-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Copy pathpolicies.go
83 lines (71 loc) · 1.71 KB
/
policies.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package valid
import (
"slices"
"strings"
version "github.com/hashicorp/go-version"
)
const (
LocalPolicySet string = "local"
GithubPolicySet string = "github"
)
// PolicySets defines version of policy checker binary(conftest) and a list of
// PolicySet objects. PolicySets struct is used by PolicyCheck workflow to build
// context to enforce policies.
type PolicySets struct {
Version *version.Version
Owners PolicyOwners
ApproveCount int
PolicySets []PolicySet
}
type PolicyOwners struct {
Users []string
Teams []string
}
type PolicySet struct {
Source string
Path string
Name string
ApproveCount int
Owners PolicyOwners
PreventSelfApprove bool
}
func (p *PolicySets) HasPolicies() bool {
return len(p.PolicySets) > 0
}
// Check if any level of policy owners includes teams
func (p *PolicySets) HasTeamOwners() bool {
hasTeamOwners := len(p.Owners.Teams) > 0
for _, policySet := range p.PolicySets {
if len(policySet.Owners.Teams) > 0 {
hasTeamOwners = true
}
}
return hasTeamOwners
}
func (o *PolicyOwners) IsOwner(username string, userTeams []string) bool {
for _, uname := range o.Users {
if strings.EqualFold(uname, username) {
return true
}
}
for _, orgTeamName := range o.Teams {
for _, userTeamName := range userTeams {
if strings.EqualFold(orgTeamName, userTeamName) {
return true
}
}
}
return false
}
// Return all owner teams from all policy sets
func (p *PolicySets) AllTeams() []string {
teams := p.Owners.Teams
for _, policySet := range p.PolicySets {
for _, team := range policySet.Owners.Teams {
if !slices.Contains(teams, team) {
teams = append(teams, team)
}
}
}
return teams
}