From 410f43afa69a8e45d10c7b1c7a4a4778216b1ae3 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 18 Apr 2023 16:46:35 +0000 Subject: [PATCH 1/2] allow upper case for cran pax, append _ to name --- .../cloud_init/resources/configure_nexus.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py index bb9bed8d3a..9a0344b358 100755 --- a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py +++ b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py @@ -588,15 +588,15 @@ def get_allowlists(pypi_package_file, cran_package_file): cran_allowlist = [] if pypi_package_file: - pypi_allowlist = get_allowlist(pypi_package_file) + pypi_allowlist = get_allowlist(pypi_package_file, False) if cran_package_file: - cran_allowlist = get_allowlist(cran_package_file) + cran_allowlist = get_allowlist(cran_package_file, True) return (pypi_allowlist, cran_allowlist) -def get_allowlist(allowlist_path): +def get_allowlist(allowlist_path, is_cran): """ Read list of allowed packages from a file @@ -609,12 +609,15 @@ def get_allowlist(allowlist_path): allowlist = [] with open(allowlist_path, "r") as allowlist_file: # Sanitise package names - # - convert to lower case + # - convert to lower case if the package is on PyPi. Leave alone on CRAN to prevent issues with case-sensitivity # - convert special characters to '-' # - remove any blank entries, which act as a wildcard that would allow any package special_characters = re.compile(r"[^0-9a-zA-Z]+") for package_name in allowlist_file.readlines(): - package_name = special_characters.sub("-", package_name.lower().strip()) + if is_cran: + package_name = special_characters.sub("-", package_name.strip()) + else: + package_name = special_characters.sub("-", package_name.lower().strip()) if package_name: allowlist.append(package_name) return allowlist @@ -725,7 +728,7 @@ def recreate_privileges(tier, nexus_api, pypi_allowlist=[], nexus_api, name=f"cran-{package}", description=f"allow access to {package} on CRAN", - expression=f'format == "r" and path=^"/src/contrib/{package}"', + expression=f'format == "r" and path=^"/src/contrib/{package}_"', repo_type=_NEXUS_REPOSITORIES["cran_proxy"]["repo_type"], repo=_NEXUS_REPOSITORIES["cran_proxy"]["name"] ) From 9c2139e4cab21808035342bd0a4b04c2f3c38ed0 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 19 Apr 2023 10:11:23 +0100 Subject: [PATCH 2/2] Add is_cran argument to docstring --- .../cloud_init/resources/configure_nexus.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py index 9a0344b358..f460162799 100755 --- a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py +++ b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py @@ -602,6 +602,7 @@ def get_allowlist(allowlist_path, is_cran): Args: allowlist_path: Path to the allowlist file + is_cran: True if the allowlist if for CRAN, False if it is for PyPI Returns: List of the package names specified in the file @@ -609,7 +610,7 @@ def get_allowlist(allowlist_path, is_cran): allowlist = [] with open(allowlist_path, "r") as allowlist_file: # Sanitise package names - # - convert to lower case if the package is on PyPi. Leave alone on CRAN to prevent issues with case-sensitivity + # - convert to lower case if the package is on PyPI. Leave alone on CRAN to prevent issues with case-sensitivity # - convert special characters to '-' # - remove any blank entries, which act as a wildcard that would allow any package special_characters = re.compile(r"[^0-9a-zA-Z]+")