def slurp(path):
if not os.path.exists(path):
raise click.ClickException(
'%s not found. Pegleg must be run from the root of a configuration'
' repository.' % path)
with open(path, 'r') as f:
try:
# Ignore YAML tags, only construct dicts
SafeConstructor.add_multi_constructor(
'', lambda loader, suffix, node: None)
return yaml.safe_load(f)
except Exception as e:
raise click.ClickException('Failed to parse %s:\n%s' % (path, e))
def read(path):
"""
Read the yaml file ``path`` and return its contents as a list of
dicts
"""
if not os.path.exists(path):
raise click.ClickException(
'{} not found. Pegleg must be run from the root of a '
'configuration repository.'.format(path))
def is_deckhand_document(document):
# Deckhand documents only consist of control and application
# documents.
valid_schemas = ('metadata/Control', 'metadata/Document')
if isinstance(document, dict):
schema = document.get('metadata', {}).get('schema', '')
# NOTE(felipemonteiro): The Pegleg site-definition.yaml is a
# Deckhand-formatted document currently but probably shouldn't
# be, because it has no business being in Deckhand. As such,
# treat it as a special case.
if "SiteDefinition" in document.get('schema', ''):
return False
if any(schema.startswith(x) for x in valid_schemas):
return True
else:
LOG.debug(
'Document with schema=%s is not a valid Deckhand '
'schema. Ignoring it.', schema)
return False
def is_pegleg_managed_document(document):
return md.PeglegManagedSecretsDocument.is_pegleg_managed_secret(
document)
with open(path, 'r') as stream:
# Ignore YAML tags, only construct dicts
SafeConstructor.add_multi_constructor(
'', lambda loader, suffix, node: None)
try:
return [
d for d in yaml.safe_load_all(stream) if d and (
is_deckhand_document(d) or is_pegleg_managed_document(d))
]
except yaml.YAMLError as e:
raise click.ClickException('Failed to parse %s:\n%s' % (path, e))
def get_rendered_docs(site_name, validate=True):
documents = []
# Ignore YAML tags, only construct dicts
SafeConstructor.add_multi_constructor('',
lambda loader, suffix, node: None)
for filename in util.definition.site_files(site_name):
with open(filename, 'r') as f:
docs = yaml.safe_load_all(f)
for doc in docs:
# Managed documents may be encrypted, and require slight
# alteration for rendering without decrypting.
if doc['schema'] == 'pegleg/PeglegManagedDocument/v1':
# Do not decrypt secret, but convert it from bytes to
# string to pass schema validation.
if 'encrypted' in doc['data'].keys():
doc['data']['managedDocument']['data'] = doc['data'][
'managedDocument']['data'].decode()
# Append the document if it was encrypted using the
# encrypted string. If not, using original value.
documents.append(doc['data']['managedDocument'])
# File was not Pegleg managed, so it can be added directly.
else:
documents.append(doc)
rendered_documents, errors = util.deckhand.deckhand_render(
documents=documents, validate=validate)
if errors:
err_msg = ''
for err in errors:
if isinstance(err, tuple) and len(err) > 1:
err_msg += ': '.join(err) + '\n'
else:
err_msg += str(err) + '\n'
raise click.ClickException(err_msg)
return rendered_documents
def get_rendered_docs(site_name, validate=True):
documents = []
# Ignore YAML tags, only construct dicts
SafeConstructor.add_multi_constructor('',
lambda loader, suffix, node: None)
for filename in util.definition.site_files(site_name):
with open(filename, 'r') as f:
documents.extend(list(yaml.safe_load_all(f)))
rendered_documents, errors = util.deckhand.deckhand_render(
documents=documents, validate=validate)
if errors:
err_msg = ''
for err in errors:
if isinstance(err, tuple) and len(err) > 1:
err_msg += ': '.join(err) + '\n'
else:
err_msg += str(err) + '\n'
raise click.ClickException(err_msg)
return rendered_documents
