Merge "Fix secrets linting error"
This commit is contained in:
commit
fe2484cb18
Binary file not shown.
Before Width: | Height: | Size: 37 KiB After Width: | Height: | Size: 37 KiB |
|
@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
|
||||||
'storagePolicy: "%s"' % (filename, name,
|
'storagePolicy: "%s"' % (filename, name,
|
||||||
storage_policy)))
|
storage_policy)))
|
||||||
|
|
||||||
if not _filename_in_section(filename, 'secrets/'):
|
# Check if the file is in a secrets directory
|
||||||
|
if not util.files.file_in_subdir(filename, 'secrets/'):
|
||||||
errors.append((SECRET_NOT_ENCRYPTED_POLICY,
|
errors.append((SECRET_NOT_ENCRYPTED_POLICY,
|
||||||
'%s (document %s) is a secret, is not stored in a '
|
'%s (document %s) is a secret, is not stored in a '
|
||||||
'secrets path' % (filename, name)))
|
'secrets path' % (filename, name)))
|
||||||
|
@ -353,12 +354,3 @@ def _load_schemas():
|
||||||
schemas[key] = util.files.slurp(
|
schemas[key] = util.files.slurp(
|
||||||
pkg_resources.resource_filename('pegleg', filename))
|
pkg_resources.resource_filename('pegleg', filename))
|
||||||
return schemas
|
return schemas
|
||||||
|
|
||||||
|
|
||||||
def _filename_in_section(filename, section):
|
|
||||||
directory = util.files.directory_for(path=filename)
|
|
||||||
if directory is not None:
|
|
||||||
rest = filename[len(directory) + 1:]
|
|
||||||
return rest is not None and rest.startswith(section)
|
|
||||||
else:
|
|
||||||
return False
|
|
||||||
|
|
|
@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
|
||||||
documents = util.files.read(filename)
|
documents = util.files.read(filename)
|
||||||
collected_files_by_repo[repo_name].extend(documents)
|
collected_files_by_repo[repo_name].extend(documents)
|
||||||
return collected_files_by_repo
|
return collected_files_by_repo
|
||||||
|
|
||||||
|
|
||||||
|
def file_in_subdir(filename, _dir):
|
||||||
|
"""
|
||||||
|
Check if a folder named _dir is in the path to the file
|
||||||
|
|
||||||
|
:return: Whether _dir is a parent of the file
|
||||||
|
:rtype: bool
|
||||||
|
"""
|
||||||
|
file_path, file_name = os.path.split(
|
||||||
|
os.path.realpath(filename))
|
||||||
|
return _dir in file_path.split(os.path.sep)
|
||||||
|
|
|
@ -36,3 +36,10 @@ class TestFileHelpers(object):
|
||||||
documents = files.read(path)
|
documents = files.read(path)
|
||||||
assert not documents, ("Documents returned should be empty for "
|
assert not documents, ("Documents returned should be empty for "
|
||||||
"site-definition.yaml")
|
"site-definition.yaml")
|
||||||
|
|
||||||
|
def test_file_in_subdir():
|
||||||
|
assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
|
||||||
|
assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
|
||||||
|
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
|
||||||
|
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
|
||||||
|
assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")
|
||||||
|
|
Loading…
Reference in New Issue