feat: ssh config for RS and POSTGRES destinations

[vamsikrishnakandi]

What are the changes introduced in this PR?

Rendering SSH config for RS and POSTGRES destinations from UI config from integrations. This is controlled by WAREHOUSE_SSH_TUNNELLING feature flag which is validated by web-app to render the fields.

What is the related Linear task?

Part of PIPE-1611

Please explain the objectives of your changes below

We can to remove UI config in web-app for SSH Tunnelling enabled destinations (RS and POSTGRES)

Any changes to existing capabilities/behaviour, mention the reason & what are the changes ?

N/A

Any new dependencies introduced with this change?

N/A

Any new checks got introduced or modified in test suites. Please explain the changes.

N/A

---

Developer checklist

• My code follows the style guidelines of this project

• No breaking changes are being introduced.

• All related docs linked with the PR?

• All changes manually tested?

• Any documentation changes needed with this change?

• I have executed schemaGenerator tests and updated schema if needed

• Are sensitive fields marked as secret in definition config?

• My test cases and placeholders use only masked/sample values for sensitive fields

• Is the PR limited to 10 file changes & one task?

Reviewer checklist

• Is the type of change in the PR title appropriate as per the changes?

• Verified that there are no credentials or confidential data exposed with the changes.

Summary by CodeRabbit

• New Features

  • Introduced SSH connection settings for PostgreSQL and RS configurations, allowing users to establish secure connections.
  • Added new fields for SSH Host, SSH Port, SSH User, and SSH Public Key in the UI, enhancing configuration options.

• Bug Fixes

  • Improved error handling and validation for various configurations, including detailed messages for missing properties.

• Tests

  • Expanded test cases for validation scenarios, including new configurations for SSH settings and consent management.

[coderabbitai]

Walkthrough

The changes introduced in this pull request enhance PostgreSQL and RS destination configurations by adding a new boolean property useSSH to the JSON schemas. This property allows for the specification of SSH connection settings, which include additional required fields (sshHost, sshPort, sshUser, and sshPublicKey) when useSSH is enabled. The UI configurations for both PostgreSQL and RS destinations have also been updated to include input fields for these SSH settings, controlled by a feature flag. Additionally, the validation configurations in the test data have been updated to reflect these new SSH parameters.

Changes

File Path	Change Summary
src/configurations/destinations/postgres/schema.json	Added useSSH property to configSchema with default false. Introduced conditional logic requiring sshHost, sshPort, sshUser, and sshPublicKey when useSSH is true. Adjusted validation patterns for sshHost, sshPort, and sshUser.
src/configurations/destinations/postgres/ui-config.json	Added UI fields for SSH settings: checkbox for SSH Connection and text inputs for SSH Host, SSH Port, SSH User, and SSH Public Key. Each field has validation rules and is linked to the WAREHOUSE_SSH_TUNNELLING feature flag.
src/configurations/destinations/rs/schema.json	Added useSSH property to configSchema with default false. Introduced conditional logic requiring sshHost, sshPort, sshUser, and sshPublicKey when useSSH is true.
src/configurations/destinations/rs/ui-config.json	Added UI fields for SSH settings: checkbox for SSH Connection and text inputs for SSH Host, SSH Port, SSH User, and SSH Public Key. Each field has validation rules and is linked to the WAREHOUSE_SSH_TUNNELLING feature flag.
test/data/validation/destinations/postgres.json	Added new configurations for testing SSH settings, including error handling for invalid configurations. Updated validation rules for various parameters and included SSH settings in test cases, ensuring compliance with the new schema requirements.

Suggested reviewers

• lvrach
• am6010
• AchuthaSourabhC
• RanjeetMishra
• krishna2020
• ssbeefeater
• debanjan97
• cisse21
• ruchiramoitra
• 1abhishekpandey
• ItsSudip
• sandeepdsvs
• utsabc

Poem

In the burrows deep, where the data flows,
A new path of SSH, the rabbit knows.
With tunnels secure, we hop and play,
Configurations bright, in a safe array.
So let us cheer, with a twitch of our ears,
For secure connections, let’s raise our cheers! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (ae60ba3) to head (009af73).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff            @@
##           develop     #1751   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           53        53           
  Branches         7         7           
=========================================
  Hits            53        53           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (7)

src/configurations/destinations/rs/ui-config.json (1)

177-190: LGTM: SSH Host field added correctly with a minor suggestion

The SSH Host field is well-implemented with appropriate prerequisites and feature flag control. However, consider updating the regex pattern to enforce a more strict hostname format.

