make kafka optional

Author: sbtaylor15

README.md

@@ -143,6 +143,7 @@ graph TB
 ```
 
 **SLA Targets:**
+
 | Severity | Standard | Mission-Critical |
 |----------|----------|------------------|
 | Critical | 15 days  | 7 days           |
@@ -313,12 +314,12 @@ stateDiagram-v2
 
 ## 📈 Performance
 
-| Metric | Target | Actual |
-|--------|--------|--------|
-| API Response | <3s | <1s (p95) |
-| CVE Ingestion | 50K/hour | ✅ |
-| Concurrent Users | 100+ | ✅ |
-| Database Scale | 1M+ releases | ✅ |
+| Metric           | Target       | Actual    |
+|------------------|--------------|-----------|
+| API Response     | <3s          | <1s (p95) |
+| CVE Ingestion    | 50K/hour     | ✅         |
+| Concurrent Users | 100+         | ✅         |
+| Database Scale   | 1M+ releases | ✅         |
 
 ## 🛠️ Technology Stack
 

chart/pdvd-backend/values.yaml

@@ -18,10 +18,10 @@ github:
 
 # SMTP Configuration - Leave empty to disable email (invitations will print to console)
 smtp:
-  enabled: false  # Set to true to enable email sending
+  enabled: false # Set to true to enable email sending
   host: ""
   port: ""
   username: ""
   password: ""
   fromEmail: ""
-  fromName: ""
+  fromName: ""

design.md

@@ -88,17 +88,17 @@ graph TB
 
 ### Technology Stack
 
-| Layer | Technology | Purpose |
-|-------|------------|---------|
-| **API Framework** | Fiber v2 | High-performance HTTP server |
-| **GraphQL** | graphql-go | Query flexibility |
-| **Database** | ArangoDB 3.11+ | Graph + document store |
-| **Auth** | golang-jwt/jwt | JWT generation/validation |
-| **Password** | bcrypt | Password hashing |
-| **CVE Data** | OSV.dev API | Vulnerability database |
-| **CVSS** | pandatix/go-cvss | Score calculation |
-| **Git** | go-git | GitOps integration |
-| **Email** | net/smtp | SMTP invitations |
+| Layer             | Technology       | Purpose                      |
+|-------------------|------------------|------------------------------|
+| **API Framework** | Fiber v2         | High-performance HTTP server |
+| **GraphQL**       | graphql-go       | Query flexibility            |
+| **Database**      | ArangoDB 3.11+   | Graph + document store       |
+| **Auth**          | golang-jwt/jwt   | JWT generation/validation    |
+| **Password**      | bcrypt           | Password hashing             |
+| **CVE Data**      | OSV.dev API      | Vulnerability database       |
+| **CVSS**          | pandatix/go-cvss | Score calculation            |
+| **Git**           | go-git           | GitOps integration           |
+| **Email**         | net/smtp         | SMTP invitations             |
 
 ---
 
@@ -1489,17 +1489,17 @@ graph TB
 
 ### Glossary
 
-| Term | Definition |
-|------|------------|
-| **PURL** | Package URL - standardized package identifier (pkg:type/namespace/name@version) |
-| **Hub-and-Spoke** | Graph pattern using central hub nodes to reduce edge count |
-| **MTTR** | Mean Time To Remediate - average days from CVE discovery to fix deployment |
-| **SLA** | Service Level Agreement - target remediation time based on severity |
-| **SBOM** | Software Bill of Materials - inventory of software components |
-| **CVE** | Common Vulnerabilities and Exposures - unique vulnerability identifier |
-| **CVSS** | Common Vulnerability Scoring System - severity scoring standard (0-10) |
-| **GitOps** | Infrastructure/config as code with Git as source of truth |
-| **Materialized Edge** | Pre-computed edge stored for performance (e.g., release2cve) |
+| Term                  | Definition                                                                      |
+|-----------------------|---------------------------------------------------------------------------------|
+| **PURL**              | Package URL - standardized package identifier (pkg:type/namespace/name@version) |
+| **Hub-and-Spoke**     | Graph pattern using central hub nodes to reduce edge count                      |
+| **MTTR**              | Mean Time To Remediate - average days from CVE discovery to fix deployment      |
+| **SLA**               | Service Level Agreement - target remediation time based on severity             |
