SourceContext: add same_project comparison
The SourceContext equality check is using the in repository yaml path which may differ for a single project, resulting in secrets being incorrectly validated when they are defined in dedicated files. This change adds a same_project method to validate secrets. Change-Id: I5500e43faa3cbb7ed470575fe54cb66aed343b9a
This commit is contained in:
parent
d275039481
commit
e50af2ece2
|
@ -513,7 +513,7 @@ class JobParser(object):
|
||||||
raise SecretNotFoundError(secret_name)
|
raise SecretNotFoundError(secret_name)
|
||||||
if secret_name == 'zuul':
|
if secret_name == 'zuul':
|
||||||
raise Exception("Secrets named 'zuul' are not allowed.")
|
raise Exception("Secrets named 'zuul' are not allowed.")
|
||||||
if secret.source_context != job.source_context:
|
if not secret.source_context.isSameProject(job.source_context):
|
||||||
raise Exception(
|
raise Exception(
|
||||||
"Unable to use secret %s. Secrets must be "
|
"Unable to use secret %s. Secrets must be "
|
||||||
"defined in the same project in which they "
|
"defined in the same project in which they "
|
||||||
|
|
|
@ -627,6 +627,13 @@ class SourceContext(object):
|
||||||
return self.__class__(self.project, self.branch, self.path,
|
return self.__class__(self.project, self.branch, self.path,
|
||||||
self.trusted)
|
self.trusted)
|
||||||
|
|
||||||
|
def isSameProject(self, other):
|
||||||
|
if not isinstance(other, SourceContext):
|
||||||
|
return False
|
||||||
|
return (self.project == other.project and
|
||||||
|
self.branch == other.branch and
|
||||||
|
self.trusted == other.trusted)
|
||||||
|
|
||||||
def __ne__(self, other):
|
def __ne__(self, other):
|
||||||
return not self.__eq__(other)
|
return not self.__eq__(other)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue