-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes to jimmctl auth relation list
#1220
Conversation
If you're new to commit signing, there are different ways to set it up: Sign commits with
|
… referred to in other files
…to include a multipage result
f3003f3
to
8240162
Compare
cmd/jimmctl/cmd/relation_test.go
Outdated
_, err := cmdtesting.RunCommand(c, cmd.NewAddGroupCommandForTesting(s.ClientStore(), bClient), groupName) | ||
c.Assert(err, gc.IsNil) | ||
|
||
tabularOutput += fmt.Sprintf("\[email protected] member group-%-72s", groupName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How come the use of -72s
? I had to google as I don't see this often, for others, it left-justifies the text and prints a minimum of 72 chars.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The output has whitespace after each line to match the length of the longest row. 72 is a hard-coded diff between the length of this string without groupName
and the required line length.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe leave a comment to that effect, if someone were to add a new relation that increases/remove a relation and decreases the longest row, that will be annoying to debug.
d050539
to
5a90332
Compare
jimmctl auth relation list
jimmctl auth relation list
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this. Just a few comments.
@@ -111,13 +111,12 @@ endef | |||
|
|||
# Install packages required to develop JIMM and run tests. | |||
APT_BASED := $(shell command -v apt-get >/dev/null; echo $$?) | |||
sysdeps: | |||
sys-deps: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I checked there are still a few more instances that point to sysdeps
. Can you please update them as well?
cmd/jimmctl/cmd/relation.go
Outdated
response, err := client.ListRelationshipTuples(¶ms) | ||
if err != nil { | ||
return nil, errors.E(err) | ||
} | ||
if response.ContinuationToken != "" { | ||
response1, err := fetchRelations(client, params, response.ContinuationToken) | ||
params.ContinuationToken = response.ContinuationToken | ||
response1, err := fetchRelations(client, params) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(suggestion) Now that you're fixing this, can you please also refactor it and get rid of the recursive calls to fetchRelations
? This should just be a simple loop that runs until it gets the same continuation token back.
We have done this kind of loop before. You can just replicate it.
cmd/jimmctl/cmd/relation_test.go
Outdated
c.Assert(err, gc.IsNil) | ||
c.Assert(cmdtesting.Stdout(context), gc.Equals, relationsToTabularStr(expectedRelations)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand what you did here, but I think this actually is a bit against the purpose of the test.
The thing is, with this change, we'll have two implementations for tabular printing; one in the code (i.e., the formatRelationsTabular
function that uses utiable
under-the-hood), and the new relationsToTabularStr
that you've made for testing. What we want to do is to make sure the former does its job as expected. So, we need to compare the output with something that we are absolutely sure that it's accurate. But, if we use the relationsToTabularStr
helper method, we can never be sure because the helper method is not tested. Now, if we attempt to write a test for it, we again have to compare the output with a literal multiline string, like what we originally had in the test.
I'm not sure if I've conveyed my point clearly. But the gist is, if possible, we shouldn't assert against something that is not totally trusted to work as expected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fully agree with this point, but in this situation I considered it trival enough to prefer a helper over an easily breakable hard-coded multiline string that requires perfectly matching whitespace on each line which gives you a headache on every change. The perspective of changing a few strings like this after possibly more tests get added seems dreading compared to, in my opinion, the minimal stink of this helper given its simple logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's get rid of the helper function, use export_test to export the formatting function used by the command and use that to write the expected output to a string, then compare.. i don't think there's any value in having a separate helper function here.. if we ever change tabular format, we'll need to change the helper function, too..
case jimmnames.ServiceAccountTagKind: | ||
return jimmnames.ServiceAccountTagKind + "-" + tag.ID, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this. We need to update the tests to cover this as well. You can find the test function here:
Please, in addition to a test case for the service account tag, add one more for the group tags (which we've missed adding before).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is still missing, a test in access_control.go for the changes to ToJAASTag
.