+| **SBOM**              | Software Bill of Materials - inventory of software components                   |
+| **CVE**               | Common Vulnerabilities and Exposures - unique vulnerability identifier          |
+| **CVSS**              | Common Vulnerability Scoring System - severity scoring standard (0-10)          |
+| **GitOps**            | Infrastructure/config as code with Git as source of truth                       |
+| **Materialized Edge** | Pre-computed edge stored for performance (e.g., release2cve)                    |
 
 ### References
 

events/kafka.json

@@ -31,7 +31,10 @@
       "type": "object",
       "description": "Reference to the stored SBOM content",
       "properties": {
-        "cid": { "type": "string", "description": "IPFS CID of the SBOM content" },
+        "cid": {
+          "type": "string",
+          "description": "IPFS CID of the SBOM content"
+        },
         "storage_type": { "type": "string", "enum": ["ipfs", "s3"] },
         "content_sha": { "type": "string" },
         "uploaded_at": { "type": "string", "format": "date-time" }
@@ -43,9 +46,21 @@
       "description": "The deployment target (Endpoint) metadata",
       "properties": {
         "name": { "type": "string" },
-        "endpoint_type": { 
-          "type": "string", 
-          "enum": ["cluster", "ec2", "lambda", "ecs", "eks", "gke", "aks", "fargate", "edge", "iot", "mission_asset"] 
+        "endpoint_type": {
+          "type": "string",
+          "enum": [
+            "cluster",
+            "ec2",
+            "lambda",
+            "ecs",
+            "eks",
+            "gke",
+            "aks",
+            "fargate",
+            "edge",
+            "iot",
+            "mission_asset"
+          ]
         },
         "environment": { "type": "string" },
         "is_public": { "type": "boolean", "default": true }
@@ -66,4 +81,4 @@
     "sbom_ref",
     "endpoint"
   ]
-}
+}

hub_and_spoke_guide.md

@@ -916,22 +916,22 @@ graph TB
 
 ### Query Performance Benchmarks
 
-| Query | Traditional | Hub-and-Spoke | Speedup |
-|-------|-------------|---------------|---------|
-| CVE → Releases | 30s | 3s | 10x |
-| Release → CVEs | 15s | 0.5s | 30x |
-| Dashboard MTTR | 60s | 2s | 30x |
-| Org-filtered queries | 45s | 1s | 45x |
-| Post-deployment detection | 20s | 1s | 20x |
+| Query                     | Traditional | Hub-and-Spoke | Speedup |
+|---------------------------|-------------|---------------|---------|
+| CVE → Releases            | 30s         | 3s            | 10x     |
+| Release → CVEs            | 15s         | 0.5s          | 30x     |
+| Dashboard MTTR            | 60s         | 2s            | 30x     |
+| Org-filtered queries      | 45s         | 1s            | 45x     |
+| Post-deployment detection | 20s         | 1s            | 20x     |
 
 ### Storage Requirements
 
-| Data | Count | Traditional Size | Hub-and-Spoke Size | Reduction |
-|------|-------|------------------|-------------------|-----------|
-| **Nodes** | 11,100 | 5 MB | 5 MB | 0% |
-| **Edges** | - | 500 MB | 25 MB | 95% |
-| **Indexes** | - | 100 MB | 10 MB | 90% |
-| **Total** | - | 605 MB | 40 MB | **93.4%** |
+| Data        | Count  | Traditional Size | Hub-and-Spoke Size | Reduction |
+|-------------|--------|------------------|--------------------|-----------|
+| **Nodes**   | 11,100 | 5 MB             | 5 MB               | 0%        |
+| **Edges**   | -      | 500 MB           | 25 MB              | 95%       |
+| **Indexes** | -      | 100 MB           | 10 MB              | 90%       |
+| **Total**   | -      | 605 MB           | 40 MB              | **93.4%** |
 
 ---
 

internal/kafka/processor.go

@@ -13,10 +13,9 @@ import (
 	"github.com/segmentio/kafka-go"
 )
 
-// RunEventProcessor starts the Kafka consumer for release events.
-// Kafka messages contain the SBOM CID (and optional metadata)
-func RunEventProcessor(ctx context.Context, db database.DBConnection) {
-	// Parse Kafka brokers from environment variable
+// RunEventProcessor attempts to connect to Kafka 3 times.
+// If successful, it starts the consumer loop. If not, it returns an error.
