Skip to content
LoginGet Started

Configuration Management

Feature Focus – Validating Configuration with Rules and Ranges

October 26, 2021

What are Rules and Ranges?

Misconfiguration is one of the more common causes of system downtime. Though impossible to completely avoid, there are a number of strategies one can follow to reduce their frequency and impact. One such strategy is to enforce data validation against configuration to eliminate garbage inputs to the system. CloudTruth provides this capability by giving users the ability to specify Rules and Ranges for any Parameter. This consists of supplying a Type along with type-specific rules. For example, for an Integer type, one can validate that it must be within a numeric range. For a String, to match a regular expression. And so on.

To access this feature, either create or edit a Parameter, then expand the Show rules section. You’ll then be able to specify the type, and any relevant rules. Note that when editing an existing Parameter, you won’t be able to save the rule until you fix any values that violate it. Thereafter, whenever you try to add or edit a value, it will be validated against the rules, and prevent saving when invalid.

Validating configuration with rules
Adding Rules

Why is it useful?

The most frequent causes of misconfiguration come from typos and transgressing tribal knowledge.

We’ve all been there when it comes to typos, and have mistyped a value like mod instead of mode or even the dreaded Oh/Zero that is so hard to see with the naked eye (10 is not 1O)! For strings which are frequently some form of enum, a regular expression like red|blue|green makes it obvious which values are valid, and prevents someone else from inputting a wrong one. Likewise, an integer rule would prevent using an Oh instead of a Zero.

Transgressing Tribal Knowledge can be a little more subtle. Invariably, you’ll end up with scenario where only a handful of people know about the special value a parameter requires. For example, elastic search used to require a memory size that could only increase up to certain limit. If you increased larger than this value, it would cause a failure. This is easily remedied by using an Integer type with a Maximum constraint for the parameter. A helpful comment in the parameter would also give a deeper explanation for future editors.

Join ‘The Pipeline’

Our bite-sized newsletter with DevSecOps industry tips and security alerts to increase pipeline velocity and system security.

Subscribe For Free

Continue exploring

Browse All Talks

Continue Reading