Skip to content

feat: enforce conditional field requirements during validate#288

Merged
josegonzalez merged 4 commits into
mainfrom
276-enforce-plan-time-conditional-field-requirements-during-validate
Jul 7, 2026
Merged

feat: enforce conditional field requirements during validate#288
josegonzalez merged 4 commits into
mainfrom
276-enforce-plan-time-conditional-field-requirements-during-validate

Conversation

@josegonzalez

Copy link
Copy Markdown
Member

docket validate enforced required:"true" struct-tag fields offline but not the conditional and semantic input requirements each task encodes inside its Plan() method, so recipe-authoring mistakes such as an empty allowed_ips or users list when state: present, a missing password, or setting a property both globally and per-app only surfaced at plan or apply time after contacting a server. This teaches docket validate to run each task's conditional and semantic input checks offline as well, reporting any failure as a new invalid_task_input problem so those mistakes are caught before a server is contacted. The same checks continue to run during plan and apply, so all three report identical errors, and validation stays offline because the checks never contact the server.

Closes #276.

`docket validate` previously only caught missing required fields offline, so the conditional and semantic field requirements each task encodes only surfaced at plan or apply time after contacting a server. Tasks may now expose those input-only checks through an optional `Validate` method that `plan` and `apply` already run, and `validate` calls it offline and reports any failure as a new `invalid_task_input` problem.
Moves the input-only checks that lived directly inside each task's `Plan()` into a `Validate` method that `Plan()` calls first, so `docket validate` reports the same conditional and semantic errors offline as `invalid_task_input`. Covers the tasks whose checks were hand-written in `Plan()`, including `dokku_http_auth_allowed_ip`, `dokku_http_auth_user`, and the other app, http-auth, git, service, storage, and scheduler tasks.
Wraps each task's existing input-validation helper in a `Validate` method that `Plan()` calls first, so `docket validate` runs the same checks offline as `invalid_task_input`. Covers `dokku_acl_service`, `dokku_certs`, `dokku_docker_options`, `dokku_domains`, `dokku_maintenance_custom_page`, `dokku_registry_auth`, `dokku_scheduler_k3s_profile`, and `dokku_storage_mount`, folding in any conditional checks those tasks still applied inline.
Factors the input-only checks out of the shared `planProperty`, `planToggle`, and `planResource` helpers into reusable validators, then exposes them through a `Validate` method on every task that delegates to those helpers, so `docket validate` reports the same scoping and value errors offline. Covers the property, toggle, resource, and scheduler-k3s scoped-pairs and autoscaling-auth tasks.
@josegonzalez josegonzalez merged commit aa2ca3d into main Jul 7, 2026
14 checks passed
@josegonzalez josegonzalez deleted the 276-enforce-plan-time-conditional-field-requirements-during-validate branch July 7, 2026 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Enforce Plan-time conditional field requirements during validate

1 participant