Skip to content
This repository has been archived by the owner on Jan 25, 2022. It is now read-only.

Per-bucket settings are exposed as collections #327

Open
glasserc opened this issue Jan 30, 2019 · 0 comments
Open

Per-bucket settings are exposed as collections #327

glasserc opened this issue Jan 30, 2019 · 0 comments

Comments

@glasserc
Copy link
Contributor

The README says:

Settings can be prefixed with bucket id:

.. code-block:: ini

    kinto.signer.signer_backend = kinto_signer.signer.autograph
    kinto.signer.autograph.server_url = http://172.11.20.1:8888

    kinto.signer.<bucket-id>.autograph.hawk_id = bob
    kinto.signer.<bucket-id>.autograph.hawk_secret = a-secret

But if you do this, you end up with a setting like kinto.signer.sb2.ecdsa.public_key = /path/to/key, which kinto-signer understands to mean "a public_key setting for the collection sb2/ecdsa", which is probably not what was intended.

Example test:

    def test_includeme_sanitizes_exposed_settings(self):
        settings = {
            "signer.resources": (
                "/buckets/sb1 -> /buckets/db1\n"
                "/buckets/sb2 -> /buckets/db2\n"
            ),
            "signer.signer_backend": "kinto_signer.signer.local_ecdsa",
            "signer.ecdsa.public_key": "/path/to/key",
            "signer.ecdsa.private_key": "/path/to/private",
            "signer.sb2.signer_backend": "kinto_signer.signer.local_ecdsa",
            "signer.sb2.ecdsa.public_key": "/path/to/key",
            "signer.sb2.ecdsa.private_key": "/path/to/private",
        }
        config = self.includeme(settings)
        all_capabilities = config.registry.api_capabilities
        capabilities = all_capabilities["signer"]
        for resource in capabilities["resources"]:
            assert resource["source"]["collection"] != "ecdsa"
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@glasserc