feat(config): add validate command (#3018)

Co-authored-by: Rémy Léone <rleone@scaleway.com>

Author: yfodil

cmd/scw/testdata/test-all-usage-config-validate-usage.golden

@@ -0,0 +1,23 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+This command validates the configuration of your Scaleway CLI tool.
+
+It performs the following checks:
+
+	- YAML syntax correctness: It checks whether your config file is a valid YAML file.
+	- Field validity: It checks whether the fields present in the config file are valid and expected fields. This includes fields like AccessKey, SecretKey, DefaultOrganizationID, DefaultProjectID, DefaultRegion, DefaultZone, and APIURL.
+	- Field values: For each of the fields mentioned above, it checks whether the value assigned to it is valid. For example, it checks if the AccessKey and SecretKey are non-empty and meet the format expectations.
+
+The command goes through each profile present in the config file and validates it.
+
+USAGE:
+  scw config validate
+
+FLAGS:
+  -h, --help   help for validate
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use

docs/commands/config.md

@@ -37,6 +37,7 @@ Read more about the config management engine at https://github.com/scaleway/scal
 - [Reset the config](#reset-the-config)
 - [Set a line from the config file](#set-a-line-from-the-config-file)
 - [Unset a line from the config file](#unset-a-line-from-the-config-file)
+- [Validate the config](#validate-the-config)
 
 
 ## Destroy the config file
@@ -277,3 +278,33 @@ scw config unset <key ...> [arg=value ...]
 
 
 
+## Validate the config
+
+This command validates the configuration of your Scaleway CLI tool.
+
+It performs the following checks:
+
+	- YAML syntax correctness: It checks whether your config file is a valid YAML file.
+	- Field validity: It checks whether the fields present in the config file are valid and expected fields. This includes fields like AccessKey, SecretKey, DefaultOrganizationID, DefaultProjectID, DefaultRegion, DefaultZone, and APIURL.
+	- Field values: For each of the fields mentioned above, it checks whether the value assigned to it is valid. For example, it checks if the AccessKey and SecretKey are non-empty and meet the format expectations.
+
+The command goes through each profile present in the config file and validates it.
+
+This command validates the configuration of your Scaleway CLI tool.
+
+It performs the following checks:
+
+	- YAML syntax correctness: It checks whether your config file is a valid YAML file.
+	- Field validity: It checks whether the fields present in the config file are valid and expected fields. This includes fields like AccessKey, SecretKey, DefaultOrganizationID, DefaultProjectID, DefaultRegion, DefaultZone, and APIURL.
+	- Field values: For each of the fields mentioned above, it checks whether the value assigned to it is valid. For example, it checks if the AccessKey and SecretKey are non-empty and meet the format expectations.
+
+The command goes through each profile present in the config file and validates it.
+
+**Usage:**
+
+```
+scw config validate
+```
+
+
+

internal/core/errors.go

@@ -26,7 +26,7 @@ func InvalidSecretKeyError(value string) *CliError {
 func InvalidAccessKeyError(value string) *CliError {
 	return &CliError{
 		Err:  fmt.Errorf("invalid access_key '%v'", value),
-		Hint: "access_key should look like : SCWXXXXXXXXXXXXXXXXX.",
+		Hint: "access_key should look like: SCWXXXXXXXXXXXXXXXXX.",
 	}
 }
 
@@ -44,6 +44,27 @@ func InvalidProjectIDError(value string) *CliError {
 	}
 }
 
+func InvalidRegionError(value string) *CliError {
+	return &CliError{
+		Err:  fmt.Errorf("invalid region '%v'", value),
+		Hint: "region format should look like: XX-XXX (e.g. fr-par).",
+	}
+}
+
+func InvalidZoneError(value string) *CliError {
+	return &CliError{
+		Err:  fmt.Errorf("invalid zone '%v'", value),
+		Hint: "zone format should look like XX-XXX-X: (e.g. fr-par-1).",
+	}
+}
+
+func InvalidAPIURLError(value string) *CliError {
+	return &CliError{
+		Err:  fmt.Errorf("invalid api_url '%v'", value),
+		Hint: "api_url should look like: https://www.example.com (e.g. https://api.scaleway.com).",
+	}
+}
+
 func ArgumentConflictError(arg1 string, arg2 string) *CliError {
 	return &CliError{
 		Err: fmt.Errorf("only one of those two arguments '%s' and '%s' can be specified in the same time", arg1, arg2),

internal/namespaces/config/commands.go

@@ -33,6 +33,7 @@ func GetCommands() *core.Commands {
 		configDestroyCommand(),
 		configInfoCommand(),
 		configImportCommand(),
+		configValidateCommand(),
 	)
 }
 
