add check to avoid deployment with invalid features#405
add check to avoid deployment with invalid features#405arvind4501 merged 2 commits intotheforeman:masterfrom
Conversation
| @@ -0,0 +1,40 @@ | |||
| --- | |||
| - name: Remove invalid features from parameters.yaml | |||
There was a problem hiding this comment.
We shouldn't touch parameters.yaml from Ansible, that's obsah's space.
There was a problem hiding this comment.
My thinking behind this is that when we do --add-feature invalid-feature it adds it to parameters.yaml and then also gives error to user that its not valid but does not remove from that file. which forces the same invalid-feature to be passed on next deploy
There was a problem hiding this comment.
We have this problem in other places too. Like when the user provides a tuning that has requirements higher than the system they are deploying on.
I wonder if it would make sense to enhance obsah so that it can have two playbooks for a command:
- a
validateplaybook, that runs checks and only if that passes, params are persisted - a
runplaybook, that contains the actual "do things" part.
There was a problem hiding this comment.
I think if we fix it in obsah, it will be a centralized solution and would make these user mistakes be handled more explictely
There was a problem hiding this comment.
a validate playbook, that runs checks and only if that passes, params are persisted
i have one doubt here like what are we validating against? do we have to defined whats valid args looks like before actually validating
There was a problem hiding this comment.
Can argparse / Obsah metadata handle this for us? I tend to agree this feels more like a CLI level check and error situation rather than a runtime error.
This might present like a kafo hook, and I would like to avoid "hooks" but this does feel like a CLI-level validation that should occur to the user early on and provide quick feedback.
There was a problem hiding this comment.
argparse has choices, but that'd require either having a static list (duplicating data in features.yaml) or a way to dynamically read features.yaml at runtime, which we don't have today.
There was a problem hiding this comment.
I have removed the manual removal of parameters.yaml by ansible and created a issue theforeman/obsah#109 that can be handled. Do we need to handle this issue with this PR, or is it fine it can be fixed standalone?
There was a problem hiding this comment.
I think we don't need to handle it here and can do it standalone
evgeni
left a comment
evgeni
left a comment
There was a problem hiding this comment.
Should be squashed on merge. Works nicely.
arvind4501
force-pushed
the
validate-features
branch
from
6216f8d to
ff4f0df
Compare
|
Maybe nitpicking, but the commit says "only valid features can be enabled" but the actual implementation is more "add check to refuse to run with invalid features". At least, my understanding is that it still adds the feature to the parameters. To be clear, I'm OK with that for now. Long term, if we ever remove a feature this will also catch that. |
|
Oh you mean the commit message should be updated? Yeah! |
|
That and the PR title itself. Other that that, no objections from my side. |
arvind4501
force-pushed
the
validate-features
branch
from
ff4f0df to
c584c5f
Compare
arvind4501
changed the title
|
this needs a rebase after the merge of #309 |
arvind4501
force-pushed
the
validate-features
branch
from
c584c5f to
20138c9
Compare
|
@arvind4501 needs another rebase 🙈 why have we been doing so much work on the filter plugin? 😄 |
arvind4501
force-pushed
the
validate-features
branch
from
20138c9 to
154bcff
Compare
|
yes, filter plugins are overwhelmed, and with current design its appeared to be best place to do all calculations 😄 |
arvind4501
force-pushed
the
validate-features
branch
from
1a7f933 to
9d54ecc
Compare
There was a problem hiding this comment.
ACK, Tested with foremanctl-1.2.0-1.20260324082716183495.pr405.40.g154bcff.el9.noarch and it works as expected 🍏
# foremanctl deploy --add-feature invalid-feature1 --add-feature invalid-feature2
..
...
TASK [checks : Report status of checks] ************************************************************************************************
fatal: [localhost]: FAILED! =>
changed: false
msg:
- assertion: found_invalid_features | length == 0
changed: false
evaluated_to: false
failed: true
msg: |-
ERROR: Unknown feature(s) requested: invalid-feature1, invalid-feature2
To remove them, run:
foremanctl deploy --remove-feature=invalid-feature1 --remove-feature=invalid-feature2
Run 'foremanctl features' to list all available features.
PLAY RECAP *****************************************************************************************************************************
localhost : ok=16 changed=0 unreachable=0 failed=1 skipped=1 rescued=1 ignored=0
Note: currently, invalid features names gets added to parameters.yaml on failure, which would be improved in theforeman/obsah#109
6 participants
Add feature validation to prevent invalid features from being enabled during deployment: