Unwrap managed documents before linting
Unwrap managed documents during the linting process before passing them to deckhand, to avoid namespace collisions. Change-Id: I0467560154c737dc664a126241cd56257091125d
This commit is contained in:
parent
32a9124c0d
commit
2596e7c840
|
@ -276,6 +276,24 @@ def _verify_document(document, schemas, filename):
|
||||||
return errors
|
return errors
|
||||||
|
|
||||||
|
|
||||||
|
def _handle_managed_document(doc):
|
||||||
|
"""
|
||||||
|
Unwrap a managed document without decrypting it, and convert
|
||||||
|
the data to an ASCII string if necessary. We're just
|
||||||
|
using this so that managed documents and the documents
|
||||||
|
that depend on them can be linted.
|
||||||
|
|
||||||
|
:param dict doc: A YAML document
|
||||||
|
:returns: the processed document
|
||||||
|
:rtype: dict
|
||||||
|
"""
|
||||||
|
if "managedDocument" in doc["data"]:
|
||||||
|
doc = doc["data"]["managedDocument"]
|
||||||
|
if isinstance(doc["data"], bytes):
|
||||||
|
doc["data"] = doc["data"].decode("ascii")
|
||||||
|
return doc
|
||||||
|
|
||||||
|
|
||||||
def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
||||||
"""Verify Deckhand render works by using all relevant deployment files.
|
"""Verify Deckhand render works by using all relevant deployment files.
|
||||||
|
|
||||||
|
@ -284,7 +302,9 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
||||||
all_errors = []
|
all_errors = []
|
||||||
|
|
||||||
if sitename:
|
if sitename:
|
||||||
documents_to_render = util.definition.documents_for_site(sitename)
|
documents_to_render = [_handle_managed_document(doc) for doc in
|
||||||
|
util.definition.documents_for_site(sitename)]
|
||||||
|
|
||||||
LOG.debug('Rendering documents for site: %s.', sitename)
|
LOG.debug('Rendering documents for site: %s.', sitename)
|
||||||
_, errors = util.deckhand.deckhand_render(
|
_, errors = util.deckhand.deckhand_render(
|
||||||
documents=documents_to_render,
|
documents=documents_to_render,
|
||||||
|
@ -296,10 +316,13 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
||||||
all_errors.extend(errors)
|
all_errors.extend(errors)
|
||||||
else:
|
else:
|
||||||
documents_to_render = util.definition.documents_for_each_site()
|
documents_to_render = util.definition.documents_for_each_site()
|
||||||
|
|
||||||
for site_name, documents in documents_to_render.items():
|
for site_name, documents in documents_to_render.items():
|
||||||
|
clean_documents = [_handle_managed_document(doc) for doc
|
||||||
|
in documents]
|
||||||
LOG.debug('Rendering documents for site: %s.', site_name)
|
LOG.debug('Rendering documents for site: %s.', site_name)
|
||||||
_, errors = util.deckhand.deckhand_render(
|
_, errors = util.deckhand.deckhand_render(
|
||||||
documents=documents,
|
documents=clean_documents,
|
||||||
fail_on_missing_sub_src=fail_on_missing_sub_src,
|
fail_on_missing_sub_src=fail_on_missing_sub_src,
|
||||||
validate=True,
|
validate=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -19,6 +19,8 @@ from pegleg.engine.errorcodes import DECKHAND_DUPLICATE_SCHEMA
|
||||||
from pegleg.engine.errorcodes import DECKHAND_RENDER_EXCEPTION
|
from pegleg.engine.errorcodes import DECKHAND_RENDER_EXCEPTION
|
||||||
from pegleg.engine.util import deckhand
|
from pegleg.engine.util import deckhand
|
||||||
from pegleg.engine.util import files
|
from pegleg.engine.util import files
|
||||||
|
from pegleg.engine.util.pegleg_managed_document \
|
||||||
|
import PeglegManagedSecretsDocument
|
||||||
from tests.unit.fixtures import create_tmp_deployment_files
|
from tests.unit.fixtures import create_tmp_deployment_files
|
||||||
|
|
||||||
|
|
||||||
|
@ -179,6 +181,27 @@ def test_verify_deckhand_render_error_handling(mock_render):
|
||||||
errors) == exp_dict['exp1'] + exp_dict['exp2'] + exp_dict['exp3']
|
errors) == exp_dict['exp1'] + exp_dict['exp2'] + exp_dict['exp3']
|
||||||
|
|
||||||
|
|
||||||
|
def test_handle_managed_document():
|
||||||
|
not_managed = {
|
||||||
|
"schema": "pegleg/FakeSchema/v1",
|
||||||
|
"metadata": {
|
||||||
|
"schema": "metadata/Document/v1",
|
||||||
|
"layeringDefinition": {
|
||||||
|
"abstract": "false",
|
||||||
|
"layer": "site"
|
||||||
|
},
|
||||||
|
"name": "fakesite",
|
||||||
|
"storagePolicy": "cleartext"
|
||||||
|
},
|
||||||
|
"data": "None"
|
||||||
|
}
|
||||||
|
|
||||||
|
managed = PeglegManagedSecretsDocument(not_managed).pegleg_document
|
||||||
|
|
||||||
|
assert lint._handle_managed_document(not_managed) == not_managed
|
||||||
|
assert lint._handle_managed_document(managed) == not_managed
|
||||||
|
|
||||||
|
|
||||||
def _deckhand_render_exception_msg(errors):
|
def _deckhand_render_exception_msg(errors):
|
||||||
"""
|
"""
|
||||||
Helper function to create deckhand render exception msg.
|
Helper function to create deckhand render exception msg.
|
||||||
|
|
Loading…
Reference in New Issue