Code Monkey home page Code Monkey logo

attribute-validator's Introduction

attribute-validator cookbook

A Chef cookbook that applies validation rules to the node attributes during a chef run. The cookbook itself is rather small; most of the guts are in a gem named 'chef-attribute-validator'.

Why would I possibly want that?

Attribute merging is hard. It's very easy to accidentally override something (in a role, node, environment, third-order-dependent cookbook....), or fat-finger a attribute name, or have a change in another cookbook stomp on your attributes. I wanted something industrial-strength that would provide early warning when an attribute was missing, spurious, or had an incoherent value.

I also wanted the cookbook that cares about the validation to be able to define the rules in a simple way, and make it easy to have as much or as little validation as you want to implement.

Requirements

Requires the chef-attribute-validator gem installed to the Chef client's gem store. This cookbook will install it automatically if it is not present.

Usage

Writing Rules

Basically, you define rules in node attributes. A typical use case comes up when you're creating a new cookbook. Naturally, you expose certain "knobs" as node attributes, which the user of your cookbook can set in any number of ways - application or wrapper cookbooks attribute files, roles, even environments. You'd like to catch missing or invalid attribute values before you try to converge using them, and throw a meaningful error (something better than "No such method [] for nil:NilClass", for example).

So, to define rules, add a series of hashes in your cookbook attributes. Each rule has a path, which optionally includes wildcards; the path is then used to select which attributes to apply the rule's checks. Checks include things like type, presence, regex, and so one; the list is growing, see https://github.com/clintoncwolfe/chef-attribute-validator for the latest.

Here is how to make sure that your feature flags really are booleans, and not 0, 1, "true", etc.

 default['attribute-validator']['rules']['some-rule'] = {
    'path' => '/my-cookbook/feature_*/enabled',
    'type' => 'boolean',
 }

Enforcing rules via recipes

To enforce the rules, include one of the two recipes in your runlist, or directly in your runlist.

Most people will want this one, which will check for invalid attributes and abort the run before any* resources are actually converged:

include_recipe "attribute-validator::compile-time-check"

  • It is possible to converge a resource at compile-time; this is common for setting up package repos, installing gems, etc. Those resources may still fire, depending on where the compile-time-check recipe is in the runlist.

Alternatively, if you want the run to converge up until reaching your cookbook, and then abort if anything is invalid, you can use:

include_recipe "attribute-validator::converge-time-check"

This tends to be messier, but that may be OK.

Calling the Gem Directly

If you'd like to have more control over how violations are handled, you can call the gem directly.

# In a recipe or LWRP
include_recipe "attribute-validator::install"
violations = Chef::Attribute::Validator.new(node).validate_all

For details on the contents of violations, as well as other method calls allowing you to validate rules one at a time, see https://github.com/clintoncwolfe/chef-attribute-validator .

Attributes

Rule definitions occur under default['attribute-validator']['rules'][...] like this:

 default['attribute-validator']['rules'][some-rule] = {
    'path' => '/my-cookbook/feature_*/enabled',
    # Checks like type, regex, looks_like, min_children, present, etc 
    ...
 }

 default['attribute-validator']['rules'][another-rule] = { ... }

The cookbook also exposes a few settings of its own:

  default['attribute-validator']['fail-action'] = 'error'

The default is 'error', which will raise an exception if any violations are found, halting the chef run. You may also provide 'warn', which will issue a warning to the chef log for each violation found, but allow the run t continue.

Recipes

No default.

This cookbook has no default recipe.

attribute-validator::compile-time-check

Calls the install recipe, then calls validate_all at compile time; if nonzero violations are found, throws an exception, which halts the run.

attribute-validator::converge-time-check

Calls the install recipe, then calls validate_all at convergence time (inside a ruby block); if nonzero violations are found, throws an exception, which halts the run.

attribute-validator::install

Utility recipe; installs and loads the chef-attribute-validator gem at compile-time.

Bugs, Limitations, Misfeatures, Whinges, Roadmap

Reporting Issues

Please report issues by opening a github issue at https://github.com/clintoncwolfe/attribute-validator . You're a thorough person who knows how important it is to give back to the community, so of course you'll be sending along a pull requst with a failing test, and another pull request with a fix. That's just who you are, you're not bragging.

Outstanding Bogs

None known.

Roadmap

Add support for reading rules from metadata.rb attribute DSL entries

Because nothing enforces that now.

Handler support?

Add support for sending violations via a handler, to ... somewhere?

Author

Clinton Wolfe

Contributing

  1. Fork it (https://github.com/clintoncwolfe/attribute-validator)
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request at (https://github.com/clintoncwolfe/attribute-validator)

attribute-validator's People

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar

Forkers

peick flant

attribute-validator's Issues

Provide offline install of CAV gem

Use case: the targeted node does not have access to rubygems.org .

Provide attributes that allow the attribute-validator cookbook to install the gem from a local file.

Consider shipping the gem as a cookbook file (ewww).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.