Skip to content

feat(environments): validate environment limits in webapp, worker and…#86

Merged
digmunhoz merged 3 commits intomainfrom
feature/organization-settings
Mar 8, 2026
Merged

feat(environments): validate environment limits in webapp, worker and…#86
digmunhoz merged 3 commits intomainfrom
feature/organization-settings

Conversation

@digmunhoz
Copy link
Copy Markdown
Contributor

@digmunhoz digmunhoz commented Mar 8, 2026

Description

Adds environment limits validation for webapp, worker and cron on create/update. Environment settings are stored per environment (single JSON row). Limits (CPU, memory, max pods) are loaded via EnvironmentSettingsRepository, normalized with get_environment_limits_from_settings(), and enforced by validate_webapp_settings_against_environment_limits() in webapp_validators, reused by all three components.

Implementation:

  • Services accept an optional EnvironmentSettingsRepository; when provided, create/update loads settings by environment_id, builds limits from the JSON, and runs the validator before cluster selection or persistence.
  • Validation runs before get_cluster_for_instance so invalid payloads fail fast and unit tests do not depend on cluster selection.
  • Handlers inject the repository and map EnvironmentSettingsValidationError to 400 with a clear message.
  • Cron has no autoscaling; the validator is called with autoscaling_min=1, autoscaling_max=1 so only CPU, memory and a single-pod cap apply.

Other changes:

  • EnvironmentSettings model uses JSONBCompat (JSONB on PostgreSQL, JSON on SQLite) for SQLite-friendly integration tests.
  • IdentityProviderResponse DTO migrated from Pydantic class Config to ConfigDict (deprecation fix).
  • Lint: unused imports removed, duplicate import in main.py, ruff formatting.

Related Issue

Closes #

Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✨ New feature (non-breaking change that adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to change)
  • 📚 Documentation update
  • 🔧 Refactoring (no functional changes)
  • 🧪 Tests (adding or updating tests)
  • 🏗️ Infrastructure/CI changes

Component Affected

  • API (backend)
  • Portal (frontend)
  • Documentation
  • CI/CD
  • Other:

Checklist

General

  • I have read the CONTRIBUTING.md guidelines
  • My code follows the project's code style
  • I have performed a self-review of my code
  • I have commented my code in hard-to-understand areas
  • My changes generate no new warnings or errors

Testing

  • I have added tests that prove my fix/feature works
  • New and existing unit tests pass locally with my changes
  • I have tested my changes manually

Documentation

  • I have updated the documentation accordingly
  • I have updated the README if needed

Screenshots (if applicable)

N/A — backend-only changes.

Test Plan

  1. Unit tests: Run pytest api/tests/unit/test_webapp_service.py api/tests/unit/test_worker_service.py api/tests/unit/test_cron_service.py — tests that exceed CPU, memory or replica limits expect EnvironmentSettingsValidationError.
  2. Integration tests: Run integration tests for webapp, worker and cron; POST with payload above environment limits (e.g. CPU > max_cpu) and assert response is 400 with an appropriate error message.
  3. Manual: Create/update a webapp, worker or cron with CPU/memory/replicas above the environment’s configured limits and confirm 400; with values within limits, confirm create/update succeeds.

Additional Notes

  • When settings_repository is not injected (e.g. legacy callers), validation is skipped and behavior remains as before.
  • Cron validation uses fixed autoscaling (1, 1) so only CPU and memory limits (and a single-pod cap) are enforced.

@digmunhoz
feat(environments): validate environment limits in webapp, worker and…
bd424c2 
… cron

Environment settings are stored per environment (single JSON row). Limits
(CPU, memory, max_pods) are read via EnvironmentSettingsRepository and
normalized with get_environment_limits_from_settings(); validation is
centralized in validate_webapp_settings_against_environment_limits()
(webapp_validators), reused by webapp, worker and cron.

Implementation:
- Services receive an optional EnvironmentSettingsRepository; when present,
  create/update fetches settings by environment_id, builds limits from the
  JSON, and runs the validator before any cluster selection or persistence.
- Validation runs before get_cluster_for_instance so invalid payloads fail
  fast and tests do not depend on cluster selection.
- Handlers inject the repository and map EnvironmentSettingsValidationError
  to 400 with a clear message.
- Cron has no autoscaling; validator is called with autoscaling_min=1,
  autoscaling_max=1 so only CPU/memory and a single-pod cap apply.

Tests use a mock settings row (SimpleNamespace with a real settings list)
so the validator runs; unit tests assert the exception, integration tests
assert 400 on over-limit POSTs. EnvironmentSettings model uses JSONBCompat
for SQLite-friendly integration tests.
@github-actions github-actions bot added the ci label Mar 8, 2026
@digmunhoz digmunhoz merged commit 1ee610f into main Mar 8, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

api ci database portal tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@digmunhoz