Skip to content

Commit fdce86f

Browse files
patjlmclaude
andcommitted
codegen + harden audience config loader
- Regenerate deepcopy functions for new types - Use strict YAML unmarshal to catch typos - Reject empty or duplicate audience entries Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent a4e7fd5 commit fdce86f

2 files changed

Lines changed: 99 additions & 3 deletions

File tree

pkg/api/zz_generated.deepcopy.go

Lines changed: 90 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/load/load.go

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -322,11 +322,17 @@ func AllowedAudiencesConfig(configPath string) (api.AllowedAudiencesMap, error)
322322
}
323323

324324
var audiencesList []api.AllowedAudienceDetails
325-
if err = yaml.Unmarshal(configContents, &audiencesList); err != nil {
325+
if err = yaml.UnmarshalStrict(configContents, &audiencesList); err != nil {
326326
return nil, fmt.Errorf("failed to unmarshall allowed audiences config: %w", err)
327327
}
328-
allowedAudiencesMap := make(api.AllowedAudiencesMap)
329-
for _, a := range audiencesList {
328+
allowedAudiencesMap := make(api.AllowedAudiencesMap, len(audiencesList))
329+
for i, a := range audiencesList {
330+
if a.Audience == "" {
331+
return nil, fmt.Errorf("allowed audiences config entry %d: audience must not be empty", i)
332+
}
333+
if _, exists := allowedAudiencesMap[a.Audience]; exists {
334+
return nil, fmt.Errorf("allowed audiences config: duplicate audience %q", a.Audience)
335+
}
330336
allowedAudiencesMap[a.Audience] = a
331337
}
332338
return allowedAudiencesMap, nil

0 commit comments

Comments
 (0)