From d97258654f4bcb1f3e85e7531df22de675a82a6e Mon Sep 17 00:00:00 2001
From: silenceper <silenceper@gmail.com>
Date: Fri, 1 Apr 2022 18:42:07 +0800
Subject: [PATCH] fix wildcards in value arrays (#3486)

Signed-off-by: silenceper <silenceper@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
---
 pkg/engine/variables/evaluate_test.go  | 2 ++
 pkg/engine/variables/operator/anyin.go | 2 +-
 pkg/engine/variables/operator/in.go    | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/engine/variables/evaluate_test.go b/pkg/engine/variables/evaluate_test.go
index c291902b8e..d5596d017b 100644
--- a/pkg/engine/variables/evaluate_test.go
+++ b/pkg/engine/variables/evaluate_test.go
@@ -285,6 +285,7 @@ func TestEvaluate(t *testing.T) {
 		{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{1, 2, 3})}, false},
 		{kyverno.Condition{RawKey: kyverno.ToJSON(5.5), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{1, 1.5, 2, 3})}, false},
 		{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1", "2", "3"})}, false},
+		{kyverno.Condition{RawKey: kyverno.ToJSON("1.1.1.1"), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1*"})}, true},
 		{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "4.4.4.4"}), Operator: kyverno.ConditionOperators["In"], RawValue: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "3.3.3.3"})}, false},
 
 		// Not In
@@ -310,6 +311,7 @@ func TestEvaluate(t *testing.T) {
 		{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"2*"})}, true},
 		{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"1.1.1.1", "2.2.2.2", "5.5.5.5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"4*"})}, false},
 		{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{"5"}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1-3")}, false},
+		{kyverno.Condition{RawKey: kyverno.ToJSON("1.1.1.1"), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON([]interface{}{"1*"})}, true},
 		{kyverno.Condition{RawKey: kyverno.ToJSON("5"), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1-10")}, true},
 		{kyverno.Condition{RawKey: kyverno.ToJSON(5), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("1-10")}, true},
 		{kyverno.Condition{RawKey: kyverno.ToJSON([]interface{}{1, 5}), Operator: kyverno.ConditionOperators["AnyIn"], RawValue: kyverno.ToJSON("7-10")}, false},
diff --git a/pkg/engine/variables/operator/anyin.go b/pkg/engine/variables/operator/anyin.go
index fe778b61b1..cc6ad419c1 100644
--- a/pkg/engine/variables/operator/anyin.go
+++ b/pkg/engine/variables/operator/anyin.go
@@ -63,7 +63,7 @@ func anyKeyExistsInArray(key string, value interface{}, log logr.Logger) (invali
 
 	case []interface{}:
 		for _, val := range valuesAvailable {
-			if wildcard.Match(key, fmt.Sprint(val)) {
+			if wildcard.Match(fmt.Sprint(val), key) {
 				return false, true
 			}
 		}
diff --git a/pkg/engine/variables/operator/in.go b/pkg/engine/variables/operator/in.go
index 052e3cd27b..2eaaeb88fe 100644
--- a/pkg/engine/variables/operator/in.go
+++ b/pkg/engine/variables/operator/in.go
@@ -63,7 +63,7 @@ func keyExistsInArray(key string, value interface{}, log logr.Logger) (invalidTy
 
 	case []interface{}:
 		for _, val := range valuesAvailable {
-			if wildcard.Match(key, fmt.Sprint(val)) {
+			if wildcard.Match(fmt.Sprint(val), key) {
 				return false, true
 			}
 		}