Merge "Fix secrets linting error"

This commit is contained in:
Zuul 2019-03-01 16:39:11 +00:00 committed by Gerrit Code Review
commit fe2484cb18
4 changed files with 21 additions and 10 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 37 KiB

View File

@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
'storagePolicy: "%s"' % (filename, name,
storage_policy)))
if not _filename_in_section(filename, 'secrets/'):
# Check if the file is in a secrets directory
if not util.files.file_in_subdir(filename, 'secrets/'):
errors.append((SECRET_NOT_ENCRYPTED_POLICY,
'%s (document %s) is a secret, is not stored in a '
'secrets path' % (filename, name)))
@ -353,12 +354,3 @@ def _load_schemas():
schemas[key] = util.files.slurp(
pkg_resources.resource_filename('pegleg', filename))
return schemas
def _filename_in_section(filename, section):
directory = util.files.directory_for(path=filename)
if directory is not None:
rest = filename[len(directory) + 1:]
return rest is not None and rest.startswith(section)
else:
return False

View File

@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
documents = util.files.read(filename)
collected_files_by_repo[repo_name].extend(documents)
return collected_files_by_repo
def file_in_subdir(filename, _dir):
"""
Check if a folder named _dir is in the path to the file
:return: Whether _dir is a parent of the file
:rtype: bool
"""
file_path, file_name = os.path.split(
os.path.realpath(filename))
return _dir in file_path.split(os.path.sep)

View File

@ -36,3 +36,10 @@ class TestFileHelpers(object):
documents = files.read(path)
assert not documents, ("Documents returned should be empty for "
"site-definition.yaml")
def test_file_in_subdir():
assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")