fix: password-slash#62
Conversation
# Conflicts: # docker-compose.yml
📝 WalkthroughWalkthroughPostgres backup and restore operations are refactored to pass connection credentials via explicit CLI flags ( ChangesPostgres special-character password fix
docker-compose EDGE_KEY rotation
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
src/tests/domain/postgres.rs (1)
110-149: ⚡ Quick winConsider extending test coverage to verify backup/restore operations.
The test validates that
ping()works with special-character passwords (exercising thetokio_postgres::Configpath), but doesn't exercise thePGPASSWORDenvironment variable path used bypg_dump/pg_restore. Since the PR's main goal is fixing backup/restore with special passwords, consider adding a backup assertion.💡 Optional: Add backup verification
let db = DatabaseFactory::create_for_backup(config.clone()).await; let reachable = db.ping().await.unwrap_or(false); - assert_eq!(reachable, true); + + // Verify backup also works with special-character password + let backup_dir = tempfile::tempdir().unwrap(); + let logger = Arc::new(JobLogger::new()); + let backup_result = db.backup(backup_dir.path(), logger).await; + assert!(backup_result.is_ok(), "Backup should succeed with special-character password");🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/tests/domain/postgres.rs` around lines 110 - 149, The postgres_password_with_slash_test function currently only validates that ping() succeeds with the special-character password, but does not exercise the backup/restore code path that uses the PGPASSWORD environment variable with pg_dump/pg_restore. After the existing ping assertion, add a backup operation (by calling the appropriate backup method on the db object) and verify it completes successfully to ensure the special password handling works end-to-end for the actual backup/restore functionality that the PR is meant to fix.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docker-compose.yml`:
- Line 22: The EDGE_KEY environment variable on line 22 of docker-compose.yml
contains a rotated base64-encoded payload with sensitive masterKeyB64 material
that must not be committed to the repository. Replace the concrete rotated key
value with a non-sensitive placeholder example string, and configure the actual
EDGE_KEY value to be sourced from environment variables or a local .env file
instead, ensuring sensitive key material is not exposed in version control.
In `@src/domain/postgres/database.rs`:
- Around line 23-28: The build_env method in database.rs contains an info-level
log statement that outputs the entire environment variables map, which includes
the PGPASSWORD containing plaintext database credentials. Remove the info
logging statement that logs envs with the {:?} debug formatter entirely, or if
debugging information is necessary, modify it to log only the non-sensitive keys
of the environment map instead of the entire map with its values.
---
Nitpick comments:
In `@src/tests/domain/postgres.rs`:
- Around line 110-149: The postgres_password_with_slash_test function currently
only validates that ping() succeeds with the special-character password, but
does not exercise the backup/restore code path that uses the PGPASSWORD
environment variable with pg_dump/pg_restore. After the existing ping assertion,
add a backup operation (by calling the appropriate backup method on the db
object) and verify it completes successfully to ensure the special password
handling works end-to-end for the actual backup/restore functionality that the
PR is meant to fix.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: cfb981d3-6d41-4861-b6cc-fed7f837b693
📒 Files selected for processing (6)
docker-compose.ymlsrc/domain/postgres/backup.rssrc/domain/postgres/connection.rssrc/domain/postgres/database.rssrc/domain/postgres/restore.rssrc/tests/domain/postgres.rs
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Summary by CodeRabbit
New Features
Refactor
Tests