⭐ add mql inventory validate to catch unknown connection options#8447
Open
chris-rock wants to merge 3 commits into
Open
⭐ add mql inventory validate to catch unknown connection options#8447chris-rock wants to merge 3 commits into
mql inventory validate to catch unknown connection options#8447chris-rock wants to merge 3 commits into
Conversation
Inventory `options` are a free-form string map: a mistyped key (e.g. `namespace` instead of `namespaces`, or `tenantId` instead of `tenant-id`) is silently ignored and only surfaces as a confusing connect-time failure, if at all. There is no way to check an inventory file before using it. This adds `mql inventory validate <file>`, which parses the inventory and checks each asset connection against the providers installed on the system: - connection types not provided by any installed provider are reported; - option keys not declared by the resolving provider's connector flags are reported (the flag long names are the authoritative set of option keys, since providers read `conf.Options[flag.Long]`). Findings are warnings by default and become errors under `--strict`, so the command can gate inventories in CI without false-failing on providers that happen not to be installed locally. Validation is offline — it reads each provider's static plugin metadata and never connects. The check logic lives in a new `cli/inventoryvalidate` package and is driven by a schema built from provider metadata, so it is unit-tested without requiring any provider to be installed. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
mql inventory validate to catch unknown connection optionsmql inventory validate to catch unknown connection options
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
A connection's
optionsin an inventory file are a free-formmap[string]string. A mistyped key —namespaceinstead ofnamespaces,tenantIdinstead oftenant-id,subscription-id(no such flag) instead ofsubscription— is silently ignored. There is no way to check an inventory before a scan, so the mistake only surfaces as a confusing connect-time failure, or as a setting that quietly never took effect.What this adds
A new
mql inventory validate <file>command. It parses the inventory and checks each asset connection against the providers installed on the system:typeno installed provider provides is reported.optionskey not declared by the resolving provider's connector flags is reported. The flagLongnames are the authoritative set of option keys, since providers readconf.Options[flag.Long].Findings are warnings by default and become errors under
--strict(non-zero exit), so the command can gate inventories in CI without false-failing on a provider that simply isn't installed on the local machine. Validation is offline — it reads each provider's static plugin metadata viaproviders.ListAll()and never connects to a target.Design
cli/inventoryvalidatepackage, driven by aSchemabuilt from provider metadata (BuildSchema([]*plugin.Provider)). Keeping the schema as an input makesCheckunit-testable with hand-built providers — no provider needs to be installed to run the tests.Tests
cli/inventoryvalidate/validate_test.gocovers schema resolution (type, connector name, alias), valid options, unknown options,--strictpromotion, unknown types, nil-safety, and asset-label fallback.go vetandgolangci-lintare clean; manually smoke-tested against good/typo'd/unknown-type inventories and a missing file.🤖 Generated with Claude Code