generated from kubewarden/go-policy-template
-
Notifications
You must be signed in to change notification settings - Fork 3
/
settings.go
133 lines (115 loc) · 2.93 KB
/
settings.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package main
import (
"errors"
"fmt"
"github.com/kubewarden/gjson"
kubewarden "github.com/kubewarden/policy-sdk-go"
)
type HostPath struct {
PathPrefix string `json:"pathPrefix"`
ReadOnly bool `json:"readOnly"`
}
type Settings struct {
AllowedHostPaths []HostPath `json:"allowedHostPaths"`
}
// Builds a new Settings instance starting from a validation
// request payload:
//
// {
// "request": ...,
// "settings": {
// "allowedHostPaths": [
// {
// "pathPrefix": "foo",
// "readOnly": true,
// }
// ]
// }
// }
func NewSettingsFromValidationReq(payload []byte) (Settings, error) {
return newSettings(
payload,
"settings.allowedHostPaths")
}
// Builds a new Settings instance starting from a Settings
// payload:
//
// {
// "allowedHostPaths": [
// {
// "pathPrefix": "foo",
// "readOnly": true,
// }
// ]
// }
func NewSettingsFromValidateSettingsPayload(payload []byte) (Settings, error) {
return newSettings(
payload,
"allowedHostPaths")
}
func newSettings(payload []byte, paths ...string) (Settings, error) {
if len(paths) != 1 {
return Settings{}, fmt.Errorf("wrong number of json paths")
}
data := gjson.GetManyBytes(payload, paths...)
var err error
allowedHostPaths := make([]HostPath, 0)
if data[0].String() == "" {
// empty settings
return Settings{
AllowedHostPaths: allowedHostPaths,
}, nil
}
data[0].ForEach(func(_, entry gjson.Result) bool {
dataHostPath := gjson.GetManyBytes([]byte(entry.String()),
"pathPrefix",
"readOnly",
)
if !dataHostPath[0].Exists() {
errMsg := "pathPrefix key is missing"
if err == nil {
err = errors.New(errMsg)
} else {
err = fmt.Errorf("%w; %s", err, errMsg)
}
return true // continue iterating
}
if !dataHostPath[1].Exists() {
errMsg := fmt.Sprintf("readOnly key for pathPrefix '%s' is missing",
dataHostPath[0].String())
if err == nil {
err = errors.New(errMsg)
} else {
err = fmt.Errorf("%w; %s", err, errMsg)
}
return true // continue iterating
}
hostPath := HostPath{
PathPrefix: dataHostPath[0].String(),
ReadOnly: dataHostPath[1].Bool(),
}
allowedHostPaths = append(allowedHostPaths, hostPath)
return true // continue iterating
})
return Settings{
AllowedHostPaths: allowedHostPaths,
}, err
}
func (s *Settings) Valid() bool {
// each entry of allowedHostPaths needs to have 1 pathPrefix and 1 readOnly,
// which is checked on marshalling
return true
}
func validateSettings(payload []byte) ([]byte, error) {
logger.Info("validating settings")
settings, err := NewSettingsFromValidateSettingsPayload(payload)
if err != nil {
return kubewarden.RejectSettings(kubewarden.Message(err.Error()))
}
if settings.Valid() {
logger.Info("accepting settings")
return kubewarden.AcceptSettings()
}
logger.Warn("rejecting settings")
return kubewarden.RejectSettings(kubewarden.Message("Provided settings are not valid"))
}