generated from kubewarden/go-policy-template
/
validate.go
77 lines (62 loc) · 1.69 KB
/
validate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package main
import (
"fmt"
"strings"
mapset "github.com/deckarep/golang-set"
"github.com/kubewarden/gjson"
kubewarden "github.com/kubewarden/policy-sdk-go"
)
func validate(payload []byte) ([]byte, error) {
if !gjson.ValidBytes(payload) {
return kubewarden.RejectRequest(
kubewarden.Message("Not a valid JSON document"),
kubewarden.Code(400))
}
settings, err := NewSettingsFromValidationReq(payload)
if err != nil {
return kubewarden.RejectRequest(
kubewarden.Message(err.Error()),
kubewarden.Code(400))
}
data := gjson.GetBytes(
payload,
"request.object.metadata.labels")
palindromeLabels := mapset.NewThreadUnsafeSet()
data.ForEach(func(key, value gjson.Result) bool {
label := key.String()
if isPalindrome(label) {
palindromeLabels.Add(label)
}
return true
})
error_msgs := []string{}
notWhitelistedPalindromeLabels := palindromeLabels.Difference(settings.WhitelistedLabels)
if notWhitelistedPalindromeLabels.Cardinality() > settings.Threshold {
palindromes := []string{}
for _, v := range notWhitelistedPalindromeLabels.ToSlice() {
palindromes = append(palindromes, v.(string))
}
error_msgs = append(
error_msgs,
fmt.Sprintf(
"Too many palindrome labels that are not-whitelisted: %s. Max allowed [%d]",
strings.Join(palindromes, ","),
settings.Threshold,
))
}
if len(error_msgs) > 0 {
return kubewarden.RejectRequest(
kubewarden.Message(strings.Join(error_msgs, ". ")),
kubewarden.NoCode)
}
return kubewarden.AcceptRequest()
}
func isPalindrome(label string) bool {
for head := 0; head < len(label)/2; head++ {
tail := len(label) - head - 1
if label[head] != label[tail] {
return false
}
}
return true
}