Skip to content
This repository was archived by the owner on Jul 26, 2022. It is now read-only.

Commit f26bf2b

Browse files
Strange-AccountSchnurbusFlydiverny
authored
fix: verify dataFrom property in naming convention verification (#292)
* Fixed dataFrom property in naming convention verification * chore: add some test variants for dataFrom naming conventions * chore: add some test variants for dataFrom naming conventions, combinations Co-authored-by: Pascal Schnurbus <[email protected]> Co-authored-by: Markus Maga <[email protected]>
1 parent 149e33a commit f26bf2b

File tree

2 files changed

+84
-3
lines changed

2 files changed

+84
-3
lines changed

lib/poller.js

+18-2
Original file line numberDiff line numberDiff line change
@@ -206,12 +206,28 @@ class Poller {
206206
const externalData = descriptor.data || descriptor.properties
207207
const namingConvention = namespace.metadata.annotations[this._namingPermittedAnnotation]
208208

209-
if (namingConvention) {
209+
// Testing data property
210+
if (namingConvention && externalData) {
210211
externalData.forEach((secretProperty, index) => {
211212
const reNaming = new RegExp(namingConvention)
212213
if (!reNaming.test(secretProperty.key)) {
213214
allowed = false
214-
reason = `key name does not match naming convention ${namingConvention}`
215+
reason = `key name ${secretProperty.key} does not match naming convention ${namingConvention}`
216+
return {
217+
allowed, reason
218+
}
219+
}
220+
})
221+
}
222+
223+
// Testing DataFrom property
224+
const externalDataFrom = descriptor.dataFrom
225+
if (namingConvention && externalDataFrom) {
226+
externalDataFrom.forEach((secretProperty, index) => {
227+
const reNaming = new RegExp(namingConvention)
228+
if (!reNaming.test(secretProperty)) {
229+
allowed = false
230+
reason = `key name ${secretProperty} does not match naming convention ${namingConvention}`
215231
return {
216232
allowed, reason
217233
}

lib/poller.test.js

+66-1
Original file line numberDiff line numberDiff line change
@@ -811,13 +811,78 @@ describe('Poller', () => {
811811
]
812812
},
813813
permitted: false
814+
},
815+
{
816+
// test regex
817+
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
818+
descriptor: {
819+
dataFrom: [
820+
'dev/team-b/secret'
821+
]
822+
},
823+
permitted: false
824+
},
825+
{
826+
// empty annotation
827+
ns: { metadata: { annotations: { [namingPermittedAnnotation]: '' } } },
828+
descriptor: {
829+
dataFrom: ['test']
830+
},
831+
permitted: true
832+
},
833+
{
834+
// test regex
835+
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
836+
descriptor: {
837+
dataFrom: [
838+
'dev/team-a/secret'
839+
]
840+
},
841+
permitted: true
842+
},
843+
{
844+
// test regex
845+
ns: { metadata: { annotations: { [namingPermittedAnnotation]: '.*' } } },
846+
descriptor: {
847+
data: [
848+
{ key: 'whatever', name: 'somethingelse' }
849+
],
850+
dataFrom: ['something']
851+
},
852+
permitted: true
853+
},
854+
{
855+
// test regex data bad, dataFrom OK
856+
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
857+
descriptor: {
858+
data: [
859+
{ key: 'dev/team-b/secret', name: 'somethingelse' }
860+
],
861+
dataFrom: [
862+
'dev/team-a/ok-secret'
863+
]
864+
},
865+
permitted: false
866+
},
867+
{
868+
// test regex data OK, dataFrom bad
869+
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
870+
descriptor: {
871+
data: [
872+
{ key: 'dev/team-a/ok-secret', name: 'somethingelse' }
873+
],
874+
dataFrom: [
875+
'dev/team-b/bad-secret'
876+
]
877+
},
878+
permitted: false
814879
}
815880
]
816881

817882
for (let i = 0; i < testcases.length; i++) {
818883
const testcase = testcases[i]
819884
const verdict = poller._isPermitted(testcase.ns, testcase.descriptor)
820-
expect(verdict.allowed).to.equal(testcase.permitted)
885+
expect(verdict.allowed, `test case ${i + 1}`).to.equal(testcase.permitted)
821886
}
822887
})
823888
})

0 commit comments

Comments
 (0)