policy must specify at least one namespace

2017-10-17 11:40:39 -04:00 · 2017-10-17 11:40:39 -04:00 · a90205f16e
parent f7ee26502d
commit a90205f16e
2 changed files with 17 additions and 0 deletions
--- a/acl/policy.go
+++ b/acl/policy.go
@ -134,6 +134,12 @@ func Parse(rules string) (*Policy, error) {
 		return nil, fmt.Errorf("Failed to parse ACL Policy: %v", err)
 	}

+	// At least one valid policy must be specified, we don't want to store only
+	// raw data
+	if len(p.Namespaces) < 1 && p.Agent == nil && p.Node == nil && p.Operator == nil && p.Quota == nil {
+		return nil, fmt.Errorf("Invalid rule set due to missing namespace name: %s", p.Raw)
+	}
+
 	// Validate the policy
 	for _, ns := range p.Namespaces {
 		if !validNamespace.MatchString(ns.Name) {
--- a/acl/policy_test.go
+++ b/acl/policy_test.go
@ -158,6 +158,17 @@ func TestParse(t *testing.T) {
 			"Invalid quota policy",
 			nil,
 		},
+		{
+			`
+			{
+				"Name": "my-policy",
+				"Description": "This is a great policy",
+				"Rules": "anything"
+			}
+			`,
+			"Invalid rule set due to missing namespace name",
+			nil,
+		},
 		{
 			`
 			namespace "has a space"{