Consider updating the regex pattern to enforce a stricter hostname format:

-          "regex": "^(.{0,100})$",
+          "regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$",

This pattern ensures a valid hostname format while still allowing IP addresses.

test/data/validation/destinations/postgres.json (3)

Line range hint 443-448: LGTM! SSH configuration added successfully.

The new SSH configuration has been implemented correctly, aligning with the PR objectives. This addition allows for SSH tunneling in PostgreSQL destinations.

Consider adding a comment explaining the purpose of this test case to improve readability and maintainability.

---

Line range hint 449-1000: LGTM! Comprehensive consent management test cases added.

The new test cases for consent management are well-structured and cover various scenarios, including:

1. Multiple consent management providers
2. Custom provider with valid and invalid configurations
3. OneTrust and Ketch specific configurations
4. Various platform-specific settings (android, ios, web, etc.)

These additions enhance the test coverage and align with the PR objectives.

Consider adding a test case for a scenario where multiple consent management providers are configured with conflicting settings to ensure the system handles such cases gracefully.

---

Line range hint 1-1000: Overall, excellent additions to the test suite.

The changes in this file significantly enhance the test coverage for PostgreSQL and other destination configurations. Key improvements include:

1. Implementation of SSH configuration tests, allowing for validation of SSH tunneling functionality.
2. Comprehensive test cases for consent management, covering multiple providers and scenarios.

These additions align well with the PR objectives and will help ensure the robustness of the SSH and consent management features.

As the test suite grows, consider organizing the test cases into separate files or sections for better maintainability. For example, you could have separate files for SSH configuration tests and consent management tests.

src/configurations/destinations/postgres/ui-config.json (1)

70-83: Consider using a more specific regex for SSH Host validation.

The SSH Host field is well-implemented, but the current regex ^(.{0,100})$ allows any string up to 100 characters. Consider using a more specific regex to validate hostnames, such as:

^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$

This regex will ensure that only valid hostnames or IP addresses are entered.

src/configurations/destinations/rs/schema.json (1)

1070-1113: LGTM: SSH configuration conditional logic

The addition of conditional logic for SSH configuration is well-implemented. It correctly requires the necessary SSH-related properties only when useSSH is set to true. The patterns for sshHost, sshPort, and sshUser are appropriate.

One minor suggestion:
Consider adding a pattern for the sshPublicKey to ensure it matches the expected format of an SSH public key. For example:

"sshPublicKey": {
  "type": "string",
  "pattern": "^(ssh-rsa|ssh-dss|ecdsa-[a-zA-Z0-9-]+|ssh-ed25519)\\s+[A-Za-z0-9+/]+[=]{0,3}(\\s+.+)?$"
}

This pattern would validate the general structure of SSH public keys.

src/configurations/destinations/postgres/schema.json (1)

1160-1189: Approve SSH configuration block with a suggestion for improvement

The new conditional block for SSH configuration is well-structured and aligns with the PR objective. It correctly defines the additional required properties when useSSH is true. However, there's a minor issue that could be improved:

The patterns for sshHost, sshPort, and sshUser (^(.{0,100})$) allow for empty strings. Since these are required fields when SSH is enabled, it might be better to ensure they contain at least one character.

Consider updating the patterns to ^(.{1,100})$ for sshHost, sshPort, and sshUser to ensure they are not empty when required. Here's the suggested change:

            "sshHost": {
              "type": "string",
-             "pattern": "^(.{0,100})$"
+             "pattern": "^(.{1,100})$"
            },
            "sshPort": {
              "type": "string",
-             "pattern": "^(.{0,100})$"
+             "pattern": "^(.{1,100})$"
            },
            "sshUser": {
              "type": "string",
-             "pattern": "^(.{0,100})$"
+             "pattern": "^(.{1,100})$"
            },

This change ensures that these fields contain at least one character when SSH is enabled.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between c026149 and 946de47.

📒 Files selected for processing (5)

• src/configurations/destinations/postgres/schema.json (2 hunks)
• src/configurations/destinations/postgres/ui-config.json (1 hunks)
• src/configurations/destinations/rs/schema.json (2 hunks)
• src/configurations/destinations/rs/ui-config.json (1 hunks)
• test/data/validation/destinations/postgres.json (1 hunks)

🧰 Additional context used

🔇 Additional comments (8)

src/configurations/destinations/rs/ui-config.json (2)

169-176: LGTM: SSH Connection checkbox added correctly

The new SSH Connection checkbox is well-implemented with appropriate default value and feature flag control.

