Allow AMI and Security Group selection (in combination with PR on Tango)

[jhs-panda]

Description

Allow user to choose an AMI and Security Group EC2 Settings. Options are pooled from Tango.

Motivation and Context

#2272

How Has This Been Tested?

Ensured AMI and Security Group lists were properly pooled from Tango.
Change autograder settings and grade various submissions, ensure the AMI and Security Group changes carry through.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request introduces enhanced autograder configuration with EC2-specific options. A new JavaScript file adds a callback for toggling access key fields based on a checkbox. Controller actions are updated to initialize and permit new attributes, and additional Tango information is extracted in jobs actions. The helper method updating job properties now incorporates EC2 configurations. New view partials are created for basic and EC2 settings and integrated into a tabbed interface. Feature flags for EC2 SSH are added to environment configurations, and migrations along with schema updates introduce new columns, adjust data types, and add foreign keys.

Changes

File(s)	Change Summary
app/assets/javascripts/autograder.js	New JavaScript file that initializes a callback on document ready to toggle the autograder access key fields based on the checkbox state.
app/controllers/autograders_controller.rb and app/controllers/jobs_controller.rb	Controllers updated: autograders now initialize and permit new attributes (access_key, access_key_id, instance_type, ami, security_group), and jobs extract additional Tango info (tagged_amis, security_groups).
app/helpers/assessment_autograde_core.rb	Modified tango_add_job method to append EC2-related properties (accessKey, accessKeyId, instanceType, ami, security_group) to the job properties before JSON conversion.
app/views/autograders/_basic_settings.html.erb, app/views/autograders/_ec2_settings.html.erb, app/views/autograders/_form.html.erb	New view partials for basic and EC2 settings added; existing autograder form restructured into a tabbed interface that conditionally renders these partials.
config/environments/development.rb, config/environments/production.rb.template	Introduced new feature flag config.x.ec2_ssh (set to true in development and false in production) to control EC2 SSH functionality.
db/migrate/20241205233214_add_ec2_ssh_fields_to_autograders.rb, db/migrate/20241211042124_add_use_access_key_to_autograder.rb	New migrations adding columns to the autograders table: instance_type, access_key, access_key_id (default empty strings) and use_access_key (boolean, default false).
db/schema.rb	Schema version updated with new autograder columns, column type modifications (e.g., bigint to integer), removal of certain default values, added precision adjustments, and new foreign key constraints.

Sequence Diagram(s)

sequenceDiagram
    participant U as User
    participant CB as Checkbox (#autograder_use_access_key)
    participant JS as Autograder Callback
    participant AK as Input Field (#autograder_access_key)
    participant AID as Input Field (#autograder_access_key_id)

    Note over JS: Callback attached on document ready
    U->>CB: Toggle checkbox
    CB->>+JS: Trigger change event
    alt Checkbox is checked
        JS->>AK: Enable field
        JS->>AID: Enable field
    else Checkbox is unchecked
        JS->>AK: Disable field and clear value
        JS->>AID: Disable field and clear value
    end

Loading

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 398b5c5 and b75cf0e.

📒 Files selected for processing (12)

• app/assets/javascripts/autograder.js (1 hunks)
• app/controllers/autograders_controller.rb (3 hunks)
• app/controllers/jobs_controller.rb (1 hunks)
• app/helpers/assessment_autograde_core.rb (1 hunks)
• app/views/autograders/_basic_settings.html.erb (1 hunks)
• app/views/autograders/_ec2_settings.html.erb (1 hunks)
• app/views/autograders/_form.html.erb (1 hunks)
• config/environments/development.rb (1 hunks)
• config/environments/production.rb.template (1 hunks)
• db/migrate/20241205233214_add_ec2_ssh_fields_to_autograders.rb (1 hunks)
• db/migrate/20241211042124_add_use_access_key_to_autograder.rb (1 hunks)
• db/schema.rb (10 hunks)

🧰 Additional context used

🪛 RuboCop (1.73)

db/schema.rb

[convention] 14-15: Extra empty line detected at block body beginning.

