Added validation for get_domain calls

2025-07-17 22:14:25 +02:00 · 2025-07-11 03:05:41 +02:00 · 2025-07-11 03:05:41 +02:00 · 691b204512
commit 691b204512
parent 7fba13b550
5 changed files with 14 additions and 11 deletions
--- a/group_vars/all/15_about.yml
+++ b/group_vars/all/15_about.yml
@ -30,4 +30,4 @@ defaults_service_provider:
  legal:
    editorial_responsible:  "Johannes Gutenberg"
    source_code:            "https://github.com/kevinveenbirkenbach/cymais"
-    imprint:                "{{web_protocol}}://{{ domains | get_domain('html-server') }}/imprint.html"
+    imprint:                "{{web_protocol}}://{{ domains | get_domain('html') }}/imprint.html"
--- a/roles/web-svc-file/meta/main.yml
+++ b/roles/web-svc-file/meta/main.yml
@ -17,7 +17,7 @@ galaxy_info:
  galaxy_tags:
    - nginx
    - https
-    - file-server
+    - file
    - static-files
    - ssl
    - letsencrypt
--- a/tasks/stages/01_constructor.yml
+++ b/tasks/stages/01_constructor.yml
@ -48,7 +48,7 @@
      # The following mapping is necessary to define the exceptions for domains which are created, but which aren't used
      redirect_domain_mappings: "{{
        []  | 
-        add_redirect_if_group('asset',    domains | get_domain('asset'), domains | get_domain('file-server'),  group_names) | 
+        add_redirect_if_group('asset',    domains | get_domain('asset'), domains | get_domain('file'),  group_names) | 
        merge_mapping(redirect_domain_mappings| default([]), 'source')
        }}"

--- a/tests/integration/test_valid_applications.py
+++ b/tests/integration/test_valid_applications.py
@ -13,12 +13,14 @@ class TestValidApplicationUsage(unittest.TestCase):
    """
    Integration test to ensure that only valid application IDs
    are used in all .yml, .yaml, .yml.j2, .yaml.j2, and .py files.
-    Methods like applications.items() can be whitelisted and ignored.
+    Methods like applications.items() and calls to get_domain() can
+    be whitelisted or validated against valid IDs.
    """
-    # regex patterns to capture applications['name'], applications.get('name'), and applications.name
+    # regex patterns to capture applications['name'], applications.get('name'), applications.name, and get_domain('name')
    APPLICATION_SUBSCRIPT_RE = re.compile(r"applications\[['\"](?P<name>[^'\"]+)['\"]\]")
    APPLICATION_GET_RE      = re.compile(r"applications\.get\(\s*['\"](?P<name>[^'\"]+)['\"]")
    APPLICATION_ATTR_RE     = re.compile(r"applications\.(?P<name>[A-Za-z_]\w*)")
+    APPLICATION_DOMAIN_RE   = re.compile(r"get_domain\(\s*['\"](?P<name>[^'\"]+)['\"]\s*\)")

    # methods and exceptions that should not be validated as application IDs
    WHITELIST = {'items', 'yml', 'get'}
@ -47,6 +49,7 @@ class TestValidApplicationUsage(unittest.TestCase):
                    self.APPLICATION_SUBSCRIPT_RE,
                    self.APPLICATION_GET_RE,
                    self.APPLICATION_ATTR_RE,
+                    self.APPLICATION_DOMAIN_RE,
                ):
                    for match in pattern.finditer(content):
                        name = match.group('name')
--- a/tests/unit/filter_plugins/test_load_configuration.py
+++ b/tests/unit/filter_plugins/test_load_configuration.py
@ -15,9 +15,9 @@ class TestLoadConfigurationFilter(unittest.TestCase):
    def setUp(self):
        _cfg_cache.clear()
        self.f = FilterModule().filters()['load_configuration']
-        self.app = 'html-server'
+        self.app = 'html'
        self.nested_cfg = {
-            'html-server': {
+            'html': {
                'features': {'matomo': True},
                'domains': {'canonical': ['html.example.com']}
            }
@ -76,8 +76,8 @@ class TestLoadConfigurationFilter(unittest.TestCase):
    @patch('load_configuration.os.listdir', return_value=['r1'])
    @patch('load_configuration.os.path.isdir', return_value=True)
    @patch('load_configuration.os.path.exists', return_value=True)
-    @patch('load_configuration.open', mock_open(read_data="html-server: {}"))
-    @patch('load_configuration.yaml.safe_load', return_value={'html-server': {}})
+    @patch('load_configuration.open', mock_open(read_data="html: {}"))
+    @patch('load_configuration.yaml.safe_load', return_value={'html': {}})
    def test_key_not_found_after_load(self, *_):
        with self.assertRaises(AnsibleFilterError):
            self.f(self.app, 'does.not.exist')
@ -104,14 +104,14 @@ class TestLoadConfigurationFilter(unittest.TestCase):
        # Testing with an indexed key like domains.canonical[0]
        mock_exists.side_effect = lambda p: p.endswith('config/main.yml')
        mock_yaml.return_value = {
-            'file-server': {
+            'file': {
                'domains': {
                    'canonical': ['files.example.com', 'extra.example.com']
                }
            }
        }
        # should get the first element of the canonical domains list
-        self.assertEqual(self.f('file-server', 'domains.canonical[0]'),
+        self.assertEqual(self.f('file', 'domains.canonical[0]'),
                         'files.example.com')

 if __name__ == '__main__':