T5069: warning in validator not visible without failure #32
Conversation
dmbaturin
left a comment
dmbaturin
left a comment
There was a problem hiding this comment.
I agree with the idea to make validator warnings visible but disagree with the idea to use non-zero exit codes for that.
For better or worse, UNIX exit codes have only two kinds of meanings: "executed successfully" (0) and "failed because of some reason" (>0). Specific values of non-zero codes can only be used to clarify the nature of the failure.
I think we can just always relay validator outputs to the user. For example, ignore stdout but always relay validator's stderr to validate_value's stderr so that the validator can use it for warnings.
You can use Unix.open_process_full to get all streams (see https://ocaml.org/manual/5.3/api/Unix.html).
* In related PR against vyos-1x, I add a sanity-check warning to the bgp-large-community-list validator, output is eaten by validate_value * This change allows validator scripts to output warnings on stderr, without completely failing validation
talmakion
force-pushed
the
feature/T5069/show-validator-warnings
branch
from
5cff251 to
eed5cfb
Compare
|
Spotted the shell fd redirect:
Removing the redirect, it'll pass through without having to juggle 2 separate pipes potentially overflowing and deadlocking against each other, on the low chance a validator breaks and spews output. After poking through the OCaml libs, open_process_in already only captures stdout and passes stderr right through. This works OK in testing. However - I imagine that redirect was already there for a reason, are there any known issues with successful chatty validators that I should double check? (I haven't yet made corresponding changes to the other PR) |
|
@talmakion standard practice has been to print warnings from the If there are compelling reasons why, in this case, warning output is better suited for validation, then we should consider a proper extension of the validator framework (as discussed briefly with @dmbaturin who has a suggested design). For the current case, let us consider firstly whether moving to the conf_mode script |
|
@jestabro Cheers for the feedback. In this case, I had considered moving the warning to commit-verify, but ended up settling on doing this in the validator for immediate feedback, with the warning right after the command that caused it. It's pretty common for my workflow to involve large commits when changing policy sections. However, it's just a warning hinting that something might be wrong. Simply allowing through stderr has probable unwanted side effects, buffering stderr separately involves a bit of complexity plus signalling from the warning source and other parts of my changes are getting janky - for eg, the validators run twice (at set and commit time), so the warning comes up twice, which just looks a bit odd. I'll rework my changes to generate the warning in verify, instead. |
|
@talmakion I presume that we are talking about the same thing, but as you mention 'commit-verify', and want to clarify that I am referring to the |
3 participants
Change summary
In my related PR against vyos-1x, I'm adding a sanity-check warning to the bgp-large-community-list validator, but the output is eaten by validate_value.
This change allows validator scripts to request visible output, without completely failing validation. It prints results immediately rather than messing with
bufand flagging output at the end, I don't know OCaml well.Please advise if this change should also be applied to vyos1x-config or if a different method should be used, such as a regex over validator output.
Types of changes
Related Task(s)
Related PR(s)
Checklist: