use of com.walmartlabs.concord.policyengine.StateRule in project concord by walmartlabs.
the class ProcessStateManager method assertPolicy.
private PolicyEngine assertPolicy(DSLContext tx, ProcessKey processKey, Path src, BiFunction<Path, BasicFileAttributes, Boolean> filter) {
PolicyEngine pe = getPolicyEngine(tx, processKey);
if (pe == null) {
return null;
}
CheckResult<StateRule, Path> result;
try {
result = pe.getStatePolicy().check(src, filter);
} catch (IOException e) {
throw new RuntimeException(e);
}
result.getWarn().forEach(w -> logManager.warn(processKey, "Potentially restricted state file '{}' (state policy: {})", src.relativize(w.getEntity()), w.getRule().getMsg()));
result.getDeny().forEach(e -> logManager.error(processKey, "State file '{}' is forbidden by the state policy {}", src.relativize(e.getEntity()), e.getRule().getMsg()));
if (!result.getDeny().isEmpty()) {
throw new PolicyException("Found forbidden state files");
}
return pe;
}
Aggregations