Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: added consul policy list check #4164

Merged
merged 1 commit into from
Sep 22, 2022
Merged

fix: added consul policy list check #4164

merged 1 commit into from
Sep 22, 2022

Conversation

ItsRico
Copy link
Contributor

@ItsRico ItsRico commented Sep 21, 2022
edited
Loading

Added a check in getPolicyByName to see whether the policy exists in the policy list before attempting to get the policy. This prevents erroneous or unclear logging.

closes: #4108

Signed-off-by: Rico Chavez-Lopez [email protected]

If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/main/.github/Contributing.md

PR Checklist

Please check if your PR fulfills the following requirements:

  • [x ] I am not introducing a breaking change (if you are, flag in conventional commit message with BREAKING CHANGE: describing the break)
  • [x ] I am not introducing a new dependency (add notes below if you are)
  • [x ] I have added unit tests for the new feature or bug fix (if not, why?)
  • I have fully tested (add details below) this the new feature or bug fix (if not, why?)
  • I have opened a PR for the related docs change (if not, why?)

Testing Instructions

  • aclpolicies unit test
  • creating policy not in consul policy list

jim-wang-intel
jim-wang-intel requested changes Sep 21, 2022
View reviewed changes
Copy link
Contributor

@jim-wang-intel jim-wang-intel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should refactor to remove the find by name logic if already found

internal/security/bootstrapper/command/setupacl/aclpolicies.go Outdated
Comment on lines 220 to 226
case http.StatusOK:
for _, policy := range policyList {
if policyName == policy.Name {
isExistingPolicy = true
break
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we already found policy here, we can just return policy? why we need to find policy by name again below? (IMO, kind of redundant logic below)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it's not. The list API only returns the names of the policies. Still need another call to actually get the policy (i.e. it is just chaining off to the original code).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that is not true: see this: https://www.consul.io/api-docs/acl/policies#list-policies

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jim-wang-intel I understand, I think, what you were saying. We only really need the name and the ID, not the text of the policy. I think I like the solution as presented because it addresses the bug as stated (error in consul log due to get of non-existent policy.) Since this is bootstrapping logic, it is not performance critical that we get the answer we need in one or two REST API calls. I think we should implement the simplest and most readable fix. We can refactor later if we want.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep, it sounds ok

@ItsRico
fix: added consul policy list check
aa55db8 
Added a check in getPolicyByName to see whether the policy exists in the
policy list before attempting to get the policy. This prevents erroneous
or unclear logging.

closes: edgexfoundry#4108

Signed-off-by: Rico Chavez-Lopez <[email protected]>
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

jim-wang-intel
jim-wang-intel approved these changes Sep 22, 2022
View reviewed changes
Copy link
Contributor

@jim-wang-intel jim-wang-intel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bnevis-i bnevis-i marked this pull request as ready for review September 22, 2022 00:55
@bnevis-i bnevis-i merged commit a394857 into edgexfoundry:main Sep 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jim-wang-intel jim-wang-intel jim-wang-intel approved these changes

@bnevis-i bnevis-i bnevis-i approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"ACL not found" messages logged as errors
3 participants
@ItsRico @bnevis-i @jim-wang-intel