Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve difference reporting in debug log #282

Open
DavidS opened this issue Mar 25, 2021 · 0 comments
Open

Improve difference reporting in debug log #282

DavidS opened this issue Mar 25, 2021 · 0 comments
Labels
enhancement

Comments

@DavidS
Copy link
Contributor

DavidS commented Mar 25, 2021
edited
Loading

Use Case

As reported in slack, the resource API's debug output could be more helpful when applying changes. Here's the original report:

[1] pry(#<Puppet::Provider::CalicoGlobalNetworkPolicy::CalicoGlobalNetworkPolicy>)> continue                                                                                                [34/38693]
Debug: Current State: {:name=>"web", :order=>10, :ingress=>[{"action"=>"Allow", "protocol"=>"TCP", "source"=>{"nets"=>["10.0.2.0/24"]}, "destination"=>{"ports"=>[443]}}], :egress=>[{"action"=>"Allow", "protocol"=>"TCP", "source"=>{}, "destination"=>{"nets"=>["0.0.0.0/0"]}}], :selector=>"app == \"web\"", :types=>["Ingress", "Egress"], :pre_dnat=>false, :apply_on_forward=>false, :ensure=>"present"}                                                                                                                                                                                                   Notice: /Stage[main]/Main/Node[default]/Calico_global_network_policy[web]/ingress: ingress changed [
  {
    'action' => 'Allow',
    'protocol' => 'TCP',
    'source' => {
      'nets' => ['10.0.2.0/24']
    },
    'destination' => {
      'ports' => [443]
    }
  }] to [
  {
    'action' => 'Allow',
    'protocol' => 'TCP',
    'source' => {
      'nets' => ['10.0.2.0/24']
    },
    'destination' => {
      'ports' => ['443']
    }
  }]
Debug: Target State: {:name=>"web", :types=>["Ingress", "Egress"], :selector=>"app == \"web\"", :ingress=>[{"action"=>"Allow", "protocol"=>"TCP", "source"=>{"nets"=>["10.0.2.0/24"]}, "destination"=> {"ports"=>["443"]}}], :egress=>[{"action"=>"Allow", "protocol"=>"TCP", "source"=>{}, "destination"=>{"nets"=>["0.0.0.0/0"]}}], :order=>10, :ensure=>"present", :pre_dnat=>false, :apply_on_forward=>false}
Debug: calico_global_network_policy[web]: Updating: Start
Notice: calico_global_network_policy[web]: Updating: Updating 'web' with {:name=>"web", :types=>["Ingress", "Egress"], :selector=>"app == \"web\"", :ingress=>[{"action"=>"Allow", "protocol"=>"TCP", "source"=>{"nets"=>["10.0.2.0/24"]}, "destination"=>{"ports"=>["443"]}}], :egress=>[{"action"=>"Allow", "protocol"=>"TCP", "source"=>{}, "destination"=>{"nets"=>["0.0.0.0/0"]}}], :order=>10, :ensure=>"present", :pre_dnat=>false, :apply_on_forward=>false}
Debug: Executing: '/usr/local/bin/calicoctl patch globalnetworkpolicy web -p '{"spec":{"order":10,"ingress":[{"action":"Allow","protocol":"TCP","source":{"nets":["10.0.2.0/24"]},"destination":{"ports":["443"]}}],"egress":[{"action":"Allow","protocol":"TCP","source":{},"destination":{"nets":["0.0.0.0/0"]}}],"selector":"app == \"web\"","types":["Ingress","Egress"],"preDNAT":false,"applyOnForward":false}}''
Notice: calico_global_network_policy[web]: Updating: Finished in 0.033700 seconds

Try finding why above is triggering a change without looking at the solution below.

Describe the Solution You Would Like

Around

puppet-resource_api/lib/puppet/resource_api.rb

Lines 330 to 334 in bd93dba

if type_definition.feature?('supports_noop')
my_provider.set(context, { rsapi_title => { is: @rsapi_current_state, should: target_state } }, noop: noop?)
else
my_provider.set(context, rsapi_title => { is: @rsapi_current_state, should: target_state }) unless noop?
end

implement a debug-optional diff on the full data structures in @rsapi_current_state vs target_state using a similar technique as rspec's matchers:

  expected: {"action"=>"Allow", "destination"=>{"ports"=>["443"]}, "protocol"=>"TCP", "source"=>{"nets"=>["10.0.2.0/24"]}}
      got: {"action"=>"Allow", "destination"=>{"ports"=>[443]}, "protocol"=>"TCP", "source"=>{"nets"=>["10.0.2.0/24"]}}

  (compared using ==)

  Diff:
  @@ -1,5 +1,5 @@
   "action" => "Allow",
  -"destination" => {"ports"=>["443"]},
  +"destination" => {"ports"=>[443]},
   "protocol" => "TCP",
   "source" => {"nets"=>["10.0.2.0/24"]},

produced by

it {
  expect({
    'action' => 'Allow',
    'protocol' => 'TCP',
    'source' => {
      'nets' => ['10.0.2.0/24']
    },
    'destination' => {
      'ports' => [443]
    }
  }).to eq({
    'action' => 'Allow',
    'protocol' => 'TCP',
    'source' => {
      'nets' => ['10.0.2.0/24']
    },
    'destination' => {
      'ports' => ['443']
    }
  })
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DavidS