restrict to only APIPA

aegal · aegal · commit 404eb16aac8f · 2020-04-03T12:45:42.000-07:00
diff --git a/cns/NetworkContainerContract.go b/cns/NetworkContainerContract.go
@@ -248,7 +248,7 @@ type ValidAclPolicySetting struct {
 func (networkContainerRequestPolicy *NetworkContainerRequestPolicies) Validate() error {
 	// validate ACL policy
 	if networkContainerRequestPolicy != nil {
-		if strings.EqualFold(networkContainerRequestPolicy.Type, "ACLPolicy") {
+		if strings.EqualFold(networkContainerRequestPolicy.Type, "ACLPolicy") && strings.EqualFold(networkContainerRequestPolicy.EndpointType, "APIPA") {
 			var requestedAclPolicy ValidAclPolicySetting
 			if err := json.Unmarshal(networkContainerRequestPolicy.Settings, &requestedAclPolicy); err != nil {
 				return fmt.Errorf("ACL policy failed to pass validation with error: %+v ", err)
@@ -259,6 +259,8 @@ func (networkContainerRequestPolicy *NetworkContainerRequestPolicies) Validate()
 			if requestedAclPolicy.Priority == 0 {
 				return fmt.Errorf("Priority field cannot be empty in ACL Policy")
 			}
+		} else {
+			return fmt.Errorf("Only ACL Policies on APIPA endpoint supported")
 		}
 	}
 	return nil

Original file line number	Diff line number	Diff line change
`@@ -248,7 +248,7 @@ type ValidAclPolicySetting struct {`
`248`	`248`	`func (networkContainerRequestPolicy *NetworkContainerRequestPolicies) Validate() error {`
`249`	`249`	`// validate ACL policy`
`250`	`250`	`if networkContainerRequestPolicy != nil {`
`251`		`- if strings.EqualFold(networkContainerRequestPolicy.Type, "ACLPolicy") {`
	`251`	`+ if strings.EqualFold(networkContainerRequestPolicy.Type, "ACLPolicy") && strings.EqualFold(networkContainerRequestPolicy.EndpointType, "APIPA") {`
`252`	`252`	`var requestedAclPolicy ValidAclPolicySetting`
`253`	`253`	`if err := json.Unmarshal(networkContainerRequestPolicy.Settings, &requestedAclPolicy); err != nil {`
`254`	`254`	`return fmt.Errorf("ACL policy failed to pass validation with error: %+v ", err)`
`@@ -259,6 +259,8 @@ func (networkContainerRequestPolicy *NetworkContainerRequestPolicies) Validate()`
`259`	`259`	`if requestedAclPolicy.Priority == 0 {`
`260`	`260`	`return fmt.Errorf("Priority field cannot be empty in ACL Policy")`
`261`	`261`	`}`
	`262`	`+ } else {`
	`263`	`+ return fmt.Errorf("Only ACL Policies on APIPA endpoint supported")`
`262`	`264`	`}`
`263`	`265`	`}`
`264`	`266`	`return nil`