larryh/corso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use equals filter by default (#3145)

Browse Source 
Now that we've filters moved from concatenated strings into slices it's possible for selector scopes to prefer equals over contains as the standard matching behavior.  This will minimize the possibility of pulling in unintended resources for details and restore.

<!-- PR description-->

---

#### Does this PR need a docs update or release note?

- [x]  No

#### Type of change

- [x] 🧹 Tech Debt/Cleanup

#### Test Plan

- [x] 💪 Manual
- [x]  Unit test
- [x] 💚 E2E
This commit is contained in:
Keepers 2023-04-19 13:24:45 -06:00 committed by GitHub
parent 09ef350bc0
commit 6d022d196a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/pkg/selectors/scopes_test.go
View File

@ -572,13 +572,13 @@ func (suite *SelectorScopesSuite) TestScopesPII() {
`"pass":"Pass"`,
`"fail":"Fail"`,
`"foo":"EQ:bar"`,
`"qux":"Cont:fnords,smarf"`,
`"qux":"EQ:fnords,smarf"`,
},
containsPlain: []string{
`"pass":"Pass"`,
`"fail":"Fail"`,
`"foo":"EQ:bar"`,
`"qux":"Cont:fnords,smarf"`,
`"qux":"EQ:fnords,smarf"`,
},
},
}

6
src/pkg/selectors/selectors.go
View File

@ -585,11 +585,7 @@ func filterize(
return defaultFilter(targets)
}
if len(targets) == 1 {
return filters.Equal(targets)
}
return filters.Contains(targets)
return filters.Equal(targets)
}
// pathFilterFactory returns the appropriate path filter

8
src/pkg/selectors/selectors_test.go
View File

@ -439,8 +439,8 @@ func (suite *SelectorSuite) TestSelector_pii() {
ResourceOwners: filterFor(scopeConfig{}, "owner_1", "owner_2"),
}
},
expect: `{"resourceOwners":"Cont:***,***","discreteOwner":"***"}`,
expectPlain: `{"resourceOwners":"Cont:owner_1,owner_2","discreteOwner":"owner"}`,
expect: `{"resourceOwners":"EQ:***,***","discreteOwner":"***"}`,
expectPlain: `{"resourceOwners":"EQ:owner_1,owner_2","discreteOwner":"owner"}`,
},
{
name: "one scope each type",
@ -456,14 +456,14 @@ func (suite *SelectorSuite) TestSelector_pii() {
},
//nolint:lll
expect: `{"service":1,` +
`"resourceOwners":"Cont:***,***",` +
`"resourceOwners":"EQ:***,***",` +
`"discreteOwner":"***",` +
`"exclusions":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathCont:***","category":"Identity:***","type":"Identity:***"}],` +
`"filters":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathSfx:***","category":"Identity:***","type":"Identity:***"}],` +
`"includes":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathPfx:***","category":"Identity:***","type":"Identity:***"}]}`,
//nolint:lll
expectPlain: `{"service":1,` +
`"resourceOwners":"Cont:owner_1,owner_2",` +
`"resourceOwners":"EQ:owner_1,owner_2",` +
`"discreteOwner":"owner",` +
`"exclusions":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathCont:e","category":"Identity:ExchangeMailFolder","type":"Identity:ExchangeMail"}],` +
`"filters":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathSfx:f","category":"Identity:ExchangeMailFolder","type":"Identity:ExchangeMail"}],` +