diff options
| author | Vincent Ambo <mail@tazj.in> | 2021-11-23T11·24+0300 |
|---|---|---|
| committer | Vincent Ambo <mail@tazj.in> | 2021-11-23T11·39+0300 |
| commit | bc51bd99d9509af4861304882b4236766a2a57e7 (patch) | |
| tree | b883f4c4115d477bf94340b2c76538449eca5be4 /default.nix | |
| parent | 95ee86225b7b858ae6c2438211e934ee4db66222 (diff) | |
refactor(readTree): Move 'restrictFolder' function into readTree r/3082
This is generally useful for readTree users and should be part of readTree itself. This is a move towards exposing several readTree-related features from the library itself, in the future also including logic like 'gather'. Note that this has a small functional change: In error messages of the function, the notation for accessing Nix attributes is now used rather than the Perforce-style `//` notation common in TVL. For example, an error at `//web/tvl/logo` will produce `web.tvl.logo` in the error message (which corresponds to the readTree attribute itself). This makes more sense for non-TVL consumers of readTree, as the Perforce-style notation is custom to us specifically. Change-Id: I8e199e473843c40db40b404c20d2c71f48a0f658
Diffstat (limited to 'default.nix')
| -rw-r--r-- | default.nix | 28 |
1 files changed, 4 insertions, 24 deletions
diff --git a/default.nix b/default.nix index 2327830850..245e76e304 100644 --- a/default.nix +++ b/default.nix @@ -6,10 +6,7 @@ let inherit (builtins) - attrValues concatMap - elem - elemAt filter ; @@ -17,27 +14,10 @@ let # package set is not available here. fix = f: let x = f x; in x; - # Create a readTree filter disallowing access to the specified - # top-level folder in other parts of the depot, except for specific - # exceptions specified by their (full) paths. - restrictFolder = { folder, exceptions ? [], reason }: parts: args: - if (elemAt parts 0) == folder || elem parts exceptions - then args - else args // { - depot = args.depot // { - "${folder}" = throw '' - Access to targets under //${folder} is not permitted from - other depot paths. Specific exceptions are configured at the - top-level. - - ${reason} - At location: //${builtins.concatStringsSep "/" parts} - ''; - }; - }; + readTree = import ./nix/readTree {}; # Disallow access to //users from other depot parts. - usersFilter = restrictFolder { + usersFilter = readTree.restrictFolder { folder = "users"; reason = '' Code under //users is not considered stable or dependable in the @@ -60,7 +40,7 @@ let }; # Disallow access to //corp from other depot parts. - corpFilter = restrictFolder { + corpFilter = readTree.restrictFolder { folder = "corp"; reason = '' Code under //corp may use incompatible licensing terms with @@ -76,7 +56,7 @@ let ]; }; - readDepot = depotArgs: import ./nix/readTree {} { + readDepot = depotArgs: readTree { args = depotArgs; path = ./.; filter = parts: args: corpFilter parts (usersFilter parts args); |