Combine reserved variable name lists in check_varnames

There are two different sections of checking for reserved variable names in this one function, with slightly different error messages. Neither message is specifically informative about the name restriction in the error message, so there's not a great reason to do this two different ways. Add the first set of words into the list and deal with it all the same way. Change-Id: I51327f0abf160a93e81aed46806c3f56ee2c9316
2024-07-31 16:12:50 -07:00 · 2024-07-31 16:12:50 -07:00 · 60e572de1f
commit 60e572de1f
parent 3efb931373
2 changed files with 15 additions and 19 deletions
--- a/tests/unit/test_v3.py
+++ b/tests/unit/test_v3.py
@ -10046,8 +10046,10 @@ class TestConnectionVars(AnsibleZuulTestCase):
                                           files=file_dict)
        self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
        self.waitUntilSettled()
-        self.assertIn("Variable name 'ansible_shell_executable' "
-                      "is not allowed", A.messages[0])
+        self.assertIn(
+            "Defining a variable named 'ansible_shell_executable'"
+            " is not allowed",
+            A.messages[0])
        self.assertHistory([])

    def test_return_data(self):
--- a/zuul/lib/varnames.py
+++ b/zuul/lib/varnames.py
@ -20,32 +20,26 @@ VARNAME_RE = re.compile(r'^[A-Za-z0-9_]+$')


 def check_varnames(var):
-    # We block these in configloader, but block it here too to make
-    # sure that a job doesn't pass variables named zuul or nodepool.
-    if 'zuul' in var:
-        raise VariableNameError(
-            "Defining variables named 'zuul' is not allowed")
-    if 'nodepool' in var:
-        raise VariableNameError(
-            "Defining variables named 'nodepool' is not allowed")
-    if 'unsafe_vars' in var:
-        raise VariableNameError("Defining variables named 'unsafe_vars' "
-                                "is not allowed")
    for varname in var.keys():
        if not VARNAME_RE.match(varname):
            raise VariableNameError(
                "Variable names may only contain letters, "
                "numbers, and underscores")
-    # Block some connection related variables so they cannot be
-    # overridden by jobs to bypass security mechanisms.
-    connection_vars = [
+    reserved_vars = [
+        # We block these in configloader, but block it here too to make
+        # sure that a job doesn't pass variables named zuul or nodepool.
+        'zuul',
+        'nodepool',
+        'unsafe_vars',
+        # Block some connection related variables so they cannot be
+        # overridden by jobs to bypass security mechanisms.
        'ansible_connection',
        'ansible_host',
        'ansible_python_interpreter',
        'ansible_shell_executable',
        'ansible_user',
    ]
-    for conn_var in connection_vars:
-        if conn_var in var:
+    for reserved_var in reserved_vars:
+        if reserved_var in var:
            raise VariableNameError(
-                f"Variable name '{conn_var}' is not allowed.")
+                f"Defining a variable named '{reserved_var}' is not allowed")