Skip to content

Commit

Permalink
Enable yaml linting.
Browse files Browse the repository at this point in the history
  • Loading branch information
schmidtw committed May 29, 2024
1 parent 2eb1ad1 commit 399f164
Show file tree
Hide file tree
Showing 8 changed files with 94 additions and 53 deletions.
5 changes: 3 additions & 2 deletions .codecov.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
## SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
## SPDX-License-Identifier: Apache-2.0
# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
# SPDX-License-Identifier: Apache-2.0
---
coverage:
range: 50..80
round: down
Expand Down
5 changes: 3 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
# Check for updates to GitHub Actions every day
interval: "daily"
labels:
- "dependencies"
commit-message:
prefix: "automation"
prefix: "chore"
include: "scope"
open-pull-requests-limit: 10

Expand All @@ -25,3 +25,4 @@ updates:
commit-message:
prefix: "chore"
include: "scope"
open-pull-requests-limit: 10
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,5 @@ jobs:
release-docker-latest: true
release-docker-major: true
release-docker-minor: true
yaml-lint-skip: false
secrets: inherit
1 change: 0 additions & 1 deletion .golangci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,3 @@ issues:
linters:
- dupl
- funlen

39 changes: 19 additions & 20 deletions .release/docker/argus_spruce.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ servers:
X-Xmidt-Version:
- development

store:
store:
# dynamo is the configuration block to communicate with dynamoDB.
dynamo:

Expand Down Expand Up @@ -109,7 +109,7 @@ store:
# # If the opTimeout is set to 0, it defaults to 10s.
# # (Optional) defaults to 10s
# opTimeout: 100ms

# # username is the username to use when connecting to the database.
# # (Optional)
# username: "cassandra"
Expand Down Expand Up @@ -142,7 +142,7 @@ store:
# userInputValidation groups options around validating data on incoming requests.
# (Optional) The default values are those listed above the fields below.
userInputValidation:
# itemMaxTTL defines the limit for TTL values provided by users of the API.
# itemMaxTTL defines the limit for TTL values provided by users of the API.
# refer to https://golang.org/pkg/time/#ParseDuration for valid strings.
# (Optional) default: 24h (a day)
itemMaxTTL: (( grab $ITEM_MAX_TTL || "24h" ))
Expand All @@ -156,7 +156,7 @@ userInputValidation:
ownerFormatRegex: (( grab $OWNER_FORMAT_REGEX || "^.{4,60}$" ))

# itemDataMaxDepth is the max allowed depth of the Item JSON data field.
# If your DB supports up to N nested objects, itemDataMaxDepth should be set to
# If your DB supports up to N nested objects, itemDataMaxDepth should be set to
# N-1. The value of itemDataMaxDepth must be > 0, otherwise the default value will
# be used.
# (Optional) default: 30
Expand All @@ -170,21 +170,21 @@ jwtValidator:
Resolve:
Template: (( grab $THEMIS_ENDPOINT || "http://themis:6500/keys/{keyID}" ))

# can we remove all of this section?
# can we remove all of this section?
authx:
inbound:
# basic is a list of Basic Auth credentials intended to be used for local testing purposes.
# WARNING! Be sure to remove this from your production config.
basic:
- (( grab $AUTH_HEADER || "dXNlcjpwYXNz" ))


# accessLevel defines config around the injection of an attribute to bascule tokens
# which application code can leverage to decide if a given request is allowed to execute some operation.
# Note that accessLevel differs from capabilityCheck in that it allows more complex access hierarchy.
# That is, while capabilityCheck verifies whether a user is allowed to use an API endpoint, accessLevel
# Note that accessLevel differs from capabilityCheck in that it allows more complex access hierarchy.
# That is, while capabilityCheck verifies whether a user is allowed to use an API endpoint, accessLevel
# assigns a number to the user's request which application code can use for security purposes.
# An access level is defined as a non-negative number and the higher the number, the higher the access the
# An access level is defined as a non-negative number and the higher the number, the higher the access the
# request has for the target application.
# (Optional). If section is not provided, the lowest access level value of 0 will be assigned to the attribute.
accessLevel:
Expand All @@ -201,7 +201,7 @@ authx:
# If this value is found in the list, the access level assigned to the request will be 1. Otherwise, it will be 0.
# (Optional) defaults to 'xmidt:svc:admin'
name: (( grab $ACCESS_LEVEL_CAPABILITY || "xmidt:svc:admin" ))