+func RunEventProcessor(ctx context.Context, db database.DBConnection) error {
 	brokersEnv := os.Getenv("KAFKA_BROKERS")
 	var brokers []string
 	if brokersEnv != "" {
@@ -25,50 +24,58 @@ func RunEventProcessor(ctx context.Context, db database.DBConnection) {
 		brokers = []string{"localhost:9092"}
 	}
 
-	// Create Kafka reader
+	topic := "release-events"
+	var conn *kafka.Conn
+	var err error
+
+	// Retry logic: 3 tries
+	for i := 1; i <= 3; i++ {
+		log.Printf("Kafka connection attempt %d/3...", i)
+		conn, err = kafka.DialContext(ctx, "tcp", brokers[0])
+		if err == nil {
+			conn.Close()
+			break
+		}
+		if i < 3 {
+			time.Sleep(2 * time.Second)
+		}
+	}
+
+	if err != nil {
+		return err // Give up after 3 tries
+	}
+
+	// If connection is successful, start the reader
 	reader := kafka.NewReader(kafka.ReaderConfig{
 		Brokers:  brokers,
 		GroupID:  "pdvd-backend-worker",
-		Topic:    "release-events",
-		MaxBytes: 10e6, // 10MB per message
+		Topic:    topic,
+		MaxBytes: 10e6,
 	})
-	defer func() {
-		if err := reader.Close(); err != nil {
-			log.Printf("Error closing Kafka reader: %v", err)
-		}
-	}()
-
-	// Initialize ReleaseService
-	service := &services.ReleaseServiceWrapper{DB: db}
 
-	// Initialize SBOM fetcher
-	fetcher := &services.CIDFetcher{} // implements release.SBOMFetcher
+	go func() {
+		defer reader.Close()
+		service := &services.ReleaseServiceWrapper{DB: db}
+		fetcher := &services.CIDFetcher{}
 
-	log.Println("Kafka Event Processor started. Listening for release events...")
+		log.Println("Kafka Event Processor started. Listening for release events...")
 
-	for {
-		select {
-		case <-ctx.Done():
-			log.Println("Kafka Event Processor shutting down...")
-			return
-		default:
-			// Read message
-			msg, err := reader.ReadMessage(ctx)
-			if err != nil {
-				if ctx.Err() != nil {
-					return
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			default:
+				msg, err := reader.ReadMessage(ctx)
+				if err != nil {
+					if ctx.Err() != nil {
+						return
+					}
+					continue
 				}
-				log.Printf("Kafka read error: %v. Retrying in 1s...", err)
-				time.Sleep(time.Second)
-				continue
-			}
-
-			// Pass the raw message to the release handler along with fetcher and service
-			if err := release.HandleReleaseSBOMCreatedWithService(ctx, msg.Value, fetcher, service); err != nil {
-				log.Printf("Handler error for message key=%s: %v", string(msg.Key), err)
-			} else {
-				log.Printf("Successfully processed message key=%s offset=%d", string(msg.Key), msg.Offset)
+				_ = release.HandleReleaseSBOMCreatedWithService(ctx, msg.Value, fetcher, service)
 			}
 		}
-	}
+	}()
+
+	return nil
 }

main.go

@@ -13,17 +13,19 @@ import (
 )
 
 func main() {
-	// Initialize database connection
 	db := database.InitializeDatabase()
 
-	// Handle graceful shutdown
 	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 	defer cancel()
 
-	// Start Kafka processor
-	go kafka.RunEventProcessor(ctx, db)
+	// Attempt to start Kafka (Optional)
+	if err := kafka.RunEventProcessor(ctx, db); err != nil {
+		log.Printf("Warning: Kafka initialization failed after 3 tries: %v. Starting without Kafka support.", err)
+	} else {
+		log.Println("Kafka processor initialized successfully.")
+	}
 
-	// Start Fiber server with API routes
+	// Start everything else normally
 	app := api.NewFiberApp(db)
 	port := os.Getenv("MS_PORT")
 	if port == "" {
@@ -37,7 +39,6 @@ func main() {
 		}
 	}()
 
-	// Wait for termination signal
 	<-ctx.Done()
 	log.Println("Shutting down pdvd-backend...")
 	app.Shutdown()

restapi/modules/auth/rbac_fiber_handlers.go

@@ -311,7 +311,7 @@ func ApplyRBAC(db database.DBConnection, config *PeriobolosConfig, emailConfig *
 		if err != nil {
 			newOrg := &model.Org{
 				Name:        normalizedOrgName, // Store lowercase
-				DisplayName: displayName,        // Store display name
+				DisplayName: displayName,       // Store display name
 				Description: orgDef.Description,
 				Metadata:    orgDef.Metadata,
 				CreatedAt:   time.Now(),

util/org.go

@@ -14,7 +14,7 @@ func NormalizeOrgNames(orgs []string) []string {
 	if orgs == nil {
 		return []string{}
 	}
-	
+
 	normalized := make([]string, len(orgs))
 	for i, org := range orgs {
 		normalized[i] = NormalizeOrgName(org)