---

169-231: Summary: SSH configuration fields added successfully with minor improvements needed

The new SSH configuration fields for the RS destination have been successfully implemented. They align well with the PR objectives and are appropriately controlled by the "WAREHOUSE_SSH_TUNNELLING" feature flag. A few minor improvements have been suggested:

1. Consider using a stricter regex pattern for the SSH Host field.
2. Update the regex pattern for the SSH Port field to ensure valid port numbers.
3. Fix the error message for the SSH User field.
4. Clarify the process for populating the SSH Public Key field.

Overall, these changes enhance the functionality of the RS destination configuration without introducing breaking changes.

src/configurations/destinations/postgres/ui-config.json (2)

62-69: LGTM: SSH Connection checkbox field is well-implemented.

The new checkbox field for enabling SSH connection is correctly implemented with appropriate labeling, default value, and feature flag control. This aligns well with the PR objectives of implementing SSH configuration rendering for PostgreSQL destinations.

---

112-124: LGTM: SSH Public Key field is correctly implemented.

The SSH Public Key field is well-implemented as a read-only textarea. This is appropriate for a public key that should be generated and not manually entered by the user. The field is correctly tied to the SSH connection checkbox and feature flag.

src/configurations/destinations/rs/schema.json (2)

27-30: LGTM: Addition of useSSH property

The addition of the useSSH property as a boolean with a default value of false is appropriate. This change aligns with the PR objective of implementing SSH configuration for RS destinations while maintaining backward compatibility.

---

Line range hint 27-1113: Summary: SSH configuration for RS destination successfully implemented

The changes in this file successfully implement SSH configuration options for the RS (Redshift) destination. Key points:

1. The useSSH property allows users to opt-in to SSH tunneling.
2. Conditional logic ensures that SSH-related properties are only required when SSH is enabled.
3. The implementation maintains backward compatibility with existing configurations.
4. The changes align well with the PR objectives and enhance the flexibility of the RS destination.

These modifications appear to be well-structured and do not introduce any breaking changes or security issues.

src/configurations/destinations/postgres/schema.json (2)

48-51: LGTM: Addition of useSSH property

The addition of the useSSH property is well-implemented. It's a boolean type with a default value of false, which ensures backward compatibility with existing configurations. This change aligns with the PR objective of implementing SSH configuration for PostgreSQL destinations.

---

Line range hint 1-1189: Summary: Well-implemented SSH configuration support

The changes to the PostgreSQL configuration schema successfully implement SSH support as per the PR objectives. The addition of the useSSH property and the conditional block for SSH-related properties are well-structured and maintain backward compatibility with existing configurations.

Key points:

1. The useSSH property provides a clear way to enable/disable SSH functionality.
2. SSH-related properties are only required when useSSH is true, ensuring flexibility in configuration.
3. The implementation doesn't affect other parts of the schema, maintaining compatibility with existing setups.

The suggested improvement for the patterns of sshHost, sshPort, and sshUser is minor and can be addressed to further enhance the robustness of the schema.

Overall, these changes effectively add SSH configuration capabilities to the PostgreSQL destination while maintaining the integrity of the existing schema structure.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

src/configurations/destinations/rs/ui-config.json (1)

177-190: Consider improving the regex pattern for SSH Host

The SSH Host field is well-implemented with appropriate prerequisites and feature flag control. However, the current regex pattern is too permissive for a hostname.

Consider updating the regex pattern to enforce a more specific hostname format:

-          "regex": "^(.{0,100})$",
+          "regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$",

This pattern ensures a valid hostname format while still allowing IP addresses.

src/configurations/destinations/postgres/ui-config.json (2)

70-83: Consider using a more specific regex for SSH Host validation.

The SSH Host field is well-implemented, but the current regex ^(.{0,100})$ allows any string up to 100 characters. Consider using a more specific regex for hostname validation:

-"regex": "^(.{0,100})$",
+"regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$",

This regex will ensure that only valid hostnames are entered.

---

112-124: Consider adding regex validation for SSH Public Key.

The SSH Public Key field is well-implemented, but it lacks a regex validation for the public key format. Consider adding a regex to ensure that only valid SSH public keys are entered:

+"regex": "^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+/]+[=]{0,3}( .*)?$",
+"regexErrorMessage": "Invalid SSH Public Key format",

This regex will ensure that only valid SSH public key formats are accepted.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 946de47 and 1915036.