# path is the list of nested keys to get to the claim which contains the capabilities.
# For example, if your JWT payload looks like this:
# ```
Expand All @@ -211,24 +211,24 @@ authx:
# "my_company": {
# "capabilities": ["capability0", "capability1"]
# }
# }
# ```
# }
# ```
# you'll want to set path to ["my_company", "capabilities"]
# (Optional) default: ["capabilities"]
path:
path:
- (( grab $ACCESS_LEVEL_CAPABILITIES_PATH || "capabilities" ))

# # capabilityCheck provides the details needed for checking an incoming JWT's
# # capabilities. If the type of check isn't provided, no checking is done. The
# # type can be "monitor" or "enforce". If "monitor" is provided, the capabilities
# # are checked but the request isn't rejected when there isn't a valid capability
# # for the request. Instead, a message is logged. When "enforce" is provided, a
# # type can be "monitor" or "enforce". If "monitor" is provided, the capabilities
# # are checked but the request isn't rejected when there isn't a valid capability
# # for the request. Instead, a message is logged. When "enforce" is provided, a
# # request that doesn't have the needed capability is rejected.

# # The capability is expected to have the format:

# # {prefix}{endpoint}:{method}

# # The prefix can be a regular expression. If it's empty, no capability check
# # is done. The endpoint is a regular expression that should match the endpoint
# # the request was sent to. The method is usually the method of the request, such as
Expand Down Expand Up @@ -262,4 +262,3 @@ tracing:

# endpoint is where trace information should be routed. Applies to zipkin and jaegar.
endpoint: (( grab $TRACING_PROVIDER_ENDPOINT || "http://zipkin:9411/api/v2/spans" ))

40 changes: 40 additions & 0 deletions .yamllint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# SPDX-FileCopyrightText: 2024 Comcast Cable Communications Management, LLC
# SPDX-License-Identifier: Apache-2.0
---

extends: default

ignore: []

rules:
braces:
level: warning
max-spaces-inside: 1
brackets:
level: warning
max-spaces-inside: 1
colons:
level: warning
max-spaces-after: -1
commas:
level: warning
comments: disable
comments-indentation: disable
document-start:
present: true
empty-lines:
max: 2
hyphens:
max-spaces-after: 1
indentation:
level: error
indent-sequences: consistent
line-length:
level: warning
max: 90
allow-non-breakable-words: true
allow-non-breakable-inline-mappings: true
truthy:
allowed-values:
- 'true'
- 'false'
50 changes: 25 additions & 25 deletions argus.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
## SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
## SPDX-License-Identifier: Apache-2.0
# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
# SPDX-License-Identifier: Apache-2.0
---
prometheus:
defaultNamespace: xmidt
defaultSubsystem: argus
Expand Down Expand Up @@ -56,24 +57,24 @@ store:
# endpoint is used to set a custom aws endpoint.
# (Optional)
endpoint: "http://localhost:8000"

# table is the name of the table that is already configured with bucket and id as the key.
table: "gifnoc"

# region is where request should go to.
region: "us-east-2"

# maxRetires is the maximum times the application will retry the request to the db.
# (Optional) default: 3
maxRetries: 3

# getAllLimit is the maximum number of items to get at a time.
# (Optional) defaults to no limit
getAllLimit: 50

# accessKey is the AWS accessKey to access dynamodb.
accessKey: "accessKey"

# secretKey is the AWS secretKey to go with the accessKey to access dynamodb.
secretKey: "secretKey"

Expand All @@ -87,7 +88,7 @@ store:
# # If the opTimeout is set to 0, it defaults to 10s.
# # (Optional) defaults to 10s
# opTimeout: 100ms

# # username is the username to use when connecting to the database.
# # (Optional)
# username: "cassandra"
Expand Down Expand Up @@ -121,10 +122,10 @@ store:
# userInputValidation groups options around validating data on incoming requests.
# (Optional) The default values are those listed above the fields below.
userInputValidation:
# itemMaxTTL defines the limit for TTL values provided by users of the API.
# itemMaxTTL defines the limit for TTL values provided by users of the API.
# refer to https://golang.org/pkg/time/#ParseDuration for valid strings.
# (Optional) default: 24h (a day)
itemMaxTTL: "24h"
itemMaxTTL: "24h"

