update equality operator

2025-03-28 02:18:15 +00:00 · 2019-10-01 13:08:34 -07:00 · 2019-10-01 13:08:34 -07:00 · 515a31199e
commit 515a31199e
parent 17d80a08c0
3 changed files with 10 additions and 10 deletions
--- a/examples/best_practices/policy_validate_host_path.yaml
+++ b/examples/best_practices/policy_validate_host_path.yaml
@ -14,5 +14,5 @@ spec:
      pattern:
        spec:
          volumes:
-          - ~(hostPath):
+          - =(hostPath):
              path: "!/var/lib"
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@ -269,7 +269,7 @@ func getRawKeyIfWrappedWithAttributes(str string) string {

 	if str[0] == '(' && str[len(str)-1] == ')' {
 		return str[1 : len(str)-1]
-	} else if (str[0] == '$' || str[0] == '^' || str[0] == '+') && (str[1] == '(' && str[len(str)-1] == ')') {
+	} else if (str[0] == '$' || str[0] == '^' || str[0] == '+' || str[0] == '=') && (str[1] == '(' && str[len(str)-1] == ')') {
 		return str[2 : len(str)-1]
 	} else {
 		return str
@ -296,7 +296,7 @@ func isExistanceAnchor(str string) bool {
 }

 func isEqualityAnchor(str string) bool {
-	left := "~("
+	left := "=("
 	right := ")"
 	if len(str) < len(left)+len(right) {
 		return false
--- a/pkg/engine/validation_test.go
+++ b/pkg/engine/validation_test.go
@ -2107,7 +2107,7 @@ func TestValidate_anchor_arraymap_pass(t *testing.T) {
 						  "volumes": [
 							 {
 								"name": "*",
-								"~(hostPath)": {
+								"=(hostPath)": {
 								   "path": "!/var/lib"
 								}
 							 }
@ -2195,7 +2195,7 @@ func TestValidate_anchor_arraymap_fail(t *testing.T) {
 					   "spec": {
 						  "volumes": [
 							 {
-								"~(hostPath)": {
+								"=(hostPath)": {
 								   "path": "!/var/lib"
 								}
 							 }
@ -2281,7 +2281,7 @@ func TestValidate_anchor_map_notfound(t *testing.T) {
 					"message": "pod: validate run as non root user",
 					"pattern": {
 					   "spec": {
-						  "~(securityContext)": {
+						  "=(securityContext)": {
 							 "runAsNonRoot": true
 						  }
 					   }
@ -2350,7 +2350,7 @@ func TestValidate_anchor_map_found_valid(t *testing.T) {
 					"message": "pod: validate run as non root user",
 					"pattern": {
 					   "spec": {
-						  "~(securityContext)": {
+						  "=(securityContext)": {
 							 "runAsNonRoot": true
 						  }
 					   }
@ -2422,7 +2422,7 @@ func TestValidate_anchor_map_found_invalid(t *testing.T) {
 					"message": "pod: validate run as non root user",
 					"pattern": {
 					   "spec": {
-						  "~(securityContext)": {
+						  "=(securityContext)": {
 							 "runAsNonRoot": true
 						  }
 					   }
@ -2494,7 +2494,7 @@ func TestValidate_AnchorList_pass(t *testing.T) {
 			  "validate": {
 				"pattern": {
 				  "spec": {
-					"~(containers)": [
+					"=(containers)": [
 					  {
 						"name": "nginx"
 					  }
@ -2568,7 +2568,7 @@ func TestValidate_AnchorList_fail(t *testing.T) {
 			  "validate": {
 				"pattern": {
 				  "spec": {
-					"~(containers)": [
+					"=(containers)": [
 					  {
 						"name": "nginx"
 					  }