case jimmnames.ServiceAccountTagKind: | ||
zapctx.Debug( | ||
ctx, | ||
"Resolving JIMM tags to Juju tags for tag kind: serviceaccount", | ||
zap.String("serviceaccount-name", trailer), | ||
) | ||
return ofganames.ConvertTagWithRelation(jimmnames.NewServiceAccountTag(trailer), relation), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(question) @alesstimec @ale8k @kian99 Just want to make sure; we cannot check for the service account existence at this stage? Because the tag might exist but the the service account has not yet logged in (and hence to Identity
entry is associated to it), right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't think we need a DB lookup at this point, no.. it's better to show "stale" tuples that might be left-overs and give admins the ability to delete them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@babakks I believe that is correct:
the tag might exist but the the service account has not yet logged
Users work the same way
cmd/jimmctl/cmd/relation_test.go
Outdated
c.Assert(err, gc.IsNil) | ||
c.Assert(cmdtesting.Stdout(context), gc.Equals, relationsToTabularStr(expectedRelations)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's get rid of the helper function, use export_test to export the formatting function used by the command and use that to write the expected output to a string, then compare.. i don't think there's any value in having a separate helper function here.. if we ever change tabular format, we'll need to change the helper function, too..
case jimmnames.ServiceAccountTagKind: | ||
zapctx.Debug( | ||
ctx, | ||
"Resolving JIMM tags to Juju tags for tag kind: serviceaccount", | ||
zap.String("serviceaccount-name", trailer), | ||
) | ||
return ofganames.ConvertTagWithRelation(jimmnames.NewServiceAccountTag(trailer), relation), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't think we need a DB lookup at this point, no.. it's better to show "stale" tuples that might be left-overs and give admins the ability to delete them
cmd/jimmctl/cmd/relation.go
Outdated
response.Tuples = tuples | ||
return response, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bit confusing to read because we are creating a new response object in each loop and then at the end using the last response. I'd prefer creating a response object above the for loop, and then renaming the current response variable to page
, then append tuples to response.Tuples and finally return the response.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @kian99. We can just create a new apiparams.ListRelationshipTuplesResponse
instance after the end of the loop and assign the tuples.
case jimmnames.ServiceAccountTagKind: | ||
return jimmnames.ServiceAccountTagKind + "-" + tag.ID, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is still missing, a test in access_control.go for the changes to ToJAASTag
.
cmd/jimmctl/cmd/export_test.go
Outdated
@@ -321,3 +323,7 @@ func NewMigrateModelCommandForTesting(store jujuclient.ClientStore, lp jujuapi.L | |||
|
|||
return modelcmd.WrapBase(cmd) | |||
} | |||
|
|||
func FormatRelationsTabularForTesting(writer io.Writer, value interface{}) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since it's just for the sake of exposing formatRelationsTabular
you can do it like this (which makes it more consistent with other same usages like this one):
var FormatRelationsTabular = formatRelationsTabular
cmd/jimmctl/cmd/relation.go
Outdated
response1, err := fetchRelations(client, params) | ||
tuples := make([]apiparams.RelationshipTuple, 0) | ||
for { | ||
response, err := client.ListRelationshipTuples(¶ms) | ||
if err != nil { | ||
return nil, errors.E(err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(suggestion) Can you please add an error message to this, like:
return nil, errors.E(err, "failed to fetch list of relationship tuples")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually I'd caution against this because it would hide the underlying error. JIMM's error package is very poor in that it doesn't provide a clean way of masking or surfacing the underlying error. So here I think the best thing to do would be
errors.E(fmt.Sprintf("message: %s",err.Error()))
We'll need to improve it in the future but for now consider where you want to mask errors and where you want to present them to the user.
cmd/jimmctl/cmd/relation.go
Outdated
response.Tuples = tuples | ||
return response, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @kian99. We can just create a new apiparams.ListRelationshipTuplesResponse
instance after the end of the loop and assign the tuples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description
This PR fixes a bugs in
jimmctl auth relation list
which cause:defaultPageSize
of 50.serviceaccount
tag&
Engineering checklist
Check only items that apply