Config precheck

[ianballou]

Addresses #45:

• Config file is now checked when the HIL server is started
• Sections that are not critical to HIL are optional
• Option types are checked as well, such as strings vs bools
• Tests that didn't include all of the required HIL.cfg sections/options have been updated

Note: I am going to start working on testing, but I wanted to get this out for review first since I'll be out next week.

[coveralls]

Pull Request Test Coverage Report for Build 1797

• 32 of 60 (53.33%) changed or added relevant lines in 8 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage increased (+55.6%) to 55.559%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
hil/ext/switches/nexus.py	0	4	0.0%
hil/ext/switches/brocade.py	0	4	0.0%
hil/ext/switches/dell.py	0	4	0.0%
hil/ext/switches/n3000.py	0	4	0.0%
hil/ext/switches/dellnos9.py	0	4	0.0%
hil/config.py	28	36	77.78%

Files with Coverage Reduction	New Missed Lines	%
hil/config.py	1	73.97%

Totals
Change from base Build 1796:	55.6%
Covered Lines:	2049
Relevant Lines:	3688

---

💛 - Coveralls

[xuhang57]

Officially the first PR which increases the coverage 💟 🍸 🤙

[zenhack]

A few inlines comments.

Also, we've got a number of things where it might be nice to be more strict; we can probably check that URLs are syntactically valid URLs, and the check the format of the vlan pools, etc.

Down the line it might be nice to swap out some of the lambdas with Use schema, and start using the result of validating the schema, so we don't have to parse out the values again separately.

[zenhack]

The lambda is superfluous here (and elsewhere); you can just do Optional('dry_run'): string_is_bool. You'll have to move the definition of that function up though, so it's defined before core_schema.

[zenhack]

While you're at it, this python supports a shorthand, so this can be 0 < v <= 4093.

Also, is there a reason for 4093? The others are 4096, which makes more sense.

[naved001]

yeah, the Dell N3000 switch only showed that it's from 1 to 4093.

R5-PA-C01-U39#show vlan id ?

<1-4093>                 Enter VLAN ID.

R5-PA-C01-U39#show vlan id 4094
                           ^
Value is out of range. The valid range is 1 to 4093.

[zenhack]

Weird. Would you mind adding a comment to that effect?

[naved001]

In network-drivers it's mentioned that we enable VLAN 2-4093, but it doesn't mention the reason. @Izhmash, can you put a comment in the code while you are at it and update the docs to make it more clear?

[zenhack]

I might be slighly more explicit here; Error in config file.

[naved001]

while we are talking about vlan ranges, I am sure 0 shouldn't be included in this range.

haas-loaner# show vlan id ?
  <1-3967,4048-4093>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19
>
haas-loaner# show vlan id 0

[ianballou]

I believe I addressed the comments above. @zenhack for more in-depth config checks, I've added checks for malformed web/db urls, a check for the VLAN pool list, and a check for log_level. Naved and I discussed checking the headnode config options, and we decided they can be left as str for now since they will be removed in the future.

I considered checking log_dir, however a bad directory crashes HIL before before the config is even loaded. I'll add an issue about that.

[ianballou]

Tests will be on the way as soon as we lock in which config checks should be there.

[naved001]

move this before configure_logging() and this PR itself can take care of #976
This line is probably what's causing trouble.

[naved001]

To be more clear, check for bad values of log_dir in validate_config() and call it before configure_logging().

[zenhack]

We should probably check this by catching the IOError and reporting the issue; conceptually doing it here is weird, because the problem is an absent or non-writable directory, not a malformed confg file. Slightly more pragmatically, there's a race condition where if the directory is deleted/permissions changed between the check and the use, you could still get the error.

[ianballou]

@zenhack I agree that conceptually it's strange to do it here as well. For the scope of this PR, I'm thinking about moving the config validation up and then only checking for a malformed path. The IO check can be done in another small PR.

[zenhack]

Sounds good.

[zenhack]

A number of inline comments.

[zenhack]

1. you can actually just call isdigit once:

>>> '423'.isdigit()
True

2. Why not actually check the range?

s.isdigit() and 0 < int(s) <= 4096

Or, for that matter, just lift the relevant bit of the schema from the dummy_vlan field.

