feat(validation): enrich domain and core validation of user-supplied values#78
Conversation
Review by Claude Code |
|
ade5fba to
c33323c
Compare
|
|
LGTM — the validation tightening is clean and well-tested. |
4e35c75 to
2df9f75
Compare
|
Previously only the Unknown sentinel was rejected, so arbitrary cache-policy strings and out-of-range RAID levels reached the adapters, a nil CacheOptions panicked, and empty drive lists were passed straight through. - Add IsValid() whitelists for ReadPolicy, WritePolicy, IOPolicy and RAIDLevel. - Make CacheOptions.Validate nil-safe (error instead of panic); read and write policies must be valid; the IO policy is optional (unset/Unknown accepted, since not every controller uses one) and only rejected when set to an unrecognized value. - Treat CacheOptions as optional in Request.Validate (nil = controller defaults) and reject out-of-range RAID levels. - Reject an empty physical-drive list in core AddPDsToLV/DeletePDsFromLV (ErrNoPhysicalDrives) before delegating. - Add domain and core validation tests (none existed).
2df9f75 to
56dfc37
Compare
|
LGTM — solid input-validation tightening across domain, core, and megaraid v1 adapter. Enum IsValid() whitelists, nil-safe CacheOptions.Validate(), optional IO policy semantics, empty-drive guards in core, and fail-closed cache-flag mappers in megaraid are all correct and well tested. The adapter-owned CLI token mapping (decoupled from enum string values) mirrors the storcli2 pattern and prevents silent wire-format drift. No correctness, security, or compatibility issues found. |
Align megaraid v1 with the shared optional-cache-options contract, matching the storcli2 adapters: - Map each cache policy to its megaraid CLI token through adapter-owned mappers (cache.go) instead of the domain enum's string value, so a change to the logicalvolume constants cannot silently alter the emitted command; read and write policies fail closed on an unmappable value. - Build the "add vd" cache flags and the "set" options through nil-safe helpers: a nil CacheOptions emits no flags (previously a nil-pointer dereference now that cache options are optional). The "add vd" command requires all three policies, so it also fails closed on an unmappable IO policy; the "set" command emits only the policies that changed and leaves an unset IO policy to the controller. - Add internal tests for the token mappers and the create/set flag helpers.
56dfc37 to
f1136f6
Compare
|
LGTM — validation is correct and well-layered. |
Summary
User-supplied entry values reaching the write path were not fully validated: the
cache-policy enums accepted arbitrary strings, out-of-range RAID levels slipped
through, a
nilCacheOptionspanicked, and empty drive lists were passedstraight to the adapters. This tightens validation in the shared domain and in
core, and aligns the megaraid v1 adapter with the resulting optional-cachecontract, so invalid input is rejected up front with a clean error instead of
reaching a controller CLI (or panicking).
Changes
Domain (
pkg/domain/entities/logicalvolume)IsValid()whitelists forReadPolicy(ra/nora),WritePolicy(
wt/wb/awb),IOPolicy(direct/cached) andRAIDLevel(0/1/10).Arbitrary strings and out-of-range levels are now rejected — previously only the
Unknownsentinel was.CacheOptions.Validate()is now nil-safe (returns an error instead ofpanicking). Read and write policies must be valid; the IO policy is optional
(unset/
Unknownaccepted, since not every controller supports it — storcli2dropped it entirely) and only rejected when set to an unrecognized value.
Request.Validate()rejects out-of-range RAID levels and treatsCacheOptionsas optional (
nil= controller defaults), matching the adapters which emit nocache flags for a nil value.
checkRAIDRequirementgains a default branch;ValidateRAIDCreationusesRAIDLevel.IsValid().Core (
pkg/core)AddPDsToLV/DeletePDsFromLVreject an empty physical-drive list(
ErrNoPhysicalDrives) before delegating — uniform across all adapters, ratherthan relying on each adapter to catch it.
Adapter — megaraid v1 (
pkg/implementation/raidcontroller/megaraid)add vdcache flags through a nil-safe, fail-closed helper(
megaraidCreateCacheFlags): a nilCacheOptionsemits no flags (was anil-pointer dereference now that cache options are optional) and any policy
that does not map is rejected instead of emitted verbatim. Unlike storcli2,
the megaraid v1
add vdcommand requires all three policies, so an unset orUnknownIO policy is rejected here as well.differing value; an unset or
Unknownvalue is left unchanged.Testing
IsValid()methods and forCacheOptions.Validate/Request.Validate(the domain had no tests).coretest: verifies the empty-drive-list guards through an embeddedports.RAIDControllerstub (the guard returns before any adapter call), pinnedto
ErrNoPhysicalDriveswithrequire.ErrorIs.megaraidCreateCacheFlags(nil, all-valid, unset/UnknownIO omitted, invalid read/write fail closed).
go test ./pkg/...,go vet,golangci-lintandgofmtare all clean; noregressions.
Issue: ARTESCA-17807