From 17e68d5129901625e94fa62ab765db813666a0a6 Mon Sep 17 00:00:00 2001 From: John Schaeffer Date: Tue, 14 May 2024 15:01:38 -0400 Subject: [PATCH] Skip hidden directories when loading policy (#254) Traversing the policy directory recursively in Kubernetes results in duplicate policies being read, as Kubernetes ConfigMaps store all files as symlinks to a `..data` data inside the actual volume. To mitigate this issue, this commit prevents directories that begin with `.` from being visited. Signed-off-by: John Schaeffer --- internal/iapl/policy.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/iapl/policy.go b/internal/iapl/policy.go index 12f4f51d..984a8f35 100644 --- a/internal/iapl/policy.go +++ b/internal/iapl/policy.go @@ -207,7 +207,9 @@ func LoadPolicyDocumentFromFiles(filePaths ...string) (PolicyDocument, error) { return policyDocument, nil } -// LoadPolicyDocumentFromDirectory reads the provided directory path, reads all files in the directory, merges them, and returns a new merged PolicyDocument. +// LoadPolicyDocumentFromDirectory reads the provided directory path, reads all files in the +// directory, merges them, and returns a new merged PolicyDocument. Directories beginning with "." +// are skipped. func LoadPolicyDocumentFromDirectory(directoryPath string) (PolicyDocument, error) { var filePaths []string @@ -216,8 +218,9 @@ func LoadPolicyDocumentFromDirectory(directoryPath string) (PolicyDocument, erro return err } - if entry.IsDir() { - return nil + // Skip directories beginning with "." (i.e., hidden directories) + if entry.IsDir() && strings.HasPrefix(entry.Name(), ".") { + return filepath.SkipDir } ext := filepath.Ext(entry.Name())