fix: validate resource kind.

In order to allow only pod resource in the template policy, it's necessary to check the resource kind before trying to parse. This is necessary because the parse function can be able to parse it even if the resource is not pod. This is necessary to improve the docs about writing policy in rust. Signed-off-by: José Guilherme Vanz <[email protected]>
kubewarden · Nov 14, 2023 · fcb95e2 · fcb95e2
1 parent b660fa9
commit fcb95e2
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/lib.rs b/src/lib.rs
@@ -4,6 +4,7 @@ use guest::prelude::*;
 use kubewarden_policy_sdk::wapc_guest as guest;
 
 use k8s_openapi::api::core::v1 as apicore;
+use k8s_openapi::Resource;
 
 extern crate kubewarden_policy_sdk as kubewarden;
 use kubewarden::{logging, protocol_version_guest, request::ValidationRequest, validate_settings};
@@ -31,7 +32,10 @@ fn validate(payload: &[u8]) -> CallResult {
     let validation_request: ValidationRequest<Settings> = ValidationRequest::new(payload)?;
 
     info!(LOG_DRAIN, "starting validation");
-
+    if validation_request.request.kind.kind != apicore::Pod::KIND {
+        warn!(LOG_DRAIN, "Policy validates Pods only. Accepting resource"; "kind" => &validation_request.request.kind.kind);
+        return kubewarden::accept_request();
+    }
     // TODO: you can unmarshal any Kubernetes API type you are interested in
     match serde_json::from_value::<apicore::Pod>(validation_request.request.object) {
         Ok(pod) => {