chore: allow everything is nothing is passed as allowed types

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
falcosecurity · Feb 6, 2023 · 668d9a2 · 668d9a2
1 parent 7a022cf
commit 668d9a2
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 8 deletions.
diff --git a/cmd/artifact/follow/follow.go b/cmd/artifact/follow/follow.go
@@ -231,7 +231,8 @@ func NewArtifactFollowCmd(ctx context.Context, opt *options.CommonOptions) *cobr
 		"Where to retrieve versions, it can be either an URL or a path to a file")
 	cmd.Flags().DurationVar(&o.timeout, "timeout", defaultBackoffConfig.MaxDelay,
 		"Timeout for initial connection to the Falco versions endpoint")
-	cmd.Flags().Var(&o.allowedTypes, "allowed-types", "whitelist of artifacts type that can be followed")
+	cmd.Flags().Var(&o.allowedTypes, "allowed-types",
+		"whitelist of artifacts type that can be followed. If an empty list is passed (or configured), everything is allowed")
 	return cmd
 }
 

diff --git a/cmd/artifact/install/install.go b/cmd/artifact/install/install.go
@@ -144,7 +144,8 @@ func NewArtifactInstallCmd(ctx context.Context, opt *options.CommonOptions) *cob
 		"directory where to install rules. Defaults to /etc/falco")
 	cmd.Flags().StringVarP(&o.pluginsDir, "plugins-dir", "", config.PluginsDir,
 		"directory where to install plugins. Defaults to /usr/share/falco/plugins")
-	cmd.Flags().Var(&o.allowedTypes, "allowed-types", "whitelist of artifacts type that can be installed")
+	cmd.Flags().Var(&o.allowedTypes, "allowed-types",
+		"whitelist of artifacts type that can be followed. If an empty list is passed (or configured), everything is allowed")
 
 	return cmd
 }

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -165,9 +165,6 @@ func Load(path string) error {
 	// Set default index
 	viper.SetDefault(IndexesKey, []Index{DefaultIndex})
 
-	// Set default artifact types
-	viper.SetDefault(ArtifactAllowedTypesKey, []string{oci.Rulesfile.String()})
-
 	err = viper.ReadInConfig()
 	if errors.As(err, &viper.ConfigFileNotFoundError{}) || os.IsNotExist(err) {
 		// If the config is not found, we create the file with the

diff --git a/pkg/oci/puller/puller.go b/pkg/oci/puller/puller.go
@@ -255,10 +255,11 @@ func (p *Puller) PullConfigLayer(ctx context.Context, ref string) (*oci.Artifact
 }
 
 // CheckAllowedType does a preliminary check on the manifest to state whether we are allowed
-// or not to download this type of artifact.
+// or not to download this type of artifact. If allowedTypes is empty, everything is allowed,
+// else it is used to perform the check.
 func (p *Puller) CheckAllowedType(ctx context.Context, ref string, allowedTypes []oci.ArtifactType) error {
 	if len(allowedTypes) == 0 {
-		return fmt.Errorf("cannot download any artifact types because any was allowed")
+		return nil
 	}
 
 	manifest, err := p.manifestFromRef(ctx, ref)

diff --git a/pkg/oci/types.go b/pkg/oci/types.go
@@ -82,7 +82,7 @@ func (e ArtifactTypeSlice) String() string {
 	return e.CommaSeparatedString
 }
 
-// Set an ArtifactType.
+// Set an ArtifactType. Given that we are appending values, the flag can be repeated multiple times.
 func (e *ArtifactTypeSlice) Set(v string) error {
 	commaSeparatedRegexp := regexp.MustCompile(`^([^,]+)(,[^,]+)*$`)
 	if !commaSeparatedRegexp.MatchString(v) {