Skip to content

Commit 62816c9

Browse files
Explain that an empty IP allow-list blocks external connections (#503)
Updates all kv and pg commands that show a single item to note that an empty ip allow list means external connections are blocked. GROW-2604 GitOrigin-RevId: 272fadd82168499e39eefde51095d23b5c421d5e
1 parent 232286b commit 62816c9

4 files changed

Lines changed: 37 additions & 9 deletions

File tree

pkg/text/ipallowlist.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,13 @@ import (
1010
// Shared IP allow-list rendering helpers, used by both Key Value and Postgres
1111
// text output. The parsing counterpart lives in pkg/types/ipallowlist.go.
1212

13-
// ipAllowListBlock renders the allow-list as either a one-liner ("IP allow-list: (empty)")
14-
// or a header line followed by indented entries — each " - <cidr> (<description>)" or
15-
// " - <cidr>" when description is empty.
13+
// ipAllowListBlock renders the allow-list as either a one-liner
14+
// ("IP allow-list: empty (external connections blocked)") or a header line
15+
// followed by indented entries — each " - <cidr> (<description>)", or
16+
// " - <cidr>" when the description is empty.
1617
func ipAllowListBlock(entries []client.CidrBlockAndDescription) string {
1718
if len(entries) == 0 {
18-
return "IP allow-list: (empty)"
19+
return "IP allow-list: empty (external connections blocked)"
1920
}
2021
var b strings.Builder
2122
b.WriteString("IP allow-list:")

pkg/text/keyvalue.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,6 @@ func KeyValueDetail(kv *keyvalue.KeyValueOut) string {
5151
lines = append(lines, fmt.Sprintf("Memory policy: %s", *kv.MaxmemoryPolicy))
5252
}
5353
detail := strings.Join(append(lines, ipAllowListBlock(kv.IPAllowList)), "\n")
54-
if len(kv.IPAllowList) == 0 {
55-
detail = strings.Replace(detail, "IP allow-list: (empty)", "IP allow-list: (empty, external connections are blocked)", 1)
56-
}
5754
if kv.ConnectionInfo == nil {
5855
return detail
5956
}

pkg/text/keyvalue_test.go

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,16 @@ import (
1111
"github.com/stretchr/testify/assert"
1212
)
1313

14+
func basicKeyValue() *keyvalue.KeyValueOut {
15+
return &keyvalue.KeyValueOut{
16+
ID: "key-abc123",
17+
Name: "my-kv",
18+
Plan: client.KeyValuePlanStarter,
19+
Region: client.Oregon,
20+
Status: client.DatabaseStatusAvailable,
21+
}
22+
}
23+
1424
func TestKeyValueDetail_OmitsProjectAndEnvironmentWhenUnset(t *testing.T) {
1525
kv := keyvalue.KeyValueOut{
1626
ID: "red-abc123",
@@ -60,3 +70,23 @@ func TestKeyValueDetail_HappyPath(t *testing.T) {
6070
"Memory policy: allkeys-lru",
6171
)
6272
}
73+
74+
func TestKeyValueDetail_IPAllowList(t *testing.T) {
75+
t.Run("explains that empty allow-list blocks external connections", func(t *testing.T) {
76+
kv := basicKeyValue()
77+
assert.Contains(t, text.KeyValueDetail(kv), "IP allow-list: empty (external connections blocked)")
78+
})
79+
80+
t.Run("renders populated entries", func(t *testing.T) {
81+
kv := basicKeyValue()
82+
kv.IPAllowList = []client.CidrBlockAndDescription{
83+
{CidrBlock: "10.0.0.0/8", Description: "internal"},
84+
{CidrBlock: "203.0.113.5/32"},
85+
}
86+
out := text.KeyValueDetail(kv)
87+
assert.Contains(t, out, "IP allow-list:")
88+
assert.Contains(t, out, "10.0.0.0/8 (internal)")
89+
assert.Contains(t, out, "203.0.113.5/32")
90+
assert.NotContains(t, out, "external connections blocked")
91+
})
92+
}

pkg/text/postgres_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,9 +154,9 @@ func TestPostgresDetail_ReadReplicas(t *testing.T) {
154154
}
155155

156156
func TestPostgresDetail_IPAllowList(t *testing.T) {
157-
t.Run("renders empty allow-list as (empty)", func(t *testing.T) {
157+
t.Run("explains that empty allow-list blocks external connections", func(t *testing.T) {
158158
pg := basicPostgresOut(basicPostgres())
159-
assert.Contains(t, text.PostgresDetail(&pg), "IP allow-list: (empty)")
159+
assert.Contains(t, text.PostgresDetail(&pg), "IP allow-list: empty (external connections blocked)")
160160
})
161161

162162
t.Run("renders populated entries", func(t *testing.T) {

0 commit comments

Comments
 (0)