func()

in pkg/gcptarget/gcptarget.go [323:372]

• 47 lines of code
• 17 McCabe index (conditional complexity)

func (g *GCPTarget) ValidateConstraint(constraint *unstructured.Unstructured) error {
	ancestries, ancestriesFound, ancestriesErr := unstructured.NestedStringSlice(constraint.Object, "spec", "match", "ancestries")
	targets, targetsFound, targetsErr := unstructured.NestedStringSlice(constraint.Object, "spec", "match", "target")
	if ancestriesFound && targetsFound {
		return errors.New("only one of spec.match.ancestries and spec.match.target can be specified")
	} else if ancestriesFound {
		if ancestriesErr != nil {
			return fmt.Errorf("invalid spec.match.ancestries: %s", ancestriesErr)
		}
		if ancestriesErr := checkPathGlobs(ancestries); ancestriesErr != nil {
			return fmt.Errorf("invalid glob in spec.match.ancestries: %w", ancestriesErr)
		}
	} else if targetsFound {
		// TODO b/232980918: replace with zapLogger.Warn
		log.Print(
			"spec.match.target is deprecated and will be removed in a future release. Use spec.match.ancestries instead",
		)
		if targetsErr != nil {
			return fmt.Errorf("invalid spec.match.target: %s", targetsErr)
		}
		if targetsErr := checkPathGlobs(targets); targetsErr != nil {
			return fmt.Errorf("invalid glob in spec.match.target: %w", targetsErr)
		}
	}

	excludedAncestries, excludedAncestriesFound, excludedAncestriesErr := unstructured.NestedStringSlice(constraint.Object, "spec", "match", "excludedAncestries")
	excludes, excludesFound, excludesErr := unstructured.NestedStringSlice(constraint.Object, "spec", "match", "exclude")
	if excludedAncestriesFound && excludesFound {
		return errors.New("only one of spec.match.excludedAncestries and spec.match.exclude can be specified")
	} else if excludedAncestriesFound {
		if excludedAncestriesErr != nil {
			return fmt.Errorf("invalid spec.match.excludedAncestries: %s", excludedAncestriesErr)
		}
		if excludedAncestriesErr := checkPathGlobs(excludedAncestries); excludedAncestriesErr != nil {
			return fmt.Errorf("invalid glob in spec.match.excludedAncestries: %w", excludedAncestriesErr)
		}
	} else if excludesFound {
		// TODO b/232980918: replace with zapLogger.Warn
		log.Print(
			"spec.match.exclude is deprecated and will be removed in a future release. Use spec.match.excludedAncestries instead",
		)
		if excludesErr != nil {
			return fmt.Errorf("invalid spec.match.exclude: %s", excludesErr)
		}
		if excludesErr := checkPathGlobs(excludes); excludesErr != nil {
			return fmt.Errorf("invalid glob in spec.match.exclude: %w", excludesErr)
		}
	}
	return nil
}