def _validate_secrets(secrets, os_type):
"""
Validates a parsed JSON array containing secrets for use in VM Creation
Secrets JSON structure
[{
"sourceVault": { "id": "value" },
"vaultCertificates": [{
"certificateUrl": "value",
"certificateStore": "cert store name (only on windows)"
}]
}]
:param dict secrets: Dict fitting the JSON description above
:param string os_type: the type of OS (linux or windows)
:return: errors if any were found
:rtype: list
"""
is_windows = os_type == 'windows'
errors = []
try:
loaded_secret = [validate_file_or_dict(secret) for secret in secrets]
except Exception as err:
raise CLIError('Error decoding secrets: {0}'.format(err))
for idx_arg, narg_secret in enumerate(loaded_secret):
for idx, secret in enumerate(narg_secret):
if 'sourceVault' not in secret:
errors.append(
'Secret is missing sourceVault key at index {0} in arg {1}'
.format(idx, idx_arg))
if 'sourceVault' in secret and 'id' not in secret['sourceVault']:
errors.append(
'Secret is missing sourceVault.id key at index {0} in arg {1}'
.format(idx, idx_arg))
if 'vaultCertificates' not in secret or not secret[
'vaultCertificates']:
err = 'Secret is missing vaultCertificates array or it is empty at index {0} in ' \
'arg {1} '
errors.append(err.format(idx, idx_arg))
else:
for jdx, cert in enumerate(secret['vaultCertificates']):
message = 'Secret is missing {0} within vaultCertificates array at secret ' \
'index {1} and vaultCertificate index {2} in arg {3}'
if 'certificateUrl' not in cert:
errors.append(
message.format('certificateUrl', idx, jdx,
idx_arg))
if is_windows and 'certificateStore' not in cert:
errors.append(
message.format('certificateStore', idx, jdx,
idx_arg))
if errors:
raise CLIError('\n'.join(errors))
def _validate_secrets(secrets, os_type):
"""
Validates a parsed JSON array containing secrets for use in VM Creation
Secrets JSON structure
[{
"sourceVault": { "id": "value" },
"vaultCertificates": [{
"certificateUrl": "value",
"certificateStore": "cert store name (only on windows)"
}]
}]
:param dict secrets: Dict fitting the JSON description above
:param string os_type: the type of OS (linux or windows)
:return: errors if any were found
:rtype: list
"""
is_windows = os_type == 'windows'
errors = []
try:
loaded_secret = [validate_file_or_dict(secret) for secret in secrets]
except Exception as err:
raise CLIError('Error decoding secrets: {0}'.format(err))
for idx_arg, narg_secret in enumerate(loaded_secret):
for idx, secret in enumerate(narg_secret):
if 'sourceVault' not in secret:
errors.append(
'Secret is missing sourceVault key at index {0} in arg {1}'.format(
idx, idx_arg))
if 'sourceVault' in secret and 'id' not in secret['sourceVault']:
errors.append(
'Secret is missing sourceVault.id key at index {0} in arg {1}'.format(
idx, idx_arg))
if 'vaultCertificates' not in secret or not secret['vaultCertificates']:
err = 'Secret is missing vaultCertificates array or it is empty at index {0} in ' \
'arg {1} '
errors.append(err.format(idx, idx_arg))
else:
for jdx, cert in enumerate(secret['vaultCertificates']):
message = 'Secret is missing {0} within vaultCertificates array at secret ' \
'index {1} and vaultCertificate index {2} in arg {3}'
if 'certificateUrl' not in cert:
errors.append(message.format('certificateUrl', idx, jdx, idx_arg))
if is_windows and 'certificateStore' not in cert:
errors.append(message.format('certificateStore', idx, jdx, idx_arg))
if errors:
raise CLIError('\n'.join(errors))
def test_validate_file_or_dict(self):
# verify user folder is expanded before load the file
temp_name = next(tempfile._get_candidate_names())
file_path = '~/' + temp_name
local_file_path = os.path.expanduser(file_path)
with open(local_file_path, 'w') as f:
f.write('{"prop":"val"}')
# verify we load the json content correctly
try:
res = validate_file_or_dict(file_path)
self.assertEqual(res['prop'], "val")
finally:
os.remove(local_file_path)
# verify expanduser call won't mess up the json data
data = '{"~d": "~/haha"}'
res = validate_file_or_dict(data)
self.assertEqual(res['~d'], '~/haha')
# verify expanduser call again, but use single quot
data = "{'~d': '~/haha'}"
res = validate_file_or_dict(data)
self.assertEqual(res['~d'], '~/haha')
