15 −0		...ore-graphql-attribute-store/src/main/java/org/hypertrace/core/graphql/attributes/CachingAttributeStore.java
+2 −2		hypertrace-core-graphql-common-schema/gradle.lockfile
+2 −2		hypertrace-core-graphql-context/gradle.lockfile
+8 −8		hypertrace-core-graphql-context/src/main/java/org/hypertrace/core/graphql/context/AsyncDataFetcherFactory.java
+4 −4		...ace-core-graphql-context/src/test/java/org/hypertrace/core/graphql/context/AsyncDataFetcherFactoryTest.java
+2 −2		hypertrace-core-graphql-deserialization/gradle.lockfile
+2 −2		hypertrace-core-graphql-gateway-service-utils/gradle.lockfile
+2 −2		hypertrace-core-graphql-grpc-utils/gradle.lockfile
+2 −2		hypertrace-core-graphql-impl/gradle.lockfile
+6 −3		hypertrace-core-graphql-impl/src/main/java/org/hypertrace/core/graphql/impl/GraphQlFactory.java
+9 −4		hypertrace-core-graphql-impl/src/main/java/org/hypertrace/core/graphql/impl/GraphQlModule.java
+3 −0		hypertrace-core-graphql-impl/src/test/java/org/hypertrace/core/graphql/impl/GraphQlModuleTest.java
+2 −2		hypertrace-core-graphql-log-event-schema/gradle.lockfile
+2 −2		hypertrace-core-graphql-metadata-schema/gradle.lockfile
+2 −2		hypertrace-core-graphql-request-transformation/gradle.lockfile
+2 −2		hypertrace-core-graphql-rx-utils/gradle.lockfile
+5 −5		hypertrace-core-graphql-rx-utils/src/main/java/org/hypertrace/core/graphql/rx/BoundedIoSchedulerProvider.java
+2 −2		hypertrace-core-graphql-schema-registry/gradle.lockfile
+21 −2		...schema-registry/src/main/java/org/hypertrace/core/graphql/schema/registry/GraphQlAnnotatedSchemaMerger.java
+29 −1		...ma-registry/src/test/java/org/hypertrace/core/graphql/schema/registry/GraphQlAnnotatedSchemaMergerTest.java
+2 −2		hypertrace-core-graphql-schema-utils/gradle.lockfile
+4 −0		hypertrace-core-graphql-service/build.gradle.kts
+23 −21		hypertrace-core-graphql-service/gradle.lockfile
+39 −0		...ce-core-graphql-service/src/main/java/org/hypertrace/core/graphql/service/DefaultGraphQlEndpointConfig.java
+0 −42		...ace-core-graphql-service/src/main/java/org/hypertrace/core/graphql/service/DefaultGraphQlServiceConfig.java
+13 −7		hypertrace-core-graphql-service/src/main/java/org/hypertrace/core/graphql/service/GraphQlService.java
+1 −0		hypertrace-core-graphql-service/src/main/resources/configs/common/application.conf
+2 −2		hypertrace-core-graphql-span-schema/gradle.lockfile
+2 −2		hypertrace-core-graphql-spi/gradle.lockfile
+17 −0		hypertrace-core-graphql-spi/src/main/java/org/hypertrace/core/graphql/spi/config/GraphQlEndpointConfig.java
+0 −10		hypertrace-core-graphql-spi/src/main/java/org/hypertrace/core/graphql/spi/config/GraphQlServiceConfig.java
+2 −2		hypertrace-core-graphql-trace-schema/gradle.lockfile
+1 −32		owasp-suppressions.xml