Improve validation of replicator job parameters

There are two main improvements:

  * Replace the auto-inserted replicator VDU with a BDU. Replicator already had
    a BDU to update the `"owner"` field, so plug right into it and validate
    everything we need there. This way, the validation and parsing logic is all
    in one module. The previously inserted VDU design doc will be deleted.

  * Allow constraining endpoint protocol types and socket options. Previously,
    users could create replications with any low level socket options. Some of
    those are dangerous and are possible "foot-guns". Restrict those options to
    a more usable set.

In addition to those improvements, increase test coverage a bit by explicitly
checking a few more parsing corner cases.

Fixes #4273

1 files changed, 12 insertions, 0 deletions

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 04448aabd..0efc4cb23 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -555,6 +555,18 @@ partitioned||* = true
 ; See the `inet` Erlang module's man page for the full list of options.
 ;socket_options = [{keepalive, true}, {nodelay, false}]
 
+; Valid socket options. Options not in this list are ignored. The full list of
+; options may be found at https://www.erlang.org/doc/man/inet.html#setopts-2.
+;valid_socket_options = buffer,keepalive,nodelay,priority,recbuf,sndbuf
+
+; Valid replication endpoint protocols. Replication jobs with endpoint urls not
+; in this list will fail to run.
+;valid_endpoint_protocols = http,https
+
+; Valid replication proxy protocols. Replication jobs with proxy urls not in
+; this list will fail to run.
+;valid_proxy_protocols = http,https,socks5
+
 ; Path to a file containing the user's certificate.
 ;cert_file = /full/path/to/server_cert.pem