# bucketFormatRegex helps define the validity of a bucket through a regular expression.
# (Optional) default: ^[0-9a-z][0-9a-z-]{1,61}[0-9a-z]$
Expand All @@ -135,7 +136,7 @@ userInputValidation:
ownerFormatRegex: "^.{4,60}$"

# itemDataMaxDepth is the max allowed depth of the Item JSON data field.
# If your DB supports up to N nested objects, itemDataMaxDepth should be set to
# If your DB supports up to N nested objects, itemDataMaxDepth should be set to
# N-1. The value of itemDataMaxDepth must be > 0, otherwise the default value will
# be used.
# (Optional) default: 30
Expand Down Expand Up @@ -167,7 +168,7 @@ authx:
basic: ["dXNlcjpwYXNz"]

# bearer contains all the configuration needed for a JWT validator.
bearer:
bearer:
key:
factory:
uri: "http://localhost:6500/keys/docker"
Expand All @@ -176,10 +177,10 @@ authx:

# accessLevel defines config around the injection of an attribute to bascule tokens
# which application code can leverage to decide if a given request is allowed to execute some operation.
# Note that accessLevel differs from capabilityCheck in that it allows more complex access hierarchy.
# That is, while capabilityCheck verifies whether a user is allowed to use an API endpoint, accessLevel
# Note that accessLevel differs from capabilityCheck in that it allows more complex access hierarchy.
# That is, while capabilityCheck verifies whether a user is allowed to use an API endpoint, accessLevel
# assigns a number to the user's request which application code can use for security purposes.
# An access level is defined as a non-negative number and the higher the number, the higher the access the
# An access level is defined as a non-negative number and the higher the number, the higher the access the
# request has for the target application.
# (Optional). If section is not provided, the lowest access level value of 0 will be assigned to the attribute.
accessLevel:
Expand All @@ -196,7 +197,7 @@ authx:
# If this value is found in the list, the access level assigned to the request will be 1. Otherwise, it will be 0.
# (Optional) defaults to 'xmidt:svc:admin'
name: "xmidt:svc:admin"

# path is the list of nested keys to get to the claim which contains the capabilities.
# For example, if your JWT payload looks like this:
# ```
Expand All @@ -206,24 +207,24 @@ authx:
# "my_company": {
# "capabilities": ["capability0", "capability1"]
# }
# }
# ```
# }
# ```
# you'll want to set path to ["my_company", "capabilities"]
# (Optional) default: ["capabilities"]
path: ["capabilities"]


# # capabilities provides the details needed for checking an incoming JWT's
# # capabilities. If the type of check isn't provided, no checking is done. The
# # type can be "monitor" or "enforce". If "monitor" is provided, the capabilities
# # are checked but the request isn't rejected when there isn't a valid capability
# # for the request. Instead, a message is logged. When "enforce" is provided, a
# # type can be "monitor" or "enforce". If "monitor" is provided, the capabilities
# # are checked but the request isn't rejected when there isn't a valid capability
# # for the request. Instead, a message is logged. When "enforce" is provided, a
# # request that doesn't have the needed capability is rejected.

# # The capability is expected to have the format:

# # {prefix}{endpoint}:{method}

# # The prefix can be a regular expression. If it's empty, no capability check
# # is done. The endpoint is a regular expression that should match the endpoint
# # the request was sent to. The method is usually the method of the request, such as
Expand Down Expand Up @@ -258,4 +259,3 @@ tracing:
# endpoint is where trace information should be routed. Applies to otlp, zipkin, and jaegar. OTLP/gRPC uses port 4317 by default.
# OTLP/HTTP uses port 4318 by default.
# endpoint: "http://localhost:9411/api/v2/spans"

6 changes: 3 additions & 3 deletions integtests/dynamodb/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
## SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
## SPDX-License-Identifier: Apache-2.0
# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
# SPDX-License-Identifier: Apache-2.0
version: '3'

services:
Expand All @@ -8,4 +8,4 @@ services:
hostname: dynamodb-local
container_name: dynamodb-local
ports:
- "8042:8000"
- "8042:8000"

0 comments on commit 399f164

Please sign in to comment.