kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-19 06:54:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finished portfolio implementation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-12 22:06:57 +02:00
parent ead60dab84
commit 4f5afa1220
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
3 changed files with 84 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
filter_plugins/csp_filters.py
View File

@ -127,7 +127,7 @@ class FilterModule(object):
self.is_feature_enabled(applications, 'portfolio_iframe', application_id) self.is_feature_enabled(applications, 'portfolio_iframe', application_id)
and directive == 'frame-ancestors' and directive == 'frame-ancestors'
): ):
domain = domains.get('portfolio')[0] domain = domains.get('web-app-port-ui')[0]
sld_tld = ".".join(domain.split(".")[-2:]) # yields "example.com" sld_tld = ".".join(domain.split(".")[-2:]) # yields "example.com"
tokens.append(f"{sld_tld}") # yields "*.example.com" tokens.append(f"{sld_tld}") # yields "*.example.com"

82
tests/integration/test_domain_application_ids.py Normal file
View File

@ -0,0 +1,82 @@
import glob
import os
import re
import unittest
from filter_plugins.get_all_application_ids import get_all_application_ids
def collect_domain_keys(base_dir="."):
"""
Scan all YAML and Python files under the project for usages of domains.get('...') and domains['...']
and return a dict mapping each domain key to a list of file:line locations where it's used.
Ignores the integration test file itself, but will scan other test files.
"""
pattern = re.compile(r"domains(?:\.get\(\s*['\"](?P<id>[^'\"]+)['\"]\s*\)|\[['\"](?P<id2>[^'\"]+)['\"]\])")
locations = {}
# Path of this test file to ignore
ignore_path = os.path.normpath(os.path.join(base_dir, 'tests', 'integration', 'test_domain_application_ids.py'))
for root, dirs, files in os.walk(base_dir):
for fname in files:
# only scan YAML, YAML and Python files
if not fname.endswith(('.yml', '.yaml', '.py')):
continue
path = os.path.normpath(os.path.join(root, fname))
# skip this integration test file
if path == ignore_path:
continue
try:
with open(path, 'r', encoding='utf-8') as f:
for lineno, line in enumerate(f, start=1):
for m in pattern.finditer(line):
key = m.group('id') or m.group('id2')
loc = f"{path}:{lineno}"
locations.setdefault(key, []).append(loc)
except (OSError, UnicodeDecodeError):
continue
return locations
class TestDomainApplicationIds(unittest.TestCase):
@classmethod
def setUpClass(cls):
# Load valid application IDs from roles
cls.valid_ids = set(get_all_application_ids(roles_dir='roles'))
if not cls.valid_ids:
raise RuntimeError("No application_ids found in roles/*/vars/main.yml")
# Collect domain keys and their locations, excluding this test file
cls.domain_locations = collect_domain_keys(base_dir='.')
if not cls.domain_locations:
raise RuntimeError("No domains.get(...) or domains[...] usages found to validate")
# Define keys to ignore (placeholders or meta-fields)
cls.ignore_keys = {"canonical", "aliases"}
def test_all_keys_are_valid(self):
"""Ensure every domains.get/[] key matches a valid application_id (excluding ignored keys)."""
def is_placeholder(key):
# Treat keys with curly braces as placeholders
return bool(re.match(r"^\{.+\}$", key))
invalid = {}
for key, locs in self.domain_locations.items():
if key in self.ignore_keys or is_placeholder(key):
continue
if key not in self.valid_ids:
invalid[key] = locs
if invalid:
details = []
for key, locs in invalid.items():
locations_str = ", ".join(locs)
details.append(f"'{key}' at {locations_str}")
detail_msg = "; ".join(details)
self.fail(
f"Found usages of domains with invalid application_ids: {detail_msg}. "
f"Valid application_ids are: {sorted(self.valid_ids)}"
)
if __name__ == '__main__':
unittest.main()

2
tests/unit/filter_plugins/test_csp_filters.py
View File

@ -179,7 +179,7 @@ class TestCspFilters(unittest.TestCase):
# Ensure feature enabled and domain set # Ensure feature enabled and domain set
self.apps['app1']['features']['portfolio_iframe'] = True self.apps['app1']['features']['portfolio_iframe'] = True
# simulate a subdomain for the application # simulate a subdomain for the application
self.domains['portfolio'] = ['domain-example.com'] self.domains['web-app-port-ui'] = ['domain-example.com']
header = self.filter.build_csp_header(self.apps, 'app1', self.domains, web_protocol='https') header = self.filter.build_csp_header(self.apps, 'app1', self.domains, web_protocol='https')
# Expect '*.domain-example.com' in the frame-ancestors directive # Expect '*.domain-example.com' in the frame-ancestors directive