From 0643cfb7c69f626c57fe7b18379634d35dc638d6 Mon Sep 17 00:00:00 2001
From: Evan Shi <14984764+evanyeyeye@users.noreply.github.com>
Date: Mon, 1 Apr 2024 16:49:53 -0400
Subject: [PATCH 1/5] Add setting to specify allowed outgoing ips

---
 app/helpers/assessment_autograde_core.rb                     | 4 +++-
 app/views/assessments/_edit_advanced.html.erb                | 2 ++
 ...20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 db/migrate/20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb

diff --git a/app/helpers/assessment_autograde_core.rb b/app/helpers/assessment_autograde_core.rb
index bef2e3b50..becf321db 100644
--- a/app/helpers/assessment_autograde_core.rb
+++ b/app/helpers/assessment_autograde_core.rb
@@ -157,6 +157,7 @@ def get_job_status(job_id)
   # Returns the Tango response
   #
   def tango_add_job(course, assessment, upload_file_list, callback_url, job_name, output_file)
+    allowed_outgoing_ips = if assessment.allowed_outgoing_ips.nil? then "" else assessment.allowed_outgoing_ips.split(/\s*,\s*/) end
     job_properties = { "image" => @autograde_prop.autograde_image,
                        "files" => upload_file_list.map do |f|
                          { "localFile" => f["remoteFile"],
@@ -166,7 +167,8 @@ def tango_add_job(course, assessment, upload_file_list, callback_url, job_name,
                        "timeout" => @autograde_prop.autograde_timeout,
                        "callback_url" => callback_url,
                        "jobName" => job_name,
-                       "disable_network" => assessment.disable_network }.to_json
+                       "disable_network" => assessment.disable_network,
+                       "allowed_outgoing_ips" => allowed_outgoing_ips }.to_json
     begin
       response = TangoClient.addjob("#{course.name}-#{assessment.name}", job_properties)
     rescue TangoClient::TangoException => e
diff --git a/app/views/assessments/_edit_advanced.html.erb b/app/views/assessments/_edit_advanced.html.erb
index 5c8afc026..5195e4ac8 100644
--- a/app/views/assessments/_edit_advanced.html.erb
+++ b/app/views/assessments/_edit_advanced.html.erb
@@ -23,6 +23,8 @@
 <% end %>
 
 <%= f.check_box :disable_network, help_text: "Disable network access for autograding containers." %>
+<%= f.text_field :allowed_outgoing_ips,
+                 help_text: "Specify allowed outgoing IPs for autograding containers (comma separated). If left empty, all outgoing connections are allowed." %>
 <%= f.check_box :allow_unofficial,
                 help_text: "Allow unofficial submission. Unless you know what you're doing, leave this unchecked." %>
 <%= f.check_box :embedded_quiz,
diff --git a/db/migrate/20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb b/db/migrate/20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb
new file mode 100644
index 000000000..6cac7abfe
--- /dev/null
+++ b/db/migrate/20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb
@@ -0,0 +1,5 @@
+class AddAllowedOutgoingIPsToAssessment < ActiveRecord::Migration[6.1]
+  def change
+    add_column :assessments, :allowed_outgoing_ips, :string
+  end
+end

From ea93c32ec0b50956956a3c229bba18372651d0c0 Mon Sep 17 00:00:00 2001
From: Evan Shi <14984764+evanyeyeye@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:14:11 -0400
Subject: [PATCH 2/5] Small changes

---
 app/helpers/assessment_autograde_core.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/helpers/assessment_autograde_core.rb b/app/helpers/assessment_autograde_core.rb
index becf321db..3bfe63e2f 100644
--- a/app/helpers/assessment_autograde_core.rb
+++ b/app/helpers/assessment_autograde_core.rb
@@ -157,7 +157,6 @@ def get_job_status(job_id)
   # Returns the Tango response
   #
   def tango_add_job(course, assessment, upload_file_list, callback_url, job_name, output_file)
-    allowed_outgoing_ips = if assessment.allowed_outgoing_ips.nil? then "" else assessment.allowed_outgoing_ips.split(/\s*,\s*/) end
     job_properties = { "image" => @autograde_prop.autograde_image,
                        "files" => upload_file_list.map do |f|
                          { "localFile" => f["remoteFile"],
@@ -167,10 +166,13 @@ def tango_add_job(course, assessment, upload_file_list, callback_url, job_name,
                        "timeout" => @autograde_prop.autograde_timeout,
                        "callback_url" => callback_url,
                        "jobName" => job_name,
-                       "disable_network" => assessment.disable_network,
-                       "allowed_outgoing_ips" => allowed_outgoing_ips }.to_json
+                       "disable_network" => assessment.disable_network
+    }
+    unless assessment.allowed_outgoing_ips.nil? || assessment.allowed_outgoing_ips.empty?
+      job_properties["allowed_outgoing_ips"] = assessment.allowed_outgoing_ips.split(/\s*,\s*/)
+    end
     begin
-      response = TangoClient.addjob("#{course.name}-#{assessment.name}", job_properties)
+      response = TangoClient.addjob("#{course.name}-#{assessment.name}", job_properties.to_json)
     rescue TangoClient::TangoException => e
       COURSE_LOGGER.log("Error while adding job to the queue: #{e.message}")
       raise AutogradeError.new("Error while adding job to the queue", :tango_add_job, e.message)

From 10f7af7644a00bc0dac39e291f058cab4daab782 Mon Sep 17 00:00:00 2001
From: Evan Shi <14984764+evanyeyeye@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:31:56 -0400
Subject: [PATCH 3/5] Add schema

---
 db/schema.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/db/schema.rb b/db/schema.rb
index 9514ff552..695b27945 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -119,6 +119,7 @@
     t.boolean "allow_student_assign_group", default: true
     t.boolean "is_positive_grading", default: false
     t.boolean "disable_network", default: false
+    t.string "allowed_outgoing_ips"
   end
 
   create_table "attachments", force: :cascade do |t|

From 436e95973584665e2e1ddc2ab361c3a6a6115da2 Mon Sep 17 00:00:00 2001
From: Evan Shi <14984764+evanyeyeye@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:50:01 -0400
Subject: [PATCH 4/5] Rename migration

---
 ...b => 20240401200408_add_allowed_outgoing_ips_to_assessment.rb} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename db/migrate/{20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb => 20240401200408_add_allowed_outgoing_ips_to_assessment.rb} (100%)

diff --git a/db/migrate/20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb b/db/migrate/20240401200408_add_allowed_outgoing_ips_to_assessment.rb
similarity index 100%
rename from db/migrate/20240401200408_add_allowed_outgoing_i_ps_to_assessment.rb
rename to db/migrate/20240401200408_add_allowed_outgoing_ips_to_assessment.rb

From a97f9a8e3becef4bc343b7c83fd2966dd74a5bc3 Mon Sep 17 00:00:00 2001
From: Evan Shi <14984764+evanyeyeye@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:51:31 -0400
Subject: [PATCH 5/5] Update db version

---
 db/schema.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/schema.rb b/db/schema.rb
index 695b27945..e54578180 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2024_02_26_194217) do
+ActiveRecord::Schema.define(version: 2024_04_01_200408) do
 
   create_table "active_storage_attachments", force: :cascade do |t|
     t.string "name", null: false