Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Config: Don't panic and forward errors #13465

Closed
wants to merge 16 commits into from

Conversation

roosterfish
Copy link
Contributor

This removes several panic() calls from the lxd/config package when trying to read configuration and instead forward the errors.

As the changes feel quite invasive now I am wondering if a better approach would be to instead perform the validation when setting the respective value. A read operation would then just return a valid value. This would also be in line with what we do for storage driver configuration (there we just read from map[string]string).

Any thoughts?

return nil, err
}

if count > 1 && voters < int(maxVoters) {

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
to a lower bit size type int without an upper bound check.
return err
}

err = s.BGP.Reconfigure(address, uint32(asn), net.ParseIP(routerid))

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
to a lower bit size type uint32 without an upper bound check.
node.Role = db.RaftVoter
} else if standbys < int(state.GlobalConfig.MaxStandBy()) {
} else if standbys < int(maxStandBy) {

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
to a lower bit size type int without an upper bound check.
roles := &app.RolesChanges{
Config: app.RolesConfig{
Voters: int(state.GlobalConfig.MaxVoters()),
StandBys: int(state.GlobalConfig.MaxStandBy()),
Voters: int(maxVoters),

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
to a lower bit size type int without an upper bound check.
Voters: int(state.GlobalConfig.MaxVoters()),
StandBys: int(state.GlobalConfig.MaxStandBy()),
Voters: int(maxVoters),
StandBys: int(maxStandBy),

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
to a lower bit size type int without an upper bound check.
@tomponline
Copy link
Member

@roosterfish please can you explain further what has changed to require this now, or has the panic scenario always existed?

@roosterfish
Copy link
Contributor Author

@roosterfish please can you explain further what has changed to require this now, or has the panic scenario always existed?

It has always existed, just saw it as part of the other story with the hidden passwords.

@tomponline
Copy link
Member

I am wondering if a better approach would be to instead perform the validation when setting the respective value. A read operation would then just return a valid value. This would also be in line with what we do for storage driver configuration (there we just read from map[string]string).

Please could you give an example, i do not follow.

@roosterfish
Copy link
Contributor Author

Please could you give an example, i do not follow.

Let's take the core.https_allowed_credentials server config setting as an example. It has the following getter function:

func (c *Config) HTTPSAllowedCredentials() bool {
	return c.m.GetBool("core.https_allowed_credentials")
}

Removing the panic() which might happen as part of running GetBool(), requires to instead return an error from the getter:

func (c *Config) HTTPSAllowedCredentials() (bool, error) {
	return c.m.GetBool("core.https_allowed_credentials")
}

For example right now if the value of core.https_allowed_credentials happens to not be a valid boolean, it panics. This should never be the case as it is already checked when setting the value.

I am wondering, if instead of causing a panic, we should rather forward the potential error message instead. This is what is currently proposed in the PR.
But I see that this doesn't match to what we do for storage pool configuration.

The problematic piece is for the server config we have to move the setting stored as string back to their original data type (bool, int) which can cause an error by nature.

@tomponline
Copy link
Member

Do we even need the Config struct anymore?

Can we use a map everywhere like we do with the others and use shared.FalseOrEmpty etc

@tomponline
Copy link
Member

It would also allow resolving the different behaviors of defaults compared to rest of system

@roosterfish
Copy link
Contributor Author

Can we use a map everywhere like we do with the others and use shared.FalseOrEmpty etc

That would be another option yes. For the bool case it's easy as FalseOrEmpty just returns a bool from the input string but there are many other occasions where we have to get an int from the string (which might cause an error too) which would also require additional handling.

@tomponline
Copy link
Member

Should this be closed or rebasee now?

@roosterfish
Copy link
Contributor Author

Should this be closed or rebasee now?

I have it on the radar. But as the underlying structure is now again a map[string]any I have to validate the way forward. But will update here and close this PR if necessary.

@tomponline
Copy link
Member

Shall we close or rebase?

@tomponline
Copy link
Member

Closing for now.

@tomponline tomponline closed this Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants