e5e7ebfe80dbec4965226225050d4ef5c8216e88-PR-605

Committed 21 Feb 2025 02:35PM UTC coverage: 45.973% (-0.03%) from 46.003%

Build # e5e7ebfe80dbec4965226225050d4ef5c8216e88-PR-605

Build Type

Pull #605

github

Committed by

hauleth

Commit Message

fix: remaining SSL connections that need to set `verify_none` option

Pull Request Pull Request #605: fix: remaining SSL connections that need to set `verify_none` option

Run Details

2 of 9 new or added lines in 3 files covered. (22.22%)

267 existing lines in 26 files now uncovered.

959 of 2086 relevant lines covered (45.97%)

635.02 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/lib/supavisor/tenants/tenant.ex

defmodule Supavisor.Tenants.Tenant do
  @moduledoc false

  use Ecto.Schema
  import Ecto.Changeset
  alias Supavisor.Tenants.User

  @type t :: %__MODULE__{}

  @primary_key {:id, :binary_id, autogenerate: true}
  @schema_prefix "_supavisor"

  @derive {Jason.Encoder, except: [:upstream_tls_ca, :__meta__]}

  schema "tenants" do
    field(:db_host, :string)
    field(:db_port, :integer)
    field(:db_database, :string)
    field(:external_id, :string)
    field(:default_parameter_status, :map)
    field(:ip_version, Ecto.Enum, values: [:v4, :v6, :auto], default: :auto)
    field(:upstream_ssl, :boolean, default: false)
    field(:upstream_verify, Ecto.Enum, values: [:none, :peer])
    field(:upstream_tls_ca, :binary)
    field(:enforce_ssl, :boolean, default: false)
    field(:require_user, :boolean, default: false)
    field(:auth_query, :string)
    field(:default_pool_size, :integer, default: 15)
    field(:sni_hostname, :string)
    field(:default_max_clients, :integer, default: 1000)
    field(:client_idle_timeout, :integer, default: 0)
    field(:client_heartbeat_interval, :integer, default: 60)
    field(:allow_list, {:array, :string}, default: ["0.0.0.0/0", "::/0"])
    field(:availability_zone, :string)

    has_many(:users, User,
      foreign_key: :tenant_external_id,
      references: :external_id,
      on_delete: :delete_all,
      on_replace: :delete
    )

    timestamps()
  end

  @doc false
  def changeset(tenant, attrs) do
    tenant
    |> cast(attrs, [
      :default_parameter_status,
      :external_id,
      :db_host,
      :db_port,
      :db_database,
      :ip_version,
      :upstream_ssl,
      :upstream_verify,
      :upstream_tls_ca,
      :enforce_ssl,
      :require_user,
      :auth_query,
      :default_pool_size,
      :sni_hostname,
      :default_max_clients,
      :client_idle_timeout,
      :client_heartbeat_interval,
      :allow_list,
      :availability_zone
    ])
    |> check_constraint(:upstream_ssl, name: :upstream_constraints, prefix: "_supavisor")
    |> check_constraint(:upstream_verify, name: :upstream_constraints, prefix: "_supavisor")
    |> validate_required([
      :default_parameter_status,
      :external_id,
      :db_host,
      :db_port,
      :db_database,
      :require_user,
      :allow_list
    ])
    |> validate_allow_list()
    |> unique_constraint([:external_id])
    |> cast_assoc(:users, with: &User.changeset/2)
  end

  @doc """
  Validates CIDRs passed in allow_list field parse correctly.

  ## Examples

    iex> changeset =
    iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0"]})
    iex> |> Supavisor.Tenants.Tenant.validate_allow_list()
    iex> changeset.errors
    [allow_list: {"Invalid CIDR range: 0.0.0.0", []}]

    iex> changeset =
    iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0/0", "::/0"]})
    iex> |> Supavisor.Tenants.Tenant.validate_allow_list()
    iex> changeset.errors
    []

    iex> changeset =
    iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0/0", "foo", "bar"]})
    iex> |> Supavisor.Tenants.Tenant.validate_allow_list()
    iex> changeset.errors
    [{:allow_list, {"Invalid CIDR range: foo", []}}, {:allow_list, {"Invalid CIDR range: bar", []}}]

    iex> changeset =
    iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0/0   "]})
    iex> |> Supavisor.Tenants.Tenant.validate_allow_list()
    iex> changeset.errors
    []
  """

  @spec validate_allow_list(Ecto.Changeset.t()) :: Ecto.Changeset.t()
  def validate_allow_list(changeset) do
    validate_change(changeset, :allow_list, fn :allow_list, value when is_list(value) ->
      for range <- value, !valid_range?(range) do
        {:allow_list, "Invalid CIDR range: #{range}"}
      end
    end)
  end

  defp valid_range?(range) do
    match?({:ok, _}, InetCidr.parse_cidr(range))
  end
end

