Extending Foodcritic with new rules

Transcript

1. Extending foodcritic with new rules #cfgmgmtcamp #getchef

2. Overview

3. What is foodcritic?

4. A lint tool for your cookbooks

5. 47 Built-in Rules

6. Goal:
 Identify problems in your cookbooks

7. file "/var/lib/foo" do owner "root" group "root" mode 644 action

   :create end

8. file "/var/lib/foo" do owner "root" group "root" mode 644 action

   :create end

9. $ foodcritic . FC006: Mode should be quoted or fully

   specified when setting file permissions: ./ recipes/default.rb:9

10. file "/var/lib/foo" do owner "root" group "root" mode "644" action

    :create end

11. Goal:
 Encourage discussion on the subjective stuff

12. execute
 "wget 'http:// example.org/' -Ofoo" do action :run end

13. execute
 "wget 'http:// example.org/' -Ofoo" do action :run end

14. $ foodcritic . FC041: Execute resource used to run curl

    or wget commands: ./recipes/ default.rb:9

15. remote_file "foo" do source
 "http://example.org/" end

16. Goal:
 Write your own rules

17. # Specify rules on
 # the command line $ foodcritic


    -I your_rule.rb . ! # You can also
 # package your rules
 # as a gem

18. How does it work?

19. Static code analysis

20. Example:
 Declaring resources
 in a loop

21. # The original recipe %w{foo bar baz}.each do |pkg| package

    pkg end

22. # This is what Chef sees at converge time package[foo]

    package[bar] package[baz]

23. # This is what foodcritic sees %w{foo bar baz}.each do

    |pkg| package pkg end

24. Peter Zotov @whitequark
 fucking ruby and its fucking parser, how

    does it even work?!
 I *still* have no idea

25. # recipe with a single resource file '/etc/foo' do mode

    0600 content 'bar' end

26. pry> Ripper.sexp(code)

27. => [:program, [[:method_add_block, [:command, [:@ident, "file", [2, 0]], [:args_add_block, [[:string_literal,

    [:string_content, [:@tstring_content, "/ etc/foo", [2, 6]]]]], false]], [:do_block, nil, [[:command, [:@ident, "mode", [3, 2]], [:args_add_block, [[:@int, "0600", [3, 7]]], false]], [:command, [:@ident, "content", [4, 2]], [:args_add_block, [[:string_literal, [:string_content, [:@tstring_content, "bar", [4, 11]]]]], false]]]]]]]

28. Those are some deeply nested arrays

29. Ruby lets us build terse yet powerful expressions

30. But the path to a node in the tree is

    important

31. <? XML ?>
 An elegant weapon for a more civilised

    age

32. XPath //method_add_block/ command/ ident[@value="mode"]

33. ANTLR 4.2 SNAPSHOT "xpath/pattern matching for parse trees"

34. The structure of a rule

35. rule "FC123", "Name" do recipe do |ast| # some
 #

    expression end end

36. cookbook environment library metadata resource role Hooks recipe do |ast|

    ast.xpath(..) end

37. rule "FC123", "Name" do recipe do |ast| # some #expression

    end end

38. Ruby returns the last expression Foodcritic converts the last expression

    to matches

39. Let’s walk through the code for FC006

40. rule "FC006", "Mode should be quoted or fully specified when

    setting file permissions" do

41. # We pass an array of tags in, common tags

    include 'correctness' and 'style' tags %w{correctness files}

42. recipe do |ast| ast.xpath(%q{a/ long/xpath/string}) end

43. # any mode identifier // ident[@value='mode']/ ! # we need

    to go up one parent::command/ ! # a literal integer descendant::int

44. # filtering again [ ! # needs to be less


    # than five digits
 # long string-length(@value) < 5

45. # match 644 not 0644 and not( starts-with(@value, "0") and

    string length(@value) = 4 ) ! # stop filtering ]

46. # choose the line num
 # to show to the

    end
 # user /ancestor:: method_add_block # do this if the AST # node does not have # a descendant node
 # with a position

47. Pry is awesome and is a must for developing FC

    rules

48. Drop a pry binding in your rule and explore pry>

    ls pry> a_method() pry> whereami

49. rule "FC123", "Name" do recipe do |ast| binding.pry end end

50. pry> 
 ast.xpath( '//do_block/command/ ident')

51. Tip: Chef now includes Pry as a runtime dependency as

    of 11.8.0.

52. ancestor child descendant following parent preceding Axes

53. XPath expressions can be annoying ! Here’s some I prepared

    earlier

54. attribute_access declared_dependencies find_resources notifications resource_attribute? resources_by_type searches API Foodcritic

55. all? any? find group_by inject map select Ruby Enumerable

56. Testing it actually works

57. Trust is really important - false positives undermine that trust

    in the tool

58. Foodcritic core rules test against lots of examples

59. Examples: | environment_name | show_warning | | production | should

    not | | pre_production | should not | | production-eu | should not | | production2 | should not | | Production | should not | | EU West | should | | production (eu-west) | should |

60. Different syntax in recipes results in different AST trees

61. Different Ruby versions can mean different AST trees 1.9.2, 1.9.3

    and 2.0.0

62. Ok. I have my automated examples passing. I should be

    good right?


63. Ok. I have my automated examples passing. I should be

    good right?
 Nee! Non! No!

64. Test against a large corpus of real cookbooks

65. Ideas

66. Suggest Chef Sugar FC789: Use Chef Sugar to simplify platform

    check

67. Spot duplication across recipes FC678: Compose recipes to reduce duplication

68. Validate recipe package names FC567: Package not present in distribution

69. What’s next?

70. Backlog of issues that could use your help!

71. Hack Afternoon

72. Thanks! @acrmp foodcritic.io freenode #chef

73. Extending foodcritic with new rules #cfgmgmtcamp #getchef