Uniquely name managed documents
When pegleg wraps documents, it uses the original document name as the name of the managed document. This often results in duplicate documents (i.e. identical in name and schema). For example, it is expected to have identically named deckhand document pairs: Certificate & CertificateKey; CertificateAuthority & CertificateAuthorityKey; PublicKey & PrivateKey. However, this could also occur for unrelated document types that happen to have the same name, and generally defeats the principle that each document is identified by a schema top-level key and the metadata.name. This change uses a combination of the original document schema and name to build the name of the pegleg/PeglegManagedDocument/v1. Change-Id: Iab186ae7e9d24a30cb413be89a17fad960e10bea
This commit is contained in:
parent
def3afff05
commit
417975b596
@ -80,7 +80,10 @@ class PeglegManagedSecretsDocument(object):
|
|||||||
[('abstract', False), ('layer', layer)])
|
[('abstract', False), ('layer', layer)])
|
||||||
metadata = OrderedDict(
|
metadata = OrderedDict(
|
||||||
[
|
[
|
||||||
('name', secrets_document['metadata']['name']),
|
(
|
||||||
|
'name', '{}/{}'.format(
|
||||||
|
secrets_document['schema'],
|
||||||
|
secrets_document['metadata']['name'])),
|
||||||
('schema', 'metadata/Document/v1'),
|
('schema', 'metadata/Document/v1'),
|
||||||
('labels', secrets_document['metadata'].get('labels', {})),
|
('labels', secrets_document['metadata'].get('labels', {})),
|
||||||
('layeringDefinition', layering_definition),
|
('layeringDefinition', layering_definition),
|
||||||
|
@ -279,7 +279,9 @@ class TestPKIGenerator(object):
|
|||||||
wrapper_storage_policy = document['metadata']['storagePolicy']
|
wrapper_storage_policy = document['metadata']['storagePolicy']
|
||||||
# This document is owned by Pegleg so begins with pegleg.
|
# This document is owned by Pegleg so begins with pegleg.
|
||||||
assert "pegleg/PeglegManagedDocument/v1" == wrapper_schema
|
assert "pegleg/PeglegManagedDocument/v1" == wrapper_schema
|
||||||
assert expected_name == wrapper_name
|
expected_wrapper_name = '{}/{}'.format(
|
||||||
|
wrapped_schema, expected_name)
|
||||||
|
assert expected_wrapper_name == wrapper_name
|
||||||
assert "cleartext" == wrapper_storage_policy
|
assert "cleartext" == wrapper_storage_policy
|
||||||
|
|
||||||
def _validate_keypairs(self, documents):
|
def _validate_keypairs(self, documents):
|
||||||
|
Loading…
Reference in New Issue
Block a user