Unwrap managed documents before linting

Unwrap managed documents during the linting process before passing
them to deckhand, to avoid namespace collisions.

Change-Id: I0467560154c737dc664a126241cd56257091125d
This commit is contained in:
Lev Morgan 2019-02-22 09:24:55 -06:00 committed by Stacey Fletcher
parent 32a9124c0d
commit 2596e7c840
2 changed files with 48 additions and 2 deletions

View File

@ -276,6 +276,24 @@ def _verify_document(document, schemas, filename):
return errors
def _handle_managed_document(doc):
"""
Unwrap a managed document without decrypting it, and convert
the data to an ASCII string if necessary. We're just
using this so that managed documents and the documents
that depend on them can be linted.
:param dict doc: A YAML document
:returns: the processed document
:rtype: dict
"""
if "managedDocument" in doc["data"]:
doc = doc["data"]["managedDocument"]
if isinstance(doc["data"], bytes):
doc["data"] = doc["data"].decode("ascii")
return doc
def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
"""Verify Deckhand render works by using all relevant deployment files.
@ -284,7 +302,9 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
all_errors = []
if sitename:
documents_to_render = util.definition.documents_for_site(sitename)
documents_to_render = [_handle_managed_document(doc) for doc in
util.definition.documents_for_site(sitename)]
LOG.debug('Rendering documents for site: %s.', sitename)
_, errors = util.deckhand.deckhand_render(
documents=documents_to_render,
@ -296,10 +316,13 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
all_errors.extend(errors)
else:
documents_to_render = util.definition.documents_for_each_site()
for site_name, documents in documents_to_render.items():
clean_documents = [_handle_managed_document(doc) for doc
in documents]
LOG.debug('Rendering documents for site: %s.', site_name)
_, errors = util.deckhand.deckhand_render(
documents=documents,
documents=clean_documents,
fail_on_missing_sub_src=fail_on_missing_sub_src,
validate=True,
)

View File

@ -19,6 +19,8 @@ from pegleg.engine.errorcodes import DECKHAND_DUPLICATE_SCHEMA
from pegleg.engine.errorcodes import DECKHAND_RENDER_EXCEPTION
from pegleg.engine.util import deckhand
from pegleg.engine.util import files
from pegleg.engine.util.pegleg_managed_document \
import PeglegManagedSecretsDocument
from tests.unit.fixtures import create_tmp_deployment_files
@ -179,6 +181,27 @@ def test_verify_deckhand_render_error_handling(mock_render):
errors) == exp_dict['exp1'] + exp_dict['exp2'] + exp_dict['exp3']
def test_handle_managed_document():
not_managed = {
"schema": "pegleg/FakeSchema/v1",
"metadata": {
"schema": "metadata/Document/v1",
"layeringDefinition": {
"abstract": "false",
"layer": "site"
},
"name": "fakesite",
"storagePolicy": "cleartext"
},
"data": "None"
}
managed = PeglegManagedSecretsDocument(not_managed).pegleg_document
assert lint._handle_managed_document(not_managed) == not_managed
assert lint._handle_managed_document(managed) == not_managed
def _deckhand_render_exception_msg(errors):
"""
Helper function to create deckhand render exception msg.