fix(cli): validate transform expressions without environment

Author: pront

changelog.d/15037_validate_no_environment_vrl.fix.md

@@ -0,0 +1,3 @@
+Fixed `vector validate --no-environment` so it reports VRL and condition compilation errors for transforms without requiring full environment-dependent component initialization.
+
+authors: pront

src/conditions/mod.rs

@@ -210,6 +210,14 @@ impl AnyCondition {
             AnyCondition::Map(m) => m.build(enrichment_tables, metrics_storage),
         }
     }
+
+    pub fn validate(
+        &self,
+        enrichment_tables: &vector_lib::enrichment::TableRegistry,
+        metrics_storage: &MetricsStorage,
+    ) -> crate::Result<()> {
+        self.build(enrichment_tables, metrics_storage).map(|_| ())
+    }
 }
 
 impl From<ConditionConfig> for AnyCondition {

src/config/transform.rs

@@ -162,6 +162,12 @@ pub struct TransformContext {
     /// (e.g. `aws_ec2_metadata`, `throttle`) clone this and pass it to [`crate::cpu_time::spawn_timed`] so
     /// their CPU is attributed to the component alongside the main transform task.
     pub cpu_ns: Option<Counter>,
+
+    /// Whether transform construction should skip checks that require the running environment.
+    ///
+    /// This is set by `vector validate --no-environment` when it builds transforms to validate
+    /// configuration that is normally checked in `build`.
+    pub skip_environment_checks: bool,
 }
 
 impl Default for TransformContext {
@@ -176,6 +182,7 @@ impl Default for TransformContext {
             schema: SchemaOptions::default(),
             extra_context: Default::default(),
             cpu_ns: None,
+            skip_environment_checks: false,
         }
     }
 }

src/topology/builder.rs

@@ -540,6 +540,7 @@ impl<'a> Builder<'a> {
             } else {
                 None
             },
+            skip_environment_checks: false,
         };
 
         let node = TransformNode::from_parts(key.clone(), &context, transform, &input_definitions);

src/transforms/aws_ec2_metadata.rs

@@ -229,27 +229,29 @@ impl TransformConfig for Ec2Metadata {
             tags,
         );
 
-        // If initial metadata is not required, log and proceed. Otherwise return error.
-        if let Err(error) = client.refresh_metadata().await {
-            if required {
-                return Err(error);
-            } else {
-                emit!(AwsEc2MetadataRefreshError { error });
+        if !context.skip_environment_checks {
+            // If initial metadata is not required, log and proceed. Otherwise return error.
+            if let Err(error) = client.refresh_metadata().await {
+                if required {
+                    return Err(error);
+                } else {
+                    emit!(AwsEc2MetadataRefreshError { error });
+                }
             }
-        }
 
-        // The metadata-refresh loop runs as its own tokio task, so the main
-        // transform task's CPU-time wrapper does not see it. Spawn the
-        // background task with the same component-tagged counter so its CPU
-        // is attributed to this transform.
-        spawn_timed(
-            async move {
-                client.run().await;
-            }
-            // TODO: Once #1338 is done we can fetch the current span
-            .instrument(info_span!("aws_ec2_metadata: worker").or_current()),
-            context.cpu_ns.clone(),
-        );
+            // The metadata-refresh loop runs as its own tokio task, so the main
+            // transform task's CPU-time wrapper does not see it. Spawn the
+            // background task with the same component-tagged counter so its CPU
+            // is attributed to this transform.
+            spawn_timed(
+                async move {
+                    client.run().await;
+                }
+                // TODO: Once #1338 is done we can fetch the current span
+                .instrument(info_span!("aws_ec2_metadata: worker").or_current()),
+                context.cpu_ns.clone(),
+            );
+        }
 
         Ok(Transform::event_task(Ec2MetadataTransform { state }))
     }
@@ -718,11 +720,15 @@ enum Ec2MetadataError {
 
 #[cfg(test)]
 mod test {
+    use tokio::{
+        net::TcpListener,
+        time::{Duration, timeout},
+    };
     use vector_lib::lookup::OwnedTargetPath;
     use vrl::{owned_value_path, value::Kind};
 
     use crate::{
-        config::{LogNamespace, OutputId, TransformConfig, schema::Definition},
+        config::{LogNamespace, OutputId, TransformConfig, TransformContext, schema::Definition},
         transforms::aws_ec2_metadata::Ec2Metadata,
     };
 