@@ -695,6 +696,52 @@ func configImportCommand() *core.Command {
 	}
 }
 
+// configValidateCommand validates the config
+func configValidateCommand() *core.Command {
+	type configValidateArgs struct{}
+
+	return &core.Command{
+		Short: `Validate the config`,
+		Long: `This command validates the configuration of your Scaleway CLI tool.
+
+It performs the following checks:
+
+	- YAML syntax correctness: It checks whether your config file is a valid YAML file.
+	- Field validity: It checks whether the fields present in the config file are valid and expected fields. This includes fields like AccessKey, SecretKey, DefaultOrganizationID, DefaultProjectID, DefaultRegion, DefaultZone, and APIURL.
+	- Field values: For each of the fields mentioned above, it checks whether the value assigned to it is valid. For example, it checks if the AccessKey and SecretKey are non-empty and meet the format expectations.
+
+The command goes through each profile present in the config file and validates it.`,
+		Namespace:            "config",
+		Resource:             "validate",
+		AllowAnonymousClient: true,
+		ArgsType:             reflect.TypeOf(configValidateArgs{}),
+		Run: func(ctx context.Context, argsI interface{}) (i interface{}, e error) {
+			configPath := core.ExtractConfigPath(ctx)
+			config, err := scw.LoadConfigFromPath(configPath)
+			if err != nil {
+				return nil, err
+			}
+
+			// validate default profile
+			err = validateProfile(&config.Profile)
+			if err != nil {
+				return nil, err
+			}
+			// validate the remaining profiles
+			for _, profile := range config.Profiles {
+				err = validateProfile(profile)
+				if err != nil {
+					return nil, err
+				}
+			}
+
+			return &core.SuccessResult{
+				Message: "successfully validate config",
+			}, nil
+		},
+	}
+}
+
 // Helper functions
 func getProfileValue(profile *scw.Profile, fieldName string) (interface{}, error) {
 	field, err := getProfileField(profile, fieldName)
@@ -749,3 +796,124 @@ func getProfile(config *scw.Config, profileName string) (*scw.Profile, error) {
 	}
 	return profile, nil
 }
+
+func validateProfile(profile *scw.Profile) error {
+	if err := validateAccessKey(profile); err != nil {
+		return err
+	}
+	if err := validateSecretKey(profile); err != nil {
+		return err
+	}
+	if err := validateDefaultOrganizationID(profile); err != nil {
+		return err
+	}
+	if err := validateDefaultProjectID(profile); err != nil {
+		return err
+	}
+	if err := validateDefaultRegion(profile); err != nil {
+		return err
+	}
+	if err := validateDefaultZone(profile); err != nil {
+		return err
+	}
+	return validateAPIURL(profile)
+}
+
+func validateAccessKey(profile *scw.Profile) error {
+	if profile.AccessKey != nil {
+		if *profile.AccessKey == "" {
+			return &core.CliError{
+				Err: fmt.Errorf("access key cannot be empty"),
+			}
+		}
+
+		if !validation.IsAccessKey(*profile.AccessKey) {
+			return core.InvalidAccessKeyError(*profile.AccessKey)
+		}
+	}
+	return nil
+}
+
+func validateSecretKey(profile *scw.Profile) error {
+	if profile.SecretKey != nil {
+		if *profile.SecretKey == "" {
+			return &core.CliError{
+				Err: fmt.Errorf("secret key cannot be empty"),
+			}
+		}
+
+		if !validation.IsSecretKey(*profile.SecretKey) {
+			return core.InvalidSecretKeyError(*profile.SecretKey)
+		}
+	}
+	return nil
+}
+
+func validateDefaultOrganizationID(profile *scw.Profile) error {
+	if profile.DefaultOrganizationID != nil {
+		if *profile.DefaultOrganizationID == "" {
+			return &core.CliError{
+				Err: fmt.Errorf("default organization ID cannot be empty"),
+			}
+		}
+
+		if !validation.IsOrganizationID(*profile.DefaultOrganizationID) {
+			return core.InvalidOrganizationIDError(*profile.DefaultOrganizationID)
+		}
+	}
+	return nil
+}
+
+func validateDefaultProjectID(profile *scw.Profile) error {
+	if profile.DefaultProjectID != nil {
+		if *profile.DefaultProjectID == "" {
+			return &core.CliError{
+				Err: fmt.Errorf("default project ID cannot be empty"),
+			}
+		}
+
+		if !validation.IsProjectID(*profile.DefaultProjectID) {
+			return core.InvalidProjectIDError(*profile.DefaultProjectID)
+		}
+	}
+	return nil
+}
+
+func validateDefaultRegion(profile *scw.Profile) error {
+	if profile.DefaultRegion != nil {
+		if *profile.DefaultRegion == "" {
+			return &core.CliError{
+				Err: fmt.Errorf("default region cannot be empty"),
+			}
+		}
+
+		if !validation.IsRegion(*profile.DefaultRegion) {
+			return core.InvalidRegionError(*profile.DefaultRegion)
+		}
+	}
+	return nil
+}
+
+func validateDefaultZone(profile *scw.Profile) error {
+	if profile.DefaultZone != nil {
+		if *profile.DefaultZone == "" {
+			return &core.CliError{
+				Err: fmt.Errorf("default zone cannot be empty"),
+			}
+		}
+
+		if !validation.IsZone(*profile.DefaultZone) {
+			return core.InvalidZoneError(*profile.DefaultZone)
+		}
+	}
+	return nil
+}
+
+func validateAPIURL(profile *scw.Profile) error {
+	if profile.APIURL != nil {
+		if *profile.APIURL != "" && !validation.IsURL(*profile.APIURL) {
+			return core.InvalidAPIURLError(*profile.APIURL)
+		}
+	}
+	return nil
+}

