Browse Source

Unwrap managed documents before linting

Unwrap managed documents during the linting process before passing
them to deckhand, to avoid namespace collisions.

Change-Id: I0467560154c737dc664a126241cd56257091125d
changes/89/638689/8
Lev Morgan 3 months ago
parent
commit
2596e7c840
2 changed files with 48 additions and 2 deletions
  1. 25
    2
      pegleg/engine/lint.py
  2. 23
    0
      tests/unit/engine/test_lint.py

+ 25
- 2
pegleg/engine/lint.py View File

@@ -276,6 +276,24 @@ def _verify_document(document, schemas, filename):
276 276
     return errors
277 277
 
278 278
 
279
+def _handle_managed_document(doc):
280
+    """
281
+    Unwrap a managed document without decrypting it, and convert
282
+    the data to an ASCII string if necessary. We're just
283
+    using this so that managed documents and the documents
284
+    that depend on them can be linted.
285
+
286
+    :param dict doc: A YAML document
287
+    :returns: the processed document
288
+    :rtype: dict
289
+    """
290
+    if "managedDocument" in doc["data"]:
291
+        doc = doc["data"]["managedDocument"]
292
+        if isinstance(doc["data"], bytes):
293
+            doc["data"] = doc["data"].decode("ascii")
294
+    return doc
295
+
296
+
279 297
 def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
280 298
     """Verify Deckhand render works by using all relevant deployment files.
281 299
 
@@ -284,7 +302,9 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
284 302
     all_errors = []
285 303
 
286 304
     if sitename:
287
-        documents_to_render = util.definition.documents_for_site(sitename)
305
+        documents_to_render = [_handle_managed_document(doc) for doc in
306
+                               util.definition.documents_for_site(sitename)]
307
+
288 308
         LOG.debug('Rendering documents for site: %s.', sitename)
289 309
         _, errors = util.deckhand.deckhand_render(
290 310
             documents=documents_to_render,
@@ -296,10 +316,13 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
296 316
         all_errors.extend(errors)
297 317
     else:
298 318
         documents_to_render = util.definition.documents_for_each_site()
319
+
299 320
         for site_name, documents in documents_to_render.items():
321
+            clean_documents = [_handle_managed_document(doc) for doc
322
+                               in documents]
300 323
             LOG.debug('Rendering documents for site: %s.', site_name)
301 324
             _, errors = util.deckhand.deckhand_render(
302
-                documents=documents,
325
+                documents=clean_documents,
303 326
                 fail_on_missing_sub_src=fail_on_missing_sub_src,
304 327
                 validate=True,
305 328
             )

+ 23
- 0
tests/unit/engine/test_lint.py View File

@@ -19,6 +19,8 @@ from pegleg.engine.errorcodes import DECKHAND_DUPLICATE_SCHEMA
19 19
 from pegleg.engine.errorcodes import DECKHAND_RENDER_EXCEPTION
20 20
 from pegleg.engine.util import deckhand
21 21
 from pegleg.engine.util import files
22
+from pegleg.engine.util.pegleg_managed_document \
23
+        import PeglegManagedSecretsDocument
22 24
 from tests.unit.fixtures import create_tmp_deployment_files
23 25
 
24 26
 
@@ -179,6 +181,27 @@ def test_verify_deckhand_render_error_handling(mock_render):
179 181
         errors) == exp_dict['exp1'] + exp_dict['exp2'] + exp_dict['exp3']
180 182
 
181 183
 
184
+def test_handle_managed_document():
185
+    not_managed = {
186
+        "schema": "pegleg/FakeSchema/v1",
187
+        "metadata": {
188
+            "schema": "metadata/Document/v1",
189
+            "layeringDefinition": {
190
+                "abstract": "false",
191
+                "layer": "site"
192
+            },
193
+            "name": "fakesite",
194
+            "storagePolicy": "cleartext"
195
+        },
196
+        "data": "None"
197
+    }
198
+
199
+    managed = PeglegManagedSecretsDocument(not_managed).pegleg_document
200
+
201
+    assert lint._handle_managed_document(not_managed) == not_managed
202
+    assert lint._handle_managed_document(managed) == not_managed
203
+
204
+
182 205
 def _deckhand_render_exception_msg(errors):
183 206
     """
184 207
     Helper function to create deckhand render exception msg.

Loading…
Cancel
Save