Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hasura integration with squids #334

Merged
merged 2 commits into from
Aug 6, 2024
Merged

Hasura integration with squids #334

merged 2 commits into from
Aug 6, 2024

Conversation

DaMandal0rian
Copy link
Member

@DaMandal0rian DaMandal0rian commented Aug 6, 2024
edited by github-actions bot
Loading

PR Type

enhancement, configuration changes

Description

  • Added hasura_graphql_admin_secret variable to multiple Terraform configurations.
  • Introduced Hasura GraphQL engine service to Docker Compose files for both Nova Squid and Squid nodes.
  • Configured environment variables and exposed port 8080 for Hasura service.
  • Aligned existing variables for better readability.

Changes walkthrough 📝

Relevant files
Configuration changes
main.tf
Add Hasura GraphQL admin secret to module configuration   

explorer/terraform/aws/gemini-3h/main.tf

  • Added hasura_graphql_admin_secret variable to module configuration.
  • Aligned existing variables for better readability.
    		•  +13/-12 
    variables.tf
    Introduce Hasura GraphQL admin secret variable                     

    explorer/terraform/aws/gemini-3h/variables.tf

    • Introduced new variable hasura_graphql_admin_secret.
    		 +5/-0     
    bootstrap_nova_squid_provisioner.tf
    Add Hasura GraphQL admin secret to Nova Squid provisioner

    templates/terraform/explorer/base/bootstrap_nova_squid_provisioner.tf

    • Added HASURA_GRAPHQL_ADMIN_SECRET to environment variables.
    		 +1/-0     
    bootstrap_squid_provisioner.tf
    Add Hasura GraphQL admin secret to Squid provisioner         

    templates/terraform/explorer/base/bootstrap_squid_provisioner.tf

    • Added HASURA_GRAPHQL_ADMIN_SECRET to environment variables.
    		 +1/-0     
    variables.tf
    Introduce Hasura GraphQL admin secret variable                     

    templates/terraform/explorer/base/variables.tf

    • Introduced new variable hasura_graphql_admin_secret.
    		 +5/-0     
    terraform.tfvars.example
    Add example entry for Hasura GraphQL admin secret               

    explorer/terraform/aws/gemini-3h/terraform.tfvars.example

    • Added example entry for hasura_graphql_admin_secret.
    		 +1/-0     
    Enhancement
    create_nova_squid_node_compose_file.sh
    Add Hasura GraphQL engine service to Nova Squid Docker Compose

    templates/terraform/explorer/base/scripts/create_nova_squid_node_compose_file.sh

  • Added Hasura GraphQL engine service to Docker Compose.
  • Configured environment variables for Hasura service.
  • Exposed port 8080 for Hasura service.
    		•  +25/-1   
    create_squid_node_compose_file.sh
    Add Hasura GraphQL engine service to Squid Docker Compose

    templates/terraform/explorer/base/scripts/create_squid_node_compose_file.sh

  • Added Hasura GraphQL engine service to Docker Compose.
  • Configured environment variables for Hasura service.
  • Exposed port 8080 for Hasura service.
    		•  +25/-1   

    💡 PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    @github-actions GitHub Actions
    Copy link

    github-actions bot commented Aug 6, 2024

    PR Reviewer Guide 🔍

    ⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
    🧪 No relevant tests
    🔒 Security concerns

    Sensitive information exposure:
    The hasura_graphql_admin_secret is added to various configurations and scripts. Ensure that this secret is handled securely through all layers and not exposed in logs or error messages.

    ⚡ Key issues to review

    Hardcoded Version
    The Hasura GraphQL engine image version is hardcoded to v2.40.0. Consider using a variable to manage the version to facilitate easier updates and version management.

    Debug Mode Enabled
    The Hasura GraphQL DEV_MODE is set to "true", which is not recommended for production environments. Ensure this is conditional based on the environment.

    Port Conflict
    The port mapping for PostgreSQL has been changed from 8080 to 9080, potentially leading to conflicts or misconfiguration in environments expecting the old port.

    @github-actions GitHub Actions
    Copy link

    github-actions bot commented Aug 6, 2024
    edited
    Loading

    PR Code Suggestions ✨

    CategorySuggestion                                                                                                                                    Score
    Best practice
    Disable development features in production for security and performance

    Consider disabling the Hasura GraphQL console and dev mode in production
    environments to enhance security and performance.

    templates/terraform/explorer/base/scripts/create_nova_squid_node_compose_file.sh [95-97]

    -HASURA_GRAPHQL_ENABLE_CONSOLE: "true" # set "false" to disable console
-HASURA_GRAPHQL_DEV_MODE: "true"
+HASURA_GRAPHQL_ENABLE_CONSOLE: "false" # set "false" to disable console
+HASURA_GRAPHQL_DEV_MODE: "false"
    Suggestion importance[1-10]: 8

    Why: Disabling the Hasura GraphQL console and dev mode in production is a good practice to enhance security and performance.

    		8
    Use version constraints for dependencies to avoid compatibility issues

    Consider using a more specific version or a version constraint for the Hasura
    GraphQL engine to avoid potential compatibility issues with future versions.

    templates/terraform/explorer/base/scripts/create_nova_squid_node_compose_file.sh [87]

    -image: hasura/graphql-engine:v2.40.0
+image: hasura/graphql-engine:~v2.40
    Suggestion importance[1-10]: 7

    Why: Using version constraints for dependencies is a good practice to avoid potential compatibility issues with future versions.

    		7
    Security
    Manage admin secrets securely

    Ensure that the HASURA_GRAPHQL_ADMIN_SECRET is not hardcoded and is securely
    managed, possibly using a secrets management tool.

    templates/terraform/explorer/base/scripts/create_nova_squid_node_compose_file.sh [101]

    -HASURA_GRAPHQL_ADMIN_SECRET: \${HASURA_GRAPHQL_ADMIN_SECRET}
+HASURA_GRAPHQL_ADMIN_SECRET: \${HASURA_GRAPHQL_ADMIN_SECRET} # Ensure this is managed securely
    Suggestion importance[1-10]: 3

    Why: The suggestion to ensure the admin secret is managed securely is valid, but the improved code only adds a comment without implementing a secure management solution.

    		3

    @DaMandal0rian DaMandal0rian mentioned this pull request Aug 6, 2024
    Merged
    marc-aurele-besner
    marc-aurele-besner approved these changes Aug 6, 2024
    View reviewed changes
    Copy link
    Member

    @marc-aurele-besner marc-aurele-besner left a comment

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    LGTM

    @DaMandal0rian DaMandal0rian merged commit de91cbe into main Aug 6, 2024
    2 checks passed
    @DaMandal0rian DaMandal0rian deleted the hasura-integration branch August 6, 2024 20:17
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @marc-aurele-besner marc-aurele-besner marc-aurele-besner approved these changes

    Assignees
    No one assigned
    Labels
    configuration changes enhancement New feature or request Review effort [1-5]: 3
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @DaMandal0rian @marc-aurele-besner