add access to Translation-* apt files

alan-turing-institute · Nov 15, 2024 · 8131c74 · 8131c74
1 parent 749e5e5
commit 8131c74
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/nexus_allowlist/actions.py b/nexus_allowlist/actions.py
@@ -217,7 +217,7 @@ def recreate_privileges(
         description="Allow access to 'Packages.gz' file in APT repository",
         expression=(
             'format == "apt" and '
-            f'path=~"/dists/{APT_DISTRO}/.*/Packages.gz"'
+            f'path=~"^/dists/{APT_DISTRO}/.*/Packages.gz"'
         ),
         repo_type=_NEXUS_REPOSITORIES["apt_proxy"].repo_type,
         repo=_NEXUS_REPOSITORIES["apt_proxy"].name,
@@ -236,6 +236,21 @@ def recreate_privileges(
     )
     apt_privilege_names.append(privilege_name)
 
+    # Content selector and privilege for APT 'Translation-*' files which contains an
+    # metadata about the APT distribution
+    privilege_name = create_content_selector_and_privilege(
+        nexus_api,
+        name="apt-translation",
+        description="Allow access to 'Translation-*' file in APT repository",
+        expression=(
+            'format == "apt" '
+            f'and path=~"^/dists/{APT_DISTRO}/.*/Translation-.*"'
+        ),
+        repo_type=_NEXUS_REPOSITORIES["apt_proxy"].repo_type,
+        repo=_NEXUS_REPOSITORIES["apt_proxy"].name,
+    )
+    apt_privilege_names.append(privilege_name)
+
     # Create content selectors and privileges for packages according to the
     # package setting
     if packages == "all":