Browse Source

Merge "Fix secrets linting error"

changes/21/634821/8
Zuul 6 months ago
parent
commit
fe2484cb18

BIN
doc/source/images/architecture-pegleg.png View File


+ 2
- 10
pegleg/engine/lint.py View File

@@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
269 269
                            'storagePolicy: "%s"' % (filename, name,
270 270
                                                     storage_policy)))
271 271
 
272
-        if not _filename_in_section(filename, 'secrets/'):
272
+        # Check if the file is in a secrets directory
273
+        if not util.files.file_in_subdir(filename, 'secrets/'):
273 274
             errors.append((SECRET_NOT_ENCRYPTED_POLICY,
274 275
                            '%s (document %s) is a secret, is not stored in a '
275 276
                            'secrets path' % (filename, name)))
@@ -353,12 +354,3 @@ def _load_schemas():
353 354
         schemas[key] = util.files.slurp(
354 355
             pkg_resources.resource_filename('pegleg', filename))
355 356
     return schemas
356
-
357
-
358
-def _filename_in_section(filename, section):
359
-    directory = util.files.directory_for(path=filename)
360
-    if directory is not None:
361
-        rest = filename[len(directory) + 1:]
362
-        return rest is not None and rest.startswith(section)
363
-    else:
364
-        return False

+ 12
- 0
pegleg/engine/util/files.py View File

@@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
382 382
         documents = util.files.read(filename)
383 383
         collected_files_by_repo[repo_name].extend(documents)
384 384
     return collected_files_by_repo
385
+
386
+
387
+def file_in_subdir(filename, _dir):
388
+    """
389
+    Check if a folder named _dir is in the path to the file
390
+
391
+    :return: Whether _dir is a parent of the file
392
+    :rtype: bool
393
+    """
394
+    file_path, file_name = os.path.split(
395
+        os.path.realpath(filename))
396
+    return _dir in file_path.split(os.path.sep)

+ 7
- 0
tests/unit/engine/util/test_files.py View File

@@ -36,3 +36,10 @@ class TestFileHelpers(object):
36 36
         documents = files.read(path)
37 37
         assert not documents, ("Documents returned should be empty for "
38 38
                                "site-definition.yaml")
39
+
40
+def test_file_in_subdir():
41
+    assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
42
+    assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
43
+    assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
44
+    assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
45
+    assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")

Loading…
Cancel
Save