feat: allow permitted-key-name to be provided as list (#409)

nbendafi-yseop · nabilbendafi · web-flow · commit 10e3991fff8d · 2020-06-22T17:18:34.000+02:00
* feat: allow permitted-key-name to be provided as list

* refactor: construct regex only once

Co-authored-by: Nabil BENDAFI &lt;nabil@bendafi.fr&gt;
diff --git a/lib/poller.js b/lib/poller.js
@@ -205,11 +205,16 @@ class Poller {
 
     const externalData = descriptor.data || descriptor.properties
     const namingConvention = namespace.metadata.annotations[this._namingPermittedAnnotation]
+    let reNaming = new RegExp()
+    if (Array.isArray(namingConvention)) {
+      reNaming = new RegExp(namingConvention.join('|'))
+    } else {
+      reNaming = new RegExp(namingConvention)
+    }
 
     // Testing data property
     if (namingConvention && externalData) {
       externalData.forEach((secretProperty, index) => {
-        const reNaming = new RegExp(namingConvention)
         if (!reNaming.test(secretProperty.key)) {
           allowed = false
           reason = `key name ${secretProperty.key} does not match naming convention ${namingConvention}`
@@ -224,7 +229,6 @@ class Poller {
     const externalDataFrom = descriptor.dataFrom
     if (namingConvention && externalDataFrom) {
       externalDataFrom.forEach((secretProperty, index) => {
-        const reNaming = new RegExp(namingConvention)
         if (!reNaming.test(secretProperty)) {
           allowed = false
           reason = `key name ${secretProperty} does not match naming convention ${namingConvention}`
diff --git a/lib/poller.test.js b/lib/poller.test.js
@@ -876,6 +876,41 @@ describe('Poller', () => {
             ]
           },
           permitted: false
+        },
+        {
+          // test multiple regex data
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: ['dev/team-a/.*', 'common/.*'] } } },
+          descriptor: {
+            data: [
+              { key: 'dev/team-a/ok-secret', name: 'somethingelse' },
+              { key: 'common/generic-secret', name: 'genericsecret' }
+            ]
+          },
+          permitted: true
+        },
+        {
+          // test multiple regex data
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: ['dev/team-a/.*', 'common/.*'] } } },
+          descriptor: {
+            data: [
+              { key: 'dev/team-b/nok-secret', name: 'somethingelse' },
+              { key: 'common/generic-secret', name: 'genericsecret' }
+            ]
+          },
+          permitted: false
+        },
+        {
+          // test multiple regex data
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: ['dev/team-b/.*', 'common/.*'] } } },
+          descriptor: {
+            data: [
+              { key: 'common/generic-secret', name: 'genericsecret' }
+            ],
+            dataFrom: [
+              'common/generic-secret'
+            ]
+          },
+          permitted: true
         }
       ]
 