1	defmodule Supavisor.Tenants.Tenant do
2	@moduledoc false
3
4	use Ecto.Schema
5	import Ecto.Changeset
6	alias Supavisor.Tenants.User
7
8	@type t :: %__MODULE__{}
9
10	@primary_key {:id, :binary_id, autogenerate: true}
11	@schema_prefix "_supavisor"
12
13	@derive {Jason.Encoder, except: [:upstream_tls_ca, :__meta__]}
14
15	schema "tenants" do	389✔
16	field(:db_host, :string)
17	field(:db_port, :integer)
18	field(:db_database, :string)
19	field(:external_id, :string)
20	field(:default_parameter_status, :map)
21	field(:ip_version, Ecto.Enum, values: [:v4, :v6, :auto], default: :auto)
22	field(:upstream_ssl, :boolean, default: false)
23	field(:upstream_verify, Ecto.Enum, values: [:none, :peer])
24	field(:upstream_tls_ca, :binary)
25	field(:enforce_ssl, :boolean, default: false)
26	field(:require_user, :boolean, default: false)
27	field(:auth_query, :string)
28	field(:default_pool_size, :integer, default: 15)
29	field(:sni_hostname, :string)
30	field(:default_max_clients, :integer, default: 1000)
31	field(:client_idle_timeout, :integer, default: 0)
32	field(:client_heartbeat_interval, :integer, default: 60)
33	field(:allow_list, {:array, :string}, default: ["0.0.0.0/0", "::/0"])
34	field(:availability_zone, :string)
35
36	has_many(:users, User,
37	foreign_key: :tenant_external_id,
38	references: :external_id,
39	on_delete: :delete_all,
40	on_replace: :delete
41	)
42
43	timestamps()
44	end
45
46	@doc false
47	def changeset(tenant, attrs) do
48	tenant
49	\|> cast(attrs, [
50	:default_parameter_status,
51	:external_id,
52	:db_host,
53	:db_port,
54	:db_database,
55	:ip_version,
56	:upstream_ssl,
57	:upstream_verify,
58	:upstream_tls_ca,
59	:enforce_ssl,
60	:require_user,
61	:auth_query,
62	:default_pool_size,
63	:sni_hostname,
64	:default_max_clients,
65	:client_idle_timeout,
66	:client_heartbeat_interval,
67	:allow_list,
68	:availability_zone
69	])
70	\|> check_constraint(:upstream_ssl, name: :upstream_constraints, prefix: "_supavisor")
71	\|> check_constraint(:upstream_verify, name: :upstream_constraints, prefix: "_supavisor")
72	\|> validate_required([
73	:default_parameter_status,
74	:external_id,
75	:db_host,
76	:db_port,
77	:db_database,
78	:require_user,
79	:allow_list
80	])
81	\|> validate_allow_list()
82	\|> unique_constraint([:external_id])
83	\|> cast_assoc(:users, with: &User.changeset/2)	29✔
84	end
85
86	@doc """
87	Validates CIDRs passed in allow_list field parse correctly.
88
89	## Examples
90
91	iex> changeset =
92	iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0"]})
93	iex> \|> Supavisor.Tenants.Tenant.validate_allow_list()
94	iex> changeset.errors
95	[allow_list: {"Invalid CIDR range: 0.0.0.0", []}]
96
97	iex> changeset =
98	iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0/0", "::/0"]})
99	iex> \|> Supavisor.Tenants.Tenant.validate_allow_list()
100	iex> changeset.errors
101	[]
102
103	iex> changeset =
104	iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0/0", "foo", "bar"]})
105	iex> \|> Supavisor.Tenants.Tenant.validate_allow_list()
106	iex> changeset.errors
107	[{:allow_list, {"Invalid CIDR range: foo", []}}, {:allow_list, {"Invalid CIDR range: bar", []}}]
108
109	iex> changeset =
110	iex> Ecto.Changeset.change(%Supavisor.Tenants.Tenant{}, %{allow_list: ["0.0.0.0/0 "]})
111	iex> \|> Supavisor.Tenants.Tenant.validate_allow_list()
112	iex> changeset.errors
113	[]
114	"""
115
116	@spec validate_allow_list(Ecto.Changeset.t()) :: Ecto.Changeset.t()
117	def validate_allow_list(changeset) do
118	validate_change(changeset, :allow_list, fn :allow_list, value when is_list(value) ->	33✔
UNCOV 119	for range <- value, !valid_range?(range) do	8✔
UNCOV 120	{:allow_list, "Invalid CIDR range: #{range}"}	7✔
121	end
122	end)
123	end
124
125	defp valid_range?(range) do
UNCOV 126	match?({:ok, _}, InetCidr.parse_cidr(range))	12✔
127	end
128	end

supabase / supavisor / e5e7ebfe80dbec4965226225050d4ef5c8216e88-PR-605

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous