fix(api): extend federation target/source guard to azure-self-source and gcp-self-source (closes #140)

[cristim]

Summary

• Generalises validateFederationTargetSource from an AWS-only check to a single rule covering all three clouds: self-source bundles (target == source) require CUDly to be deployed on the matching cloud.
• Adds azure-self-source and gcp-self-source rejection cases that previously produced broken bundles failing at terraform apply instead of returning a clean HTTP 400 at download time.

Changes

internal/api/handler_federation.go — 5 LOC change:

// Before (aws-specific):
if target == "aws" && source == "aws" && sourceCloud() != "aws" { … }

// After (generalised, subsumes the original):
if target == source && sourceCloud() != target { … }

internal/api/handler_federation_test.go:

• Extended TestGetFederationIaC_RejectsImpossibleTargetSourceCombo with target/source fields and 4 new 400-only integration cases (aws→azure/azure, gcp→azure/azure, aws→gcp/gcp, azure→gcp/gcp).
• Added TestValidateFederationTargetSource unit test covering all 9 self-source combos (3 allowed, 6 rejected) and 6 WIF combos (all allowed).

Test plan

• go test ./internal/api/... -run TestGetFederationIaC_RejectsImpossibleTargetSourceCombo — 7 subtests pass
• go test ./internal/api/... -run TestValidateFederationTargetSource — 15 subtests pass
• go test ./internal/api/... — full package (1029 tests) passes
• go vet ./... — clean
• gofmt -l — no unformatted files

Closes #140

[cristim]

@coderabbitai review

[coderabbitai]

Warning

Rate limit exceeded

@cristim has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 35 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 46b7fcb2-1103-4efa-9c42-c1a24324dae4

📥 Commits

Reviewing files that changed from the base of the PR and between c84fd02 and 8717d5c.

📒 Files selected for processing (2)

• internal/api/handler_federation.go
• internal/api/handler_federation_test.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/issue-140-federation-guard

---

_{Review rate limit: 0/5 reviews remaining, refill in 2 minutes and 35 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[cristim]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.