Fix/245 hypervisor connection uri validation

[atin65536]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical fix by implementing robust validation for hypervisor connection URIs. It introduces a database migration to ensure that MachinePool objects have unique connection URIs, preventing data inconsistencies. To thoroughly verify this new constraint, the PR also includes a comprehensive refactoring of the functional testing framework, providing more structured and reliable methods for managing test databases and migrations, and adds a dedicated test suite to validate the uniqueness logic under diverse conditions.

Highlights

• Database Migration for Unique Connection URI: A new migration was introduced to enforce uniqueness on the 'connection_uri' field within the 'driver_spec' JSONB column of the 'machine_pools' table. This includes a new SQL function to_jsonb_safe to handle potential invalid JSONB conversions gracefully during indexing.
• Refactored Functional Test Utilities: The genesis_core/tests/functional/utils.py file was significantly refactored to introduce TestDBManager and TestMigrationManager classes. These provide standardized and improved context managers and helper functions for setting up and tearing down test databases and applying/rolling back migrations.
• New Functional Test for Machine Pool Connection URI Validation: A new functional test file genesis_core/tests/functional/dm/test_machine_pool.py was added. This test specifically validates the new unique constraint on the connection_uri for MachinePool objects, covering various scenarios including null, empty, and duplicate URIs.
• Enhanced Pytest Fixtures: New pytest fixtures (main_db_url, test_db_name, test_db_url, test_db, test_migrations_manager, test_session) were added to genesis_core/tests/functional/conftest.py. These fixtures leverage the newly refactored TestDBManager and TestMigrationManager to streamline database and migration setup for functional tests.

Changelog

• genesis_core/tests/functional/conftest.py
  • Added new pytest fixtures for database and migration setup, utilizing the new TestDBManager and TestMigrationManager.
• genesis_core/tests/functional/dm/test_machine_pool.py
  • Added a new functional test file to validate the unique connection URI constraint for machine pools, covering various input scenarios.
• genesis_core/tests/functional/utils.py
  • Refactored and extended database and migration test utility classes, introducing TestDBManager and TestMigrationManager for improved test infrastructure.
  • Added patch_engines_default context manager to allow patching the default engine for tests.
• migrations/0053-unique-machine-pool-connection-uri-d16cdd.py
  • Introduced a new database migration to create a unique index on the connection_uri field within the driver_spec JSONB column of the machine_pools table.
  • Added a to_jsonb_safe SQL function to handle invalid JSONB conversions gracefully during index creation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a database migration to enforce a unique constraint on the connection_uri for hypervisors, preventing duplicate entries. New functional tests are added to validate this constraint, covering various scenarios including null and duplicate values. The testing infrastructure is also enhanced with new fixtures and utility classes in conftest.py and utils.py for better database and migration management during tests.

The changes are well-structured and effectively implement the desired validation. My review includes a couple of suggestions for the new test utilities in genesis_core/tests/functional/utils.py to improve robustness and adherence to best practices regarding database query construction and interaction with third-party library internals.

[gemini-code-assist]

Accessing the private attribute _pool directly is brittle and couples this test utility to the internal implementation of PgSQLEngine. It's better to use a public API for closing the connection pool if one exists. This will make the code more robust to changes in the underlying library.

[atin65536]

Engine doesn't have a close method. Pool closing occurs in __del__, which is somewhat hacky and requires a mandatory call to the garbage collector. It looks like there are issues with the Engine lifecycle.

[gemini-code-assist]

The create_db and drop_db methods use f-strings to construct CREATE DATABASE and DROP DATABASE queries. This is a potential SQL injection vulnerability. While the risk is low in a test environment where the database name is controlled, this is a dangerous pattern that should be avoided. Database identifiers should be properly quoted using a mechanism provided by the database driver/ORM to prevent injection. For example, if restalchemy is built on SQLAlchemy, you could use sqlalchemy.sql.compiler.IdentifierPreparer.

[atin65536]

Since this happens in tests and not production, it is not critical.

[gmelikov]

I thought about why do we need such function, and looks like the answer is that driver_spec is not a jsonb field. Mayeb convert it to jsonb, so if it's not valid - we won't have a trash in DB @akremenetsky ?

driver_spec field will be validated in RA already https://github.com/infraguys/genesis_core/blob/master/genesis_core/compute/dm/models.py#L147 (but it uses old way to work with json fields, that's why it's varchar in DB).

It's not a blocker for this PR, but looks like a tech debt.