(Layout/EmptyLinesAroundBlockBody)

🪛 GitHub Actions: Ruby on Rails CI

db/schema.rb

[error] 444-444: ActiveRecord::MismatchedForeignKey: Column blob_id on table active_storage_attachments does not match column id on active_storage_blobs, which has type bigint. To resolve this issue, change the type of the blob_id column on active_storage_attachments to be :bigint.

🔇 Additional comments (16)

db/migrate/20241211042124_add_use_access_key_to_autograder.rb (1)

1-5: LGTM! Migration to add use_access_key boolean flag.

This migration properly adds a boolean column with a default value of false, which is good practice as it ensures existing records have a consistent state after migration.

config/environments/development.rb (1)

77-79: LGTM! Feature flag for EC2 autograder.

The feature flag is appropriately placed with other feature flags and clearly commented. Setting it to true in development enables testing of the EC2 SSH functionality.

config/environments/production.rb.template (1)

91-93: LGTM! Feature flag disabled by default in production.

Good practice to have the feature disabled by default in production. This allows for controlled rollout and testing before enabling it for all production users.

app/assets/javascripts/autograder.js (2)

3-13: Well-structured access key toggle functionality.

The callback function correctly toggles and clears the access key fields based on the checkbox state.

---

15-17: Good implementation of event handling and initial state.

The code properly binds the callback to the change event and initializes the field state based on the checkbox's initial value.

app/controllers/jobs_controller.rb (1)

168-171: Good defensive programming for AMI and security group retrieval.

The implementation properly retrieves the tagged AMIs and security groups from Tango with a fallback to empty arrays, ensuring robust handling of missing data.

app/views/autograders/_form.html.erb (2)

1-17: Well-implemented tabbed interface with dynamic tab generation.

The code creates a clean, responsive tabbed interface that dynamically includes tabs based on configuration settings. It also correctly maintains the active tab state.

---

19-34: Good use of partials for content organization.

The implementation properly separates concerns by using dedicated partials for different sections of the form, improving maintainability and readability.

app/controllers/autograders_controller.rb (3)

19-23: New EC2 configuration fields properly initialized.

These new fields support the feature for allowing AMI and Security Group selection, as described in the PR objectives. The initialization values provide sensible defaults.

---

42-44: Good addition of Tango information retrieval.

Retrieving the tagged AMIs and security groups from Tango will populate the dropdown options in the UI. The fallback to empty arrays is a good defensive programming practice.

---

123-124: Properly updated strong parameters.

The autograder_params method has been updated to permit the new EC2 configuration attributes, which is required for mass assignment to work properly.

app/views/autograders/_basic_settings.html.erb (1)

1-37: Well-structured basic settings template.

This new template cleanly separates basic autograder settings from the EC2-specific settings. The form includes all necessary fields with appropriate help text, and provides good UX for file operations.

app/helpers/assessment_autograde_core.rb (2)

170-182: EC2 configuration properly integrated into job properties.

The conditional check for EC2 SSH feature flag ensures backward compatibility, and the proper handling of access keys is a good security practice.

---

184-184: Job properties conversion to JSON moved outside the conditional block.

This change ensures the job_properties are always converted to JSON before being sent to Tango, regardless of whether EC2 config is enabled.

db/schema.rb (2)

13-13: Schema version updated correctly.

The schema version reflects the latest migrations applied to the database.

---

152-157: New autograders table columns support EC2 configuration.

These columns properly store the EC2-specific settings with appropriate default values matching the controller initialization.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Caution

Inline review comments failed to post. This is likely due to GitHub's limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 2

🧹 Nitpick comments (4)

db/migrate/20241205233214_add_ec2_ssh_fields_to_autograders.rb (1)

1-7: Consider security implications of storing AWS keys in the database.

