builder origin rbac subcommand #7841
Conversation
jeremymv2
requested review from
christophermaier,
davidMcneil and
eeyun
as code owners
jeremymv2
force-pushed
the
jeremymv2/rbac_subcommand
branch
from
da16a6a to
5c56610
Compare
|
Code looks good, but it does appear to have broken some unit tests. Otherwise its 👍 from me. |
|
@eeyun the unit tests are fixed up now. |
This comment has been minimized.
This comment has been minimized.
Signed-off-by: Jeremy J. Miller <[email protected]>
…messsaging Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
jeremymv2
force-pushed
the
jeremymv2/rbac_subcommand
branch
from
9472ea6 to
4c94bd8
Compare
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
| fn tabify(mut tw: TabWriter<Vec<u8>>, s: &str) -> Result<String> { | ||
| write!(&mut tw, "{}", s)?; | ||
| tw.flush()?; | ||
| String::from_utf8(tw.into_inner().expect("TABWRITER into_inner")).map_err(|e| { |
There was a problem hiding this comment.
Because this function already returns a Result, could we remove this expect in favor of propagating the Err?
There was a problem hiding this comment.
Handled in 78f9d5e
components/hab/src/cli/hab/util.rs
Outdated
| }) | ||
| } | ||
|
|
||
| pub fn bldr_url_from_args_env_load_or_default(opt: Option<Url>) -> String { |
There was a problem hiding this comment.
It is a bummer we lose type information here (ie Url to String). Could we make this return a Url?
There was a problem hiding this comment.
The config file should probably require bldr_url be a Url, correct?
There was a problem hiding this comment.
The function now returns a Result<Url> type instead of String. Take a look and see if what's there now looks agreeable. 3568a83
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
components/core/src/origin.rs
Outdated
| pub const ORIGIN_MEMBER_ROLE_READONLY_MEMBER: &str = "readonly_member"; | ||
| pub const ORIGIN_MEMBER_ROLE_MEMBER: &str = "member"; | ||
| pub const ORIGIN_MEMBER_ROLE_MAINTAINER: &str = "maintainer"; | ||
| pub const ORIGIN_MEMBER_ROLE_ADMINISTRATOR: &str = "administrator"; | ||
| pub const ORIGIN_MEMBER_ROLE_OWNER: &str = "owner"; |
There was a problem hiding this comment.
No need to change anything, but I am personally a fan of asciating constants like this with the type. So something like:
impl OriginMemberRole {
const READONLY_MEMBER: &'static str = "readonly_member";
const MEMBER: &'static str = "member";
const MAINTAINER: &'static str = "maintainer";
const ADMINISTRATOR: &'static str = "administrator";
const OWNER: &'static str = "owner";
}You can then access them with OriginMemberRole::READONLY_MEMBER
There was a problem hiding this comment.
Totally agree. Adjusted in 9aee65a
There was a problem hiding this comment.
I like your change. Although, it was not quite what I had in mind 😄. My intention was to scope the constants within the OriginMemberRole so they should be defined in an impl OriginMemberRole { } block and accessed with OriginMemberRole::READONLY_MEMBER. But I dont think there is any need to change anything for this case.
There was a problem hiding this comment.
ahh yes. I'll make it so.
There was a problem hiding this comment.
I've modified in 78f9d5e
…|show functions Signed-off-by: Jeremy J. Miller <[email protected]>
Signed-off-by: Jeremy J. Miller <[email protected]>
|
@davidMcneil I believe I've taken care of all the feedback items thus far. Care to sanity check me? ❤️ |
components/hab/src/cli/hab/origin.rs
Outdated
| /// The role name to enforce for the member account [values: readonly_member, member, | ||
| /// maintainer, administrator, owner] |
There was a problem hiding this comment.
We could use #[structopt(possible_values = &[OriginMemberRole::READONLY_MEMBER ...])] which will automatically display the possible values and has better traceability should we ever add an OriginMemberRole` variant.
There was a problem hiding this comment.
This is a nice capability. Added in 78f9d5e
| let res = tw.into_inner(); | ||
| if res.is_err() { | ||
| return Err(Error::TabWriterIntoInnerFailed("Unable to flush \ | ||
| tabwriter buffer to \ | ||
| inner." | ||
| .to_string())); | ||
| } | ||
| let inner = res.unwrap(); |
There was a problem hiding this comment.
I dont think we should have a custom TabWriterIntoInnerFailed type. Instead we could use the io::Error that is part of tabwriter::IntoInnerError
We could use:
let inner = tw.into_inner().map_err(|e| {
IoError::new(e.error().kind(),
"Unable to flush tabwriter buffer to inner.")
})?;This preserves the io::Error kind, prevents us from having to create a new type, and avoids an unwrap.
