refactoring mongodb specific code into store-client-sdk

Signed-off-by: Davanum Srinivas <[email protected]>

cleanup

Signed-off-by: Davanum Srinivas <[email protected]>

Author: dims

.golangci.yml

@@ -53,6 +53,7 @@ linters:
     - noctx
     - whitespace
     - wsl_v5
+    - gosec
   exclusions:
     generated: lax
     presets:

commons/go.mod

@@ -17,44 +17,58 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.13.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-openapi/jsonpointer v0.22.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.2 // indirect
+	github.com/go-openapi/swag v0.25.1 // indirect
+	github.com/go-openapi/swag/cmdutils v0.25.1 // indirect
+	github.com/go-openapi/swag/conv v0.25.1 // indirect
+	github.com/go-openapi/swag/fileutils v0.25.1 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.1 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.1 // indirect
+	github.com/go-openapi/swag/loading v0.25.1 // indirect
+	github.com/go-openapi/swag/mangling v0.25.1 // indirect
+	github.com/go-openapi/swag/netutils v0.25.1 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.1 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.1 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
+	github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.26.0 // indirect
+	github.com/onsi/gomega v1.38.2 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.66.1 // indirect
-	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/prometheus/common v0.67.2 // indirect
+	github.com/prometheus/procfs v0.17.0 // indirect
+	github.com/rogpeppe/go-internal v1.14.1 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.yaml.in/yaml/v2 v2.4.2 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/net v0.43.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/term v0.34.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
-	google.golang.org/protobuf v1.36.8 // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	golang.org/x/net v0.46.0 // indirect
+	golang.org/x/oauth2 v0.32.0 // indirect
+	golang.org/x/sys v0.37.0 // indirect
+	golang.org/x/term v0.36.0 // indirect
+	golang.org/x/text v0.30.0 // indirect
+	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
-	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
-	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
+	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
+	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect

commons/go.sum

@@ -0,0 +1,95 @@
+// Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package flags
+
+import (
+	"flag"
+	"log/slog"
+	"os"
+)
+
+// DatabaseCertConfig holds the configuration for database client certificate paths
+type DatabaseCertConfig struct {
+	DatabaseClientCertMountPath string
+	LegacyMongoCertPath         string
+	ResolvedCertPath            string
+}
+
+// RegisterDatabaseCertFlags registers both the new and legacy database certificate flags
+// for backward compatibility. This centralizes the flag parsing logic that was duplicated
+// across multiple modules.
+func RegisterDatabaseCertFlags() *DatabaseCertConfig {
+	config := &DatabaseCertConfig{}
+
+	flag.StringVar(&config.DatabaseClientCertMountPath, "database-client-cert-mount-path", "/etc/ssl/database-client",
+		"path where the database client cert is mounted")
+
+	// Support legacy flag name for backward compatibility
+	flag.StringVar(&config.LegacyMongoCertPath, "mongo-client-cert-mount-path", "/etc/ssl/mongo-client",
+		"path where the mongo client cert is mounted (legacy flag, use database-client-cert-mount-path)")
+
+	return config
+}
+
+// ResolveCertPath resolves the actual certificate path to use based on flag values and file existence.
+// This implements the backward compatibility logic that was duplicated across multiple modules.
+func (c *DatabaseCertConfig) ResolveCertPath() string {
+	// If new flag is still default and legacy flag is provided, use legacy flag value
+	if c.DatabaseClientCertMountPath == "/etc/ssl/database-client" {
+		c.ResolvedCertPath = c.LegacyMongoCertPath
+		slog.Info("Using legacy certificate path for backward compatibility",
+			"resolved_path", c.ResolvedCertPath,
+			"database_flag", c.DatabaseClientCertMountPath,
+			"legacy_flag", c.LegacyMongoCertPath)
+	} else {
+		c.ResolvedCertPath = c.DatabaseClientCertMountPath
+		slog.Info("Using new certificate path",
+			"resolved_path", c.ResolvedCertPath)
+	}
+
+	return c.ResolvedCertPath
+}
+
+// GetCertPath checks if the certificate exists at the resolved path, with fallback logic
+func (c *DatabaseCertConfig) GetCertPath() string {
+	if c.ResolvedCertPath == "" {
+		c.ResolveCertPath()
+	}
+
+	// Check if ca.crt exists at the resolved path
+	if _, err := os.Stat(c.ResolvedCertPath + "/ca.crt"); err == nil {
+		return c.ResolvedCertPath
+	}
+
+	// Fall back to legacy mongo-client path
+	legacyPath := "/etc/ssl/mongo-client"
+	if _, err := os.Stat(legacyPath + "/ca.crt"); err == nil {
+		slog.Info("Fallback to legacy certificate path", "path", legacyPath)
+		return legacyPath
+	}
+
+	// Fall back to new database-client path
+	newPath := "/etc/ssl/database-client"
+	if _, err := os.Stat(newPath + "/ca.crt"); err == nil {
+		slog.Info("Fallback to new certificate path", "path", newPath)
+		return newPath
+	}
+
+	// If neither exists, return the resolved path (original behavior)
+	slog.Warn("Certificate file not found at any expected location, using resolved path",
+		"resolved_path", c.ResolvedCertPath)
+
+	return c.ResolvedCertPath
+}

