Add "file" type for inventory #436
Conversation
|
Is this necessary? In my opinion, solutions, that simply duplicates existing |
|
I think this is most important flag. I use it each time when I use ansible-playbook. Adding it as |
|
I think the current 'accepted' way of doing this, a blank inventory and a cli command, seems super hacky and unintuitive. What I like about adding a file field to this is that essentially then you can upload ec2.py (or whatever) in your repo and pass it as the inventory flag, so this effectively makes it possible to cover all dynamic inventory use cases, without any major changes (or am i wrong about this?) |
|
Okay, your arguments are persuasive. :) |
|
@fiftin can you remove the other inventory type options in the be and fe so that we are left with just static and file? |
|
Done |
|
I found security issue in my solution. User can enter something like this What do you this about this: func isValidInventoryPath(path string) bool {
if currentPath, err := filepath.Abs("./"); err != nil {
return false
} else if absPath, err := filepath.Abs(path); err != nil {
return false
} else if relPath, err := filepath.Rel(currentPath, absPath); err != nil {
return false
} else {
return !strings.HasPrefix(relPath, "..")
}
} |
api/projects/inventory.go
Outdated
| @@ -123,6 +125,19 @@ func AddInventory(w http.ResponseWriter, r *http.Request) { | |||
| mulekick.WriteJSON(w, http.StatusCreated, inv) | |||
| } | |||
|
|
|||
| func isValidInventoryPath(path string) bool { | |||
| if currentPath, err := filepath.Abs("./"); err != nil { | |||
There was a problem hiding this comment.
maybe you could use os.Getwd() here instead
https://golang.org/src/os/getwd.go
There was a problem hiding this comment.
also you might need to look at using https://golang.org/pkg/os/#pkg-constants for the filepath separator to make things cross platform compatible if getwd is not suitable
|
Added |
|
I would prefer if you did not use that test package, it is not really necessary to add it to do the checks you are performing here |
|
What test do you mean? |
|
Why not use unit test framework? |
|
I dont honestly think that you need or want unit test frameworks in go in 99% of cases. In your test case you can just say That is all you need! Something so simple should not be replaced by a third party dependency |
|
Where I should place this test? |
|
So i would replace your current tests with a simple test file such as the util_test.go implementation. It should be in the It would basically look like this: and so on inside the function for all your test cases |
|
I also use goland to run my unit tests (and even better code coverage :D), but you dont need anything special for this or any external libraries. IMO we should be implementing tests in as native a manner as possible, and that means doing it in the way the language specification describes, putting them in the same package etc...... as per the above link to the testing package. |
|
Done |
api/projects/inventory_test.go
Outdated
| @@ -21,7 +22,7 @@ func TestIsValidInventoryPath(t *testing.T) { | |||
| t.Fatal(" a path out of the cwd should be invalid") | |||
| } | |||
|
|
|||
| if IsValidInventoryPath("c:\\test\\inventory") { | |||
| if runtime.GOOS == "windows" && IsValidInventoryPath("c:\\test\\inventory") { | |||
There was a problem hiding this comment.
I'm not sure that this will ever get run, as it's impossible to test in windows on CircleCI 😬
But it's good to have as a test anyway!
|
Just tested this and it is working great with files for inventories (including python scripts) so we now have dynamic inventory support thanks to your efforts. Great work! |
No description provided.