implement allow list for check command
This commit is contained in:
parent
7a3090635f
commit
75c3d9f44f
|
@ -55,21 +55,26 @@ function run_app() {
|
|||
}
|
||||
|
||||
# scenarios:
|
||||
echo "1. automation lock before deploy"
|
||||
echo "1. automation lock before deploy, should prevent the deploy"
|
||||
start_ddb
|
||||
run_app lock apps --type automation --duration 5m
|
||||
run_app check apps/foo --type deploy && exit 1
|
||||
|
||||
echo "2. incident lock before deploy"
|
||||
echo "2. incident lock before deploy, should allow the deploy"
|
||||
start_ddb
|
||||
run_app lock apps --type incident --duration 5m
|
||||
run_app check apps/foo --type deploy && exit 1
|
||||
run_app lock apps --type incident --duration 5m --allow deploy
|
||||
run_app check apps/foo --type deploy || exit 1
|
||||
|
||||
echo "3. duplicate deploys"
|
||||
echo "3. duplicate deploys, should prevent the deploy"
|
||||
start_ddb
|
||||
run_app lock apps --type deploy --duration 5m
|
||||
run_app check apps/bar --type deploy && exit 1
|
||||
|
||||
echo "4. automation during a release freeze, should allow the automation"
|
||||
start_ddb
|
||||
run_app lock apps --type freeze --duration 5m --allow automation
|
||||
run_app check apps/foo --type automation || exit 1
|
||||
|
||||
# clean up
|
||||
stop_ddb
|
||||
echo "Done."
|
||||
echo "Done, all tests passed."
|
||||
|
|
|
@ -26,6 +26,7 @@ export interface ParsedArgs {
|
|||
type: LockType;
|
||||
path: string;
|
||||
author?: string;
|
||||
allow: Array<LockType>;
|
||||
duration?: string;
|
||||
until?: string;
|
||||
recursive: boolean;
|
||||
|
@ -86,6 +87,12 @@ export async function parseArgs(argv: Array<string>): Promise<ParsedArgs> {
|
|||
command = 'prune';
|
||||
})
|
||||
.options({
|
||||
'allow': {
|
||||
choices: Object.keys(LOCK_TYPES) as ReadonlyArray<LockType>,
|
||||
default: [] as Array<LockType>,
|
||||
type: 'array',
|
||||
string: true,
|
||||
},
|
||||
'author': {
|
||||
type: 'string',
|
||||
},
|
||||
|
|
|
@ -20,7 +20,7 @@ export async function checkCommand(context: CommandContext) {
|
|||
} else {
|
||||
const friendly = printLock(path, lock);
|
||||
logger.info({ lock, friendly, path }, 'found active lock');
|
||||
return false;
|
||||
return lock.allow.includes(args.type);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,6 +26,11 @@ export interface LockData {
|
|||
*/
|
||||
author: string;
|
||||
|
||||
/**
|
||||
* Check types that should be allowed during this lock.
|
||||
*/
|
||||
allow: Array<LockType>;
|
||||
|
||||
/**
|
||||
* Links with more information about the lock.
|
||||
*/
|
||||
|
|
|
@ -187,6 +187,9 @@ export function attributesFromLock(lock: LockData): Record<string, AttributeValu
|
|||
source: {
|
||||
S: lock.source,
|
||||
},
|
||||
allow: {
|
||||
S: lock.allow.join(','),
|
||||
},
|
||||
links: attributesFromLinks(lock.links),
|
||||
};
|
||||
|
||||
|
@ -223,6 +226,7 @@ export function lockFromAttributes(attributes: Record<string, AttributeValue>):
|
|||
path: mustExist(attributes.path.S),
|
||||
author: mustExist(attributes.author.S),
|
||||
source: mustExist(attributes.source.S),
|
||||
allow: mustExist(attributes.allow.S).split(',') as Array<LockType>,
|
||||
created_at: parseInt(mustExist(attributes.created_at.N), 10),
|
||||
expires_at: parseInt(mustExist(attributes.expires_at.N), 10),
|
||||
updated_at: parseInt(mustExist(attributes.updated_at.N), 10),
|
||||
|
|
|
@ -82,6 +82,7 @@ export function buildLock(args: ParsedArgs, env = process.env): LockData {
|
|||
path: args.path,
|
||||
author: buildAuthor(args, env),
|
||||
links: buildLinks(args),
|
||||
allow: args.allow,
|
||||
created_at: args.now,
|
||||
updated_at: args.now,
|
||||
expires_at: calculateExpires(args),
|
||||
|
|
Loading…
Reference in New Issue