Search in sources :

Example 1 with StateRule

use of com.walmartlabs.concord.policyengine.StateRule in project concord by walmartlabs.

the class ProcessStateManager method assertPolicy.

private PolicyEngine assertPolicy(DSLContext tx, ProcessKey processKey, Path src, BiFunction<Path, BasicFileAttributes, Boolean> filter) {
    PolicyEngine pe = getPolicyEngine(tx, processKey);
    if (pe == null) {
        return null;
    }
    CheckResult<StateRule, Path> result;
    try {
        result = pe.getStatePolicy().check(src, filter);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    result.getWarn().forEach(w -> logManager.warn(processKey, "Potentially restricted state file '{}' (state policy: {})", src.relativize(w.getEntity()), w.getRule().getMsg()));
    result.getDeny().forEach(e -> logManager.error(processKey, "State file '{}' is forbidden by the state policy {}", src.relativize(e.getEntity()), e.getRule().getMsg()));
    if (!result.getDeny().isEmpty()) {
        throw new PolicyException("Found forbidden state files");
    }
    return pe;
}
Also used : StateRule(com.walmartlabs.concord.policyengine.StateRule) PolicyException(com.walmartlabs.concord.server.policy.PolicyException) PolicyEngine(com.walmartlabs.concord.policyengine.PolicyEngine) IOException(java.io.IOException)

Aggregations

PolicyEngine (com.walmartlabs.concord.policyengine.PolicyEngine)1 StateRule (com.walmartlabs.concord.policyengine.StateRule)1 PolicyException (com.walmartlabs.concord.server.policy.PolicyException)1 IOException (java.io.IOException)1