Skip to content

[STORY-3093] feat(dbng): add firewall rules commands #1171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
briceamen wants to merge 8 commits into
base: master
Choose a base branch
from
Open

[STORY-3093] feat(dbng): add firewall rules commands #1171

briceamen wants to merge 8 commits into from

Conversation

@briceamen
Copy link
Contributor

@briceamen briceamen commented Dec 31, 2025
edited
Loading

Summary

Add firewall rules management commands for DBNG databases:

  • database-firewall-rules - List firewall rules
  • database-firewall-rules-add - Add custom CIDR or managed range rule
  • database-firewall-rules-remove - Remove a rule
  • database-firewall-managed-ranges - List available managed ranges

Commands support both positional arguments and --database flag, matching existing DBNG command patterns (database-info, database-destroy).

Usage examples

# Positional argument style
scalingo database-firewall-rules my-db-id
scalingo database-firewall-rules-add my-db-id --cidr 203.0.113.0/24 --label "Office"
scalingo database-firewall-rules-remove my-db-id rule-id

# --database flag style
scalingo --database my-db database-firewall-rules
scalingo --database my-db database-firewall-rules-add --managed-range man-osc-fr1-egress
scalingo --database my-db database-firewall-rules-remove rule-id

Changes

  • Added GetAddonIDFromDatabase helper in detect/app.go to resolve addon ID from database ID
  • Firewall commands now support positional args like other DBNG commands

Test plan

Tested on staging (osc-st-fr1) with database test-firewall-rules-db:

Positional argument style:

  • database-firewall-rules test-firewall-rules-db - List rules
  • database-firewall-managed-ranges test-firewall-rules-db - List managed ranges
  • database-firewall-rules-add test-firewall-rules-db --cidr 203.0.113.0/24 --label "Test office" - Add custom rule
  • database-firewall-rules-remove test-firewall-rules-db <rule-id> - Remove rule

--database flag style:

  • --database test-firewall-rules-db database-firewall-rules - List rules
  • --database test-firewall-rules-db database-firewall-rules-add --managed-range man-osc-st-fr1-egress - Add managed range
  • --database test-firewall-rules-db database-firewall-rules-remove <rule-id> - Remove rule

@notion-workspace
Copy link

notion-workspace bot commented Dec 31, 2025

🗒️ [FEAT] Implement Firewall Rules on CLI

@briceamen briceamen requested a review from Copilot December 31, 2025 10:53

This comment was marked as outdated.

Sign in to view

@briceamen briceamen self-assigned this Dec 31, 2025
@briceamen briceamen requested a review from Copilot December 31, 2025 13:26

This comment was marked as outdated.

Sign in to view

@briceamen briceamen marked this pull request as ready for review December 31, 2025 13:28
@briceamen briceamen force-pushed the feat/STORY-3093/firewall-rules branch from 10d0d9a to ea3aaaa Compare December 31, 2025 13:39
@briceamen briceamen requested a review from Copilot December 31, 2025 13:40

This comment was marked as outdated.

Sign in to view

sc-david-voisin
sc-david-voisin reviewed Dec 31, 2025
View reviewed changes
Copy link
Contributor

@sc-david-voisin sc-david-voisin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, however I have few questions/suggestions

dbng/firewall_rules.go Outdated
}

io.Statusf("Firewall rule '%s' has been added to database '%s'.\n", rule.ID, databaseID)
io.Warning("Firewall rules take time to be applied due to infrastructure provisioning.")
Copy link
Contributor

@sc-david-voisin sc-david-voisin Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe reformulate a bit. A proposition:

"Expect some delay for the firewall rules to be applied, due to infrastructure provisioning."

sc-david-voisin
sc-david-voisin approved these changes Dec 31, 2025
View reviewed changes
matthieu526-scalingo
matthieu526-scalingo reviewed Jan 2, 2026
View reviewed changes
cmd/firewall_rules.go
return cli.ShowCommandHelp(ctx, c, "database-firewall-rules")
}

utils.CheckForConsent(ctx, databaseID, utils.ConsentTypeDBs)
Copy link
Contributor

@matthieu526-scalingo matthieu526-scalingo Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: is the consent required here?

cmd/firewall_rules.go
Comment on lines +89 to +103
switch c.Args().Len() {
case 0:
// No positional arg, database from --database flag
databaseID, addonID = detect.GetCurrentDatabase(ctx, c)
case 1:
// database-id provided as positional arg
databaseID = c.Args().First()
addonID, err = detect.GetAddonIDFromDatabase(ctx, databaseID)
if err != nil {
errorQuit(ctx, err)
}
default:
io.Error("Too many arguments")
return cli.ShowCommandHelp(ctx, c, "database-firewall-rules-add")
}
Copy link
Contributor

@matthieu526-scalingo matthieu526-scalingo Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: this is done 3 times? What do you about about making a small function out it?

cmd/firewall_rules.go
} else {
params = scalingo.FirewallRuleCreateParams{
Type: scalingo.FirewallRuleTypeManagedRange,
RangeID: managedRange,
Copy link
Contributor

@matthieu526-scalingo matthieu526-scalingo Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: here the label isn't used, is it on purpose? Otherwise, shouldn't we block the flag for manages rules?

cmd/firewall_rules.go

utils.CheckForConsent(ctx, databaseID, utils.ConsentTypeDBs)

err = dbng.FirewallManagedRangesList(ctx, databaseID, addonID)
Copy link
Contributor

@matthieu526-scalingo matthieu526-scalingo Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: why do you need the DB ID to list the ranges?

dbng/firewall_rules.go
}

io.Statusf("Firewall rule '%s' has been added to database '%s'.\n", rule.ID, databaseID)
io.Warning("Expect some delay for the firewall rules to be applied, due to infrastructure provisioning.")
Copy link
Contributor

@matthieu526-scalingo matthieu526-scalingo Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: is this the good wording? We are not really provisioning anything at this point/

dbng/firewall_rules.go
}

io.Statusf("Firewall rule '%s' has been removed from database '%s'.\n", ruleID, databaseID)
io.Warning("Expect some delay for the firewall rules to be applied, due to infrastructure provisioning.")
Copy link
Contributor

@matthieu526-scalingo matthieu526-scalingo Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: do we want to use applied here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@matthieu526-scalingo matthieu526-scalingo matthieu526-scalingo left review comments

@sc-david-voisin sc-david-voisin sc-david-voisin approved these changes

@curzolapierre curzolapierre Awaiting requested review from curzolapierre

Assignees

@briceamen briceamen

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@briceamen @sc-david-voisin @matthieu526-scalingo