commons/pkg/flags/database_flags.go

@@ -0,0 +1,164 @@
+// Copyright (c) 2025, NVIDIA CORPORATION.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package flags
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDatabaseCertConfig_ResolveCertPath(t *testing.T) {
+	tests := []struct {
+		name                        string
+		databaseClientCertMountPath string
+		legacyMongoCertPath         string
+		expectedResolvedPath        string
+		description                 string
+	}{
+		{
+			name:                        "new flag with default value uses legacy",
+			databaseClientCertMountPath: "/etc/ssl/database-client",
+			legacyMongoCertPath:         "/etc/ssl/mongo-client",
+			expectedResolvedPath:        "/etc/ssl/mongo-client",
+			description:                 "When new flag is default, legacy flag value should be used",
+		},
+		{
+			name:                        "new flag with custom value uses new",
+			databaseClientCertMountPath: "/custom/database-client",
+			legacyMongoCertPath:         "/etc/ssl/mongo-client",
+			expectedResolvedPath:        "/custom/database-client",
+			description:                 "When new flag is explicitly set, it should be used",
+		},
+		{
+			name:                        "new flag with default and legacy custom uses legacy",
+			databaseClientCertMountPath: "/etc/ssl/database-client",
+			legacyMongoCertPath:         "/custom/mongo-client",
+			expectedResolvedPath:        "/custom/mongo-client",
+			description:                 "When new flag is default and legacy is custom, legacy should be used",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			config := &DatabaseCertConfig{
+				DatabaseClientCertMountPath: tt.databaseClientCertMountPath,
+				LegacyMongoCertPath:         tt.legacyMongoCertPath,
+			}
+
+			resolvedPath := config.ResolveCertPath()
+
+			assert.Equal(t, tt.expectedResolvedPath, resolvedPath, tt.description)
+			assert.Equal(t, tt.expectedResolvedPath, config.ResolvedCertPath, "ResolvedCertPath should be set")
+		})
+	}
+}
+
+func TestDatabaseCertConfig_GetCertPath(t *testing.T) {
+	// Create a temporary directory structure for testing
+	tempDir, err := os.MkdirTemp("", "cert_test")
+	require.NoError(t, err)
+	defer os.RemoveAll(tempDir)
+
+	// Create test certificate directories
+	legacyPath := filepath.Join(tempDir, "mongo-client")
+	newPath := filepath.Join(tempDir, "database-client")
+	customPath := filepath.Join(tempDir, "custom")
+
+	require.NoError(t, os.MkdirAll(legacyPath, 0755))
+	require.NoError(t, os.MkdirAll(newPath, 0755))
+	require.NoError(t, os.MkdirAll(customPath, 0755))
+
+	// Create ca.crt files in test directories
+	require.NoError(t, os.WriteFile(filepath.Join(legacyPath, "ca.crt"), []byte("legacy cert"), 0644))
+	require.NoError(t, os.WriteFile(filepath.Join(newPath, "ca.crt"), []byte("new cert"), 0644))
+	require.NoError(t, os.WriteFile(filepath.Join(customPath, "ca.crt"), []byte("custom cert"), 0644))
+
+	tests := []struct {
+		name         string
+		resolvedPath string
+		expectedPath string
+		description  string
+	}{
+		{
+			name:         "resolved path exists",
+			resolvedPath: customPath,
+			expectedPath: customPath,
+			description:  "When resolved path has ca.crt, it should be used",
+		},
+		{
+			name:         "resolved path missing fallback to legacy",
+			resolvedPath: filepath.Join(tempDir, "nonexistent"),
+			expectedPath: "/etc/ssl/mongo-client", // Falls back to hardcoded legacy path
+			description:  "When resolved path missing, should fallback to legacy path",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			config := &DatabaseCertConfig{
+				ResolvedCertPath: tt.resolvedPath,
+			}
+
+			certPath := config.GetCertPath()
+
+			if tt.expectedPath == "/etc/ssl/mongo-client" {
+				// For fallback cases, just check it's using the fallback logic
+				assert.True(t, certPath == "/etc/ssl/mongo-client" || certPath == "/etc/ssl/database-client" || certPath == tt.resolvedPath,
+					"Should use fallback logic when resolved path doesn't exist")
+			} else {
+				assert.Equal(t, tt.expectedPath, certPath, tt.description)
+			}
+		})
+	}
+}
+
+func TestDatabaseCertConfig_GetCertPath_WithRealPaths(t *testing.T) {
+	tests := []struct {
+		name         string
+		resolvedPath string
+		description  string
+	}{
+		{
+			name:         "legacy path preference",
+			resolvedPath: "/etc/ssl/mongo-client",
+			description:  "Should handle legacy path correctly",
+		},
+		{
+			name:         "new path preference",
+			resolvedPath: "/etc/ssl/database-client",
+			description:  "Should handle new path correctly",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			config := &DatabaseCertConfig{
+				ResolvedCertPath: tt.resolvedPath,
+			}
+
+			certPath := config.GetCertPath()
+
+			// Since we can't guarantee these paths exist in test environment,
+			// just verify the function returns a reasonable path
+			assert.NotEmpty(t, certPath, "GetCertPath should return a non-empty path")
+			assert.Contains(t, []string{"/etc/ssl/mongo-client", "/etc/ssl/database-client", tt.resolvedPath},
+				certPath, "Should return one of the expected paths")
+		})
+	}
+}