[ianballou]

I'll check the range here, good for a first safety check

[ianballou]

Also after I do the r = r.strip().split("-") line, I sometimes end up with a list of strings, so I think I still need to loop through them with all

[zenhack]

Ah, you're right, I was thinking you were checking each character.

[zenhack]

You could be making better use of the library; Use, And, and Or are handy:

return And(Use(option.lower), Or('true', 'yes', 'on', ...))

This can be applied in a number of other places.

[ianballou]

For some reason, having this function like this instead just places whatever is in option into my validation schema, causing any config string to pass.

[ianballou]

It works however if I put the And(...) directly into the schema

[ianballou]

@zenhack how partial are you to using more of these library functions? I've been hacking at it for a while, and returning in this style causes the validation to not happen. From debugging it looks like there's an issue with returning the validation from another function, since it does work when hard-coding into the Schema dictionary.

To use more of the library functions I could instead remove some of the functions (like string_is_bool) and write the validation code right into the schema.

[zenhack]

Ah, you probably would need to do something like:

return And(Use(str.lower), Or(...)).validate(option)

I don't feel strongly; if it makes things awkward you can leave them as they are.

[ianballou]

Oh, that's what I was missing. That definitely works, but it comes down now to how ugly the error messages look:

Current code error example:

Error in config file: string_is_bool('Frue') should evaluate to True

New suggestion error example:

Error in config file: Or('true', 'yes', 'on', '1', 'false', 'no', 'off', '0') did not validate 'Frue'
'0' does not match 'Frue'

I'm not 100% sure why the errors look different now, perhaps because it's a separate validation happening before the main dictionary validation. I think the 2nd error option might expose a little too much code to the user.

[zenhack]

I could go either way re: the error message. They're both exposing implementation detail a bit, but the later has the virtue that it actually gives the user a good hint as to what the correct settnigs are.

[zenhack]

I don't think we need to use in here; they should be exactly equal.

Alternatively, you could do url.scheme in ('postgres', 'sqlite').

[zenhack]

We should probably check this by catching the IOError and reporting the issue; conceptually doing it here is weird, because the problem is an absent or non-writable directory, not a malformed confg file. Slightly more pragmatically, there's a race condition where if the directory is deleted/permissions changed between the check and the use, you could still get the error.

[zenhack]

Could probably check for a valid URL here.

Would be worth tightening the other fields here as well, where possible.

[ianballou]

I believe the only field I can check here is the auth_url. I considered auth_protocol at least, but the authentication plugins available can differ depending on what's installed.

[xuhang57]

As we discussed during the weekly meeting. Probably we should just return the e? Since e.message might be `None?

[ianballou]

I'd like to do that, yeah. I'm not sure if it's within the scope of this PR though.

[xuhang57]

Curious whether we could just return url.scheme != '' and url.netloc != '' .

I know you may wanna return the False explicitly?

[ianballou]

Sure, that works fine.

[xuhang57]

LGTM, just a note for the e.message may not exist.

[ianballou]

Tests are in progress now.

[zenhack]

A couple more things. Pretty close now.

[zenhack]

Might be good to distinguish between diferent errors:

import errno
...
except IOError as e:
    if e.errno == errno.ENOENT:
        # no such file or directory
    elif e.errno == errno.EPERM:
        ...

[zenhack]

I could go either way re: the error message. They're both exposing implementation detail a bit, but the later has the virtue that it actually gives the user a good hint as to what the correct settnigs are.

[naved001]

I'm happy. Just address @zenhack's comments.

[ianballou]

I've updated the functions to better use the schema library. I tried to not use lambdas, but I went with them since it seems to be a standard in the schema docs.

I also fixed up the IOError checking. In testing, EACCES was raised rather than EPERM for directory permissions. In case of an unexpected error, I re-raise it so the CLI can deal with it.

[zenhack]

One thing (caught by travis), but otherwise I'm happy.

[zenhack]

Think this should config.string_is_bool(s). Yay for linters catching real bugs.

[ianballou]

Ah so that's where it was! I was having a hard time figuring that out last week.

[ianballou]

Everything should be all set now.

[zenhack]

LGTM, merging.