There was a problem hiding this comment.
Modified as such in 78f9d5e
components/core/src/error.rs
Outdated
| @@ -340,6 +347,7 @@ impl fmt::Display for Error { | |||
| Error::GetExitCodeProcessFailed(ref e) => e.to_string(), | |||
| Error::CreateToolhelp32SnapshotFailed(ref e) => e.to_string(), | |||
| Error::WaitForSingleObjectFailed(ref e) => e.to_string(), | |||
| Error::TabWriterIntoInnerFailed(ref e) => e.to_string(), | |||
There was a problem hiding this comment.
See other comments. I dont think this type should be needed.
There was a problem hiding this comment.
Removed in 78f9d5e
components/hab/src/error.rs
Outdated
| @@ -48,6 +48,7 @@ pub enum Error { | |||
| HabitatCore(hcore::Error), | |||
| // Boxed due to clippy::large_enum_variant | |||
| HandlebarsRenderError(Box<handlebars::TemplateRenderError>), | |||
| InvalidUrl(String), | |||
There was a problem hiding this comment.
I dont think we should add this variant. See other comments.
There was a problem hiding this comment.
Variant removed in 78f9d5e
components/hab/src/cli/hab/util.rs
Outdated
| Url::parse(&bldr_url_from_env_load_or_default()).map_err(|e| { | ||
| Error::InvalidUrl(e.to_string()) | ||
| }) |
There was a problem hiding this comment.
Instead of mapping the error here, because this is the only possible error the function can return can we change the Error type the function returns?
There was a problem hiding this comment.
removed the error mapping in 78f9d5e
components/hab/src/cli/hab/util.rs
Outdated
| pub inner: Origin, | ||
| } | ||
|
|
||
| pub fn bldr_url_from_env_load_or_default() -> String { |
There was a problem hiding this comment.
This could be private.
There was a problem hiding this comment.
Changed to private in 78f9d5e
| match henv::var(AUTH_TOKEN_ENVVAR) { | ||
| Ok(v) => Ok(v), | ||
| Err(_) => { | ||
| config::load()?.auth_token.ok_or_else(|| { | ||
| Error::ArgumentError("No auth token specified. \ | ||
| Please check that you have \ | ||
| specified a valid Personal \ | ||
| Access Token with: -z, \ | ||
| --auth <AUTH_TOKEN>" | ||
| .into()) | ||
| }) | ||
| } |
There was a problem hiding this comment.
I think this could use or_else
There was a problem hiding this comment.
I believe this has to be ok_or_else since config::load is returning an option for auth_token. If I change to or_else clippy says:
error[E0308]: mismatched types
--> components/hab/src/cli/hab/util.rs:90:17
|
83 | pub fn bldr_auth_token_from_args_env_or_load(opt: Option<String>) -> Result<String, Error> {
| --------------------- expected `std::result::Result<std::string::String, error::Error>` because of return type
...
90 | / config::load()?.auth_token.or_else(|| {
91 | | Error::ArgumentError("No auth token specified. \
92 | | Please check that you have \
93 | | specified a valid Personal \
... |
96 | | .into())
97 | | })
| |____________________________________________^ expected enum `std::result::Result`, found enum `std::option::Option`
|
= note: expected enum `std::result::Result<std::string::String, error::Error>`
found enum `std::option::Option<std::string::String>`
I need to return an result so that the CLI marshaling can error if no auth token is found and one is required. We need to figure out how to handle this natively in the future (loading from args, ENV, OR cli.toml. See: #7866
For now we need to return a Result so that we can error appropriately before calling the start function of the command:
let auth_token = bldr_auth_token_from_args_env_or_load(r.auth_token.value)?;
There was a problem hiding this comment.
Yeah, sorry I was not clear. I meant this part match henv::var(AUTH_TOKEN_ENVVAR) we could probably avoid the need to match on the Ok just to wrap it back up in Ok, but it would not really buy us that much.
| } | ||
| } else { | ||
| ui.status(Status::Discovering, "origin member role".to_string())?; | ||
| println!("Member {} has the '{}' role in the {} origin.", |
There was a problem hiding this comment.
Should this be a println? Maybe a ui.status or debug! instead?
There was a problem hiding this comment.
Added ui.status in 78f9d5e
Signed-off-by: Jeremy J. Miller <[email protected]>
Closes #7599
Companion to habitat-sh/builder#1431
Although there was a lot more potential structopt work to do, I had to stop myself and stash that effort as the blast radius became very broad (ie. AuthToken, Origin and BldrURL touch 90% of CLI commands).
To handle the remaining structopt work that will allow us to be more streamlined, I created #7866
Signed-off-by: Jeremy J. Miller [email protected]