Skip to content

Commit

Permalink
feat: use -> for explicit bindings (#92)
Browse files Browse the repository at this point in the history 
Signed-off-by: Charles-Edouard Brétéché <[email protected]>
  • Loading branch information
@eddycharly
eddycharly authored Oct 10, 2023
1 parent 0eca531 commit fe707c0
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 17 deletions.
2 changes: 1 addition & 1 deletion pkg/engine/assert/expression.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (

var (
foreachRegex = regexp.MustCompile(`^~(\w+)?\.(.*)`)
bindingRegex = regexp.MustCompile(`(.*)@(\w+)$`)
bindingRegex = regexp.MustCompile(`(.*)\s*->\s*(\w+)$`)
escapeRegex = regexp.MustCompile(`^\\(.+)\\$`)
engineRegex = regexp.MustCompile(`^\((?:(\w+):)?(.+)\)$`)
)
Expand Down
14 changes: 7 additions & 7 deletions pkg/engine/assert/expression_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func Test_parseExpressionRegex(t *testing.T) {
},
}, {
name: "binding",
in: "test@foo",
in: "test->foo",
want: &expression{
foreach: false,
foreachName: "",
Expand All @@ -86,7 +86,7 @@ func Test_parseExpressionRegex(t *testing.T) {
},
}, {
name: "binding",
in: "(test)@foo",
in: "(test)->foo",
want: &expression{
foreach: false,
foreachName: "",
Expand All @@ -96,7 +96,7 @@ func Test_parseExpressionRegex(t *testing.T) {
},
}, {
name: "foreach and binding",
in: "~.test@foo",
in: "~.test->foo",
want: &expression{
foreach: true,
foreachName: "",
Expand All @@ -105,7 +105,7 @@ func Test_parseExpressionRegex(t *testing.T) {
},
}, {
name: "foreach and binding",
in: "~.(test)@foo",
in: "~.(test)->foo",
want: &expression{
foreach: true,
foreachName: "",
Expand All @@ -115,11 +115,11 @@ func Test_parseExpressionRegex(t *testing.T) {
},
}, {
name: "escape",
in: `\~(test)@foo\`,
in: `\~(test)->foo\`,
want: &expression{
foreach: false,
foreachName: "",
statement: "~(test)@foo",
statement: "~(test)->foo",
binding: "",
},
}, {
Expand Down Expand Up @@ -160,7 +160,7 @@ func Test_parseExpressionRegex(t *testing.T) {
},
}, {
name: "escape",
in: `~index.\(test)\@name`,
in: `~index.\(test)\->name`,
want: &expression{
foreach: true,
foreachName: "index",
Expand Down
2 changes: 1 addition & 1 deletion testdata/escaped/payload.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
foo:
(bar): 4
(bar)@test: 6
(bar)->test: 6
~foos:
- 1
- 2
Expand Down
6 changes: 3 additions & 3 deletions testdata/escaped/policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@ spec:
\(bar)\: 4
- check:
foo:
\(bar)\@test:
\(bar)\->test:
($test): 4
- check:
foo:
\(bar)@test\: 6
\(bar)->test\: 6
- check:
foo:
\(bar)@test\@test:
\(bar)->test\->test:
($test): 6
- check:
foo:
Expand Down
2 changes: 1 addition & 1 deletion testdata/pod-no-latest/out.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ Loading policies ...
Loading payload ...
Pre processing ...
Running ( evaluating 1 resource against 1 policy ) ...
- test / pod-no-latest / FAILED: all[0].check.spec.~foo.containers@foos[0].(at($foos, $foo).image)@foo.(ends_with($foo, $tag)): Invalid value: true: Expected value: false; all[0].check.spec.~foo.containers@foos[1].(at($foos, $foo).image)@foo.(ends_with($foo, $tag)): Invalid value: true: Expected value: false; all[0].check.spec.~foo.containers@foos[2].(at($foos, $foo).image)@foo.(ends_with($foo, $tag)): Invalid value: true: Expected value: false; all[1].check.spec.~.containers@foo[0].image.(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[1].check.spec.~.containers@foo[1].image.(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[1].check.spec.~.containers@foo[2].image.(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[2].check.~index.(spec.containers[*].image)@images[0].(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[2].check.~index.(spec.containers[*].image)@images[1].(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[2].check.~index.(spec.containers[*].image)@images[2].(ends_with(@, ':latest')): Invalid value: true: Expected value: false
- test / pod-no-latest / FAILED: all[0].check.spec.~foo.containers->foos[0].(at($foos, $foo).image)->foo.(ends_with($foo, $tag)): Invalid value: true: Expected value: false; all[0].check.spec.~foo.containers->foos[1].(at($foos, $foo).image)->foo.(ends_with($foo, $tag)): Invalid value: true: Expected value: false; all[0].check.spec.~foo.containers->foos[2].(at($foos, $foo).image)->foo.(ends_with($foo, $tag)): Invalid value: true: Expected value: false; all[1].check.spec.~.containers->foo[0].image.(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[1].check.spec.~.containers->foo[1].image.(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[1].check.spec.~.containers->foo[2].image.(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[2].check.~index.(spec.containers[*].image)->images[0].(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[2].check.~index.(spec.containers[*].image)->images[1].(ends_with(@, ':latest')): Invalid value: true: Expected value: false; all[2].check.~index.(spec.containers[*].image)->images[2].(ends_with(@, ':latest')): Invalid value: true: Expected value: false
Done
8 changes: 4 additions & 4 deletions testdata/pod-no-latest/policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,22 @@ spec:
all:
- check:
spec:
~foo.containers@foos:
(at($foos, $foo).image)@foo:
~foo.containers->foos:
(at($foos, $foo).image)->foo:
# an image tag is required
(contains($foo, ':')): true
# using a mutable image tag e.g. 'latest' is not allowed
(ends_with($foo, $tag)): false
- check:
spec:
~.containers@foo:
~.containers->foo:
image:
# an image tag is required
(contains(@, ':')): true
# using a mutable image tag e.g. 'latest' is not allowed
(ends_with(@, ':latest')): false
- check:
~index.(spec.containers[*].image)@images:
~index.(spec.containers[*].image)->images:
# an image tag is required
(contains(@, ':')): true
# using a mutable image tag e.g. 'latest' is not allowed
Expand Down

0 comments on commit fe707c0

Please sign in to comment.