Fix secrets linting error

Fix an error where secrets in global directories are erroneously
flagged for being outside a secrets directory. Now, any file
that is a child of a directory called secrets should be handled
correctly.

Change-Id: I827aa75110d761601dc65df64e1accf1b1a54544
This commit is contained in:
Lev Morgan 2019-02-13 19:06:22 -06:00
parent 1aa46d77af
commit 484772eb64
4 changed files with 21 additions and 10 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 37 KiB

View File

@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
'storagePolicy: "%s"' % (filename, name,
storage_policy)))
if not _filename_in_section(filename, 'secrets/'):
# Check if the file is in a secrets directory
if not util.files.file_in_subdir(filename, 'secrets/'):
errors.append((SECRET_NOT_ENCRYPTED_POLICY,
'%s (document %s) is a secret, is not stored in a '
'secrets path' % (filename, name)))
@ -330,12 +331,3 @@ def _load_schemas():
schemas[key] = util.files.slurp(
pkg_resources.resource_filename('pegleg', filename))
return schemas
def _filename_in_section(filename, section):
directory = util.files.directory_for(path=filename)
if directory is not None:
rest = filename[len(directory) + 1:]
return rest is not None and rest.startswith(section)
else:
return False

View File

@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
documents = util.files.read(filename)
collected_files_by_repo[repo_name].extend(documents)
return collected_files_by_repo
def file_in_subdir(filename, _dir):
"""
Check if a folder named _dir is in the path to the file
:return: Whether _dir is a parent of the file
:rtype: bool
"""
file_path, file_name = os.path.split(
os.path.realpath(filename))
return _dir in file_path.split(os.path.sep)

View File

@ -36,3 +36,10 @@ class TestFileHelpers(object):
documents = files.read(path)
assert not documents, ("Documents returned should be empty for "
"site-definition.yaml")
def test_file_in_subdir():
assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")