fix: fixes naming convention permission check for data items with path attribute only. (#830)

vladlosev · Flydiverny · web-flow · commit a7d8c6c4bff1 · 2021-09-22T03:22:25.000+02:00
* Fixes naming convention permission check for data items with path attribute only.

* Apply suggestions from code review

Co-authored-by: Markus Maga &lt;markus@maga.se&gt;

* Updates permission check to independently verify key and path.

Co-authored-by: Markus Maga &lt;markus@maga.se&gt;
diff --git a/lib/poller.js b/lib/poller.js
@@ -281,16 +281,15 @@ class Poller {
     // Testing data property
     if (namingConvention && externalData) {
       externalData.forEach((secretProperty, index) => {
-        if (secretProperty.path) {
-          if (!reNaming.test(secretProperty.path)) {
-            allowed = false
-            reason = `path ${secretProperty.path} does not match naming convention ${namingConvention}`
-            return {
-              allowed, reason
-            }
+        if ('path' in secretProperty && !reNaming.test(secretProperty.path)) {
+          allowed = false
+          reason = `path ${secretProperty.path} does not match naming convention ${namingConvention}`
+          return {
+            allowed, reason
           }
         }
-        if (!reNaming.test(secretProperty.key)) {
+
+        if ('key' in secretProperty && !reNaming.test(secretProperty.key)) {
           allowed = false
           reason = `key name ${secretProperty.key} does not match naming convention ${namingConvention}`
           return {
diff --git a/lib/poller.test.js b/lib/poller.test.js
@@ -982,6 +982,43 @@ describe('Poller', () => {
           },
           permitted: false
         },
+        {
+          // test regex on path
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            data: [
+              { path: 'dev/team-a/secret' }
+            ]
+          },
+          permitted: true
+        },
+        {
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            data: [
+              { key: 'dev/team-a/secret', name: 'somethingelse', path: '' }
+            ]
+          },
+          permitted: false
+        },
+        {
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            data: [
+              { key: 'this-should-fail', name: 'somethingelse', path: 'dev/team-a/such-path' }
+            ]
+          },
+          permitted: false
+        },
+        {
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            data: [
+              { key: 'dev/team-a/such-key', name: 'somethingelse', path: 'this-should-fail' }
+            ]
+          },
+          permitted: false
+        },
         {
           // test regex on path
           ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
