feat(compute): add support for acls in compute #1388

philippschulte · 2025-02-07T23:03:07Z

The compute ACL docs can be found here.

Commands:

philipp-XPS-15-9500: fastly compute acl create

USAGE
  fastly compute acl create --name=NAME [<flags>]

Create a compute ACL

REQUIRED FLAGS
  --name=NAME  Name of the compute ACL

OPTIONAL FLAGS
  -j, --json  Render output as JSON

philipp-XPS-15-9500: fastly compute acl list-acls

USAGE
  fastly compute acl list-acls [<flags>]

List all compute ACLs

OPTIONAL FLAGS
  -j, --json  Render output as JSON

philipp-XPS-15-9500: fastly compute acl describe

USAGE
  fastly compute acl describe --acl-id=ACL-ID [<flags>]

Describe a compute ACL

REQUIRED FLAGS
  --acl-id=ACL-ID  Compute ACL ID

OPTIONAL FLAGS
  -j, --json  Render output as JSON

philipp-XPS-15-9500: fastly compute acl update

USAGE
  fastly compute acl update --acl-id=ACL-ID [<flags>]

Update a compute ACL

REQUIRED FLAGS
  --acl-id=ACL-ID  Alphanumeric string identifying a compute ACL

OPTIONAL FLAGS
  --file=FILE            Batch update json passed as file path or content, e.g.
                         $(< batch.json)
  --operation=OPERATION  Indicating that this entry is to be added to/updated in
                         the ACL
  --prefix=PREFIX        An IP prefix defined in Classless Inter-Domain Routing
                         (CIDR) format, i.e. a valid IP address (v4 or v6)
                         followed by a forward slash (/) and a prefix length
                         (0-32 or 0-128, depending on address family)
  --action=ACTION        The action taken on the IP address

philipp-XPS-15-9500: fastly compute acl lookup

USAGE
  fastly compute acl lookup --acl-id=ACL-ID --ip=IP [<flags>]

Find a matching ACL entry for an IP address

REQUIRED FLAGS
  --acl-id=ACL-ID  Compute ACL ID
  --ip=IP          Valid IPv4 or IPv6 address

OPTIONAL FLAGS
  -j, --json  Render output as JSON

philipp-XPS-15-9500: fastly compute acl delete

USAGE
fastly compute acl delete --acl-id=ACL-ID [<flags>]

Delete a compute ACL

REQUIRED FLAGS
--acl-id=ACL-ID  Compute ACL ID

OPTIONAL FLAGS
-j, --json  Render output as JSON

philipp-XPS-15-9500: fastly compute acl list-entries

USAGE
  fastly compute acl list-entries --acl-id=ACL-ID [<flags>]

List all entries of a compute ACL

REQUIRED FLAGS
  --acl-id=ACL-ID  Compute ACL ID

OPTIONAL FLAGS
  -c, --cursor=CURSOR  Pagination cursor (Use 'next_cursor' value from list
                       output)
  -l, --limit=50       Maximum number of items to list
  -j, --json           Render output as JSON

All Submissions:

Have you followed the guidelines in our Contributing document?
Have you checked to ensure there aren't other open Pull Requests for the same update/change?

New Feature Submissions:

Does your submission pass tests?

deg4uss3r

This looks exactly like I expected, great work!

awilliams-fastly

I built a version of the CLI from your branch, and ran the following commands:

```
$ ./fastly compute acl lookup --acl-id=6nbj10rEjAf63NaxmBJhmW --ip 1.2.3.4

Prefix: 1.2.3.4/32
```
Here, the formatting doesn't seem right, and it's missing the Action. I believe the issue is that the PrefixWriter being used needs to be flushed. Looks like this may be happening in other cases of PrefixWriter as well.

$ ./fastly compute acl lookup --acl-id=6nbj10rEjAf63NaxmBJhmW --ip 2.2.3.4 --json

ERROR: failed to decode json response: EOF.

If you believe this error is the result of a bug, please file an issue: 
https://github.com/fastly/cli/issues/new?labels=bug&template=bug_report.md

I don't think this should be output as an error. It's expected that the API return a 204 No Content in the case where there's no matches to a lookup.

deg4uss3r · 2025-02-12T13:30:32Z

I don't think this should be output as an error. It's expected that the API return a 204 No Content in the case where there's no matches to a lookup.

They have fixed this in fastly/go-fastly#595
relevant convo: https://fastly.slack.com/archives/C0232DUPWTG/p1739208712484289

philippschulte · 2025-02-12T14:27:19Z

@awilliams-fastly thanks for reviewing and pointing out the issue with the lookup command if there are no matches. Please have a look at Ricky's comment: #1388 (comment).

The plan is to cut a new go-fastly release and update this PR with the latest version to resolve this issue.

pkg/text/computeacl.go

pkg/commands/compute/computeacl/computeacl_test.go

kpfleming · 2025-02-12T16:33:34Z

Here, the formatting doesn't seem right, and it's missing the Action. I believe the issue is that the PrefixWriter being u 8000 sed needs to be flushed. Looks like this may be happening in other cases of PrefixWriter as well.

Confirmed, and the unit tests did not catch this because they use the same formatting functions as the code-under-test uses. I've left a comment asking for that to be changed, as the tests should not make use of internal functionality of the code being tested.

awilliams-fastly · 2025-02-12T17:14:11Z

@awilliams-fastly thanks for reviewing and pointing out the issue with the lookup command if there are no matches. Please have a look at Ricky's comment: #1388 (comment).

Thanks for catching me up on those discussions, and sorry that I didn't see them earlier.

