Merge pull request #223 from Kinto/148-strip-spaces-from-resources

Strip spaces from resources (fixes #148)

CHANGELOG.rst

@@ -14,6 +14,7 @@ This document describes changes between each past release.
 
 **New features**
 
+- Allow spaces in resources configurations, and separate URIs with ``->`` for better readability (fixes #148, fixes #88)
 - Allow configuration of ``reviewers_group``, ``editors_group``, ``to_review_enabled``, ``group_check_enabled``
   by bucket
 - Allow placeholders ``{bucket_id}`` and ``{collection_id}`` in ``reviewers_group``, ``editors_group``,

README.rst

@@ -103,9 +103,9 @@ Here is an example of what a configuration could look like:
   kinto.includes = kinto_signer
 
   kinto.signer.resources =
-      /buckets/source;/bucket/destination
-      /buckets/source/collections/collection1;/buckets/destination/collections/collection2
-      /buckets/bid/collections/cid;/buckets/bid/collections/cid2
+      /buckets/source                         -> /bucket/destination
+      /buckets/source/collections/collection1 -> /buckets/destination/collections/collection2
+      /buckets/bid/collections/cid            -> /buckets/bid/collections/cid2
 
 +---------------------------------+--------------------------------------------------------------------------+
 | Setting name                    | What does it do?                                                         |
@@ -216,8 +216,8 @@ collection will be enabled.
 .. code-block:: ini
 
   kinto.signer.resources =
-      /buckets/staging;/buckets/preview;/buckets/blog
-      /buckets/bid/collections/c1;/buckets/bid/collections/c2;/buckets/bid/collections/c3
+      /buckets/staging            -> /buckets/preview            -> /buckets/blog
+      /buckets/bid/collections/c1 -> /buckets/bid/collections/c2 -> /buckets/bid/collections/c3
 
 
 .. image:: workflow.png
@@ -256,7 +256,7 @@ Suppose we defined the following resources in the configuration:
 
 .. code-block:: ini
 
-    kinto.signer.resources = /buckets/source;/buckets/destination
+    kinto.signer.resources = /buckets/source -> /buckets/destination
 
 First, if necessary, we create the appropriate Kinto objects, for example, with ``httpie``:
 

kinto_signer/utils.py

@@ -3,7 +3,6 @@
 from kinto.views import NameGenerator
 
 from enum import Enum
-from pyramid.settings import aslist
 from pyramid.exceptions import ConfigurationError
 
 
@@ -54,13 +53,15 @@ def _get_resource(resource):
 def parse_resources(raw_resources):
     resources = OrderedDict()
 
-    for res in aslist(raw_resources):
+    lines = [l.strip() for l in raw_resources.strip().splitlines()]
+    for res in lines:
         error_msg = "Malformed resource: %%s (in %r). See kinto-signer README." % res
-        if ";" not in res:
-            raise ConfigurationError(error_msg % "not separated with ';'")
+        if "->" not in res and ";" not in res:
+            raise ConfigurationError(error_msg % "not separated with '->'")
 
         try:
-            triplet = res.strip(';').split(';')
+            triplet = [r.strip()
+                       for r in res.replace(';', ' ').replace('->', ' ').split()]
             if len(triplet) == 2:
                 source_uri, destination_uri = triplet
                 preview_uri = None

tests/config/signer.ini

@@ -16,10 +16,10 @@ signer.group_check_enabled = true
 signer.to_review_enabled = true
 
 kinto.signer.resources =
-    /buckets/alice/collections/source;/buckets/alice/collections/destination
-    /buckets/alice/collections/from;/buckets/alice/collections/preview;/buckets/alice/collections/to
-    /buckets/bob/collections/source;/buckets/bob/collections/destination
-    /buckets/stage;/buckets/preview;/buckets/prod
+    /buckets/alice/collections/source -> /buckets/alice/collections/destination
+    /buckets/alice/collections/from -> /buckets/alice/collections/preview -> /buckets/alice/collections/to
+    /buckets/bob/collections/source-> /buckets/bob/collections/destination
+    /buckets/stage -> /buckets/preview -> /buckets/prod
 
 kinto.signer.signer_backend = kinto_signer.signer.autograph
 kinto.signer.autograph.server_url = http://localhost:8000

tests/test_events.py

@@ -36,7 +36,7 @@ def get_app_settings(cls, extras=None):
         cls.source_collection = "/buckets/alice/collections/scid"
         cls.destination_collection = "/buckets/destination/collections/dcid"
 
