fix(jmxauth): tolerate JMX auth failures at discovery, re-attempt if …

…new matching Credentials added (#329)

* fix(jmxauth): tolerate JMX auth failures at discovery, re-attempt if new matching Credentials added

* JSON request filter allows ids in matchexpressions

src/main/java/io/cryostat/JsonRequestFilter.java

@@ -33,7 +33,8 @@
 public class JsonRequestFilter implements ContainerRequestFilter {
 
     static final Set<String> disallowedFields = Set.of("id");
-    static final Set<String> allowedPaths = Set.of("/api/v2.2/discovery");
+    static final Set<String> allowedPaths =
+            Set.of("/api/v2.2/discovery", "/api/beta/matchexpressions");
 
     private final ObjectMapper objectMapper = new ObjectMapper();
 

src/main/java/io/cryostat/targets/Target.java

@@ -244,11 +244,7 @@ void prePersist(Target target) throws JvmIdException {
                                 .await()
                                 .atMost(Duration.ofSeconds(10));
             } catch (Exception e) {
-                // TODO tolerate this in the condition that the connection failed because of JMX
-                // auth. In that instance then persist the entity with a null jvmId, but listen for
-                // new Credentials and test them against any targets with null jvmIds to see if we
-                // can populate them.
-                throw new JvmIdException(e);
+                logger.info(e);
             }
         }
 

src/main/java/io/cryostat/targets/Targets.java

@@ -16,18 +16,62 @@
 package io.cryostat.targets;
 
 import java.net.URI;
+import java.time.Duration;
 import java.util.List;
+import java.util.Optional;
 
+import io.cryostat.credentials.Credential;
+import io.cryostat.expressions.MatchExpressionEvaluator;
+
+import io.quarkus.vertx.ConsumeEvent;
 import jakarta.annotation.security.RolesAllowed;
+import jakarta.inject.Inject;
+import jakarta.transaction.Transactional;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.core.Response;
+import org.jboss.logging.Logger;
 import org.jboss.resteasy.reactive.RestPath;
 import org.jboss.resteasy.reactive.RestResponse;
+import org.projectnessie.cel.tools.ScriptException;
 
 @Path("")
 public class Targets {
 
+    @Inject MatchExpressionEvaluator matchExpressionEvaluator;
+    @Inject TargetConnectionManager connectionManager;
+    @Inject Logger logger;
+
+    @ConsumeEvent(value = Credential.CREDENTIALS_STORED, blocking = true)
+    @Transactional
+    void updateCredential(Credential credential) {
+        Target.<Target>find("jvmId", (String) null)
+                .list()
+                .forEach(
+                        t -> {
+                            try {
+                                if (matchExpressionEvaluator.applies(
+                                        credential.matchExpression, t)) {
+                                    t.jvmId =
+                                            connectionManager
+                                                    .executeDirect(
+                                                            t,
+                                                            Optional.empty(),
+                                                            conn ->
+                                                                    conn.getJvmIdentifier()
+                                                                            .getHash())
+                                                    .await()
+                                                    .atMost(Duration.ofSeconds(10));
+                                    t.persist();
+                                }
+                            } catch (ScriptException e) {
+                                logger.error(e);
+                            } catch (Exception e) {
+                                logger.warn(e);
+                            }
+                        });
+    }
+
     @GET
     @Path("/api/v1/targets")
     @RolesAllowed("read")