fix(api): handle Neo4j unavailability during app initialization (#9827)

Co-authored-by: Josema Camacho <josema@prowler.com>

.env

@@ -54,7 +54,7 @@ NEO4J_PORT=7687
 NEO4J_USER=neo4j
 NEO4J_PASSWORD=neo4j_password
 # Neo4j settings
-NEO4J_DBMS_MAX__DATABASES=1000000
+NEO4J_DBMS_MAX__DATABASES=1000
 NEO4J_SERVER_MEMORY_PAGECACHE_SIZE=1G
 NEO4J_SERVER_MEMORY_HEAP_INITIAL__SIZE=1G
 NEO4J_SERVER_MEMORY_HEAP_MAX__SIZE=1G

api/docker-entrypoint.sh

@@ -32,7 +32,7 @@ start_prod_server() {
 
 start_worker() {
   echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill,overview,integrations,compliance -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill,overview,integrations,compliance,attack-paths-scans -E --max-tasks-per-child 1
 }
 
 start_worker_beat() {

api/src/backend/api/apps.py

@@ -1,5 +1,5 @@
-import logging
 import atexit
+import logging
 import os
 import sys
 from pathlib import Path
@@ -41,7 +41,26 @@ class ApiConfig(AppConfig):
         if "manage.py" not in sys.argv or os.environ.get("RUN_MAIN"):
             self._ensure_crypto_keys()
 
-        if not getattr(settings, "TESTING", False):
+        # Commands that don't need Neo4j
+        SKIP_NEO4J_DJANGO_COMMANDS = [
+            "migrate",
+            "makemigrations",
+            "check",
+            "help",
+            "showmigrations",
+            "check_and_fix_socialaccount_sites_migration",
+        ]
+
+        if getattr(settings, "TESTING", False) or (
+            "manage.py" in sys.argv
+            and len(sys.argv) > 1
+            and sys.argv[1] in SKIP_NEO4J_DJANGO_COMMANDS
+        ):
+            logger.info(
+                "Skipping Neo4j initialization because of the current Django command or testing"
+            )
+
+        else:
             graph_database.init_driver()
             atexit.register(graph_database.close_driver)
 

api/src/backend/tasks/tasks.py

@@ -368,8 +368,12 @@ def perform_scan_summary_task(tenant_id: str, scan_id: str):
     return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)
 
 
-# TODO: This task must be queued at the `attack-paths` queue, don't forget to add it to the `docker-entrypoint.sh` file
-@shared_task(base=RLSTask, bind=True, name="attack-paths-scan-perform", queue="scans")
+@shared_task(
+    base=RLSTask,
+    bind=True,
+    name="attack-paths-scan-perform",
+    queue="attack-paths-scans",
+)
 def perform_attack_paths_scan_task(self, tenant_id: str, scan_id: str):
     """
     Execute an Attack Paths scan for the given provider within the current tenant RLS context.

docker-compose-dev.yml

@@ -98,7 +98,7 @@ services:
       # Auth
       - NEO4J_AUTH=${NEO4J_USER}/${NEO4J_PASSWORD}
       # Memory limits
-      - NEO4J_dbms_max__databases=${NEO4J_DBMS_MAX__DATABASES:-1000000}
+      - NEO4J_dbms_max__databases=${NEO4J_DBMS_MAX__DATABASES:-1000}
       - NEO4J_server_memory_pagecache_size=${NEO4J_SERVER_MEMORY_PAGECACHE_SIZE:-1G}
       - NEO4J_server_memory_heap_initial__size=${NEO4J_SERVER_MEMORY_HEAP_INITIAL__SIZE:-1G}
       - NEO4J_server_memory_heap_max__size=${NEO4J_SERVER_MEMORY_HEAP_MAX__SIZE:-1G}

docker-compose.yml

@@ -84,7 +84,7 @@ services:
       # Auth
       - NEO4J_AUTH=${NEO4J_USER}/${NEO4J_PASSWORD}
       # Memory limits
-      - NEO4J_dbms_max__databases=${NEO4J_DBMS_MAX__DATABASES:-1000000}
+      - NEO4J_dbms_max__databases=${NEO4J_DBMS_MAX__DATABASES:-1000}
       - NEO4J_server_memory_pagecache_size=${NEO4J_SERVER_MEMORY_PAGECACHE_SIZE:-1G}
       - NEO4J_server_memory_heap_initial__size=${NEO4J_SERVER_MEMORY_HEAP_INITIAL__SIZE:-1G}
       - NEO4J_server_memory_heap_max__size=${NEO4J_SERVER_MEMORY_HEAP_MAX__SIZE:-1G}