New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(PUP-11326) Make regsubst() sensitive-aware #8799
base: main
Are you sure you want to change the base?
Conversation
Can one of the admins verify this patch? |
e3d1ea9
to
ed4a58a
Compare
ed4a58a
to
520b873
Compare
@@ -30,7 +30,7 @@ | |||
# $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3') | |||
# ``` | |||
dispatch :regsubst_string do | |||
param 'Variant[Array[String],String]', :target | |||
param 'Variant[Array[Variant[String,Sensitive[String]]],Variant[String,Sensitive[String]]]', :target |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change allows you also to call the function with an array of mixed strings and sensitive data.
I think that the change from inner_regsubst
implements only Variant[Array[String],Sensitive[String],String]
, which I think could be enough, if it matches your use case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, this does not fit together. I refined the Function and amended the Commit. Also I added some basic Tests.
520b873
to
4ec8679
Compare
4ec8679
to
bd61004
Compare
Thanks @cocker-cc you'll want to rebase this PR against #8879 after it's merged to resolve the rspec issue on Ruby 3 |
bd61004
to
b8a49d2
Compare
lib/puppet/functions/regsubst.rb
Outdated
@@ -95,7 +95,27 @@ def regsubst_regexp(target, pattern, replacement, flags = nil) | |||
end | |||
|
|||
def inner_regsubst(target, re, replacement, op) | |||
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) } | |||
if target.respond_to?(:map) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not a big fan of checking if something is an Array
/Sensitive
by checking if it responds to map
/unwrap
. For example, all classes that include Enumerable
will respond to map
. I usually prefer checking if the object is an instance of the expected class or a subclass, e.g. item.is_a?(Array)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to argue opposite-wise: If I want the Duck to quack, then I have to test, if she is able to quack.
If you test for a particular Datatype, then you have to cover all possible Cases.
Not implemented.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree with Josh here, use of "responds to" is too brittle and is a style that is not favored throughout the puppet code base. (yes, we have been bitten by that a number of times).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have changed it…
b8a49d2
to
4a556d2
Compare
4a556d2
to
b998ce7
Compare
320fc93
to
a7dc145
Compare
a7dc145
to
10c8b22
Compare
Puppet::Pops::Types::PSensitiveType::Sensitive.new(target) | ||
else | ||
# this should be a String | ||
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) } | |
target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) } |
There is one more possible |
cff4ef6
to
6ebddd7
Compare
6ebddd7
to
425a6f3
Compare
425a6f3
to
6d30ad8
Compare
6d30ad8
to
aac6132
Compare
aac6132
to
92f6efd
Compare
92b15f6
to
6b4a0ae
Compare
Co-authored-by: Henrik Lindberg <563066+hlindberg@users.noreply.github.com>: map preferred over collect Co-authored-by: Henrik Lindberg <563066+hlindberg@users.noreply.github.com>
6b4a0ae
to
a580772
Compare
PUP-11326
Possible Use-Case out of Real-Life: