Merge pull request #299 from Apokleos/enhance-caps

saschagrunert · web-flow · commit e5c8012967fa · 2025-11-04T09:28:06.000+01:00
capability: Add support for flexible capability name formats
diff --git a/src/runtime/capability.rs b/src/runtime/capability.rs
@@ -526,8 +526,20 @@ impl<'de> Deserialize<'de> for Capability {
     {
         let input = String::deserialize(deserializer)?;
         let upper = input.to_uppercase();
-        let stripped = upper.strip_prefix("CAP_").unwrap_or(&upper);
-        match stripped {
+
+        // Extract the capability name from various input formats.
+        //
+        // This function strips all "CAP_" prefixes to normalize capability names.
+        // This ensures correct adaptation regardless of whether users specify
+        // CAP_XXX or XXX directly at the upper layer(Specially k8s), making the
+        // API more flexible and user-friendly.
+        // Examples: "CAP_SYS_ADMIN", "SYS_ADMIN"
+        //
+        let mut clean_cap = upper.as_str();
+        while let Some(stripped) = clean_cap.strip_prefix("CAP_") {
+            clean_cap = stripped;
+        }
+        match clean_cap {
             "AUDIT_CONTROL" => Ok(Self::AuditControl),
             "AUDIT_READ" => Ok(Self::AuditRead),
             "AUDIT_WRITE" => Ok(Self::AuditWrite),
@@ -668,4 +680,13 @@ mod tests {
         let cap: Capability = serde_json::from_str(serialized).unwrap();
         assert_eq!(cap, Capability::SysAdmin);
     }
+
+    #[test]
+    fn deserialize_one_more_cap_prefix() -> Result<()> {
+        for case in &["SYS_ADMIN", "CAP_CAP_SYS_ADMIN", "cap_CAP_cap_SYS_ADMIN"] {
+            let res: Capability = serde_json::from_str(&format!("\"{case}\""))?;
+            assert_eq!(Capability::SysAdmin, res);
+        }
+        Ok(())
+    }
 }
