Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: adjustments in the domain and firewall processing transform config #101

Merged
merged 2 commits into from
Feb 6, 2025
Merged

fix: adjustments in the domain and firewall processing transform config #101

merged 2 commits into from
Feb 6, 2025

Conversation

jcbsfilho
Copy link
Collaborator

This pull request includes several changes aimed at improving the configuration processing and testing for firewall and domain configurations. The most important changes include updates to the schema manifest, adjustments in the domain and firewall processing strategies, and modifications to the test cases.

Schema Manifest Updates:

Domain Processing Strategy Adjustments:

Firewall Processing Strategy Adjustments:

Test Case Modifications:

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 5, 2025

Pull Request Analysis

Date: 2025-02-05
Summary:
This pull request introduces schema validation and processing strategies for various Azion configuration components, including Domains, Firewall, WAF, Network Lists, and Application Settings. The implementation provides robust schema definitions using JSON schema objects and includes error handling for invalid configurations. Additionally, it implements strategies to transform configurations into manifests and vice versa, ensuring compatibility between user-provided configurations and system requirements.

Key Implementations

1. Schema Definitions

  • Purpose: Defines strict validation rules for configuration objects such as Domains, Firewall, WAF, Network Lists, and Application Settings.
  • Highlights:
    • Uses JSON schema for validation with detailed properties, required fields, and errorMessage for user-friendly error reporting.
    • Enforces constraints like allowed values (enum), type validation, and dependencies between fields.
    • Prevents additional properties in configuration objects to ensure strict adherence to the schema.

2. Processing Strategies

  • DomainProcessConfigStrategy:

    • Handles transformation of domain configurations to and from manifests.
    • Validates fields like digitalCertificateId and mtls.verification for correctness.
    • Supports mTLS (mutual TLS) configurations with dependencies on mtls_verification and mtls_trusted_ca_certificate_id.

  • FirewallProcessConfigStrategy:

    • Transforms firewall configurations into a manifest format and vice versa.
    • Supports behaviors like deny, drop, set_waf_ruleset, set_rate_limit, and set_custom_response.
    • Handles criteria transformations, ensuring variables are properly formatted (e.g., ${uri}).

3. Unit Tests

  • Comprehensive test coverage for FirewallProcessConfigStrategy:
    • Validates transformation of complete configurations to manifests and vice versa.
    • Handles edge cases like missing rules, empty behaviors, and unknown behavior types.
    • Ensures compatibility between configuration formats and schema requirements.

Good Practices

  1. Strict Schema Validation:

    • The use of JSON schema ensures that configurations are validated against well-defined rules, reducing the risk of invalid inputs.
    • Error messages are user-friendly and descriptive, aiding in debugging and user understanding.

  2. Separation of Concerns:

    • Processing strategies are modular and encapsulate logic for specific components (e.g., Domains, Firewall). This improves code maintainability and readability.

  3. Comprehensive Testing:

    • Unit tests cover a wide range of scenarios, including edge cases, ensuring the robustness of the implementation.

  4. Error Handling:

    • Validation errors are handled gracefully with descriptive messages, improving the developer experience.

  5. Support for Advanced Features:

    • Includes support for advanced configurations like mTLS, WAF sensitivity levels, and rate limiting.

Possible Problems

  1. Complexity in Behavior Transformation:

    • The transformBehaviorsToManifest and transformBehaviorsToConfig methods in FirewallProcessConfigStrategy handle multiple behavior types. Adding new behaviors may require significant changes and testing.

  2. Hardcoded Strings and Enums:

    • Some enums and validation rules are hardcoded, which might lead to issues if these values change in the future. Centralizing these constants in a configuration file or service could improve maintainability.

  3. Error Handling for Unknown Behaviors:

    • While unknown behaviors are handled gracefully, they are ignored silently. This could lead to unexpected behavior if users expect all behaviors to be processed.

  4. Potential Performance Overhead:

    • Validating large configurations with deeply nested schemas might introduce performance overhead. Optimizations or asynchronous validation could be considered for large-scale use cases.

Suggestions for Improvement

  1. Centralize Constants:

    • Move enums and validation rules (e.g., FIREWALL_VARIABLES, WAF_MODE) to a centralized configuration file or service to improve maintainability and reduce duplication.

  2. Improve Unknown Behavior Handling:

    • Log warnings or errors for unknown behaviors instead of silently ignoring them. This will help users identify issues in their configurations.

  3. Optimize Schema Validation:

    • Consider using a validation library that supports asynchronous validation for large configurations to improve performance.

  4. Enhance Test Coverage:

    • Add tests for edge cases like invalid enum values, missing required fields, and invalid dependencies to ensure comprehensive validation.

  5. Documentation:

    • Provide detailed documentation for the schemas and processing strategies, including examples of valid and invalid configurations.

Conclusion

This pull request introduces a robust implementation for schema validation and configuration processing in Azion's platform. It adheres to good practices like strict validation, modular design, and comprehensive testing. While the implementation is solid, addressing the potential problems and suggestions for improvement will further enhance its maintainability, performance, and user experience.

Powered by Azion Logo Azion AI

@jcbsfilho jcbsfilho merged commit a455143 into stage Feb 6, 2025
2 checks passed
@jcbsfilho jcbsfilho deleted the fix/transform-manifest branch February 6, 2025 13:05
jotanarciso pushed a commit that referenced this pull request Feb 6, 2025
@semantic-release-bot
chore(release): 1.14.1-stage.1
3ee022e 
[skip ci]
### [1.14.1-stage.1](v1.14.0...v1.14.1-stage.1) (2025-02-06)

### Bug Fixes

* adjustments in the domain and firewall processing transform config (#101) ([a455143](a455143))
@jotanarciso
Copy link
Collaborator

🎉 This PR is included in version 1.14.1-stage.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

jotanarciso pushed a commit that referenced this pull request Feb 6, 2025
@semantic-release-bot
chore(release): 1.14.1
4f595a0 
[skip ci]
### [1.14.1](v1.14.0...v1.14.1) (2025-02-06)

### Bug Fixes

* adjustments in the domain and firewall processing transform config (#101) ([a455143](a455143))
@jotanarciso
Copy link
Collaborator

🎉 This PR is included in version 1.14.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pablodiehl pablodiehl pablodiehl approved these changes

@jotanarciso jotanarciso jotanarciso approved these changes

@PatrickMenoti PatrickMenoti PatrickMenoti approved these changes

@MagnunAVFAzion MagnunAVFAzion Awaiting requested review from MagnunAVFAzion MagnunAVFAzion is a code owner

Assignees
No one assigned
Labels
released on @stage released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jcbsfilho @jotanarciso @pablodiehl @PatrickMenoti