Skip to content
This repository has been archived by the owner on Jun 5, 2020. It is now read-only.

(CLOUD-184, CLOUD-205) Avoid ambiguity when using the AWS_REGION environment var #401

Conversation

ahenroid
Copy link

No description provided.

garethr and others added 2 commits March 24, 2015 09:46
If using the AWS_REGION environment variable and a manifest where the
region property of one or more resources doesn't match you can see
unspecified behaviour. See
puppetlabs-toy-chest#117 for discussions.

This PR extracted from the above simply stops that from happening. If
the env is present and doesn't match All of the region properties then
we fail. This maintains the utility of the env var as an optimisation
but stops us shooting ourselves in the foot.
@ahenroid
Copy link
Author

This PR updates and replaces the older, but still relevant #132. This applies the region policy consistently across all resource types.

@garethr and @DavidS, can I get both of you to sign off on this?

@ahenroid ahenroid changed the title Update pull request #132 (CLOUD-184, CLOUD-205) Avoid ambiguity when using the AWS_REGION environment var Jan 20, 2017
Copy link
Contributor

@prozach prozach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The consolidation of code looks good to me. A few comments, but overall +1.

@@ -17,7 +18,7 @@
desc 'Tags for the DHCP option set.'
end

newproperty(:region) do
newproperty(:region, :parent => PuppetX::Property::AwsRegion) do
desc 'The region in which to assign the DHCP option set.'
validate do |value|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validate can likely be removed now too.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah! Good catch. I missed this one.

module PuppetX
module Property
class AwsRegion < Puppet::Property
validate do |value|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect the failure cases can be cleaned up here a bit. If we get a value, is it a string, else fail. If its a string, match a regex to ensure its a valid region.

fail 'region should not contain spaces' if value =~ /\s/
fail 'region should not be blank' if value == ''
fail 'region should be a String' unless value.is_a?(String)
if !ENV['AWS_REGION'].nil? && ENV['AWS_REGION'] != value
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic is hard for me to read. Is there another way that this can be written to provide a bit more clarity about the intent?

fail 'region should not be blank' if value == ''
fail 'region should be a String' unless value.is_a?(String)
if !ENV['AWS_REGION'].nil? && ENV['AWS_REGION'] != value
fail "if using AWS_REGION environment variable it must match the specified region value for #{name}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For my own understanding, this is the case because we call *_client methods in the providers, and those use the default region, correct?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zleswomp Here's the original comment from @garethr: "If using the AWS_REGION environment variable and a manifest where the region property of one or more resources doesn't match you can see unspecified behaviour. See #117 for discussions."

@ahenroid ahenroid force-pushed the garethr-avoid-region-clash-between-env-and-property branch from e177daf to 40fef22 Compare January 21, 2017 01:01
@ahenroid
Copy link
Author

Thanks for the feedback, @zleswomp! I've addressed each of your comments.

validate do |value|
name = resource[:name]
fail 'region should be a String' unless value.is_a?(String)
fail 'region should be a valid AWS region' unless value =~ /^(ap-(north|south)east-[12]|ap-south-1|ca-central-1|eu-west-[12]|eu-central-1|sa-east-1|us-(east|west)-[12])$/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Every time AWS adds a region, this code will need to be changed. I feel a more generic regex would be better.

Ex [a-z]{2}-[a-z]+-\d

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, @zabacad. I modified the regex

@ahenroid ahenroid force-pushed the garethr-avoid-region-clash-between-env-and-property branch from 40fef22 to 4cc3c39 Compare January 24, 2017 05:30
@prozach
Copy link
Contributor

prozach commented Jan 24, 2017

This looks good to me. Thanks for bringing this up to date!

@prozach prozach merged commit dab0a02 into puppetlabs-toy-chest:master Jan 24, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants