Example 1 with ContainerRule
use of com.walmartlabs.concord.policyengine.ContainerRule in project concord by walmartlabs.
the class ContainerPolicyApplier method apply.
@Override
@SuppressWarnings("unchecked")
public void apply(Payload payload, PolicyEngine policy) {
ProcessKey processKey = payload.getProcessKey();
Path workDir = payload.getHeader(Payload.WORKSPACE_DIR);
Path p = workDir.resolve(Constants.Files.CONFIGURATION_FILE_NAME);
if (!Files.exists(p)) {
return;
}
Map<String, Object> containerOptions;
try (InputStream in = Files.newInputStream(p)) {
Map<String, Object> m = objectMapper.readValue(in, Map.class);
containerOptions = (Map<String, Object>) m.get(Constants.Request.CONTAINER);
} catch (IOException e) {
logManager.error(processKey, "Error while reading container configuration: {}", e);
throw new ProcessException(processKey, "Error while reading container configuration", e);
}
CheckResult<ContainerRule, Object> result = policy.getContainerPolicy().check(containerOptions);
result.getWarn().forEach(i -> {
policyWarn.inc();
logManager.warn(processKey, appendMsg("Potential container policy violation (policy: {})", i.getMsg()), i.getRule());
});
result.getDeny().forEach(i -> {
policyDeny.inc();
logManager.error(processKey, appendMsg("Container policy violation", i.getMsg()), i.getRule());
});
if (!result.getDeny().isEmpty()) {
throw new ProcessException(processKey, "Found container policy violations");
}
}
Also used :
Path(java.nio.file.Path)
ProcessException(com.walmartlabs.concord.server.process.ProcessException)
InputStream(java.io.InputStream)
ContainerRule(com.walmartlabs.concord.policyengine.ContainerRule)
ProcessKey(com.walmartlabs.concord.server.sdk.ProcessKey)
IOException(java.io.IOException)
Aggregations
ContainerRule (com.walmartlabs.concord.policyengine.ContainerRule)1
ProcessException (com.walmartlabs.concord.server.process.ProcessException)1
ProcessKey (com.walmartlabs.concord.server.sdk.ProcessKey)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
Path (java.nio.file.Path)1
