github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/ruleset/bundle.go

github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/ruleset/bundle.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package ruleset
    19  
    20  import (
    21  	"encoding/base64"
    22  	"errors"
    23  	"fmt"
    24  
    25  	bundlev1 "github.com/zntrio/harp/v2/api/gen/go/harp/bundle/v1"
    26  	"github.com/zntrio/harp/v2/pkg/bundle"
    27  )
    28  
    29  // FromBundle crawls secret structure to generate a linter ruleset.
    30  func FromBundle(b *bundlev1.Bundle) (*bundlev1.RuleSet, error) {
    31  	// Check arguments
    32  	if b == nil {
    33  		return nil, errors.New("unable to process nil bundle")
    34  	}
    35  	if len(b.Packages) == 0 {
    36  		return nil, errors.New("unable to generate rule from an empty bundle")
    37  	}
    38  
    39  	// Retrieve MTR
    40  	root, _, err := bundle.Tree(b)
    41  	if err != nil {
    42  		return nil, fmt.Errorf("unable to compute bundle identifier: %w", err)
    43  	}
    44  
    45  	// Encode MTR as Base64
    46  	b64Root := base64.RawURLEncoding.EncodeToString(root.Root())
    47  
    48  	// Create ruleset
    49  	rs := &bundlev1.RuleSet{
    50  		ApiVersion: "harp.elastic.co/v1",
    51  		Kind:       "RuleSet",
    52  		Meta: &bundlev1.RuleSetMeta{
    53  			Name:        b64Root,
    54  			Description: "Generated from bundle content",
    55  		},
    56  		Spec: &bundlev1.RuleSetSpec{
    57  			Rules: []*bundlev1.Rule{},
    58  		},
    59  	}
    60  
    61  	// Iterate over bundle package
    62  	ruleIdx := 1
    63  	for _, p := range b.Packages {
    64  		if p == nil || p.Secrets == nil || len(p.Secrets.Data) == 0 {
    65  			// Skip invalid package
    66  			continue
    67  		}
    68  
    69  		// Prepare a rule
    70  		r := &bundlev1.Rule{
    71  			Name:        fmt.Sprintf("LINT-%s-%d", b64Root[:6], ruleIdx),
    72  			Path:        p.Name,
    73  			Constraints: []string{},
    74  		}
    75  
    76  		// Process each secret
    77  		for _, s := range p.Secrets.Data {
    78  			r.Constraints = append(r.Constraints, fmt.Sprintf(`p.has_secret(%q)`, s.Key))
    79  		}
    80  
    81  		// Add the rules
    82  		rs.Spec.Rules = append(rs.Spec.Rules, r)
    83  		ruleIdx++
    84  	}
    85  
    86  	// No error
    87  	return rs, nil
    88  }