fix: verify dataFrom property in naming convention verification (#292)

* Fixed dataFrom property in naming convention verification

* chore: add some test variants for dataFrom naming conventions

* chore: add some test variants for dataFrom naming conventions, combinations

Co-authored-by: Pascal Schnurbus <[email protected]>
Co-authored-by: Markus Maga <[email protected]>

lib/poller.js

@@ -206,12 +206,28 @@ class Poller {
     const externalData = descriptor.data || descriptor.properties
     const namingConvention = namespace.metadata.annotations[this._namingPermittedAnnotation]
 
-    if (namingConvention) {
+    // Testing data property
+    if (namingConvention && externalData) {
       externalData.forEach((secretProperty, index) => {
         const reNaming = new RegExp(namingConvention)
         if (!reNaming.test(secretProperty.key)) {
           allowed = false
-          reason = `key name does not match naming convention ${namingConvention}`
+          reason = `key name ${secretProperty.key} does not match naming convention ${namingConvention}`
+          return {
+            allowed, reason
+          }
+        }
+      })
+    }
+
+    // Testing DataFrom property
+    const externalDataFrom = descriptor.dataFrom
+    if (namingConvention && externalDataFrom) {
+      externalDataFrom.forEach((secretProperty, index) => {
+        const reNaming = new RegExp(namingConvention)
+        if (!reNaming.test(secretProperty)) {
+          allowed = false
+          reason = `key name ${secretProperty} does not match naming convention ${namingConvention}`
           return {
             allowed, reason
           }

lib/poller.test.js

@@ -811,13 +811,78 @@ describe('Poller', () => {
             ]
           },
           permitted: false
+        },
+        {
+          // test regex
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            dataFrom: [
+              'dev/team-b/secret'
+            ]
+          },
+          permitted: false
+        },
+        {
+          // empty annotation
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: '' } } },
+          descriptor: {
+            dataFrom: ['test']
+          },
+          permitted: true
+        },
+        {
+          // test regex
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            dataFrom: [
+              'dev/team-a/secret'
+            ]
+          },
+          permitted: true
+        },
+        {
+          // test regex
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: '.*' } } },
+          descriptor: {
+            data: [
+              { key: 'whatever', name: 'somethingelse' }
+            ],
+            dataFrom: ['something']
+          },
+          permitted: true
+        },
+        {
+          // test regex data bad, dataFrom OK
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            data: [
+              { key: 'dev/team-b/secret', name: 'somethingelse' }
+            ],
+            dataFrom: [
+              'dev/team-a/ok-secret'
+            ]
+          },
+          permitted: false
+        },
+        {
+          // test regex data OK, dataFrom bad
+          ns: { metadata: { annotations: { [namingPermittedAnnotation]: 'dev/team-a/.*' } } },
+          descriptor: {
+            data: [
+              { key: 'dev/team-a/ok-secret', name: 'somethingelse' }
+            ],
+            dataFrom: [
+              'dev/team-b/bad-secret'
+            ]
+          },
+          permitted: false
         }
       ]
 
       for (let i = 0; i < testcases.length; i++) {
         const testcase = testcases[i]
         const verdict = poller._isPermitted(testcase.ns, testcase.descriptor)
-        expect(verdict.allowed).to.equal(testcase.permitted)
+        expect(verdict.allowed, `test case ${i + 1}`).to.equal(testcase.permitted)
       }
     })
   })