From 417975b596bfc0ad03de75805d1f3320d7e04ba2 Mon Sep 17 00:00:00 2001 From: Phil Sphicas Date: Sat, 7 Dec 2019 11:52:36 -0800 Subject: [PATCH] Uniquely name managed documents When pegleg wraps documents, it uses the original document name as the name of the managed document. This often results in duplicate documents (i.e. identical in name and schema). For example, it is expected to have identically named deckhand document pairs: Certificate & CertificateKey; CertificateAuthority & CertificateAuthorityKey; PublicKey & PrivateKey. However, this could also occur for unrelated document types that happen to have the same name, and generally defeats the principle that each document is identified by a schema top-level key and the metadata.name. This change uses a combination of the original document schema and name to build the name of the pegleg/PeglegManagedDocument/v1. Change-Id: Iab186ae7e9d24a30cb413be89a17fad960e10bea --- pegleg/engine/util/pegleg_managed_document.py | 5 ++++- tests/unit/engine/catalog/test_pki_generator.py | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pegleg/engine/util/pegleg_managed_document.py b/pegleg/engine/util/pegleg_managed_document.py index 76b3fa2f..dab64903 100644 --- a/pegleg/engine/util/pegleg_managed_document.py +++ b/pegleg/engine/util/pegleg_managed_document.py @@ -80,7 +80,10 @@ class PeglegManagedSecretsDocument(object): [('abstract', False), ('layer', layer)]) metadata = OrderedDict( [ - ('name', secrets_document['metadata']['name']), + ( + 'name', '{}/{}'.format( + secrets_document['schema'], + secrets_document['metadata']['name'])), ('schema', 'metadata/Document/v1'), ('labels', secrets_document['metadata'].get('labels', {})), ('layeringDefinition', layering_definition), diff --git a/tests/unit/engine/catalog/test_pki_generator.py b/tests/unit/engine/catalog/test_pki_generator.py index 047ec7cb..4fbb4569 100644 --- a/tests/unit/engine/catalog/test_pki_generator.py +++ b/tests/unit/engine/catalog/test_pki_generator.py @@ -279,7 +279,9 @@ class TestPKIGenerator(object): wrapper_storage_policy = document['metadata']['storagePolicy'] # This document is owned by Pegleg so begins with pegleg. assert "pegleg/PeglegManagedDocument/v1" == wrapper_schema - assert expected_name == wrapper_name + expected_wrapper_name = '{}/{}'.format( + wrapped_schema, expected_name) + assert expected_wrapper_name == wrapper_name assert "cleartext" == wrapper_storage_policy def _validate_keypairs(self, documents):