commons/pkg/flags/database_flags_test.go

@@ -35,6 +35,7 @@ DOCKER_EXTRA_ARGS :=
 # =============================================================================
 
 include ../make/common.mk
+include ../make/go.mk
 
 # =============================================================================
 # MODULE-SPECIFIC TARGETS

data-models/Makefile

@@ -15,7 +15,7 @@ require (
 	golang.org/x/net v0.46.0 // indirect
 	golang.org/x/sys v0.37.0 // indirect
 	golang.org/x/text v0.30.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
 )
 
 // Local replacements for internal modules

data-models/go.mod

@@ -28,8 +28,8 @@ golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
 golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f h1:1FTH6cpXFsENbPR5Bu8NQddPSaUUE6NA2XdZdDSAJK4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
 google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
 google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=

data-models/go.sum

@@ -67,7 +67,7 @@ config: |
 
   [[rules]]
   name = "RepeatedXidError"
-  description = "Detect occurrence of fatal XIDs 5 times within 24 hours"
+  description = "Detect occurrence of fatal XIDs 5 times within 24 hours (production: 86400s for real workloads)"
   recommended_action = "CONTACT_SUPPORT"
   stage = [
     '''
@@ -96,7 +96,7 @@ config: |
                     "$map": {
                       "input": {
                         "$filter": {
-                          "input": "$healthevent.entitiesimpacted",
+                          "input": {"$ifNull": ["$healthevent.entitiesimpacted", []]},
                           "cond": {"$eq": ["$$this.entitytype", "GPU"]}
                         }
                       },