Add shared software update schedule validation logic #38016
Conversation
|
|
||
| // If there's an auto-update config, validate it. | ||
| // Note that applying this config is done in a separate service method. | ||
| schedule := fleet.SoftwareAutoUpdateSchedule{ | ||
| SoftwareAutoUpdateConfig: fleet.SoftwareAutoUpdateConfig{ | ||
| AutoUpdateEnabled: payload.AutoUpdateEnabled, | ||
| AutoUpdateStartTime: payload.AutoUpdateStartTime, | ||
| AutoUpdateEndTime: payload.AutoUpdateEndTime, | ||
| }, | ||
| } |
There was a problem hiding this comment.
This is slightly tortured. I deliberately kept the auto-update config out of svc.UpdateAppStoreApp() because it has nothing to do with app store apps per se. But the endpoint runs this method first, so if we waited to do the validation inside of svc.UpdateSoftwareTitleAutoUpdateConfig() then we could end up in a situation where we update the app and then fail the API call because the schedule is invalid.
The simplest thing would be to do the validation in the endpoint handler, but our pattern is to do everything in service methods and in fact doing validations at the endpoint is not well supported; if you try to return a validation error you'll just end up with a 500 error because it'll fail authz (which is done in the service methods).
Tempted to just give up and refactor so that the auto-update schedule is handled at the end of UpdateAppStoreApp() after all, but to keep this low-touch I'm going with this for now.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #38016 +/- ##
=======================================
Coverage 65.82% 65.82%
=======================================
Files 2387 2387
Lines 190158 190187 +29
Branches 8428 8428
=======================================
+ Hits 125168 125200 +32
+ Misses 53609 53605 -4
- Partials 11381 11382 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
lucasmrod
left a comment
lucasmrod
left a comment
There was a problem hiding this comment.
LGTM.
Added two questions/comments.
| if s.AutoUpdateEnabled == nil || !*s.AutoUpdateEnabled { | ||
| return true, nil | ||
| } |
There was a problem hiding this comment.
A e.g. 30m window can end up on the database by setting auto_update_enabled: false:
curl -vvv -k -X PATCH -H "Authorization: Bearer $API_TOKEN" https://localhost:8080/api/latest/fleet/software/titles/3362/app_store_app -d '{"team_id": 6,"auto_update_enabled": false,"auto_update_start_time": "00:00","auto_update_end_time": "00:30","labels_exclude_any": [],"labels_include_any": []}'
In which case we can drop the bool return and just rely on error.
There was a problem hiding this comment.
Is it possible to update just the start and end time without flipping enabled? OR are all the three values always sent?
- If we always expect the three values to be set, I'd move
s.AutoUpdateEnabled == nilcheck to L277 as another OR condition. - If we support updating just the times without setting enabled, perhaps this check should be done in L299 after the start and end time are validated.
Thoughts?
There was a problem hiding this comment.
Is it possible to update just the start and end time without flipping enabled? OR are all the three values always sent?
The more relevant point is that it's not possible to flip enabled to true without setting a start or end time. Which somewhat violates the spirit of a PATCH endpoint -- you can squint and look at the schedule as a single entity that you're patching, but it's not ideal. To fix that requires a bit of lifting -- we'd have to load the current schedule before validating the incoming one.
The lowest-touch solution here is to ignore start and end time values when enabled is false. We're already ignoring the config completely when auto_update_enabled is nil. The current API still won't let you toggle the enabled state independently of the schedule or vice versa. We can document that and move on, and if we decide to make the API more flexible later it won't be a breaking change. I'll do this for now and get a product opinion.
nulmete
left a comment
nulmete
left a comment
There was a problem hiding this comment.
Logic LGTM, let me know what you think about my comments
server/fleet/software.go
Outdated
| return false, errors.New("The update window must be at least one hour long") | ||
| } | ||
|
|
||
| return true, nil |
There was a problem hiding this comment.
I think just returning an error would make sense, and it would also simplify the check in the consumers (just check for err rather than ok + err)
There was a problem hiding this comment.
I've seen it both ways but I agree there's no particular benefit in having both, I'm fine updating it.
| if s.AutoUpdateEnabled == nil || !*s.AutoUpdateEnabled { | ||
| return true, nil | ||
| } |
There was a problem hiding this comment.
Is it possible to update just the start and end time without flipping enabled? OR are all the three values always sent?
- If we always expect the three values to be set, I'd move
s.AutoUpdateEnabled == nilcheck to L277 as another OR condition. - If we support updating just the times without setting enabled, perhaps this check should be done in L299 after the start and end time are validated.
Thoughts?
lucasmrod
left a comment
lucasmrod
left a comment
There was a problem hiding this comment.
Am ok with this given that it won't allow invalid data on the DB.
Related issue: For #33391
Details
This PR adds a shared method for validating a software auto-update configuration, and updates the datastore and API handler methods to use it.
Checklist for submitter
Testing
Tested in the UI (to ensure valid calls still work) and via API calls (to test validation)