bf9395e022
CI / license-header (push) Has been skipped
CI / e2e-dry-run (push) Has been skipped
CI / fast-gate (push) Failing after 0s
Test PR Label Logic / test-pr-labels (push) Failing after 1s
Skill Format Check / check-format (push) Failing after 2s
CI / security (push) Failing after 5s
CI / unit-test (push) Has been skipped
CI / lint (push) Has been skipped
CI / script-test (push) Has been skipped
CI / deterministic-gate (push) Has been skipped
CI / coverage (push) Has been skipped
CI / results (push) Has been cancelled
CI / deadcode (push) Has been cancelled
CI / e2e-live (push) Has been cancelled
80 lines
2.1 KiB
Go
80 lines
2.1 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package config
|
|
|
|
import (
|
|
"github.com/spf13/cobra"
|
|
|
|
"github.com/larksuite/cli/internal/cmdpolicy"
|
|
"github.com/larksuite/cli/internal/cmdutil"
|
|
"github.com/larksuite/cli/internal/output"
|
|
)
|
|
|
|
func NewCmdConfigPolicy(f *cmdutil.Factory) *cobra.Command {
|
|
cmd := &cobra.Command{
|
|
Use: "policy",
|
|
Hidden: true,
|
|
Short: "Inspect the user-layer command policy",
|
|
// Override parent's RequireBuiltinCredentialProvider check; this
|
|
// group is read-only diagnostic and must work under any provider.
|
|
PersistentPreRunE: func(c *cobra.Command, _ []string) error {
|
|
c.SilenceUsage = true
|
|
return nil
|
|
},
|
|
}
|
|
cmd.AddCommand(newCmdConfigPolicyShow(f))
|
|
return cmd
|
|
}
|
|
|
|
func newCmdConfigPolicyShow(f *cmdutil.Factory) *cobra.Command {
|
|
cmd := &cobra.Command{
|
|
Use: "show",
|
|
Hidden: true,
|
|
Short: "Show the active user-layer policy (plugin / yaml / none)",
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
return runConfigPolicyShow(f)
|
|
},
|
|
}
|
|
cmdutil.SetRisk(cmd, "read")
|
|
return cmd
|
|
}
|
|
|
|
func runConfigPolicyShow(f *cmdutil.Factory) error {
|
|
active := cmdpolicy.GetActive()
|
|
if active == nil {
|
|
output.PrintJson(f.IOStreams.Out, map[string]any{
|
|
"source": string(cmdpolicy.SourceNone),
|
|
"note": "no policy recorded; bootstrap did not run pruning",
|
|
})
|
|
return nil
|
|
}
|
|
|
|
sourceName := ""
|
|
if active.Source.Kind == cmdpolicy.SourcePlugin {
|
|
sourceName = active.Source.Name
|
|
}
|
|
out := map[string]any{
|
|
"source": string(active.Source.Kind),
|
|
"source_name": sourceName,
|
|
"denied_paths": active.DeniedPaths,
|
|
}
|
|
if len(active.Rules) > 0 {
|
|
rules := make([]map[string]any, 0, len(active.Rules))
|
|
for _, r := range active.Rules {
|
|
rules = append(rules, map[string]any{
|
|
"name": r.Name,
|
|
"description": r.Description,
|
|
"allow": r.Allow,
|
|
"deny": r.Deny,
|
|
"max_risk": r.MaxRisk,
|
|
"identities": r.Identities,
|
|
"allow_unannotated": r.AllowUnannotated,
|
|
})
|
|
}
|
|
out["rules"] = rules
|
|
}
|
|
output.PrintJson(f.IOStreams.Out, out)
|
|
return nil
|
|
}
|