📒 Files selected for processing (2)

• src/configurations/destinations/postgres/ui-config.json (1 hunks)
• src/configurations/destinations/rs/ui-config.json (1 hunks)

🧰 Additional context used

🔇 Additional comments (9)

src/configurations/destinations/rs/ui-config.json (5)

169-176: LGTM: SSH Connection checkbox implemented correctly

The SSH Connection checkbox is well-implemented with appropriate labeling, default value, and feature flag control.

---

191-204: Update regex pattern for SSH Port as previously suggested

The SSH Port field is well-implemented with appropriate prerequisites and feature flag control. As mentioned in a previous comment, the regex pattern should be updated to enforce a valid port number range.

Please apply the following change:

-          "regex": "^(.{0,100})$",
+          "regex": "^([1-9][0-9]{0,4})$",

This pattern ensures the port number is between 1 and 65535.

---

205-218: Fix regexErrorMessage for SSH User as previously suggested

The SSH User field is well-implemented with appropriate prerequisites and feature flag control. As mentioned in a previous comment, there's a minor error in the regexErrorMessage that needs to be fixed.

Please apply the following change:

-          "regexErrorMessage": "Invalid Port",
+          "regexErrorMessage": "Invalid User",

---

219-231: LGTM: SSH Public Key field implemented correctly

The SSH Public Key field is well-implemented with appropriate prerequisites, feature flag control, and read-only setting. The developer has clarified that the web application handles populating this field, which explains why it's both required and read-only.

---

169-231: Overall: SSH connection configuration well-implemented

The addition of SSH connection fields to the Redshift destination configuration is well-implemented and follows existing patterns. The new fields are appropriately controlled by the WAREHOUSE_SSH_TUNNELLING feature flag and have correct prerequisites.

A few minor improvements were suggested:

1. More specific regex pattern for the SSH Host field.
2. Updated regex pattern for the SSH Port field to enforce valid port numbers.
3. Fixed regexErrorMessage for the SSH User field.

These changes enhance the robustness of the configuration and improve user experience by providing more accurate validation and error messages.

src/configurations/destinations/postgres/ui-config.json (4)

62-69: LGTM: SSH Connection checkbox implemented correctly.

The SSH Connection checkbox is well-implemented with appropriate labeling, default value, and feature flag control.

---

84-97: Skipping comment on SSH Port field.

A previous review comment has already addressed the need to update the regex for SSH Port validation. That comment is still valid and applicable.

---

98-111: Skipping comment on SSH User field.

A previous review comment has already addressed the need to fix the regexErrorMessage for the SSH User field. That comment is still valid and applicable.

---

62-124: Summary: SSH configuration for PostgreSQL implemented successfully.

The implementation of SSH configuration rendering for PostgreSQL destinations has been completed successfully. The changes align well with the PR objectives:

1. New fields for SSH connection settings have been added.
2. The fields are controlled by the WAREHOUSE_SSH_TUNNELLING feature flag.
3. Proper prerequisites ensure the SSH fields are only shown when SSH is enabled.

Minor improvements have been suggested for regex validations to enhance input validation and user experience. Overall, the changes effectively eliminate the need for UI configuration in the web application for PostgreSQL destinations with SSH tunneling enabled.

[coderabbitai]

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (1)

src/configurations/destinations/postgres/ui-config.json (1)

70-82: Consider using a more specific regex for SSH Host validation.

While the current implementation is functional, using a more specific regex for hostname validation could improve data integrity. Consider using a regex that validates hostnames more strictly, such as:

^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$

This regex will ensure that only valid hostnames are entered.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 1915036 and 1b7987d.

📒 Files selected for processing (2)

• src/configurations/destinations/postgres/ui-config.json (1 hunks)
• src/configurations/destinations/rs/ui-config.json (1 hunks)

🧰 Additional context used

🔇 Additional comments (4)

src/configurations/destinations/rs/ui-config.json (2)

169-176: LGTM: SSH Connection checkbox implemented correctly

The SSH Connection checkbox is well-implemented with appropriate feature flag control and a safe default value.

---

216-227: LGTM: SSH Public Key field implemented correctly

The SSH Public Key field is well-implemented as a read-only, required field. This is appropriate for a public key that should be generated and managed by the system.

src/configurations/destinations/postgres/ui-config.json (2)

62-69: LGTM: SSH Connection checkbox implemented correctly.

The SSH Connection checkbox is well-implemented with the correct use of preRequisiteFeatureFlag as suggested in the previous review.

---

109-120: LGTM: SSH Public Key field implemented correctly.

The SSH Public Key field is well-implemented as a read-only textarea input. This is appropriate for displaying public keys that are typically generated elsewhere.

[arpl]

👍