Make names for AWS Config service objects optional #2928
Conversation
clintoncwolfe
added
Type: Enhancement
clintoncwolfe
force-pushed
the
cw/aws-config-name-by-default
branch
from
319948b to
64d5dff
Compare
| @@ -23,57 +27,70 @@ An `aws_config_delivery_channel` resource block declares the tests for a single | |||
| it { should exist } | |||
| end | |||
|
|
|||
| However, since you may only have one DDelivery Channel per region, and InSpec connections are per-region, you may also omit the `channel_name` to obtain the one Delivery Channel (if any) that exists: | |||
| catch_aws_errors do | ||
| @resp = backend.describe_delivery_channels(query) | ||
| query = @channel_name ? { delivery_channel_names: [@channel_name] } : {} | ||
| response = {} |
There was a problem hiding this comment.
Does the assignment on line 39 sometimes return nil? If so, maybe just response = backend.describe_delivery_channels(query) || {} instead?
There was a problem hiding this comment.
No, it never returns a {}.
inspec> c = inspec.backend.aws_client(Aws::ConfigService::Client)
=> #<Aws::ConfigService::Client>
inspec> c.describe_delivery_channels
=> #<struct Aws::ConfigService::Types::DescribeDeliveryChannelsResponse delivery_channels=[]>
inspec> c.describe_delivery_channels({})
=> #<struct Aws::ConfigService::Types::DescribeDeliveryChannelsResponse delivery_channels=[]>
inspec> c.describe_delivery_channels(delivery_channel_names:['nonesuch'])
Aws::ConfigService::Errors::NoSuchDeliveryChannelException: Cannot find delivery channel with specified name 'nonesuch'.
from /Users/cwolfe/.rbenv/versions/2.4.2/lib/ruby/gems/2.4.0/gems/aws-sdk-core-2.11.21/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
inspec> c.describe_delivery_channels.delivery_channels
=> []
inspec> c.describe_delivery_channels.delivery_channels.empty?
=> true
Thanks for mentioning it, though - that means this is wrong:
@exists = !response.empty?
Should be:
@exists = !response.delivery_channels.empty?
| response = {} | ||
| begin | ||
| response = backend.describe_delivery_channels(query) | ||
| rescue Aws::ConfigService::Errors::NoSuchDeliveryChannelException |
There was a problem hiding this comment.
Dropping this rescue to the bottom of the method would clear up the "happy path" for readers and removes the need to early return when handling the exception.
def fetch_from_api
# ...
rescue Aws::ConfigService::Errors::NoSuchDeliveryChannelException
@exists = false
endThere was a problem hiding this comment.
I've moved the rescue to be method-level, as you asked. I generally dislike doing that, however. By moving the rescue away from the "dangerous" code, it obscures which line(s) are potentially dangerous. While this code only has one such dangerous expression, other methods may need to call multiple APIs that may fail.
There is an argument there for shorter, more granular methods.
| @s3_bucket_name = channel[:s3_bucket_name] | ||
| @s3_key_prefix = channel[:s3_key_prefix] | ||
| @sns_topic_arn = channel[:sns_topic_arn] | ||
| @delivery_frequency_in_hours = channel[:config_snapshot_delivery_properties][:delivery_frequency] unless channel[:config_snapshot_delivery_properties].nil? |
There was a problem hiding this comment.
You can remove the conditional clause with dig. =^)
@delivery_frequency_in_hours = channel.dig(:config_snapshot_delivery_properties, :delivery_frequency)| rescue Aws::ConfigService::Errors::NoSuchConfigurationRecorderException | ||
| @exists = false | ||
| return | ||
| end |
There was a problem hiding this comment.
Same as the other fetch_from_api, re: rescue at method level instead of introducing a begin block.
| def describe_delivery_channels(query = {}) | ||
| fixtures = { | ||
| 'default' => Aws::ConfigService::Types::DescribeDeliveryChannelsResponse.new( | ||
| :delivery_channels => [ |
There was a problem hiding this comment.
Sometimes I see {:foo => :bar} and sometimes I see {foo: :bar}, particularly in the Rubocop-ignored test code. Shouldn't we always use JSON style for symbol keys?
There was a problem hiding this comment.
If it ignored by rubocop, that means we as a team have decided it is code that is not worthwhile to enforce style conventions. We can open that for discussion if you'd like.
| } | ||
| return fixtures['default'] if query.empty? | ||
| return fixtures[query[:delivery_channel_names][0]] unless fixtures[query[:delivery_channel_names][0]].nil? | ||
| raise Aws::ConfigService::Errors::NoSuchDeliveryChannelException.new(nil, nil) |
There was a problem hiding this comment.
These look like three cases to me. ;^)
Signed-off-by: Clinton Wolfe <[email protected]>
Signed-off-by: Clinton Wolfe <[email protected]>
Signed-off-by: Clinton Wolfe <[email protected]>
…eanup Signed-off-by: Clinton Wolfe <[email protected]>
clintoncwolfe
force-pushed
the
cw/aws-config-name-by-default
branch
from
64d5dff to
49a5031
Compare
…oking for empty results Signed-off-by: Clinton Wolfe <[email protected]>
clintoncwolfe
force-pushed
the
cw/aws-config-name-by-default
branch
from
49a5031 to
6f4c356
Compare
As described on #2900, we were unnecessarily requiring an AWS resource name for the two Config Service inspec resources,
aws_config_recoorderandaws_config_delivery_resource. If you don't provide a name in the query, the API gives you all config resources, and since they are singletons, it's easy to pick the right one.Also found we had no unit tests for
aws_config_delivery_resource; added them.Also some general code cleanup in both affected resources.
Fixes #2900