Skip hidden directories when loading policy

Traversing the policy directory recursively in Kubernetes results in duplicate policies being read, as Kubernetes ConfigMaps store all files as symlinks to a `..data` data inside the actual volume. To mitigate this issue, this commit prevents directories that begin with `.` from being visited. Signed-off-by: John Schaeffer <[email protected]>
infratographer · May 14, 2024 · cf2d90c · cf2d90c
1 parent 22a688b
commit cf2d90c
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/internal/iapl/policy.go b/internal/iapl/policy.go
@@ -207,7 +207,9 @@ func LoadPolicyDocumentFromFiles(filePaths ...string) (PolicyDocument, error) {
 	return policyDocument, nil
 }
 
-// LoadPolicyDocumentFromDirectory reads the provided directory path, reads all files in the directory, merges them, and returns a new merged PolicyDocument.
+// LoadPolicyDocumentFromDirectory reads the provided directory path, reads all files in the
+// directory, merges them, and returns a new merged PolicyDocument. Directories beginning with "."
+// are skipped.
 func LoadPolicyDocumentFromDirectory(directoryPath string) (PolicyDocument, error) {
 	var filePaths []string
 
@@ -216,8 +218,9 @@ func LoadPolicyDocumentFromDirectory(directoryPath string) (PolicyDocument, erro
 			return err
 		}
 
-		if entry.IsDir() {
-			return nil
+		// Skip directories beginning with "." (i.e., hidden directories)
+		if entry.IsDir() && strings.HasPrefix(entry.Name(), ".") {
+			return filepath.SkipDir
 		}
 
 		ext := filepath.Ext(entry.Name())