@@ -745,6 +751,31 @@ mod test {
         let actual_schema_def = output.schema_definitions(true)[&OutputId::dummy()].clone();
         assert!(actual_schema_def.event_kind().is_object());
     }
+
+    #[tokio::test]
+    async fn build_with_skip_environment_checks_does_not_refresh_metadata() {
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+
+        let transform_config = Ec2Metadata {
+            endpoint: format!("http://{addr}"),
+            refresh_timeout_secs: Duration::from_millis(50),
+            ..Default::default()
+        };
+        let context = TransformContext {
+            skip_environment_checks: true,
+            ..Default::default()
+        };
+
+        let _transform = transform_config.build(&context).await.unwrap();
+
+        assert!(
+            timeout(Duration::from_millis(100), listener.accept())
+                .await
+                .is_err(),
+            "metadata endpoint was accessed while environment checks were skipped"
+        );
+    }
 }
 
 #[cfg(feature = "aws-ec2-metadata-integration-tests")]

src/validate.rs

@@ -1,13 +1,15 @@
 #![allow(missing_docs)]
 
-use std::{fmt, fs::remove_dir_all, path::PathBuf};
+use std::{collections::HashMap, fmt, fs::remove_dir_all, path::PathBuf};
 
 use clap::Parser;
 use colored::*;
 use exitcode::ExitCode;
+use vector_vrl_metrics::MetricsStorage;
 
 use crate::{
-    config::{self, Config, ConfigDiff, loading::ConfigBuilderLoader},
+    config::{self, Config, ConfigDiff, TransformContext, loading::ConfigBuilderLoader},
+    schema::Definition,
     topology::{
         self,
         builder::{TopologyPieces, TopologyPiecesBuilder},
@@ -117,13 +119,13 @@ pub async fn validate(opts: &Opts, color: bool) -> ExitCode {
         None => return exitcode::CONFIG,
     };
 
-    if !opts.no_environment {
-        if let Some(tmp_directory) = create_tmp_directory(&mut config, &mut fmt) {
-            validated &= validate_environment(opts, &config, &mut fmt).await;
-            remove_tmp_directory(tmp_directory);
-        } else {
-            validated = false;
-        }
+    if opts.no_environment {
+        validated &= validate_transforms_no_environment(&config, &mut fmt).await;
+    } else if let Some(tmp_directory) = create_tmp_directory(&mut config, &mut fmt) {
+        validated &= validate_environment(opts, &config, &mut fmt).await;
+        remove_tmp_directory(tmp_directory);
+    } else {
+        validated = false;
     }
 
     if validated {
@@ -180,6 +182,72 @@ pub fn validate_config(opts: &Opts, fmt: &mut Formatter) -> Option<Config> {
     Some(config)
 }
 
+async fn validate_transforms_no_environment(config: &Config, fmt: &mut Formatter) -> bool {
+    let enrichment_tables = vector_lib::enrichment::TableRegistry::default();
+    let metrics_storage = MetricsStorage::default();
+    let mut definition_cache = HashMap::new();
+    let mut errors = Vec::new();
+
+    for (key, transform) in config.transforms() {
+        let input_definitions = topology::schema::input_definitions(
+            &transform.inputs,
+            config,
+            enrichment_tables.clone(),
+            &mut definition_cache,
+        )
+        .unwrap_or_default();
+
+        let merged_schema_definition = input_definitions
+            .iter()
+            .map(|(_, definition)| definition.clone())
+            .reduce(Definition::merge)
+            .unwrap_or_else(Definition::any);
+
+        let schema_definitions = transform
+            .inner
+            .outputs(
+                &TransformContext {
+                    enrichment_tables: enrichment_tables.clone(),
+                    metrics_storage: metrics_storage.clone(),
+                    schema: config.schema,
+                    ..Default::default()
+                },
+                &input_definitions,
+            )
+            .into_iter()
+            .map(|output| {
+                let definitions = output.schema_definitions(config.schema.enabled);
+                (output.port, definitions)
+            })
+            .collect();
+
+        let context = TransformContext {
+            key: Some(key.clone()),
+            globals: config.global.clone(),
+            enrichment_tables: enrichment_tables.clone(),
+            metrics_storage: metrics_storage.clone(),
+            schema_definitions,
+            merged_schema_definition,
+            schema: config.schema,
+            skip_environment_checks: true,
+            ..Default::default()
+        };
+
+        if let Err(error) = transform.inner.build(&context).await {
+            errors.push(format!("Transform \"{key}\": {error}"));
+        }
+    }
+
+    if errors.is_empty() {
+        fmt.success("Transform configuration");
+        true
+    } else {
+        fmt.title("Transform errors");
+        fmt.sub_error(errors);
+        false
+    }
+}
+
 async fn validate_environment(opts: &Opts, config: &Config, fmt: &mut Formatter) -> bool {
     let diff = ConfigDiff::initial(config);
 

