New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a way to exclude sources, checks and/or keys from results #228
Conversation
An example config file may look like:
So you can have source=ipahealthcheck.ipa to block out all but the pki healthchecks. |
man/man5/ipahealthcheck.conf.5
Outdated
@@ -31,11 +31,33 @@ Values should not be quoted, the quotes will not be stripped. | |||
Options must appear in the section named [default]. There are no other sections defined or used currently. | |||
|
|||
Options may be defined that are not used. Be careful of misspellings, they will not be rejected. | |||
.SH "EXCLUDES" | |||
There may be reasons that a user will want to suppress some results. One example is a customer certificate that is generating a warning because it is unknown to IPA. Excluding a result byu key does not prevent it from running, it is filtered from the reported results. Excluding by source or key will prevent it from running at all. Services will not be excluded because other checks may rely on them (ipahealthcheck.meta.services). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: "byu"
src/ipahealthcheck/core/config.py
Outdated
from ipahealthcheck.core.constants import DEFAULT_CONFIG | ||
|
||
logger = logging.getLogger() | ||
|
||
|
||
class DuplicateOrderedDict(OrderedDict): | ||
def __setitem__(self, key, value): | ||
"""Duplicate keys will be concatonated strings separated by new-line""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: "concatonated"
Is it possible to use
|
Do you think it would be useful to have these options on the CLI as well? |
The excludes_ options should not have been in the man page. That was from a previous incarnation of the change. I dropped it. But you're right, it was semi-processed anyway. The intention was to only process those in the new section so that format so I made excludes_* be skipped when processing [default] just to be certain.
Probably but I couldn't think of a use-case. One might do it for a one-off but then you'd need to remember to skip it with each run. I think in the config file one could log the reason for the skip. |
Maybe you could add an example usage to the ipahealtcheck.conf man page. Other than that this LGTM. |
Man page updated. |
We allow to exclude on three different levels: * source * check * key Excluding a source could be used to disable a misbehaving set of checks, particularly one not provided by upstream. A check would be similar. Not all results have a key but most do. If we run into corner cases we can address them as they come up. The example I had in mind is an untracked certificate that is otherwise legitimate. This could be marked as excluded by key so ipa-healthcheck will no longer return failures. Filtering happens twice. Any sources or checks excluded will simply not be executed. keys are excluded after execution. This adds new section, [exclusions], which will contain three types of exclusions and can be repeated: source config key freeipa#176 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Being able to suppress a specific key rather than a whole source or check is better. I'm not ready yet to assert that there is a key in each Result since that would be a rather impactful change but for the purposes of this change I added an assert and ran it through the unit tests. freeipa#176 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Create a new source and register two plugins to it. Use an Output plugin to collect the results in a global variable so the results can be evaluated after the run is complete. Use a temporary configuration file to set the test configuration. Test suppressing: - nothing - the source - one check - one key Signed-off-by: Rob Crittenden <rcritten@redhat.com> freeipa#176
A config option was added which needs to be passed in during the test call. Signed-off-by: Rob Crittenden <rcritten@redhat.com>
We allow to exclude on three different levels:
Excluding a source could be used to disable a misbehaving set of
checks, particularly one not provided by upstream. A check would
be similar.
Not all results have a key but most do. If we run into corner
cases we can address them as they come up.
The example I had in mind is an untracked certificate that is
otherwise legitimate. This could be marked as excluded by key
so ipa-healthcheck will no longer return failures.
Filtering happens twice. Any sources or checks excluded will simply
not be executed. keys are excluded after execution.
This adds new section, [exclusions], which will contain three types
of exclusions and can be repeated:
source
config
key
#176
Signed-off-by: Rob Crittenden rcritten@redhat.com