Virtual maven registries: update an uniqueness model validator

David Fernandezrequested to merge
506914-relax_iv_columns_constraints into master

🍬 Context

In the virtual maven package registry, we have an Upstream object that contains some user credentials.

Those credentials have been refactored in Add dedicated credentials columns for Maven Ups... (!171702 - merged). At that time, we added an encrypted username column and an encrypted password.

Being encrypted columns, we also have the _iv columns: encrypted_username_iv and encrypted_password_iv.

During that refactoring, we received the feedback that _iv columns should be unique. For this purpose, we added two UNIQUE indexes and a model validation.

What we totally missed is that username and password are optional. As such, we can have nil encrypted_username, encrypted_password, encrypted_username_iv and encrypted_password_iv. In that case, the Upstream can be accessed anonymously.

Guess what happens with this model uniqueness: true validation + inserting two anonymous Upstreams? Yes 💥 .

To fix it, we need to allow nil values.

🤔 What does this MR do and why?

  • Update the uniqueness model validation on Upstream to allow nil values.
  • Update the related spec.

📚 References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

🚥 MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

🦄 Screenshots or screen recordings

No UI changes

⚙️ How to set up and validate locally

  • Have 2 registries ready following this setup.

Let's try to create an anonymous upstream on registry 1:

$ curl -X POST "http://<username>:<PAT>@gdk.test:8000/api/v4/virtual_registries/packages/maven/registries/<registry1.id>/upstreams?url=https://repo1.maven.org/maven2" | jq
{
  "message": "201 Created"
}

This is the first anonymous upstream so it succeeds.

Let's see what happens in a second upstream

1️⃣ On master 

$ curl -X POST "http://<username>:<PAT>@gdk.test:8000/api/v4/virtual_registries/packages/maven/registries/<registry2.id>/upstreams?url=https://repo1.maven.org/maven2" | jq
{
  "message": {
    "encrypted_username_iv": [
      "has already been taken"
    ],
    "encrypted_password_iv": [
      "has already been taken"
    ]
  }
}

It fails due to model validation.

2️⃣ With this MR

$ curl -X POST "http://<username>:<PAT>@gdk.test:8000/api/v4/virtual_registries/packages/maven/registries/<registry2.id>/upstreams?url=https://repo1.maven.org/maven2" | jq
{
  "message": "201 Created"
}

It succeeds. 🎉

Edited by David Fernandez

Merge request reports