-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Display supported policy exception constraints #1068
Conversation
Owner string `json:"owner" yaml:"-"` | ||
LastUpdateTime string `json:"lastUpdateTime" yaml:"-"` | ||
LastUpdateUser string `json:"lastUpdateUser" yaml:"-"` | ||
ExceptionConfiguration map[string][]PolicyExceptionConfigurationConstraints `json:"exceptionConfiguration" yaml:"-"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like this, but I couldn't find a better way to parse the Policy Exception constraints, as the format is -
an Array of Maps in a Map.
It's not clear to me why the outer map was required 🤷
"exceptionConfiguration": {
"constraintFields": [
{
"dataType": "String",
"fieldKey": "accountIds",
"multiValue": true
},
{
"dataType": "String",
"fieldKey": "resourceNames",
"multiValue": false
},
{
"dataType": "KVTagPair",
"fieldKey": "resourceTags",
"multiValue": true
}
]
},
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, doesn't look necessary right now. Maybe they've plans to add another field to exceptionConfiguration.
Looks like Go needs the structure/type to be defined up front.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps. Still annoying for parsing!
For parsing the values into structs we need to declare the structure up front. I was hoping I could tell GoLang to chain the map keys when parsing ie. json:"exceptionConfiguration.constraintFields" yaml:"-"
that way we could remove the outer map[string]
but that doesn't seem to be possible.
Signed-off-by: Ross <[email protected]>
cli/cmd/policy.go
Outdated
if exceptionConstraints != "" { | ||
entry := []string{"VALID EXCEPTION CONSTRAINTS", exceptionConstraints} | ||
details = append(details, entry) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@afiune any thoughts on whether we want to just drop this field from the table, or whether we should put a message to the effect of no constraints found
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's add it always and if the policy do not have constraints then show "None" - because no constraint found implies that maybe, there could be constraints.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. I'll update!
Signed-off-by: Ross <[email protected]>
Signed-off-by: Ross [email protected]
Summary
When running a lacework policy show we should parse & display the supported policy exception constraints, as we now have this info available in the response
How did you test this change?
Tested locally
Issue
https://lacework.atlassian.net/browse/GROW-1314