Enhancement/existence anchor - should loop all the items in the array (#1719)

* updated validating policy code Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * changed existance logic to loop all the items in array Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * updated comments and error messages Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2025-03-31 03:45:17 +00:00 · 2021-03-20 03:48:26 +05:30 · 2021-03-20 03:48:26 +05:30 · 4128410207
commit 4128410207
parent 3373a79f26
2 changed files with 17 additions and 10 deletions
--- a/pkg/engine/anchor/anchor.go
+++ b/pkg/engine/anchor/anchor.go
@ -189,13 +189,20 @@ func (eh ExistenceHandler) Handle(handler resourceElementHandler, resourceMap ma
 			if !ok {
 				return currentPath, fmt.Errorf("Invalid pattern type %T: Pattern has to be of list to compare against resource", eh.pattern)
 			}
-			// get the first item in the pattern array
-			patternMap := typedPattern[0]
-			typedPatternMap, ok := patternMap.(map[string]interface{})
-			if !ok {
-				return currentPath, fmt.Errorf("Invalid pattern type %T: Pattern has to be of type map to compare against items in resource", eh.pattern)
+			// loop all item in the pattern array
+			errorPath := ""
+			var err error
+			for _, patternMap := range typedPattern {
+				typedPatternMap, ok := patternMap.(map[string]interface{})
+				if !ok {
+					return currentPath, fmt.Errorf("Invalid pattern type %T: Pattern has to be of type map to compare against items in resource", eh.pattern)
+				}
+				errorPath, err = validateExistenceListResource(handler, typedResource, typedPatternMap, originPattern, currentPath, ac)
+				if err != nil {
+					return errorPath, err
+				}
 			}
-			return validateExistenceListResource(handler, typedResource, typedPatternMap, originPattern, currentPath, ac)
+			return errorPath, err
 		default:
 			return currentPath, fmt.Errorf("Invalid resource type %T: Existence ^ () anchor can be used only on list/array type resource", value)
 		}
@ -204,7 +211,7 @@ func (eh ExistenceHandler) Handle(handler resourceElementHandler, resourceMap ma
 }

 func validateExistenceListResource(handler resourceElementHandler, resourceList []interface{}, patternMap map[string]interface{}, originPattern interface{}, path string, ac *common.AnchorKey) (string, error) {
-	// the idea is atleast on the elements in the array should satisfy the pattern
+	// the idea is all the element in the pattern array should be present atleast once in the resource list
 	// if non satisfy then throw an error
 	for i, resourceElement := range resourceList {
 		currentPath := path + strconv.Itoa(i) + "/"
--- a/pkg/policy/common/validate_pattern.go
+++ b/pkg/policy/common/validate_pattern.go
@ -50,9 +50,9 @@ func validateMap(patternMap map[string]interface{}, path string, supportedAnchor
 				if !ok {
 					return path + "/" + key, fmt.Errorf("Existence anchor should have value of type list")
 				}
-				// validate there is only one entry in the list
-				if len(typedValue) == 0 || len(typedValue) > 1 {
-					return path + "/" + key, fmt.Errorf("Existence anchor: single value expected, multiple specified")
+				// validate that there is atleast one entry in the list
+				if len(typedValue) == 0 {
+					return path + "/" + key, fmt.Errorf("Existence anchor: should have atleast one value")
 				}
 			}
 		}