summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-03-01 16:39:11 +0000
committerGerrit Code Review <review@openstack.org>2019-03-01 16:39:11 +0000
commitfe2484cb18981d26637b87932e59939841112865 (patch)
tree388e6aa98b45bf381e1537df3fb144499f6ef8fd
parent566c79265844a95b8cdd069a37f2c731a231a4ed (diff)
parent484772eb64dffdd72663499ab5aaf1a67ff5c3b3 (diff)
Merge "Fix secrets linting error"
-rw-r--r--doc/source/images/architecture-pegleg.pngbin37604 -> 37604 bytes
-rw-r--r--pegleg/engine/lint.py12
-rw-r--r--pegleg/engine/util/files.py12
-rw-r--r--tests/unit/engine/util/test_files.py7
4 files changed, 21 insertions, 10 deletions
diff --git a/doc/source/images/architecture-pegleg.png b/doc/source/images/architecture-pegleg.png
index c872f55..acdfa92 100644
--- a/doc/source/images/architecture-pegleg.png
+++ b/doc/source/images/architecture-pegleg.png
Binary files differ
diff --git a/pegleg/engine/lint.py b/pegleg/engine/lint.py
index 582df86..aaf9cf1 100644
--- a/pegleg/engine/lint.py
+++ b/pegleg/engine/lint.py
@@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
269 'storagePolicy: "%s"' % (filename, name, 269 'storagePolicy: "%s"' % (filename, name,
270 storage_policy))) 270 storage_policy)))
271 271
272 if not _filename_in_section(filename, 'secrets/'): 272 # Check if the file is in a secrets directory
273 if not util.files.file_in_subdir(filename, 'secrets/'):
273 errors.append((SECRET_NOT_ENCRYPTED_POLICY, 274 errors.append((SECRET_NOT_ENCRYPTED_POLICY,
274 '%s (document %s) is a secret, is not stored in a ' 275 '%s (document %s) is a secret, is not stored in a '
275 'secrets path' % (filename, name))) 276 'secrets path' % (filename, name)))
@@ -353,12 +354,3 @@ def _load_schemas():
353 schemas[key] = util.files.slurp( 354 schemas[key] = util.files.slurp(
354 pkg_resources.resource_filename('pegleg', filename)) 355 pkg_resources.resource_filename('pegleg', filename))
355 return schemas 356 return schemas
356
357
358def _filename_in_section(filename, section):
359 directory = util.files.directory_for(path=filename)
360 if directory is not None:
361 rest = filename[len(directory) + 1:]
362 return rest is not None and rest.startswith(section)
363 else:
364 return False
diff --git a/pegleg/engine/util/files.py b/pegleg/engine/util/files.py
index 02cb33e..54ea38e 100644
--- a/pegleg/engine/util/files.py
+++ b/pegleg/engine/util/files.py
@@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
382 documents = util.files.read(filename) 382 documents = util.files.read(filename)
383 collected_files_by_repo[repo_name].extend(documents) 383 collected_files_by_repo[repo_name].extend(documents)
384 return collected_files_by_repo 384 return collected_files_by_repo
385
386
387def file_in_subdir(filename, _dir):
388 """
389 Check if a folder named _dir is in the path to the file
390
391 :return: Whether _dir is a parent of the file
392 :rtype: bool
393 """
394 file_path, file_name = os.path.split(
395 os.path.realpath(filename))
396 return _dir in file_path.split(os.path.sep)
diff --git a/tests/unit/engine/util/test_files.py b/tests/unit/engine/util/test_files.py
index b0938ee..5a9e696 100644
--- a/tests/unit/engine/util/test_files.py
+++ b/tests/unit/engine/util/test_files.py
@@ -36,3 +36,10 @@ class TestFileHelpers(object):
36 documents = files.read(path) 36 documents = files.read(path)
37 assert not documents, ("Documents returned should be empty for " 37 assert not documents, ("Documents returned should be empty for "
38 "site-definition.yaml") 38 "site-definition.yaml")
39
40def test_file_in_subdir():
41 assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
42 assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
43 assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
44 assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
45 assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")