[backend] feat(multitenancy): adding builtin connectors for new tenants (#3505)

Author: Dimfacion

openaev-api/src/main/java/io/openaev/helper/InjectHelper.java

@@ -11,13 +11,15 @@
 import io.openaev.execution.ExecutionContext;
 import io.openaev.execution.ExecutionContextService;
 import jakarta.annotation.Resource;
+import jakarta.persistence.EntityManager;
 import jakarta.validation.constraints.NotNull;
 import java.time.Instant;
 import java.util.List;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import lombok.RequiredArgsConstructor;
 import org.hibernate.Hibernate;
+import org.hibernate.Session;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 import reactor.util.function.Tuple2;
@@ -41,6 +43,7 @@ public class InjectHelper {
 
   private final InjectRepository injectRepository;
   private final ExecutionContextService executionContextService;
+  private final EntityManager entityManager;
 
   /**
    * Retrieves the teams targeted by an inject.
@@ -121,6 +124,9 @@ private boolean isBeforeOrEqualsNow(Injection injection) {
    * @return list of pending injects scheduled within the threshold
    */
   public List<Inject> getAllPendingInjectsWithThresholdMinutes(int thresholdMinutes) {
+    // Disable tenant filter — called from InjectsExecutionJob which runs cross-tenant
+    entityManager.unwrap(Session.class).disableFilter("tenantFilter");
+
     return this.injectRepository.findAll(
         InjectSpecification.pendingInjectWithThresholdMinutes(thresholdMinutes));
   }
@@ -153,6 +159,9 @@ private ExecutableInject toExecutableInject(Inject inject) {
    */
   @Transactional
   public List<ExecutableInject> getInjectsToRun() {
+    // Disable tenant filter — called from InjectsExecutionJob which runs cross-tenant
+    entityManager.unwrap(Session.class).disableFilter("tenantFilter");
+
     // Get injects
     List<Inject> injects = this.injectRepository.findAll(InjectSpecification.executable());
     Stream<ExecutableInject> executableInjects =

openaev-api/src/main/java/io/openaev/integration/ManagerFactory.java

@@ -1,10 +1,13 @@
 package io.openaev.integration;
 
 import static io.openaev.aop.lock.LockResourceType.MANAGER_FACTORY;
+import static io.openaev.helper.StreamHelper.fromIterable;
 
 import io.openaev.aop.lock.Lock;
 import io.openaev.context.TenantContext;
+import io.openaev.database.audit.TenantAssertionControl;
 import io.openaev.database.model.Tenant;
+import io.openaev.database.repository.TenantRepository;
 import io.openaev.datapack.DataPackProcessor;
 import io.openaev.integration.impl.executors.paloaltocortex.PaloAltoCortexExecutorIntegrationFactory;
 import io.openaev.integration.impl.executors.sentinelone.SentinelOneExecutorIntegrationFactory;
@@ -15,6 +18,7 @@
 import io.openaev.service.PreviewFeatureService;
 import io.openaev.service.tenants.UserTenantService;
 import jakarta.annotation.PostConstruct;
+import jakarta.persistence.EntityManager;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -27,7 +31,9 @@
 public class ManagerFactory implements DependenciesManager {
   private final List<IntegrationFactory> factories;
   private final List<BuiltinTenantRegistrable> builtinRegistrables;
+  private final TenantRepository tenantRepository;
   private final PreviewFeatureService previewFeatureService;
+  private final EntityManager entityManager;
 
   @PostConstruct
   public void disableFlaggedExecutors() {
@@ -54,6 +60,7 @@ public void disableFlaggedExecutors() {
   public Manager getManager() {
     if (manager == null) {
       try {
+        registerBuiltinsForAllTenants();
         this.manager = new Manager(factories);
         this.manager.monitorIntegrations();
       } catch (Exception e) {
@@ -63,9 +70,35 @@ public Manager getManager() {
     return this.manager;
   }
 
