Only mount policies root is path exists (#430)

aserto-dev · Jul 23, 2024 · ac92246 · ac92246
1 parent 13fa62f
commit ac92246
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/pkg/cli/cmd/topaz/startrun.go b/pkg/cli/cmd/topaz/startrun.go
@@ -163,8 +163,11 @@ func getVolumes(cfg *config.Loader) ([]string, error) {
 	})
 
 	volumes := []string{
-		fmt.Sprintf("%s:/config:ro", cc.GetTopazCfgDir()),        // manually attach the configuration folder
-		fmt.Sprintf("%s:/root/.policy:ro", dockerx.PolicyRoot()), // manually attache policy store
+		fmt.Sprintf("%s:/config:ro", cc.GetTopazCfgDir()), // manually attach the configuration folder
+	}
+
+	if cfg.Configuration.OPA.LocalBundles.LocalPolicyImage != "" && dockerx.PolicyRoot() != "" {
+		volumes = append(volumes, fmt.Sprintf("%s:/root/.policy:ro", dockerx.PolicyRoot())) // manually attach policy store
 	}
 
 	for _, v := range volumeMap {

diff --git a/pkg/cli/dockerx/docker.go b/pkg/cli/dockerx/docker.go
@@ -36,9 +36,12 @@ func PolicyRoot() string {
 			return ""
 		}
 
-		return path.Join(home, defaultPolicyRoot)
+		policyRoot = path.Join(home, defaultPolicyRoot)
 	}
-	return policyRoot
+	if fi, err := os.Stat(policyRoot); err == nil && fi.IsDir() {
+		return policyRoot
+	}
+	return ""
 }
 
 type DockerClient struct {