From 94395ac243b691e7e02f7d5cab7e9d7d994617ec Mon Sep 17 00:00:00 2001
From: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com>
Date: Mon, 15 Nov 2021 19:32:46 +0530
Subject: [PATCH] Wildcard values (#2692)

* wildcard-support

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* Added unit tests

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* improvements in anyin and allin

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
---
 pkg/engine/variables/evaluate_test.go  | 15 +++++++++++++++
 pkg/engine/variables/operator/allin.go |  4 ++--
 pkg/engine/variables/operator/anyin.go |  4 ++--
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/pkg/engine/variables/evaluate_test.go b/pkg/engine/variables/evaluate_test.go
index 8d1033358b..4b600cab15 100644
--- a/pkg/engine/variables/evaluate_test.go
+++ b/pkg/engine/variables/evaluate_test.go
@@ -271,6 +271,10 @@ func TestEvaluate(t *testing.T) {
 		{kyverno.Condition{Key: []interface{}{1, 2}, Operator: kyverno.AnyIn, Value: []interface{}{1, 2, 3, 4}}, true},
 		{kyverno.Condition{Key: []interface{}{1, 5}, Operator: kyverno.AnyIn, Value: []interface{}{1, 2, 3, 4}}, true},
 		{kyverno.Condition{Key: []interface{}{5}, Operator: kyverno.AnyIn, Value: []interface{}{1, 2, 3, 4}}, false},
+		{kyverno.Condition{Key: []interface{}{"1*"}, Operator: kyverno.AnyIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
+		{kyverno.Condition{Key: []interface{}{"5*"}, Operator: kyverno.AnyIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
+		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.AnyIn, Value: []interface{}{"2*"}}, true},
+		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.AnyIn, Value: []interface{}{"4*"}}, false},
 
 		// All In
 		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2"}, Operator: kyverno.AllIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
@@ -280,6 +284,10 @@ func TestEvaluate(t *testing.T) {
 		{kyverno.Condition{Key: []interface{}{1, 2}, Operator: kyverno.AllIn, Value: []interface{}{1, 2, 3, 4}}, true},
 		{kyverno.Condition{Key: []interface{}{1, 5}, Operator: kyverno.AllIn, Value: []interface{}{1, 2, 3, 4}}, false},
 		{kyverno.Condition{Key: []interface{}{5}, Operator: kyverno.AllIn, Value: []interface{}{1, 2, 3, 4}}, false},
+		{kyverno.Condition{Key: []interface{}{"1*"}, Operator: kyverno.AllIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
+		{kyverno.Condition{Key: []interface{}{"5*"}, Operator: kyverno.AllIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
+		{kyverno.Condition{Key: []interface{}{"2.1.1.1", "2.2.2.2", "2.5.5.5"}, Operator: kyverno.AllIn, Value: []interface{}{"2*"}}, true},
+		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.AllIn, Value: []interface{}{"4*"}}, false},
 		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "5.5.5.5"}, Operator: kyverno.AllIn, Value: "5.5.5.5"}, false},
 
 		// All Not In
@@ -294,6 +302,10 @@ func TestEvaluate(t *testing.T) {
 		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.AllNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3", "1.1.1.1"}}, true},
 		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4", "1.1.1.1"}, Operator: kyverno.AllNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3", "1.1.1.1", "4.4.4.4"}}, false},
 		{kyverno.Condition{Key: []interface{}{"5.5.5.5", "4.4.4.4"}, Operator: kyverno.AllNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
+		{kyverno.Condition{Key: []interface{}{"7*", "6*", "5*"}, Operator: kyverno.AllNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
+		{kyverno.Condition{Key: []interface{}{"1*", "2*"}, Operator: kyverno.AllNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, false},
+		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "3.3.3.3", "5.5.5.5"}, Operator: kyverno.AllNotIn, Value: []interface{}{"2*"}}, true},
+		{kyverno.Condition{Key: []interface{}{"4.1.1.1", "4.2.2.2", "4.5.5.5"}, Operator: kyverno.AllNotIn, Value: []interface{}{"4*"}}, false},
 		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.AllNotIn, Value: "2.2.2.2"}, true},
 
 		// Any Not In
@@ -307,6 +319,9 @@ func TestEvaluate(t *testing.T) {
 		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "4.4.4.4"}, Operator: kyverno.AnyNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
 		{kyverno.Condition{Key: []interface{}{"5.5.5.5", "4.4.4.4"}, Operator: kyverno.AnyNotIn, Value: "4.4.4.4"}, true},
 		{kyverno.Condition{Key: []interface{}{"5.5.5.5", "4.4.4.4"}, Operator: kyverno.AnyNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
+		{kyverno.Condition{Key: []interface{}{"1*", "3*", "5*"}, Operator: kyverno.AnyNotIn, Value: []interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"}}, true},
+		{kyverno.Condition{Key: []interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}, Operator: kyverno.AnyNotIn, Value: []interface{}{"2*"}}, true},
+		{kyverno.Condition{Key: []interface{}{"2.2*"}, Operator: kyverno.AnyNotIn, Value: []interface{}{"2.2.2.2"}}, false},
 	}
 
 	ctx := context.NewContext()
diff --git a/pkg/engine/variables/operator/allin.go b/pkg/engine/variables/operator/allin.go
index e5c382b4dc..4c6cb77be8 100644
--- a/pkg/engine/variables/operator/allin.go
+++ b/pkg/engine/variables/operator/allin.go
@@ -108,7 +108,7 @@ func isAllIn(key []string, value []string) bool {
 	found := 0
 	for _, valKey := range key {
 		for _, valValue := range value {
-			if wildcard.Match(valKey, valValue) {
+			if wildcard.Match(valKey, valValue) || wildcard.Match(valValue, valKey) {
 				found++
 				break
 			}
@@ -122,7 +122,7 @@ func isAllNotIn(key []string, value []string) bool {
 	found := 0
 	for _, valKey := range key {
 		for _, valValue := range value {
-			if wildcard.Match(valKey, valValue) {
+			if wildcard.Match(valKey, valValue) || wildcard.Match(valValue, valKey) {
 				found++
 				break
 			}
diff --git a/pkg/engine/variables/operator/anyin.go b/pkg/engine/variables/operator/anyin.go
index 86b821be3f..fcbce5ad2f 100644
--- a/pkg/engine/variables/operator/anyin.go
+++ b/pkg/engine/variables/operator/anyin.go
@@ -109,7 +109,7 @@ func anySetExistsInArray(key []string, value interface{}, log logr.Logger, anyNo
 func isAnyIn(key []string, value []string) bool {
 	for _, valKey := range key {
 		for _, valValue := range value {
-			if wildcard.Match(valKey, valValue) {
+			if wildcard.Match(valKey, valValue) || wildcard.Match(valValue, valKey) {
 				return true
 			}
 		}
@@ -122,7 +122,7 @@ func isAnyNotIn(key []string, value []string) bool {
 	found := 0
 	for _, valKey := range key {
 		for _, valValue := range value {
-			if wildcard.Match(valKey, valValue) {
+			if wildcard.Match(valKey, valValue) || wildcard.Match(valValue, valKey) {
 				found++
 				break
 			}