0

I'm looking for help on how to proceed with ensuring that certain values in properties/YAML files are not overridden.

For instance, I have a Spring Boot project and a properties.yml with the following properties.

spring:
  datasource:
    url: ${jdbc.url:}
    username: ${jdbc.username:}
    password: ${jdbc.password:}

In Spring, the value for the url property comes from the environment variable JDBC_URL or JDBC.URL.

We have a group of developers working on said project. Some developers tend to just hard code the values in the file because it is quick and easy.

spring:
  datasource:
    url: jdbc:mysql://localhost:32768/master
    username: root
    password: password

And more often than not, when they commit their code, these changes are often also committed, which I believe is a bad thing. So, rather than rely on the developers being vigilant, how do I ensure that such situations are prevented from happening?

Do bear in mind that sometimes there are legitimate reasons for modifying the properties/YAML files such as adding new properties.

spring:
  datasource:
    url: jdbc:mysql://localhost:32768/master # should NOT be allowed
    username: root                           # should NOT be allowed
    password: password                       # should NOT be allowed
new:
    property: value                          # should be allowed

My first thought was using a unit test for the properties/YAML file. It would provide me with the flexibility to expand if there are new properties that need to be validated. This would prevent unit test stage from passing and thus help to prevent a merge to the master branch but it does not prevent the commit in the first place.

I'm unsure of how to proceed next. Any help is greatly appreciated. If it helps, the project is a Spring Boot application and uses Java and Gradle. The remote repository is GitHub.

Christopher Z
  • 899
  • 1
  • 12
  • 32
  • Why not use different profiles for DEV and PROD. This way you can check if PROD profile file is updated in pre-commit hook and check for it's validity. Alas there is no generic way to do it, You have to write the commit hook for your own requirement. – Sangram Jadhav Oct 12 '16 at 06:19

1 Answers1

1

The following pre-commit hook is not very elegant (ideally, I would have liked something that can read the YAML file into a structure that can be queried), but it is a good starting point.

Steps:

  1. Create .git/hooks/pre-commit with the following content:

    disallowed="localhost root password"

    git diff --cached --name-status | while read x file; do
            if [ "$x" == 'D' ]; then continue; fi
            for word in $disallowed
            do
                if egrep $word $file ; then
                    echo "ERROR: Disallowed expression \"${word}\" in file: ${file}"
                    exit 1
                fi
            done
    done || exit $?
  1. Change permissions

chmod 755 .git/hooks/pre-commit

  1. And then try committing an invalid YAML file. Here is what my test showed:

$ cat validate-this.yml
    spring:
datasource:
        url: jdbc:mysql://localhost:32768/master
        username: root
        password: password
    new:
        property: value

$ git add validate-this.yml


$ git commit -m "Commit should not be allowed"
    url: jdbc:mysql://localhost:32768/master # should NOT be allowed
ERROR: Disallowed expression "localhost" in file: validate-this.yml
Ashutosh Jindal
  • 18,501
  • 4
  • 62
  • 91
  • I tried out the pre-commit hooks. However, it does not prevent the commits unless the developers are using the hook. It would be easy to miss/skip the step of setting up the commit hook. Is there something I can do to automatically enforce this policy? – Christopher Z Oct 20 '16 at 04:52
  • [**This**](http://stackoverflow.com/questions/427207/can-git-hook-scripts-be-managed-along-with-the-repository) has some suggestions to make it simpler to enforce the hooks. Check it out. – Ashutosh Jindal Oct 20 '16 at 06:34