I built a version of the CLI using this branch + the updated go-fastly package (fastly/go-fastly@d887946), and ran a similar test as before:

$ ./fastly compute acl lookup --acl-id=6nbj10rEjAf63NaxmBJhmW --ip 2.2.3.4 --json

ERROR: 204 - No Content.

If you believe this error is the result of a bug, please file an issue: https://github.com/fastly/cli/issues/new?labels=bug&template=bug_report.md

I believe the fastly compute acl lookup command would be more user-friendly and cause less confusion if it didn't show an error whenever an IP isn't found, since it's not really an error, rather a lack of results.

I think there's a way to address this by having computeacls.Lookup (here) somehow distinguish between an error, such as a network timeout, and a 204 No Content response. The latter being the case in the output above.

I've described one way to do this in a comment on the go-fastly PR. Am happy to go over other ideas with you. Again, sorry for not seeing this earlier.

philippschulte · 2025-02-17T18:17:24Z

@awilliams-fastly thanks for the review!

I believe the fastly compute acl lookup command would be more user-friendly and cause less confusion if it didn't show an error whenever an IP isn't found, since it's not really an error, rather a lack of results.

Addressed in 4ab0ab1.

kpfleming

Just a few minor changes, otherwise this looks really good!

pkg/commands/compute/computeacl/lookup.go

pkg/commands/compute/computeacl/update.go

pkg/commands/compute/computeacl/computeacl_test.go

awilliams-fastly

Thanks for making those changes.

I re-ran my tests from previously:

./fastly compute acl lookup --acl-id=6nbj10rEjAf63NaxmBJhmW --ip 1.2.3.4

Prefix: 1.2.3.4/32
Action: ALLOW

./fastly compute acl lookup --acl-id=6nbj10rEjAf63NaxmBJhmW --ip 2.2.3.4
INFO: Compute ACL (6nbj10rEjAf63NaxmBJhmW) has no entry with IP (2.2.3.4)

I'm not sure if there's meant to be an extra newline before the Prefix line? Otherwise, looks good to me.

philippschulte · 2025-02-18T15:49:21Z

I'm not sure if there's meant to be an extra newline before the Prefix line? Otherwise, looks good to me.

I took it from here:

cli/pkg/text/kvstore.go

Line 19 in 40aee81

fmt.Fprintf(out, "\nID: %s\n", k.StoreID)

but it looks like that this is the only feature we are adding an extra newline at the top.
Therefore, I removed it in 74ac0d5.

feat(compute): add support for acls in compute

aaf4dce

philippschulte requested review from kpfleming, anthony-gomez-fastly, deg4uss3r and awilliams-fastly February 7, 2025 23:03

deg4uss3r previously approved these changes Feb 10, 2025

View reviewed changes

awilliams-fastly requested changes Feb 11, 2025

View reviewed changes

kpfleming requested changes Feb 12, 2025

View reviewed changes

pkg/text/computeacl.go Outdated Show resolved Hide resolved

pkg/commands/compute/computeacl/computeacl_test.go Outdated Show resolved Hide resolved

philippschulte and others added 6 commits February 14, 2025 12:48

Merge branch 'main' into pschulte/add-support-for-acls-in-compute

5fb099a

build(deps): bump go-fastly/v9 from 9.13.0 to 9.13.1

7d51a08

fix(computeacl.go): format by adding a newline

c766bc2

fix(lookup.go): return warning for status 204

4ab0ab1

refactor(computeacl_test.go): compare against hardcoded strings

e7fe55a

docs(CHANGELOG.md) add entry for compute acls feature

288fded

philippschulte mentioned this pull request Feb 17, 2025

build(deps): bump github.com/fastly/go-fastly/v9 from 9.13.0 to 9.13.1 #1402

Closed

philippschulte dismissed deg4uss3r’s stale review via 288fded February 17, 2025 18:02

philippschulte requested review from kpfleming, awilliams-fastly and deg4uss3r February 17, 2025 18:21

kpfleming requested changes Feb 18, 2025

View reviewed changes

pkg/commands/compute/computeacl/lookup.go Outdated Show resolved Hide resolved

pkg/commands/compute/computeacl/update.go Outdated Show resolved Hide resolved

pkg/commands/compute/computeacl/computeacl_test.go Outdated Show resolved Hide resolved

philippschulte added 2 commits February 18, 2025 09:37

refactor(lookup.go): return info instead of warn for 204

d4b7803

refactor(computeacl): flag info text for update cmd

a4f8c8f

philippschulte requested a review from kpfleming February 18, 2025 14:46

kpfleming previously approved these changes Feb 18, 2025

View reviewed changes

awilliams-fastly previously approved these changes Feb 18, 2025

View reviewed changes

deg4uss3r previously approved these changes Feb 18, 2025

View reviewed changes

refactor(computeacl.go): remove extra newline on the top

74ac0d5

philippschulte dismissed stale reviews from deg4uss3r, awilliams-fastly, and kpfleming via 74ac0d5 February 18, 2025 15:45

philippschulte requested a review from awilliams-fastly February 18, 2025 15:54

awilliams-fastly approved these changes Feb 18, 2025

View reviewed changes

philippschulte merged commit e655048 into fastly:main Feb 18, 2025
7 checks passed

philippschulte deleted the pschulte/add-support-for-acls-in-compute branch February 18, 2025 16:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(compute): add support for acls in compute #1388

feat(compute): add support for acls in compute #1388

feat(compute): add support for acls in compute #1388

feat(compute): add support for acls in compute #1388

Conversation

New Feature Submissions:

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment