From b8b1d81df0977a6122dec743115f833f69c7b594 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Tue, 22 Sep 2020 18:26:52 -0700
Subject: [PATCH] handles array parsing in configmap value

---
 pkg/engine/mutate/patchesUtils.go      |  1 -
 pkg/engine/utils.go                    |  7 ++++---
 pkg/engine/variables/operator/in.go    | 21 +++++++++++++++------
 pkg/engine/variables/operator/notin.go |  2 +-
 test/e2e/generate/utils.go             |  6 +++---
 5 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/pkg/engine/mutate/patchesUtils.go b/pkg/engine/mutate/patchesUtils.go
index 02aba3bc64..f90c873573 100644
--- a/pkg/engine/mutate/patchesUtils.go
+++ b/pkg/engine/mutate/patchesUtils.go
@@ -29,7 +29,6 @@ func generatePatches(src, dst []byte) ([][]byte, error) {
 		}
 
 		patchesBytes = append(patchesBytes, pbytes)
-		// fmt.Printf("generated patch %s\n", p)
 	}
 
 	return patchesBytes, err
diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go
index 5492bf9339..ac5a8bbda5 100644
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@@ -4,14 +4,15 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"reflect"
+	"strings"
+	"time"
+
 	"github.com/go-logr/logr"
 	"github.com/nirmata/kyverno/pkg/utils"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
-	"reflect"
 	"sigs.k8s.io/controller-runtime/pkg/log"
-	"strings"
-	"time"
 
 	"github.com/minio/minio/pkg/wildcard"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
diff --git a/pkg/engine/variables/operator/in.go b/pkg/engine/variables/operator/in.go
index 5ac8e8011f..29915d627a 100644
--- a/pkg/engine/variables/operator/in.go
+++ b/pkg/engine/variables/operator/in.go
@@ -1,9 +1,9 @@
 package operator
 
 import (
+	"encoding/json"
 	"fmt"
 	"reflect"
-	"strings"
 
 	"github.com/go-logr/logr"
 	"github.com/nirmata/kyverno/pkg/engine/context"
@@ -48,7 +48,7 @@ func (in InHandler) Evaluate(key, value interface{}) bool {
 }
 
 func (in InHandler) validateValuewithStringPattern(key string, value interface{}) (keyExists bool) {
-	invalidType, keyExists := ValidateStringPattern(key, value)
+	invalidType, keyExists := ValidateStringPattern(key, value, in.log)
 	if invalidType {
 		in.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
 		return false
@@ -57,7 +57,7 @@ func (in InHandler) validateValuewithStringPattern(key string, value interface{}
 	return keyExists
 }
 
-func ValidateStringPattern(key string, value interface{}) (invalidType bool, keyExists bool) {
+func ValidateStringPattern(key string, value interface{}, log logr.Logger) (invalidType bool, keyExists bool) {
 	stringType := reflect.TypeOf("")
 	switch valuesAvaliable := value.(type) {
 	case []interface{}:
@@ -69,10 +69,19 @@ func ValidateStringPattern(key string, value interface{}) (invalidType bool, key
 				keyExists = true
 			}
 		}
+	// add to handle the configMap lookup, as configmap.data
+	// takes string-string map, when looking for a value of array
+	// data:
+	//   key: "[\"value1\", \"value2\"]"
+	// it will first unmarshal it to string slice, then compare
 	case string:
-		valuesAvaliable = strings.TrimSpace(valuesAvaliable)
-		vars := strings.Split(valuesAvaliable, ",")
-		for _, val := range vars {
+		var arr []string
+		if err := json.Unmarshal([]byte(valuesAvaliable), &arr); err != nil {
+			log.Error(err, "failed to unmarshal to string slice", "value", value)
+			return invalidType, keyExists
+		}
+
+		for _, val := range arr {
 			if key == val {
 				keyExists = true
 			}
diff --git a/pkg/engine/variables/operator/notin.go b/pkg/engine/variables/operator/notin.go
index a38310f1ec..697002d3c2 100644
--- a/pkg/engine/variables/operator/notin.go
+++ b/pkg/engine/variables/operator/notin.go
@@ -47,7 +47,7 @@ func (nin NotInHandler) Evaluate(key, value interface{}) bool {
 }
 
 func (nin NotInHandler) validateValuewithStringPattern(key string, value interface{}) bool {
-	invalidType, keyExists := ValidateStringPattern(key, value)
+	invalidType, keyExists := ValidateStringPattern(key, value, nin.log)
 	if invalidType {
 		nin.log.Info("expected type []string", "value", value, "type", fmt.Sprintf("%T", value))
 		return false
diff --git a/test/e2e/generate/utils.go b/test/e2e/generate/utils.go
index 3c2f092fba..ddc9e69b8c 100644
--- a/test/e2e/generate/utils.go
+++ b/test/e2e/generate/utils.go
@@ -1,14 +1,15 @@
 package generate
 
 import (
+	"os"
+	"time"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/tools/clientcmd"
-	"os"
 	"sigs.k8s.io/yaml"
-	"time"
 )
 
 type E2EClient struct {
@@ -103,7 +104,6 @@ func (e2e *E2EClient) ListNamespacedResources(gvr schema.GroupVersionResource, n
 func (e2e *E2EClient) CreateNamespacedResourceYaml(gvr schema.GroupVersionResource, namespace string, resourceData []byte) (*unstructured.Unstructured, error) {
 	resource := unstructured.Unstructured{}
 	err := yaml.Unmarshal(resourceData, &resource)
-	// fmt.Println(resource)
 	if err != nil {
 		return nil, err
 	}