tests/integration/cli.rs

@@ -132,6 +132,87 @@ fn validate_ignore_healthcheck() {
     );
 }
 
+#[test]
+fn validate_no_environment_reports_transform_vrl_errors() {
+    assert_eq!(
+        validate_with_args(
+            indoc! {r#"
+                data_dir = "${VECTOR_DATA_DIR}"
+
+                [sources.in]
+                    type = "demo_logs"
+                    format = "shuffle"
+                    lines = ["log"]
+
+                [transforms.broken]
+                    inputs = ["in"]
+                    type = "remap"
+                    source = ".foo = to_int(.bar)"
+
+                [sinks.out]
+                    inputs = ["broken"]
+                    type = "blackhole"
+            "#},
+            &["--no-environment"],
+        ),
+        exitcode::CONFIG
+    );
+}
+
+#[test]
+fn validate_no_environment_validates_condition_transforms() {
+    assert_eq!(
+        validate_with_args(
+            indoc! {r#"
+                data_dir = "${VECTOR_DATA_DIR}"
+
+                [sources.in]
+                    type = "demo_logs"
+                    format = "shuffle"
+                    lines = ["log"]
+
+                [transforms.filtered]
+                    inputs = ["in"]
+                    type = "filter"
+                    condition = "exists(.message)"
+
+                [sinks.out]
+                    inputs = ["filtered"]
+                    type = "blackhole"
+            "#},
+            &["--no-environment"],
+        ),
+        exitcode::OK
+    );
+}
+
+#[test]
+fn validate_no_environment_skips_aws_ec2_metadata_environment_check() {
+    assert_eq!(
+        validate_with_args(
+            indoc! {r#"
+                data_dir = "${VECTOR_DATA_DIR}"
+
+                [sources.in]
+                    type = "demo_logs"
+                    format = "shuffle"
+                    lines = ["log"]
+
+                [transforms.meta]
+                    inputs = ["in"]
+                    type = "aws_ec2_metadata"
+                    endpoint = "http://127.0.0.1:9"
+
+                [sinks.out]
+                    inputs = ["meta"]
+                    type = "blackhole"
+            "#},
+            &["--no-environment"],
+        ),
+        exitcode::OK
+    );
+}
+
 #[test]
 fn test_command_no_escape_codes_in_output() {
     // A config with an unhandled fallible VRL function call (missing `!`).
@@ -183,19 +264,34 @@ fn test_command_no_escape_codes_in_output() {
 }
 
 fn validate(config: &str) -> i32 {
+    validate_with_args(config, &[])
+}
+
+fn validate_with_args(config: &str, args: &[&str]) -> i32 {
+    validate_output_with_args(config, args)
+        .status
+        .code()
+        .unwrap()
+}
+
+fn validate_output_with_args(config: &str, args: &[&str]) -> std::process::Output {
     let dir = create_directory();
 
     // Config with some components that write to file system.
     let config = create_file(config);
 
     // Run vector
     let mut cmd = Command::cargo_bin("vector").unwrap();
-    cmd.arg("validate").arg(config).env("VECTOR_DATA_DIR", dir);
+    cmd.arg("validate");
+    for arg in args {
+        cmd.arg(arg);
+    }
+    cmd.arg(config).env("VECTOR_DATA_DIR", dir);
 
     let output = cmd.output().unwrap();
     println!(
         "{}",
-        String::from_utf8(output.stdout).expect("Vector output isn't a valid utf8 string")
+        String::from_utf8(output.stdout.clone()).expect("Vector output isn't a valid utf8 string")
     );
-    output.status.code().unwrap()
+    output
 }