feat(sql-setup): system-update replacement for mysql/postgres setup #15044
Conversation
github-actions
bot
added
docs
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| mockSetupArgs.createUser = true; | ||
| mockSetupArgs.iamAuthEnabled = false; | ||
| mockSetupArgs.createUserUsername = "testuser"; | ||
| mockSetupArgs.createUserPassword = "testpass"; |
There was a problem hiding this comment.
Exposed secret in datahub-upgrade/src/test/java/com/linkedin/datahub/upgrade/sqlsetup/CreateUsersStepTest.java - low severity
Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.
View details in Aikido Security
| args.cdcUser = "custom_cdc"; | ||
| args.cdcPassword = "custom_password"; | ||
| args.createUserUsername = "testuser"; | ||
| args.createUserPassword = "testpass"; |
There was a problem hiding this comment.
Exposed secret in datahub-upgrade/src/test/java/com/linkedin/datahub/upgrade/sqlsetup/SqlSetupArgsTest.java - low severity
Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.
View details in Aikido Security
| @Test | ||
| public void testGetCreateTraditionalUserSqlMysql() throws Exception { | ||
| mockSetupArgs.createUserUsername = "mysqluser"; | ||
| mockSetupArgs.createUserPassword = "mysqlpass"; |
There was a problem hiding this comment.
Exposed secret in datahub-upgrade/src/test/java/com/linkedin/datahub/upgrade/sqlsetup/CreateUsersStepTest.java - low severity
Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.
View details in Aikido Security
| args.iamAuthEnabled = false; | ||
| args.createUser = true; | ||
| args.createUserUsername = null; // Missing createUserUsername | ||
| args.createUserPassword = "testpass"; |
There was a problem hiding this comment.
Exposed secret in datahub-upgrade/src/test/java/com/linkedin/datahub/upgrade/sqlsetup/config/SqlSetupConfigTest.java - low severity
Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.
View details in Aikido Security
datahub-cyborg
bot
added
the
needs-review
david-leifker
force-pushed
the
sql-setup-system-update
branch
from
f1eb4f4 to
878e0c0
Compare
|
✅ Meticulous spotted 0 visual differences across 1001 screens tested: view results. Meticulous evaluated ~8 hours of user flows against your PR. Expected differences? Click here. Last updated for commit fb48432. This comment will update as new commits are pushed. |
* better support for IAM
david-leifker
force-pushed
the
sql-setup-system-update
branch
from
878e0c0 to
fb48432
Compare
|
|
||
| import lombok.Data; | ||
|
|
||
| @Data |
There was a problem hiding this comment.
Prefer immutable types. Replace with the following?
@Value
@Builder
@ToString(exclude = "errorMessage")
| public int tablesCreated = 0; | ||
| public int usersCreated = 0; | ||
| public boolean cdcUserCreated = false; | ||
| public long executionTimeMs = 0; | ||
| public String errorMessage; |
There was a problem hiding this comment.
These should not be public if we've got @Data.
| public String errorMessage; | ||
|
|
||
| @Override | ||
| public String toString() { |
There was a problem hiding this comment.
Why exclude errorMessage? In any case, lombok can do that for us.
|
|
||
| import org.testng.annotations.Test; | ||
|
|
||
| public class SqlSetupResultTest { |
There was a problem hiding this comment.
This test file should not exist at all. This is why we use Lombok.
|
|
||
| import lombok.Data; | ||
|
|
||
| @Data |
There was a problem hiding this comment.
We should prefer @Value. The fields should not be public.
| } | ||
|
|
||
| void createDatabaseIfNotExists(String databaseName, DatabaseType dbType) throws SQLException { | ||
| if (DatabaseType.POSTGRES.equals(dbType)) { |
There was a problem hiding this comment.
I see these conditionals at a few places. How about extracting an interface and having separate impls for Postgres vs Mysql?
| import java.util.List; | ||
| import javax.annotation.Nullable; | ||
|
|
||
| public class SqlSetup implements Upgrade { |
| import org.testng.annotations.Test; | ||
|
|
||
| @TestPropertySource(properties = {"entityService.impl=ebean"}) | ||
| public class SqlSetupUpgradeConfigTest { |
There was a problem hiding this comment.
IMO, this test is pure maintenance burden and should be deleted. It'll never catch real bugs; all it does is give false confidence about test coverage :)
| import org.testng.annotations.Test; | ||
|
|
||
| /** Unit tests for DatabaseType enum. */ | ||
| public class DatabaseTypeTest { |
There was a problem hiding this comment.
Claude got really intense with unit testing this class. I think this is a serious problem. I asked claude to write down my arguments against over-testing here:
PTAL and we can discuss.
|
|
||
| import org.testng.annotations.Test; | ||
|
|
||
| public class SqlSetupArgsTest { |
There was a problem hiding this comment.
Another test class that we should drop.
datahub-cyborg
bot
added
pending-submitter-response
2 participants
SQL Setup Upgrade System
Overview
This PR introduces a comprehensive SQL setup upgrade system for DataHub that enables automated database initialization, table creation, and user management for both MySQL and PostgreSQL databases. The system supports both traditional authentication and IAM-based authentication, making it suitable for various deployment scenarios.
Key Features
🗄️ Database Support
🔧 Core Functionality
metadata_aspect_v2table with proper schemaEnvironment Variables
Core Configuration
CREATE_TABLEStrueCREATE_DBtrueCREATE_USERfalseCDC_MCL_PROCESSING_ENABLEDfalseCDC_USERdatahub_cdcCDC_PASSWORDdatahub_cdcIAM_ROLEDatabase Connection
The system automatically extracts connection details from Spring Ebean configuration:
ebean.usernameandebean.passwordebean.useIamAuthsettingUsage Examples
Basic Table Creation
With User Creation
With CDC Support