Merge "Fix secrets linting error"
This commit is contained in:
commit
fe2484cb18
Binary file not shown.
Before Width: | Height: | Size: 37 KiB After Width: | Height: | Size: 37 KiB |
|
@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
|
|||
'storagePolicy: "%s"' % (filename, name,
|
||||
storage_policy)))
|
||||
|
||||
if not _filename_in_section(filename, 'secrets/'):
|
||||
# Check if the file is in a secrets directory
|
||||
if not util.files.file_in_subdir(filename, 'secrets/'):
|
||||
errors.append((SECRET_NOT_ENCRYPTED_POLICY,
|
||||
'%s (document %s) is a secret, is not stored in a '
|
||||
'secrets path' % (filename, name)))
|
||||
|
@ -353,12 +354,3 @@ def _load_schemas():
|
|||
schemas[key] = util.files.slurp(
|
||||
pkg_resources.resource_filename('pegleg', filename))
|
||||
return schemas
|
||||
|
||||
|
||||
def _filename_in_section(filename, section):
|
||||
directory = util.files.directory_for(path=filename)
|
||||
if directory is not None:
|
||||
rest = filename[len(directory) + 1:]
|
||||
return rest is not None and rest.startswith(section)
|
||||
else:
|
||||
return False
|
||||
|
|
|
@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
|
|||
documents = util.files.read(filename)
|
||||
collected_files_by_repo[repo_name].extend(documents)
|
||||
return collected_files_by_repo
|
||||
|
||||
|
||||
def file_in_subdir(filename, _dir):
|
||||
"""
|
||||
Check if a folder named _dir is in the path to the file
|
||||
|
||||
:return: Whether _dir is a parent of the file
|
||||
:rtype: bool
|
||||
"""
|
||||
file_path, file_name = os.path.split(
|
||||
os.path.realpath(filename))
|
||||
return _dir in file_path.split(os.path.sep)
|
||||
|
|
|
@ -36,3 +36,10 @@ class TestFileHelpers(object):
|
|||
documents = files.read(path)
|
||||
assert not documents, ("Documents returned should be empty for "
|
||||
"site-definition.yaml")
|
||||
|
||||
def test_file_in_subdir():
|
||||
assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
|
||||
assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
|
||||
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
|
||||
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
|
||||
assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")
|
||||
|
|
Loading…
Reference in New Issue