UPSTREAM: 51782: A policy with 0 rules should return an error

soltysh · soltysh · commit 2a17d968db34 · 2017-10-04T15:59:38.000+02:00
:100644 100644 2fcce4da75... 195340ecbd... M	staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go
:100644 100644 be76364f59... 3eabbd3cb3... M	staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go
diff --git a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go
@@ -54,6 +54,10 @@ func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error) {
 		return nil, err.ToAggregate()
 	}
 
-	glog.V(4).Infof("Loaded %d audit policy rules from file %s\n", len(policy.Rules), filePath)
+	policyCnt := len(policy.Rules)
+	if policyCnt == 0 {
+		return nil, fmt.Errorf("loaded illegal policy with 0 rules from file %s", filePath)
+	}
+	glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, filePath)
 	return policy, nil
 }
diff --git a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go
@@ -67,20 +67,49 @@ var expectedPolicy = &audit.Policy{
 }
 
 func TestParser(t *testing.T) {
-	// Create a policy file.
-	f, err := ioutil.TempFile("", "policy.yaml")
+	f, err := writePolicy(policyDef, t)
 	require.NoError(t, err)
-	defer os.Remove(f.Name())
+	defer os.Remove(f)
 
-	_, err = f.WriteString(policyDef)
-	require.NoError(t, err)
-	require.NoError(t, f.Close())
-
-	policy, err := LoadPolicyFromFile(f.Name())
+	policy, err := LoadPolicyFromFile(f)
 	require.NoError(t, err)
 
 	assert.Len(t, policy.Rules, 3) // Sanity check.
 	if !reflect.DeepEqual(policy, expectedPolicy) {
 		t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy))
 	}
 }
+
+func TestPolicyCntCheck(t *testing.T) {
+	//a set of testCases
+	var testCases = []struct {
+		caseName, policy string
+	}{
+		{
+			"policyWithNoRule",
+			`apiVersion: audit.k8s.io/v1beta1
+kind: Policy`,
+		},
+		{"emptyPolicyFile", ""},
+	}
+
+	for _, tc := range testCases {
+		f, err := writePolicy(tc.policy, t)
+		require.NoError(t, err)
+		defer os.Remove(f)
+
+		_, err = LoadPolicyFromFile(f)
+		assert.Error(t, err, "loaded illegal policy with 0 rules from testCase %s", tc.caseName)
+	}
+}
+
+func writePolicy(policy string, t *testing.T) (string, error) {
+	f, err := ioutil.TempFile("", "policy.yaml")
+	require.NoError(t, err)
+
+	_, err = f.WriteString(policy)
+	require.NoError(t, err)
+	require.NoError(t, f.Close())
+
+	return f.Name(), nil
+}

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,10 @@ func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error) {`
`54`	`54`	`return nil, err.ToAggregate()`
`55`	`55`	`}`
`56`	`56`
`57`		`- glog.V(4).Infof("Loaded %d audit policy rules from file %s\n", len(policy.Rules), filePath)`
	`57`	`+ policyCnt := len(policy.Rules)`
	`58`	`+ if policyCnt == 0 {`
	`59`	`+ return nil, fmt.Errorf("loaded illegal policy with 0 rules from file %s", filePath)`
	`60`	`+ }`
	`61`	`+ glog.V(4).Infof("Loaded %d audit policy rules from file %s", policyCnt, filePath)`
`58`	`62`	`return policy, nil`
`59`	`63`	`}`