Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

Commit

Permalink
fix(core): verify data items with path attribute when using naming co…
Browse files Browse the repository at this point in the history 
…nventions. (#800)

* Fixes naming convention permission check for data items with path attribute.
  • Loading branch information
@vladlosev
vladlosev authored Jul 30, 2021
1 parent 599c3cf commit 129a518
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
9 changes: 9 additions & 0 deletions lib/poller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,15 @@ class Poller {
// Testing data property
if (namingConvention && externalData) {
externalData.forEach((secretProperty, index) => {
if (secretProperty.path) {
if (!reNaming.test(secretProperty.path)) {
allowed = false
reason = `path ${secretProperty.path} does not match naming convention ${namingConvention}`
return {
allowed, reason
}
}
}
if (!reNaming.test(secretProperty.key)) {
allowed = false
reason = `key name ${secretProperty.key} does not match naming convention ${namingConvention}`
Expand Down
20 changes: 20 additions & 0 deletions lib/poller.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -982,6 +982,26 @@ describe('Poller', () => {
},
permitted: false
},
{
// test regex on path
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
descriptor: {
data: [
{ path: 'dev/team-b/secret' }
]
},
permitted: false
},
{
// test regex on path when key is also specified
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
descriptor: {
data: [
{ path: 'dev/team-b/secret', key: 'dev/team-a/secret' }
]
},
permitted: false
},
{
// test regex
ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
Expand Down

0 comments on commit 129a518

Please sign in to comment.