+  /**
+   * Ensures built-in connectors are registered for every existing tenant. This covers tenants
+   * created before the builtin registration mechanism was introduced (e.g. the default tenant
+   * created by Flyway migration) and is idempotent — safe to run on every startup.
+   */
+  private void registerBuiltinsForAllTenants() {
+    List<Tenant> tenants = fromIterable(tenantRepository.findAll());
+    TenantAssertionControl.suppress();
+    try {
+      for (Tenant tenant : tenants) {
+        try {
+          createDependencyForTenant(tenant);
+        } catch (DependenciesManagerException e) {
+          log.error(
+              "Failed to register built-in connectors for tenant '{}': {}",
+              tenant.getName(),
+              e.getMessage(),
+              e);
+        }
+      }
+    } finally {
+      TenantAssertionControl.restore();
+    }
+  }
+
   // -- TENANT DEPENDENCIES --
 
   @Override
+  @Transactional
   public void createDependencyForTenant(Tenant tenant) throws DependenciesManagerException {
 
     String previousTenant = TenantContext.getCurrentTenant();

openaev-api/src/main/java/io/openaev/integration/impl/executors/openaev/OpenAEVExecutorIntegration.java

@@ -1,17 +1,14 @@
 package io.openaev.integration.impl.executors.openaev;
 
 import io.openaev.database.model.ConnectorInstance;
-import io.openaev.database.model.Endpoint;
 import io.openaev.database.repository.AssetAgentJobRepository;
-import io.openaev.executors.ExecutorService;
 import io.openaev.executors.openaev.service.OpenAEVExecutorContextService;
 import io.openaev.integration.ComponentRequestEngine;
 import io.openaev.integration.Integration;
 import io.openaev.integration.QualifiedComponent;
 import io.openaev.service.connector_instances.ConnectorInstanceService;
 
 public class OpenAEVExecutorIntegration extends Integration {
-  private final ExecutorService executorService;
   private final AssetAgentJobRepository assetAgentJobRepository;
 
   public static final String OPENAEV_EXECUTOR_ID = "2f9a0936-c327-4e95-b406-d161d32a2501";
@@ -27,29 +24,14 @@ public class OpenAEVExecutorIntegration extends Integration {
   public OpenAEVExecutorIntegration(
       ConnectorInstance connectorInstance,
       ConnectorInstanceService connectorInstanceService,
-      ExecutorService executorService,
       AssetAgentJobRepository assetAgentJobRepository,
       ComponentRequestEngine componentRequestEngine) {
     super(componentRequestEngine, connectorInstance, connectorInstanceService);
     this.assetAgentJobRepository = assetAgentJobRepository;
-    this.executorService = executorService;
   }
 
   @Override
   protected void innerStart() throws Exception {
-    executorService.register(
-        OPENAEV_EXECUTOR_ID,
-        OPENAEV_EXECUTOR_TYPE,
-        OPENAEV_EXECUTOR_NAME,
-        OPENAEV_EXECUTOR_DOCUMENTATION_LINK,
-        OPENAEV_EXECUTOR_BACKGROUND_COLOR,
-        getClass().getResourceAsStream("/img/icon-openaev.png"),
-        getClass().getResourceAsStream("/img/banner-openaev.png"),
-        new String[] {
-          Endpoint.PLATFORM_TYPE.Windows.name(),
-          Endpoint.PLATFORM_TYPE.Linux.name(),
-          Endpoint.PLATFORM_TYPE.MacOS.name()
-        });
 
     this.openAEVExecutorContextService = new OpenAEVExecutorContextService(assetAgentJobRepository);
   }

openaev-api/src/main/java/io/openaev/integration/impl/executors/openaev/OpenAEVExecutorIntegrationFactory.java

@@ -62,11 +62,7 @@ public List<ConnectorInstance> findRelatedInstances() {
   @Override
   public Integration spawn(ConnectorInstance instance) {
     return new OpenAEVExecutorIntegration(
-        instance,
-        connectorInstanceService,
-        executorService,
-        assetAgentJobRepository,
-        componentRequestEngine);
+        instance, connectorInstanceService, assetAgentJobRepository, componentRequestEngine);
   }
 
