From 2596e7c840d65b15a054131ebecadba8104cf351 Mon Sep 17 00:00:00 2001 From: Lev Morgan Date: Fri, 22 Feb 2019 09:24:55 -0600 Subject: [PATCH] Unwrap managed documents before linting Unwrap managed documents during the linting process before passing them to deckhand, to avoid namespace collisions. Change-Id: I0467560154c737dc664a126241cd56257091125d --- pegleg/engine/lint.py | 27 +++++++++++++++++++++++++-- tests/unit/engine/test_lint.py | 23 +++++++++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/pegleg/engine/lint.py b/pegleg/engine/lint.py index 7b2f7259..582df86b 100644 --- a/pegleg/engine/lint.py +++ b/pegleg/engine/lint.py @@ -276,6 +276,24 @@ def _verify_document(document, schemas, filename): return errors +def _handle_managed_document(doc): + """ + Unwrap a managed document without decrypting it, and convert + the data to an ASCII string if necessary. We're just + using this so that managed documents and the documents + that depend on them can be linted. + + :param dict doc: A YAML document + :returns: the processed document + :rtype: dict + """ + if "managedDocument" in doc["data"]: + doc = doc["data"]["managedDocument"] + if isinstance(doc["data"], bytes): + doc["data"] = doc["data"].decode("ascii") + return doc + + def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False): """Verify Deckhand render works by using all relevant deployment files. @@ -284,7 +302,9 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False): all_errors = [] if sitename: - documents_to_render = util.definition.documents_for_site(sitename) + documents_to_render = [_handle_managed_document(doc) for doc in + util.definition.documents_for_site(sitename)] + LOG.debug('Rendering documents for site: %s.', sitename) _, errors = util.deckhand.deckhand_render( documents=documents_to_render, @@ -296,10 +316,13 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False): all_errors.extend(errors) else: documents_to_render = util.definition.documents_for_each_site() + for site_name, documents in documents_to_render.items(): + clean_documents = [_handle_managed_document(doc) for doc + in documents] LOG.debug('Rendering documents for site: %s.', site_name) _, errors = util.deckhand.deckhand_render( - documents=documents, + documents=clean_documents, fail_on_missing_sub_src=fail_on_missing_sub_src, validate=True, ) diff --git a/tests/unit/engine/test_lint.py b/tests/unit/engine/test_lint.py index ce096c4c..5abaf488 100644 --- a/tests/unit/engine/test_lint.py +++ b/tests/unit/engine/test_lint.py @@ -19,6 +19,8 @@ from pegleg.engine.errorcodes import DECKHAND_DUPLICATE_SCHEMA from pegleg.engine.errorcodes import DECKHAND_RENDER_EXCEPTION from pegleg.engine.util import deckhand from pegleg.engine.util import files +from pegleg.engine.util.pegleg_managed_document \ + import PeglegManagedSecretsDocument from tests.unit.fixtures import create_tmp_deployment_files @@ -179,6 +181,27 @@ def test_verify_deckhand_render_error_handling(mock_render): errors) == exp_dict['exp1'] + exp_dict['exp2'] + exp_dict['exp3'] +def test_handle_managed_document(): + not_managed = { + "schema": "pegleg/FakeSchema/v1", + "metadata": { + "schema": "metadata/Document/v1", + "layeringDefinition": { + "abstract": "false", + "layer": "site" + }, + "name": "fakesite", + "storagePolicy": "cleartext" + }, + "data": "None" + } + + managed = PeglegManagedSecretsDocument(not_managed).pegleg_document + + assert lint._handle_managed_document(not_managed) == not_managed + assert lint._handle_managed_document(managed) == not_managed + + def _deckhand_render_exception_msg(errors): """ Helper function to create deckhand render exception msg.