Added addr support to vault #76
Conversation
Added support for VAULT_ADDR to the config files, as well as the command line arguments. Changed the config parsing process such that everything is parsed to an Options datatype after which the options are merged. The addr field is after each separate parsing verified to be correct and the information is distributed over the UseTLs (HTTP/HTTPS), Host and Port.
Hlint changes applied that seemed logical and consistent with the code style.
Fixed warnings and errors in Main.hs and Config.hs. Removed some redundant code and changed some imports.
Fixed a bug where wrong schemes were accepted with an invalid address. Added some whitespace to two error messages.
Added a number of test that test whether mismatching addresses are rejected and correct addresses are accepted.
There was a problem hiding this comment.
All in all, I think this is a very good effort! Nice job so far! :)
Some things that I liked:
- Thank you for thinking about tests and comments!
- Being considerate about naming/the style of the rest of the code.
Since you asked me over lunch to take an especially critical look at this, I have quite the list of comments/remarks. I hope this feedback is of the kind that you were looking for. If you want me to have a look at something else in particular, then let me know.
Please feel free to:
- Ask me to clarify points where I glanced over reasoning and/or details.
- Tell me where you feel like a remark does not make sense/feels pointless/is not applicable/won't work/takes too much effort to address/is not important in the grand scheme of things/is scope inflation and you want to fix this later/etc. Basically: code reviews are a two way street :)
If you want to, then I'm available to go over these remarks in person.
Some general notes:
- We prefer imperative commit messages over past-tense:
Add VAULT_ADDR supportinstead ofAdded VAULT_ADDR support. - We indent Haskell with 2 spaces, not 4.
src/Config.hs
Outdated
| , [UnspecifiedValue "Secret file" | isNothing (oSecretFile opts)] | ||
| ] | ||
|
|
||
| splitAddress :: String -> (Maybe String, String, String) |
There was a problem hiding this comment.
We probably already have a dependency on a package which parses URLs/URIs (either direct or transitive). Can we use that instead?
Otherwise:
- Please add a Haddock. What is the goal of this function, what are some example inputs/outputs?
- The return type probably benefits from a type alias/newtype/record
- What happens when you give this thing some garbage? E.g.
VAULT_ADDR=https://foo::8550/asdf - Why is the scheme a
Maybe, but not the other tuple members? Why is the port a string?
In general, I think this kind of parsing code is tricky to get right. From looking at the code here, I can't easily reason about the correctness (especially in degerate cases). If we're not using a function from a library, then I would at least:
- Add an example based unit test for this function in particular.
- If we found some problems while doing that; add a property test which start with a random URL, turn it into a string, and then try to parse it with this function. I can show you how to do that if you want.
E.g. for an abitrary (Maybe String, String, String) -- (you'll need a newtype to specify the instance), generate the original String and see if parsing it with this function yields the same (Maybe String, String, String)
There was a problem hiding this comment.
I could not find a function that does exactly as described (and needed), so I propose we keep this for the moment. I added Haddock documentation, including several examples, as well as a number of example tests and property tests.
|
Oh and just noticed that there is quite some trailing whitespace here. Please configure your editor to strip trailing whitespace before saving a file :) |
Added phantom types for validated and completed to options data type to ensure type safety for certain calls. Rewrote several datatypes because of this.
Added several comments, removed unnecessary code
Added and changed comments to Config.hs
Fixed several issues with Haddock comments.
Fixed several issues where the layout and naming could be improved.
Added several HSpec tests for the splitAddress function.
There was a problem hiding this comment.
Thanks for the fixes! I took this for a spin on my local dev env and on a test server! This seems to work; nice job :)
I have two specific remarks. One about a test, another about the display of the error messages.
In addition, I have two high-level requests:
- Can you clean up all trailing whitespace? There is still some left
- We also need user facing documentation for the things in here. (But let's not do that on this PR). Can you create a new issue for documenting all these new environment variables + what happens in case the user specifies conflicting options?
test/ConfigSpec.hs
Outdated
| spec :: SpecWith () | ||
| spec = | ||
| describe "Split addr" $ do | ||
| it "should accept http schemes " |
There was a problem hiding this comment.
Nit: you can add a it "should accept http schemes" $ do to save a few lines with parentheses.
test/integration/invalid_addr.sh
Outdated
| echo "not ok 1 - vaultenv didn't complete" | ||
| fi | ||
|
|
||
| #test if the addr is accepted when the same as the host, port and scheme (use tls) |
There was a problem hiding this comment.
Is this comment correct? You seem to test rejection instead of acceptance
src/Config.hs
Outdated
| show (UnknownScheme s) = "The address " ++ s ++ " has no recognisable scheme, " | ||
| ++ " expected http:// or https:// at the beginning of the address." | ||
| show (NonNumericPort s) = "The port " ++ s ++ " is not a valid int value" | ||
| show (HostPortSchemeAddrMismatch useTLs host port addr) = |
There was a problem hiding this comment.
This error message renders up as:
[ERROR] The use TLs True , the host "localhost" and the port 8200 do not match the provided addr "http://localhost:8200"
Can we clean this up and make it a bit more user friendly?
Suggested error message:
[ERROR] Conflicting configuration values in (environment variables|config file x|CLI options):
Vault Address: {}
Vault Host: {}
Vault Port: {}
Use TLS: {}
Hint: This can happen when you provide a `VAULT_ADDR` environment which conflicts with the `--port`, `--host`, and `--[no-]connect-tls` flags and when [INSERT OTHER REASONS IF THOSE EXIST].
Since we can also override these settings on the CLI and with the environment, this message would be even better if we could include "Conflicting options on the CLI" / in config file X / in the process environment
There was a problem hiding this comment.
I clarified the error message, it now reads:
[ERROR] Confliciting configuration values in cli options
Vault address: "http://localhost:42"
Vault host: Unspecified
Vault port: 1234
Use TLS: Unspecified
Hint: This can happen when you provide a `addr` which conflicts with `port`, `host`, or `[no-]connect-tls` in either the environment variables or the CLI.
I changed the hint a bit, because the conflicts can also occur in the environment variables of the .env files.
src/Config.hs
Outdated
|
|
||
| -- | Validates for a set of options that any provided addr is valid and that either the | ||
| -- scheme, host and port or that any given addr matches the other provided information. | ||
| validateCopyAddr :: Options UnValidated completed -> Either OptionsError (Options Validated completed) |
There was a problem hiding this comment.
Do we have test coverage for all these different code paths somewhere? Could we add some tests for this?
src/Config.hs
Outdated
| -- http://localhost:80/foo/bar -> (Just "http://","localhost","80/foo/bar") | ||
| splitAddress :: String -> (Maybe Scheme, Host, StringPort) | ||
| splitAddress addr = | ||
| let |
| @@ -1,7 +1,5 @@ | |||
| #!/bin/bash | |||
|
|
|||
| set -e | |||
There was a problem hiding this comment.
Why was this test changed? The commit message (a0c33fb) does not discuss any reasoning.
Was a part of this test failing hadn't we spotted it?
There was a problem hiding this comment.
With or without this flag, the tests will correctly verify. The main difference is that without this flag, the tests will run properly and a failure in them will be caught by the check for their return code. If we were to have the flag, the whole script would fail and prove would not be able to properly tell which test failed, it would simply say that the entire script failed.
src/Config.hs
Outdated
| data UnValidated | ||
|
|
||
| -- | An empty set of options, nothing is specified | ||
| emptyOptions :: Options Validated UnCompleted |
There was a problem hiding this comment.
Doesn't seem to be used anymore
|
|
||
|
|
||
| instance Show OptionsError where | ||
| show (UnspecifiedValue s) = "The option " ++ s ++ " is required but not specified" |
There was a problem hiding this comment.
Sort of related: when we detect mulitple errors (awesome that we detect mulitple errors 👏), we render them like:
[ERROR] [The option Command is required but not specified,The option Secret file is required but not specified]
Can we split that:
[ERROR] The option Command is required but not specified
[ERROR] The option Secret file is required but not specified
There was a problem hiding this comment.
This has been updated.
Updated the error messages to better display multiple errors and include extra information when there is a mismatch with the addr.
Fixes #66.
Added support for VAULT_ADDR to the config files, as well as the command
line arguments. Changed the config parsing process such that everything
is parsed to an Options datatype after which the options are merged. The
addr field is after each separate parsing verified to be correct and the
information is distributed over the UseTLs (HTTP/HTTPS), Host and Port.