feat: add jaas validators #541
Conversation
kian99
force-pushed
the
CSS-9768-implement-jaas-validators
branch
2 times, most recently
from
9e6ef73 to
e6eac1c
Compare
| func (v AvoidJAASValidator) Validate(ctx context.Context, config tfsdk.Config) diag.Diagnostics { | ||
| var diags diag.Diagnostics | ||
|
|
||
| if v.Client != nil { |
There was a problem hiding this comment.
suggestion
if v.Client != nil && v.Client.IsJAAS() {
There was a problem hiding this comment.
Please add more details on why in the commit messages and other places. Be kind to reviewer and your future self. It's not clear at all why we need both a AvoidJAAS and RequireJAAS validator. Some details are in the PR, but that is a long way to travel for the details.
| func (v AvoidJAASValidator) Validate(ctx context.Context, config tfsdk.Config) diag.Diagnostics { | ||
| var diags diag.Diagnostics | ||
|
|
||
| if v.Client != nil && v.Client.IsJAAS() { |
There was a problem hiding this comment.
issue: a not nil client will hopefully be caught before this point, however please follow the known pattern along the lines of:
// Check first if the client is configured
if a.client == nil {
addClientNotConfiguredError(&resp.Diagnostics, "access model", "create")
return
}
For both validators
There was a problem hiding this comment.
I don't think we should do that here, the validator is called multiple times throughout the process of resource creation, it is expected that the client will be nil at certain stages before the client has been created.
I'll leave a comment to that effect.
There was a problem hiding this comment.
The client I'm thinking of is created as part of the jujuProvider.Config method at the very start. It's created before any resource schema is known. This block of code is recommended by terraform framework tutorials.
I'm unclear why you believe the client may be nil during resource creation?
The check is more of a paranoia check as the client should be available.
There was a problem hiding this comment.
I added the nil check because when I was investigating when the validator is called you will find that it is executed multiple times, including before the resource' configure method is called.
Only when the resource's configure method is called, is the resource's client populated (by using the client created in jujuProvider.Config) and no longer nil.
The easiest way to see this is to run one of the integration tests in debug mode and step through the code. There you can see that the client will be nil at certain points and if we were to return an error because the client was not yet configured the resource would always fail to be created because this value is always nil before the configure method is called.
|
|
||
| if v.Client != nil && v.Client.IsJAAS() { | ||
| diags.AddError("Attempted use of resource without JAAS.", | ||
| "This resource can only be used with a JAAS setup offering additional enterprise features - see https://jaas.ai/ for more details.") |
There was a problem hiding this comment.
suggestion: This resource can only be used with JAAS, which offers additional enterprise features - see https://jaas.ai/ for more details.
There was a problem hiding this comment.
Can you also please assign @tmihoc for review as there was a request for a technical author to look over these error messages.
kian99
force-pushed
the
CSS-9768-implement-jaas-validators
branch
from
98eb662 to
30658a8
Compare
The AvoidJAASValidator can be used to ensure a resource is not used with JAAS. E.g. juju_access_model should not be used with JAAS as there is a JAAS specific type for that. The RequiresJAASValidator can be used to ensure a resource is only used with JAAS. E.g. new JAAS specific resources should not be used when communicating with a Juju controller.
- avoid leaking connection - reword error messages - make validate function not exported
kian99
force-pushed
the
CSS-9768-implement-jaas-validators
branch
from
30658a8 to
e1d0097
Compare
There was a problem hiding this comment.
I have doubts these validators will work, as I'm not sure a not nil client can be provided to them. When I did some test runs with code myself and never found a case where the client was not nil when calling a validator as set up here which surprised me.
We're in a feature branch, so let's move forward. They will have to be validated once code is available to use them.
@tmihoc hasn't provided feedback on the wording yet. Changes can be made later.
| diags.AddError("Invalid use of resource with JAAS.", | ||
| "This resource is not supported with JAAS. "+ | ||
| hint+ | ||
| "JAAS offers additional enterprise features through the use of dedicated resources. "+ |
There was a problem hiding this comment.
The sentence about JAAS is jarring because it shifts the topic from resources (the previous two sentences) to JAAS, and the connection to resources is unclear -- i.e., as a user, what I'm getting is that dedicated resources can help me take advantage of the additional enterprise features of JAAS, but it's not clear to me what "dedicated resources" is referring to and what I'm supposed to do with this information (i.e., am I suppose to not use the resource suggested in the hint?)
There was a problem hiding this comment.
I see what you mean. What if we changed this sentence to,
"JAAS offers additional enterprise features through the use of dedicated resources (those with "jaas" in the name)."
The hint is created above and supposed to lead the user to the correct resource to use - it will say something like "Try the juju_jaas_access_model resource instead."
Description
This PR adds two new validators related to JAAS.
AvoidJAASValidatorin validator_avoid_jaas.go - This validator can be used to ensure a resource is not used with JAAS. E.g. juju_access_model should not be used with JAAS as there is a JAAS specific type for that.RequiresJAASValidatorin validator_require_jaas.go - This validator can be used to ensure a resource is only used with JAAS. For example, new JAAS specific resources should not be used when communicating with a regular Juju controller.The output error messages require input from a technical author.
Type of change
Additional notes
https://warthogs.atlassian.net/browse/CSS-9768