Unwrap managed documents before linting
Unwrap managed documents during the linting process before passing them to deckhand, to avoid namespace collisions. Change-Id: I0467560154c737dc664a126241cd56257091125d
This commit is contained in:
parent
32a9124c0d
commit
2596e7c840
|
@ -276,6 +276,24 @@ def _verify_document(document, schemas, filename):
|
|||
return errors
|
||||
|
||||
|
||||
def _handle_managed_document(doc):
|
||||
"""
|
||||
Unwrap a managed document without decrypting it, and convert
|
||||
the data to an ASCII string if necessary. We're just
|
||||
using this so that managed documents and the documents
|
||||
that depend on them can be linted.
|
||||
|
||||
:param dict doc: A YAML document
|
||||
:returns: the processed document
|
||||
:rtype: dict
|
||||
"""
|
||||
if "managedDocument" in doc["data"]:
|
||||
doc = doc["data"]["managedDocument"]
|
||||
if isinstance(doc["data"], bytes):
|
||||
doc["data"] = doc["data"].decode("ascii")
|
||||
return doc
|
||||
|
||||
|
||||
def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
||||
"""Verify Deckhand render works by using all relevant deployment files.
|
||||
|
||||
|
@ -284,7 +302,9 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
|||
all_errors = []
|
||||
|
||||
if sitename:
|
||||
documents_to_render = util.definition.documents_for_site(sitename)
|
||||
documents_to_render = [_handle_managed_document(doc) for doc in
|
||||
util.definition.documents_for_site(sitename)]
|
||||
|
||||
LOG.debug('Rendering documents for site: %s.', sitename)
|
||||
_, errors = util.deckhand.deckhand_render(
|
||||
documents=documents_to_render,
|
||||
|
@ -296,10 +316,13 @@ def _verify_deckhand_render(*, sitename=None, fail_on_missing_sub_src=False):
|
|||
all_errors.extend(errors)
|
||||
else:
|
||||
documents_to_render = util.definition.documents_for_each_site()
|
||||
|
||||
for site_name, documents in documents_to_render.items():
|
||||
clean_documents = [_handle_managed_document(doc) for doc
|
||||
in documents]
|
||||
LOG.debug('Rendering documents for site: %s.', site_name)
|
||||
_, errors = util.deckhand.deckhand_render(
|
||||
documents=documents,
|
||||
documents=clean_documents,
|
||||
fail_on_missing_sub_src=fail_on_missing_sub_src,
|
||||
validate=True,
|
||||
)
|
||||
|
|
|
@ -19,6 +19,8 @@ from pegleg.engine.errorcodes import DECKHAND_DUPLICATE_SCHEMA
|
|||
from pegleg.engine.errorcodes import DECKHAND_RENDER_EXCEPTION
|
||||
from pegleg.engine.util import deckhand
|
||||
from pegleg.engine.util import files
|
||||
from pegleg.engine.util.pegleg_managed_document \
|
||||
import PeglegManagedSecretsDocument
|
||||
from tests.unit.fixtures import create_tmp_deployment_files
|
||||
|
||||
|
||||
|
@ -179,6 +181,27 @@ def test_verify_deckhand_render_error_handling(mock_render):
|
|||
errors) == exp_dict['exp1'] + exp_dict['exp2'] + exp_dict['exp3']
|
||||
|
||||
|
||||
def test_handle_managed_document():
|
||||
not_managed = {
|
||||
"schema": "pegleg/FakeSchema/v1",
|
||||
"metadata": {
|
||||
"schema": "metadata/Document/v1",
|
||||
"layeringDefinition": {
|
||||
"abstract": "false",
|
||||
"layer": "site"
|
||||
},
|
||||
"name": "fakesite",
|
||||
"storagePolicy": "cleartext"
|
||||
},
|
||||
"data": "None"
|
||||
}
|
||||
|
||||
managed = PeglegManagedSecretsDocument(not_managed).pegleg_document
|
||||
|
||||
assert lint._handle_managed_document(not_managed) == not_managed
|
||||
assert lint._handle_managed_document(managed) == not_managed
|
||||
|
||||
|
||||
def _deckhand_render_exception_msg(errors):
|
||||
"""
|
||||
Helper function to create deckhand render exception msg.
|
||||
|
|
Loading…
Reference in New Issue