feat: Display supported policy exception constraints (#1068)

* feat: Display supported policy exception constraints Signed-off-by: Ross <[email protected]> * feat: Add None to policy output when ExceptionConfiguration is empty Signed-off-by: Ross <[email protected]> Signed-off-by: Ross <[email protected]>
lacework · Dec 15, 2022 · c6ebd68 · c6ebd68
1 parent 69a2247
commit c6ebd68
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 16 deletions.
diff --git a/api/policy.go b/api/policy.go
@@ -143,22 +143,29 @@ func ParseUpdatePolicy(s string) (UpdatePolicy, error) {
 }
 
 type Policy struct {
-	PolicyID       string   `json:"policyId" yaml:"policyId"`
-	PolicyType     string   `json:"policyType" yaml:"-"`
-	QueryID        string   `json:"queryId" yaml:"queryId"`
-	Title          string   `json:"title" yaml:"title"`
-	Enabled        bool     `json:"enabled" yaml:"enabled"`
-	Description    string   `json:"description" yaml:"description"`
-	Remediation    string   `json:"remediation" yaml:"remediation"`
-	Severity       string   `json:"severity" yaml:"severity"`
-	Limit          int      `json:"limit" yaml:"limit"`
-	EvalFrequency  string   `json:"evalFrequency" yaml:"evalFrequency"`
-	AlertEnabled   bool     `json:"alertEnabled" yaml:"alertEnabled"`
-	AlertProfile   string   `json:"alertProfile" yaml:"alertProfile"`
-	Tags           []string `json:"tags" yaml:"tags"`
-	Owner          string   `json:"owner" yaml:"-"`
-	LastUpdateTime string   `json:"lastUpdateTime" yaml:"-"`
-	LastUpdateUser string   `json:"lastUpdateUser" yaml:"-"`
+	PolicyID               string                                               `json:"policyId" yaml:"policyId"`
+	PolicyType             string                                               `json:"policyType" yaml:"-"`
+	QueryID                string                                               `json:"queryId" yaml:"queryId"`
+	Title                  string                                               `json:"title" yaml:"title"`
+	Enabled                bool                                                 `json:"enabled" yaml:"enabled"`
+	Description            string                                               `json:"description" yaml:"description"`
+	Remediation            string                                               `json:"remediation" yaml:"remediation"`
+	Severity               string                                               `json:"severity" yaml:"severity"`
+	Limit                  int                                                  `json:"limit" yaml:"limit"`
+	EvalFrequency          string                                               `json:"evalFrequency" yaml:"evalFrequency"`
+	AlertEnabled           bool                                                 `json:"alertEnabled" yaml:"alertEnabled"`
+	AlertProfile           string                                               `json:"alertProfile" yaml:"alertProfile"`
+	Tags                   []string                                             `json:"tags" yaml:"tags"`
+	Owner                  string                                               `json:"owner" yaml:"-"`
+	LastUpdateTime         string                                               `json:"lastUpdateTime" yaml:"-"`
+	LastUpdateUser         string                                               `json:"lastUpdateUser" yaml:"-"`
+	ExceptionConfiguration map[string][]PolicyExceptionConfigurationConstraints `json:"exceptionConfiguration" yaml:"-"`
+}
+
+type PolicyExceptionConfigurationConstraints struct {
+	DataType   string `json:"dataType" yaml:"dataType"`
+	FieldKey   string `json:"fieldKey" yaml:"fieldKey"`
+	MultiValue bool   `json:"multiValue" yaml:"multiValue"`
 }
 
 func (p *Policy) HasTag(t string) bool {

diff --git a/cli/cmd/policy.go b/cli/cmd/policy.go
@@ -29,6 +29,7 @@ import (
 	"strings"
 
 	"github.com/AlecAivazis/survey/v2"
+
 	"github.com/lacework/go-sdk/api"
 	"github.com/lacework/go-sdk/internal/array"
 	"github.com/lacework/go-sdk/lwseverity"
@@ -590,6 +591,15 @@ func buildPolicyDetailsTable(policy api.Policy) string {
 		{"UPDATED BY", policy.LastUpdateUser},
 		{"EVALUATION FREQUENCY", policy.EvalFrequency},
 	}
+	// Append VALID EXCEPTION CONSTRAINTS to the table
+	// Add "None" when ExceptionConfiguration is empty
+	exceptionConstraints := strings.Join(
+		getPolicyExceptionConstraintsSlice(policy.ExceptionConfiguration), ", ")
+	if exceptionConstraints == "" {
+		exceptionConstraints = "None"
+	}
+	entry := []string{"VALID EXCEPTION CONSTRAINTS", exceptionConstraints}
+	details = append(details, entry)
 
 	return renderOneLineCustomTable("POLICY DETAILS",
 		renderCustomTable([]string{}, details,
@@ -607,6 +617,16 @@ func buildPolicyDetailsTable(policy api.Policy) string {
 	)
 }
 
+func getPolicyExceptionConstraintsSlice(exceptionConfiguration map[string][]api.
+	PolicyExceptionConfigurationConstraints) []string {
+	var exceptionConstraints []string
+	constraintFields := exceptionConfiguration["constraintFields"]
+	for _, constraint := range constraintFields {
+		exceptionConstraints = append(exceptionConstraints, constraint.FieldKey)
+	}
+	return exceptionConstraints
+}
+
 func policyTagsTable(pt []string) (out [][]string) {
 	for _, tag := range pt {
 		out = append(out, []string{tag})