internal/namespaces/config/commands_test.go

@@ -336,6 +336,42 @@ func Test_ConfigImportCommand(t *testing.T) {
 	})
 }
 
+func Test_ConfigValidateCommand(t *testing.T) {
+	t.Run("Simple", core.Test(&core.TestConfig{
+		Commands:   GetCommands(),
+		BeforeFunc: beforeFuncCreateFullConfig(),
+		Cmd:        "scw config validate",
+		Check: core.TestCheckCombine(
+			core.TestCheckExitCode(0),
+			core.TestCheckGolden(),
+		),
+		TmpHomeDir: true,
+	}))
+	t.Run("Invalid default access key", core.Test(&core.TestConfig{
+		Commands:   GetCommands(),
+		BeforeFunc: beforeFuncCreateInvalidConfig(),
+		Cmd:        "scw config validate",
+		Check: core.TestCheckCombine(
+			core.TestCheckExitCode(1),
+			core.TestCheckGolden(),
+		),
+		TmpHomeDir: true,
+	}))
+	t.Run("Invalid profile p1 secret key", core.Test(&core.TestConfig{
+		Commands: GetCommands(),
+		BeforeFunc: core.BeforeFuncCombine(
+			beforeFuncCreateInvalidConfig(),
+			core.ExecBeforeCmd("scw config set access-key=SCWNEWXXXXXXXXXXXXXX"),
+		),
+		Cmd: "scw config validate",
+		Check: core.TestCheckCombine(
+			core.TestCheckExitCode(1),
+			core.TestCheckGolden(),
+		),
+		TmpHomeDir: true,
+	}))
+}
+
 func checkConfig(f func(t *testing.T, config *scw.Config)) core.TestCheck {
 	return func(t *testing.T, ctx *core.CheckFuncCtx) {
 		homeDir := ctx.OverrideEnv["HOME"]
@@ -395,6 +431,33 @@ func beforeFuncCreateFullConfig() core.BeforeFunc {
 	})
 }
 
+func beforeFuncCreateInvalidConfig() core.BeforeFunc {
+	return beforeFuncCreateConfigFile(&scw.Config{
+		Profile: scw.Profile{
+			AccessKey:             scw.StringPtr("invalidAccessKey"),
+			SecretKey:             scw.StringPtr("11111111-1111-1111-1111-111111111111"),
+			APIURL:                scw.StringPtr("https://mock-api-url.com"),
+			Insecure:              scw.BoolPtr(true),
+			DefaultOrganizationID: scw.StringPtr("11111111-1111-1111-1111-111111111111"),
+			DefaultRegion:         scw.StringPtr("fr-par"),
+			DefaultZone:           scw.StringPtr("fr-par-1"),
+			SendTelemetry:         scw.BoolPtr(true),
+		},
+		Profiles: map[string]*scw.Profile{
+			"p1": {
+				AccessKey:             scw.StringPtr("SCWP1XXXXXXXXXXXXXXX"),
+				SecretKey:             scw.StringPtr("invalidSecretKey"),
+				APIURL:                scw.StringPtr("https://p1-mock-api-url.com"),
+				Insecure:              scw.BoolPtr(true),
+				DefaultOrganizationID: scw.StringPtr("11111111-1111-1111-1111-111111111111"),
+				DefaultRegion:         scw.StringPtr("fr-par"),
+				DefaultZone:           scw.StringPtr("fr-par-1"),
+				SendTelemetry:         scw.BoolPtr(true),
+			},
+		},
+	})
+}
+
 func createTempConfigFile() (*os.File, error) {
 	tmpFile, err := os.CreateTemp("", "tmp.yaml")
 	if err != nil {

internal/namespaces/config/testdata/test-config-validate-command-invalid-default-access-key.golden

@@ -0,0 +1,12 @@
+🎲🎲🎲 EXIT CODE: 1 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Invalid access_key 'invalidAccessKey'
+
+Hint:
+Access_key should look like: SCWXXXXXXXXXXXXXXXXX.
+🟥🟥🟥 JSON STDERR 🟥🟥🟥
+{
+  "message": "invalid access_key 'invalidAccessKey'",
+  "error": {},
+  "hint": "access_key should look like: SCWXXXXXXXXXXXXXXXXX."
+}

internal/namespaces/config/testdata/test-config-validate-command-invalid-profile-p1-secret-key.golden

@@ -0,0 +1,12 @@
+🎲🎲🎲 EXIT CODE: 1 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Invalid secret_key 'invalidSecretKey'
+
+Hint:
+Secret_key should be a valid UUID, formatted as: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.
+🟥🟥🟥 JSON STDERR 🟥🟥🟥
+{
+  "message": "invalid secret_key 'invalidSecretKey'",
+  "error": {},
+  "hint": "secret_key should be a valid UUID, formatted as: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX."
+}