   @Override

openaev-api/src/main/java/io/openaev/integration/impl/injectors/channel/ChannelInjectorIntegration.java

@@ -3,7 +3,6 @@
 import io.openaev.database.model.ConnectorInstance;
 import io.openaev.database.repository.ArticleRepository;
 import io.openaev.executors.InjectorContext;
-import io.openaev.healthcheck.enums.ExternalServiceDependency;
 import io.openaev.injectors.channel.ChannelContract;
 import io.openaev.injectors.channel.ChannelExecutor;
 import io.openaev.injectors.email.service.EmailService;
@@ -13,7 +12,6 @@
 import io.openaev.service.InjectExpectationService;
 import io.openaev.service.InjectorService;
 import io.openaev.service.connector_instances.ConnectorInstanceService;
-import java.util.List;
 
 public class ChannelInjectorIntegration extends IntegrationInMemory {
   static final String CHANNEL_INJECTOR_NAME = "Media pressure";
@@ -51,16 +49,6 @@ public ChannelInjectorIntegration(
 
   @Override
   protected void innerStart() throws Exception {
-    injectorService.registerBuiltinInjector(
-        CHANNEL_INJECTOR_ID,
-        CHANNEL_INJECTOR_NAME,
-        this.channelContract,
-        false,
-        "media-pressure",
-        null,
-        null,
-        false,
-        List.of(ExternalServiceDependency.SMTP, ExternalServiceDependency.SMTP));
     this.channelExecutor =
         new ChannelExecutor(
             injectorContext,

openaev-api/src/main/java/io/openaev/integration/impl/injectors/email/EmailInjectorIntegration.java

@@ -2,7 +2,6 @@
 
 import io.openaev.database.model.ConnectorInstance;
 import io.openaev.executors.InjectorContext;
-import io.openaev.healthcheck.enums.ExternalServiceDependency;
 import io.openaev.injectors.email.EmailContract;
 import io.openaev.injectors.email.EmailExecutor;
 import io.openaev.injectors.email.service.EmailService;
@@ -12,7 +11,6 @@
 import io.openaev.service.InjectExpectationService;
 import io.openaev.service.InjectorService;
 import io.openaev.service.connector_instances.ConnectorInstanceService;
-import java.util.List;
 
 public class EmailInjectorIntegration extends IntegrationInMemory {
   static final String EMAIL_INJECTOR_NAME = "Email";
@@ -47,16 +45,6 @@ public EmailInjectorIntegration(
 
   @Override
   protected void innerStart() throws Exception {
-    injectorService.registerBuiltinInjector(
-        EMAIL_INJECTOR_ID,
-        EMAIL_INJECTOR_NAME,
-        emailContract,
-        false,
-        "communication",
-        null,
-        null,
-        false,
-        List.of(ExternalServiceDependency.SMTP, ExternalServiceDependency.IMAP));
     this.emailExecutor = new EmailExecutor(injectorContext, emailService, injectExpectationService);
   }
 

openaev-api/src/main/java/io/openaev/integration/impl/injectors/manual/ManualInjectorIntegration.java

@@ -10,7 +10,6 @@
 import io.openaev.service.InjectExpectationService;
 import io.openaev.service.InjectorService;
 import io.openaev.service.connector_instances.ConnectorInstanceService;
-import java.util.List;
 
 public class ManualInjectorIntegration extends IntegrationInMemory {
   static final String MANUAL_INJECTOR_NAME = "Manual";
@@ -42,16 +41,6 @@ public ManualInjectorIntegration(
 
   @Override
   protected void innerStart() throws Exception {
-    injectorService.registerBuiltinInjector(
-        MANUAL_INJECTOR_ID,
-        MANUAL_INJECTOR_NAME,
-        manualContract,
-        true,
-        "generic",
-        null,
-        null,
-        false,
-        List.of());
     this.manualExecutor = new ManualExecutor(injectorContext, injectExpectationService);
   }
 

openaev-api/src/main/java/io/openaev/integration/impl/injectors/openaev/OpenaevInjectorIntegration.java