The migration adds fields for AWS credentials directly in the database. While the implementation works, consider these security recommendations:

1. Ensure access keys are encrypted at rest in the database
2. Consider using AWS-provided credential management systems instead of storing raw keys
3. Add validation to prevent empty strings from being used as valid credentials

This approach might be suitable for your current needs, but document the security considerations for future maintainers.

app/views/autograders/_ec2_settings.html.erb (3)

13-16: Inconsistent form field styling.

Unlike other form fields that use display_name, the AMI label is placed outside the form construct, creating an inconsistent UI pattern.

Maintain consistent styling by using display_name for the AMI selector:

-AMI
-<%= f.select :ami,
+<%= f.select :ami, display_name: "AMI",
              options_for_select(@tagged_amis.map { |ami| ["Name: #{ami['name']}, ID: #{ami['id']}", ami['id']] }, f.object.ami),
              { include_blank: "Use Tango Default" } %>

---

18-21: Inconsistent form field styling.

Similar to the AMI field, the Security Group label is placed outside the form construct.

Maintain consistent styling by using display_name for the Security Group selector:

-Security Group
-<%= f.select :security_group,
+<%= f.select :security_group, display_name: "Security Group",
              options_for_select(@security_groups.map { |sg| ["Name: #{sg['name']}, ID: #{sg['id']}", sg['name']] }, f.object.security_group),
              { include_blank: "Use Tango Default" } %>

---

24-26: Fix typo in confirmation message.

There's a spelling error in the confirmation message for deleting the autograder.

-            data: { confirm: "Are you sure you want to delete the Autograder for this assesssment?" } %>
+            data: { confirm: "Are you sure you want to delete the Autograder for this assessment?" } %>

🛑 Comments failed to post (2)

app/views/autograders/_ec2_settings.html.erb (1)

9-10: 🛠️ Refactor suggestion

Enhance security for access key fields.

The access key and access key ID are sensitive AWS credentials displayed as plain text fields. This poses a security risk as these credentials could be exposed to unauthorized viewers.

Change the input type to password for these sensitive fields:

-<%= f.text_field :access_key, display_name: "Access Key" %>
-<%= f.text_field :access_key_id, display_name: "Access Key ID" %>
+<%= f.password_field :access_key, display_name: "Access Key" %>
+<%= f.password_field :access_key_id, display_name: "Access Key ID" %>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

<%= f.password_field :access_key, display_name: "Access Key" %>
<%= f.password_field :access_key_id, display_name: "Access Key ID" %>

db/schema.rb (1)

18-19: 💡 Verification agent

🧩 Analysis chain

Critical issue: Mismatched column types in Active Storage tables.

The pipeline is failing because column types for foreign keys in Active Storage tables have been changed from bigint to integer, causing a mismatch with their referenced columns.

This needs to be fixed as Rails expects these columns to be bigint. You should create a migration to revert these column types back to bigint:

class FixActiveStorageColumnTypes < ActiveRecord::Migration[6.1]
  def change
    change_column :active_storage_attachments, :record_id, :bigint
    change_column :active_storage_attachments, :blob_id, :bigint
    change_column :active_storage_blobs, :byte_size, :bigint
    change_column :active_storage_variant_records, :blob_id, :bigint
  end
end

Also applies to: 38-39

---

🏁 Script executed:

#!/bin/bash
# Check the column types in migrations affecting Active Storage tables
grep -r "active_storage" --include="*.rb" db/migrate/ | grep -E "change_column|add_column"

Length of output: 402

---

Critical Issue: Active Storage Foreign Key Column Type Mismatch

The schema in db/schema.rb (lines 18–19 and 38–39) defines the record_id and blob_id columns as integer, yet Rails expects these to be bigint for proper foreign key references. The migration check did not reveal any changes addressing this mismatch—only an update for the service_name column was found.

Please create a migration to change these columns back to bigint. For example:

class FixActiveStorageColumnTypes < ActiveRecord::Migration[6.1]
  def change
    change_column :active_storage_attachments, :record_id, :bigint
    change_column :active_storage_attachments, :blob_id, :bigint
    change_column :active_storage_blobs, :byte_size, :bigint
    change_column :active_storage_variant_records, :blob_id, :bigint
  end
end