-        settings['kinto.signer.resources'] = '%s;%s' % (
+        settings['kinto.signer.resources'] = '%s -> %s' % (
             cls.source_collection,
             cls.destination_collection)
 
@@ -223,7 +223,7 @@ def get_app_settings(cls, extras=None):
         cls.source_collection = "/buckets/alice/collections/scid"
         cls.destination_collection = "/buckets/destination/collections/dcid"
 
-        settings['kinto.signer.resources'] = '%s;%s' % (
+        settings['kinto.signer.resources'] = '%s -> %s' % (
             cls.source_collection,
             cls.destination_collection)
 

tests/test_plugin_setup.py

@@ -115,7 +115,7 @@ def test_includeme_raises_value_error_if_no_resource_defined(self):
     def test_defines_a_signer_per_bucket(self):
         settings = {
             "signer.resources": (
-                "/buckets/sb1/collections/sc1;/buckets/db1/collections/dc1\n"
+                "/buckets/sb1/collections/sc1 -> /buckets/db1/collections/dc1\n"
             ),
             "signer.sb1.signer_backend": "kinto_signer.signer.local_ecdsa",
             "signer.sb1.ecdsa.public_key": "/path/to/key",
@@ -128,8 +128,8 @@ def test_defines_a_signer_per_bucket(self):
     def test_defines_a_signer_per_bucket_and_collection(self):
         settings = {
             "signer.resources": (
-                "/buckets/sb1/collections/sc1;/buckets/db1/collections/dc1\n"
-                "/buckets/sb1/collections/sc2;/buckets/db1/collections/dc2"
+                "/buckets/sb1/collections/sc1 -> /buckets/db1/collections/dc1\n"
+                "/buckets/sb1/collections/sc2 -> /buckets/db1/collections/dc2"
             ),
             "signer.sb1.signer_backend": "kinto_signer.signer.local_ecdsa",
             "signer.sb1.ecdsa.public_key": "/path/to/key",
@@ -149,8 +149,8 @@ def test_defines_a_signer_per_bucket_and_collection(self):
     def test_falls_back_to_global_settings_if_not_defined(self):
         settings = {
             "signer.resources": (
-                "/buckets/sb1/collections/sc1;/buckets/db1/collections/dc1\n"
-                "/buckets/sb1/collections/sc2;/buckets/db1/collections/dc2"
+                "/buckets/sb1/collections/sc1 -> /buckets/db1/collections/dc1\n"
+                "/buckets/sb1/collections/sc2 -> /buckets/db1/collections/dc2"
             ),
             "signer.signer_backend": "kinto_signer.signer.autograph",
             "signer.autograph.server_url": "http://localhost",
@@ -175,7 +175,7 @@ def test_a_statsd_timer_is_used_for_signature_if_configured(self):
         settings = {
             "statsd_url": "udp://127.0.0.1:8125",
             "signer.resources": (
-                "/buckets/sb1/collections/sc1;/buckets/db1/collections/dc1"
+                "/buckets/sb1/collections/sc1 -> /buckets/db1/collections/dc1"
             ),
             "signer.ecdsa.public_key": "/path/to/key",
             "signer.ecdsa.private_key": "/path/to/private",
@@ -196,9 +196,7 @@ def test_a_statsd_timer_is_used_for_signature_if_configured(self):
 
     def test_includeme_raises_value_error_if_unknown_placeholder(self):
         settings = {
-            "signer.resources": (
-                "/buckets/sb1/collections/sc1;/buckets/db1/collections/dc1",
-            ),
+            "signer.resources": "/buckets/sb1/collections/sc1 -> /buckets/db1/collections/dc1",
             "signer.editors_group": "{datetime}_group",
             "signer.ecdsa.public_key": "/path/to/key",
             "signer.ecdsa.private_key": "/path/to/private",
@@ -217,14 +215,14 @@ def setUp(self):
 
     def test_nothing_happens_when_resource_is_not_configured(self):
         evt = mock.MagicMock(payload={"bucket_id": "a", "collection_id": "b"})
-        sign_collection_data(evt, resources=utils.parse_resources("c/d;e/f"))
+        sign_collection_data(evt, resources=utils.parse_resources("c/d -> e/f"))
         assert not self.updater_mocked.called
 
     def test_nothing_happens_when_status_is_not_to_sign(self):
         evt = mock.MagicMock(payload={"bucket_id": "a", "collection_id": "b"},
                              impacted_records=[{
                                  "new": {"id": "b", "status": "signed"}}])
-        sign_collection_data(evt, resources=utils.parse_resources("a/b;c/d"))
+        sign_collection_data(evt, resources=utils.parse_resources("a/b -> c/d"))
         assert not self.updater_mocked.sign_and_update_destination.called
 
     def test_updater_is_called_when_resource_and_status_matches(self):
@@ -237,7 +235,7 @@ def test_updater_is_called_when_resource_and_status_matches(self):
             "/buckets/a/collections/b": mock.sentinel.signer
         }
         evt.request.route_path.return_value = "/v1/buckets/a/collections/b"
-        sign_collection_data(evt, resources=utils.parse_resources("a/b;c/d"))
+        sign_collection_data(evt, resources=utils.parse_resources("a/b -> c/d"))
         self.updater_mocked.assert_called_with(
             signer=mock.sentinel.signer,
             storage=mock.sentinel.storage,
@@ -258,13 +256,13 @@ def test_kinto_attachment_property_is_set_to_allow_metadata_updates(self):
             "/buckets/a/collections/b": mock.sentinel.signer
         }
         evt.request.route_path.return_value = "/v1/buckets/a/collections/b"
-        sign_collection_data(evt, resources=utils.parse_resources("a/b;c/d"))
+        sign_collection_data(evt, resources=utils.parse_resources("a/b -> c/d"))
         assert evt.request._attachment_auto_save is True
 
     def test_updater_does_not_fail_when_payload_is_inconsistent(self):
         # This happens with events on default bucket for kinto < 3.3
         evt = mock.MagicMock(payload={"subpath": "collections/boom"})
-        sign_collection_data(evt, resources=utils.parse_resources("a/b;c/d"))
+        sign_collection_data(evt, resources=utils.parse_resources("a/b -> c/d"))
 
 
 class BatchTest(BaseWebTest, unittest.TestCase):

tests/test_signoff_flow.py

@@ -69,7 +69,7 @@ def get_app_settings(cls, extras=None):
         cls.destination_bucket = "/buckets/alice"
         cls.destination_collection = cls.destination_bucket + "/collections/dcid"
 
-        settings['kinto.signer.resources'] = '%s;%s' % (
+        settings['kinto.signer.resources'] = '%s -> %s' % (
             cls.source_collection,
             cls.destination_collection)
         return settings
@@ -380,7 +380,7 @@ def get_app_settings(cls, extras=None):
         cls.source_collection1 = "/buckets/alice/collections/cid1"
         cls.source_collection2 = "/buckets/alice/collections/cid2"
 
-        settings['kinto.signer.resources'] = "%s;%s %s;%s" % (
+        settings['kinto.signer.resources'] = "%s -> %s\n%s -> %s" % (
             cls.source_collection1,
             cls.source_collection1.replace("alice", "destination"),
             cls.source_collection2,
@@ -449,7 +449,7 @@ def get_app_settings(cls, extras=None):
         cls.preview_collection = cls.preview_bucket + "/collections/pcid"
 
         settings['signer.to_review_enabled'] = 'true'
-        settings['kinto.signer.resources'] = '%s;%s;%s' % (
+        settings['kinto.signer.resources'] = '%s -> %s -> %s' % (
             cls.source_collection,
             cls.preview_collection,
             cls.destination_collection)
@@ -497,7 +497,7 @@ def get_app_settings(cls, extras=None):
         cls.destination_bucket = "/buckets/prod"
         cls.destination_collection = cls.destination_bucket + "/collections/cid"
 
-        settings['kinto.signer.resources'] = ';'.join([
+        settings['kinto.signer.resources'] = ' -> '.join([
             cls.source_bucket,
             cls.preview_bucket,
             cls.destination_bucket])