@@ -13,8 +13,6 @@
 import io.openaev.service.InjectExpectationService;
 import io.openaev.service.InjectorService;
 import io.openaev.service.connector_instances.ConnectorInstanceService;
-import java.util.List;
-import java.util.Map;
 
 public class OpenaevInjectorIntegration extends IntegrationInMemory {
   public static final String OPENAEV_INJECTOR_NAME = "OpenAEV Implant";
@@ -54,21 +52,6 @@ public OpenaevInjectorIntegration(
 
   @Override
   protected void innerStart() throws Exception {
-    Map<String, String> executorCommands =
-        OpenaevImplantCommandBuilder.buildExecutorCommands(openAEVConfig);
-    Map<String, String> executorClearCommands =
-        OpenaevImplantCommandBuilder.buildExecutorClearCommands();
-
-    injectorService.registerBuiltinInjector(
-        OPENAEV_INJECTOR_ID,
-        OPENAEV_INJECTOR_NAME,
-        openAEVImplantContract,
-        false,
-        "simulation-implant",
-        executorCommands,
-        executorClearCommands,
-        true,
-        List.of());
     this.openAEVImplantExecutor =
         new OpenAEVImplantExecutor(
             injectorContext, assetGroupService, injectExpectationService, injectService);

openaev-api/src/main/java/io/openaev/integration/impl/injectors/opencti/OpenCTIInjectorIntegration.java

@@ -2,7 +2,6 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import io.openaev.database.model.ConnectorInstance;
-import io.openaev.database.model.ConnectorType;
 import io.openaev.executors.InjectorContext;
 import io.openaev.executors.exception.ExecutorException;
 import io.openaev.injectors.opencti.OpenCTIContract;
@@ -69,20 +68,6 @@ public OpenCTIInjectorIntegration(
 
   @Override
   protected void innerStart() throws Exception {
-    String injectorId =
-        connectorInstanceService.getConnectorInstanceConfigurationsByIdAndKey(
-            connectorInstance.getId(), ConnectorType.INJECTOR.getIdKeyName());
-
-    injectorService.registerBuiltinInjector(
-        injectorId,
-        OPENCTI_INJECTOR_NAME,
-        openCTIContract,
-        true,
-        "incident-response",
-        null,
-        null,
-        false,
-        new ArrayList<>());
     this.openCTIExecutor =
         new OpenCTIExecutor(injectorContext, openCTIService, injectExpectationService);
   }

openaev-api/src/main/java/io/openaev/integration/impl/injectors/ovh/OvhInjectorIntegration.java

@@ -2,7 +2,6 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import io.openaev.database.model.ConnectorInstance;
-import io.openaev.database.model.ConnectorType;
 import io.openaev.executors.InjectorContext;
 import io.openaev.executors.exception.ExecutorException;
 import io.openaev.injectors.ovh.OvhSmsContract;
@@ -17,7 +16,6 @@
 import io.openaev.service.InjectorService;
 import io.openaev.service.connector_instances.ConnectorInstanceService;
 import java.lang.reflect.InvocationTargetException;
-import java.util.List;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -68,20 +66,6 @@ public OvhInjectorIntegration(
 
   @Override
   protected void innerStart() throws Exception {
-    String injectorId =
-        connectorInstanceService.getConnectorInstanceConfigurationsByIdAndKey(
-            connectorInstance.getId(), ConnectorType.INJECTOR.getIdKeyName());
-
-    injectorService.registerBuiltinInjector(
-        injectorId,
-        OVH_SMS_INJECTOR_NAME,
-        ovhSmsContract,
-        true,
-        "communication",
-        null,
-        null,
-        false,
-        List.of());
     OvhSmsService ovhSmsService = new OvhSmsService(this.config);
     this.ovhSmsExecutor =
         new OvhSmsExecutor(injectorContext, ovhSmsService, injectExpectationService);