File: allowed_images.go

package info (click to toggle)
gitlab-ci-multi-runner 14.10.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 31,248 kB
  • sloc: sh: 1,694; makefile: 384; asm: 79; ruby: 68
file content (53 lines) | stat: -rw-r--r-- 1,221 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
package common

import (
	"errors"
	"fmt"

	"github.com/bmatcuk/doublestar"
)

type VerifyAllowedImageOptions struct {
	Image          string
	OptionName     string
	AllowedImages  []string
	InternalImages []string
}

var ErrDisallowedImage = errors.New("disallowed image")

func VerifyAllowedImage(options VerifyAllowedImageOptions, logger BuildLogger) error {
	for _, allowedImage := range options.AllowedImages {
		ok, _ := doublestar.Match(allowedImage, options.Image)
		if ok {
			return nil
		}
	}

	for _, internalImage := range options.InternalImages {
		if internalImage == options.Image {
			return nil
		}
	}

	if len(options.AllowedImages) != 0 {
		logger.Println()
		logger.Errorln(
			fmt.Sprintf("The %q image is not present on list of allowed %s:", options.Image, options.OptionName),
		)
		for _, allowedImage := range options.AllowedImages {
			logger.Println("-", allowedImage)
		}
		logger.Println()
	} else {
		// by default allow to override the image name
		return nil
	}

	errorMsg := `Please check runner's configuration:
		https://docs.gitlab.com/runner/configuration/advanced-configuration.html
		#restricting-docker-images-and-services`
	logger.Println(errorMsg)

	return ErrDisallowedImage
}