in pkg/gcptarget/gcptarget.go [146:220]
func (g *GCPTarget) HandleReview(obj interface{}) (bool, interface{}, error) {
switch asset := obj.(type) {
case *validator.Asset:
return g.handleAsset(asset)
case map[string]interface{}:
if _, found, err := unstructured.NestedString(asset, "name"); !found || err != nil {
return false, nil, err
}
if _, found, err := unstructured.NestedString(asset, "asset_type"); !found || err != nil {
return false, nil, err
}
if _, found, err := unstructured.NestedString(asset, "ancestry_path"); !found || err != nil {
return false, nil, err
}
_, foundResource, err := unstructured.NestedMap(asset, "resource")
if err != nil {
return false, nil, err
}
_, foundIam, err := unstructured.NestedMap(asset, "iam_policy")
if err != nil {
return false, nil, err
}
foundOrgPolicy := false
if asset["org_policy"] != nil {
foundOrgPolicy = true
}
foundV2OrgPolicy := false
if asset["v2_org_policies"] != nil {
foundV2OrgPolicy = true
}
_, foundAccessPolicy, err := unstructured.NestedMap(asset, "access_policy")
if err != nil {
return false, nil, err
}
_, foundAcessLevel, err := unstructured.NestedMap(asset, "access_level")
if err != nil {
return false, nil, err
}
_, foundServicePerimeter, err := unstructured.NestedMap(asset, "service_perimeter")
if err != nil {
return false, nil, err
}
if !foundIam && !foundResource && !foundOrgPolicy && !foundV2OrgPolicy && !foundAccessPolicy && !foundAcessLevel && !foundServicePerimeter {
return false, nil, nil
}
resourceTypes := 0
if foundResource {
resourceTypes++
}
if foundIam {
resourceTypes++
}
if foundOrgPolicy {
resourceTypes++
}
if foundV2OrgPolicy {
resourceTypes++
}
if foundAccessPolicy {
resourceTypes++
}
if foundAcessLevel {
resourceTypes++
}
if foundServicePerimeter {
resourceTypes++
}
if resourceTypes > 1 {
return false, nil, fmt.Errorf("malformed asset has more than one of: resource, iam policy, org policy, access context policy: %v", asset)
}
return true, asset, nil
}
return false, nil, nil
}