kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-18 06:24:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added validation for get_domain calls

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-11 03:05:41 +02:00
parent 7fba13b550
commit 691b204512
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
5 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/15_about.yml
View File

@ -30,4 +30,4 @@ defaults_service_provider:
legal: legal:
editorial_responsible: "Johannes Gutenberg" editorial_responsible: "Johannes Gutenberg"
source_code: "https://github.com/kevinveenbirkenbach/cymais" source_code: "https://github.com/kevinveenbirkenbach/cymais"
imprint: "{{web_protocol}}://{{ domains | get_domain('html-server') }}/imprint.html" imprint: "{{web_protocol}}://{{ domains | get_domain('html') }}/imprint.html"

2
roles/web-svc-file/meta/main.yml
View File

@ -17,7 +17,7 @@ galaxy_info:
galaxy_tags: galaxy_tags:
- nginx - nginx
- https - https
- file-server - file
- static-files - static-files
- ssl - ssl
- letsencrypt - letsencrypt

2
tasks/stages/01_constructor.yml
View File

@ -48,7 +48,7 @@
# The following mapping is necessary to define the exceptions for domains which are created, but which aren't used # The following mapping is necessary to define the exceptions for domains which are created, but which aren't used
redirect_domain_mappings: "{{ redirect_domain_mappings: "{{
[] | [] |
add_redirect_if_group('asset', domains | get_domain('asset'), domains | get_domain('file-server'), group_names) | add_redirect_if_group('asset', domains | get_domain('asset'), domains | get_domain('file'), group_names) |
merge_mapping(redirect_domain_mappings| default([]), 'source') merge_mapping(redirect_domain_mappings| default([]), 'source')
}}" }}"

7
tests/integration/test_valid_applications.py
View File

@ -13,12 +13,14 @@ class TestValidApplicationUsage(unittest.TestCase):
""" """
Integration test to ensure that only valid application IDs Integration test to ensure that only valid application IDs
are used in all .yml, .yaml, .yml.j2, .yaml.j2, and .py files. are used in all .yml, .yaml, .yml.j2, .yaml.j2, and .py files.
Methods like applications.items() can be whitelisted and ignored. Methods like applications.items() and calls to get_domain() can
be whitelisted or validated against valid IDs.
""" """
# regex patterns to capture applications['name'], applications.get('name'), and applications.name # regex patterns to capture applications['name'], applications.get('name'), applications.name, and get_domain('name')
APPLICATION_SUBSCRIPT_RE = re.compile(r"applications\[['\"](?P<name>[^'\"]+)['\"]\]") APPLICATION_SUBSCRIPT_RE = re.compile(r"applications\[['\"](?P<name>[^'\"]+)['\"]\]")
APPLICATION_GET_RE = re.compile(r"applications\.get\(\s*['\"](?P<name>[^'\"]+)['\"]") APPLICATION_GET_RE = re.compile(r"applications\.get\(\s*['\"](?P<name>[^'\"]+)['\"]")
APPLICATION_ATTR_RE = re.compile(r"applications\.(?P<name>[A-Za-z_]\w*)") APPLICATION_ATTR_RE = re.compile(r"applications\.(?P<name>[A-Za-z_]\w*)")
APPLICATION_DOMAIN_RE = re.compile(r"get_domain\(\s*['\"](?P<name>[^'\"]+)['\"]\s*\)")
# methods and exceptions that should not be validated as application IDs # methods and exceptions that should not be validated as application IDs
WHITELIST = {'items', 'yml', 'get'} WHITELIST = {'items', 'yml', 'get'}
@ -47,6 +49,7 @@ class TestValidApplicationUsage(unittest.TestCase):
self.APPLICATION_SUBSCRIPT_RE, self.APPLICATION_SUBSCRIPT_RE,
self.APPLICATION_GET_RE, self.APPLICATION_GET_RE,
self.APPLICATION_ATTR_RE, self.APPLICATION_ATTR_RE,
self.APPLICATION_DOMAIN_RE,
): ):
for match in pattern.finditer(content): for match in pattern.finditer(content):
name = match.group('name') name = match.group('name')

12
tests/unit/filter_plugins/test_load_configuration.py
View File

@ -15,9 +15,9 @@ class TestLoadConfigurationFilter(unittest.TestCase):
def setUp(self): def setUp(self):
_cfg_cache.clear() _cfg_cache.clear()
self.f = FilterModule().filters()['load_configuration'] self.f = FilterModule().filters()['load_configuration']
self.app = 'html-server' self.app = 'html'
self.nested_cfg = { self.nested_cfg = {
'html-server': { 'html': {
'features': {'matomo': True}, 'features': {'matomo': True},
'domains': {'canonical': ['html.example.com']} 'domains': {'canonical': ['html.example.com']}
} }
@ -76,8 +76,8 @@ class TestLoadConfigurationFilter(unittest.TestCase):
@patch('load_configuration.os.listdir', return_value=['r1']) @patch('load_configuration.os.listdir', return_value=['r1'])
@patch('load_configuration.os.path.isdir', return_value=True) @patch('load_configuration.os.path.isdir', return_value=True)
@patch('load_configuration.os.path.exists', return_value=True) @patch('load_configuration.os.path.exists', return_value=True)
@patch('load_configuration.open', mock_open(read_data="html-server: {}")) @patch('load_configuration.open', mock_open(read_data="html: {}"))
@patch('load_configuration.yaml.safe_load', return_value={'html-server': {}}) @patch('load_configuration.yaml.safe_load', return_value={'html': {}})
def test_key_not_found_after_load(self, *_): def test_key_not_found_after_load(self, *_):
with self.assertRaises(AnsibleFilterError): with self.assertRaises(AnsibleFilterError):
self.f(self.app, 'does.not.exist') self.f(self.app, 'does.not.exist')
@ -104,14 +104,14 @@ class TestLoadConfigurationFilter(unittest.TestCase):
# Testing with an indexed key like domains.canonical[0] # Testing with an indexed key like domains.canonical[0]
mock_exists.side_effect = lambda p: p.endswith('config/main.yml') mock_exists.side_effect = lambda p: p.endswith('config/main.yml')
mock_yaml.return_value = { mock_yaml.return_value = {
'file-server': { 'file': {
'domains': { 'domains': {
'canonical': ['files.example.com', 'extra.example.com'] 'canonical': ['files.example.com', 'extra.example.com']
} }
} }
} }
# should get the first element of the canonical domains list # should get the first element of the canonical domains list
self.assertEqual(self.f('file-server', 'domains.canonical[0]'), self.assertEqual(self.f('file', 'domains.canonical[0]'),
'files.example.com') 'files.example.com')
if __name__ == '__main__': if __name__ == '__main__':