From 6d022d196a4c4e29d70ff7395d051670db253447 Mon Sep 17 00:00:00 2001
From: Keepers <ryanfkeepers@gmail.com>
Date: Wed, 19 Apr 2023 13:24:45 -0600
Subject: [PATCH] use equals filter by default (#3145)

Now that we've filters moved from concatenated strings into slices it's possible for selector scopes to prefer equals over contains as the standard matching behavior.  This will minimize the possibility of pulling in unintended resources for details and restore.

<!-- PR description-->

---

#### Does this PR need a docs update or release note?

- [x] :no_entry: No

#### Type of change

- [x] :broom: Tech Debt/Cleanup

#### Test Plan

- [x] :muscle: Manual
- [x] :zap: Unit test
- [x] :green_heart: E2E
---
 src/pkg/selectors/scopes_test.go    | 4 ++--
 src/pkg/selectors/selectors.go      | 6 +-----
 src/pkg/selectors/selectors_test.go | 8 ++++----
 3 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/pkg/selectors/scopes_test.go b/src/pkg/selectors/scopes_test.go
index 4c5c0505a..0fc33791d 100644
--- a/src/pkg/selectors/scopes_test.go
+++ b/src/pkg/selectors/scopes_test.go
@@ -572,13 +572,13 @@ func (suite *SelectorScopesSuite) TestScopesPII() {
 				`"pass":"Pass"`,
 				`"fail":"Fail"`,
 				`"foo":"EQ:bar"`,
-				`"qux":"Cont:fnords,smarf"`,
+				`"qux":"EQ:fnords,smarf"`,
 			},
 			containsPlain: []string{
 				`"pass":"Pass"`,
 				`"fail":"Fail"`,
 				`"foo":"EQ:bar"`,
-				`"qux":"Cont:fnords,smarf"`,
+				`"qux":"EQ:fnords,smarf"`,
 			},
 		},
 	}
diff --git a/src/pkg/selectors/selectors.go b/src/pkg/selectors/selectors.go
index 7e8b16c51..1800d3a44 100644
--- a/src/pkg/selectors/selectors.go
+++ b/src/pkg/selectors/selectors.go
@@ -585,11 +585,7 @@ func filterize(
 		return defaultFilter(targets)
 	}
 
-	if len(targets) == 1 {
-		return filters.Equal(targets)
-	}
-
-	return filters.Contains(targets)
+	return filters.Equal(targets)
 }
 
 // pathFilterFactory returns the appropriate path filter
diff --git a/src/pkg/selectors/selectors_test.go b/src/pkg/selectors/selectors_test.go
index 443ca52b9..3931adfec 100644
--- a/src/pkg/selectors/selectors_test.go
+++ b/src/pkg/selectors/selectors_test.go
@@ -439,8 +439,8 @@ func (suite *SelectorSuite) TestSelector_pii() {
 					ResourceOwners: filterFor(scopeConfig{}, "owner_1", "owner_2"),
 				}
 			},
-			expect:      `{"resourceOwners":"Cont:***,***","discreteOwner":"***"}`,
-			expectPlain: `{"resourceOwners":"Cont:owner_1,owner_2","discreteOwner":"owner"}`,
+			expect:      `{"resourceOwners":"EQ:***,***","discreteOwner":"***"}`,
+			expectPlain: `{"resourceOwners":"EQ:owner_1,owner_2","discreteOwner":"owner"}`,
 		},
 		{
 			name: "one scope each type",
@@ -456,14 +456,14 @@ func (suite *SelectorSuite) TestSelector_pii() {
 			},
 			//nolint:lll
 			expect: `{"service":1,` +
-				`"resourceOwners":"Cont:***,***",` +
+				`"resourceOwners":"EQ:***,***",` +
 				`"discreteOwner":"***",` +
 				`"exclusions":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathCont:***","category":"Identity:***","type":"Identity:***"}],` +
 				`"filters":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathSfx:***","category":"Identity:***","type":"Identity:***"}],` +
 				`"includes":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathPfx:***","category":"Identity:***","type":"Identity:***"}]}`,
 			//nolint:lll
 			expectPlain: `{"service":1,` +
-				`"resourceOwners":"Cont:owner_1,owner_2",` +
+				`"resourceOwners":"EQ:owner_1,owner_2",` +
 				`"discreteOwner":"owner",` +
 				`"exclusions":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathCont:e","category":"Identity:ExchangeMailFolder","type":"Identity:ExchangeMail"}],` +
 				`"filters":[{"ExchangeMail":"Pass","ExchangeMailFolder":"PathSfx:f","category":"Identity:ExchangeMailFolder","type":"Identity:ExchangeMail"}],` +