From 554a85c95a051f8e0e2708b693f33dc7209db4ca Mon Sep 17 00:00:00 2001
From: Leonardo Parente <23251360+leoparente@users.noreply.github.com>
Date: Tue, 25 Feb 2025 11:18:43 -0300
Subject: [PATCH 1/4] fix: selector applies all block matches

---
 agent/configmgr/git.go | 17 ++++++++++++-----
 docs/configs/git.md    | 25 +++++++++++++------------
 2 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/agent/configmgr/git.go b/agent/configmgr/git.go
index 9ba6bb0..e64663d 100644
--- a/agent/configmgr/git.go
+++ b/agent/configmgr/git.go
@@ -192,7 +192,10 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
 		return nil, err
 	}
 
-	// Check for matching selector
+	// Use a set (map) to store unique policy paths
+	policyPathsSet := make(map[string]struct{})
+
+	// Iterate through all selectors and collect all matching ones
 	for selectorName, entry := range selectors {
 		matches := true
 		for key, value := range entry.Selector {
@@ -204,18 +207,22 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
 
 		if matches {
 			gc.logger.Info("Selector matched", zap.String("selector", selectorName))
-			policyPaths := make([]string, 0)
 			for _, policy := range entry.Policies {
 				if policy.Enabled != nil && !*policy.Enabled {
 					continue
 				}
-				policyPaths = append(policyPaths, policy.Path)
+				policyPathsSet[policy.Path] = struct{}{} // Add path to set (ensures uniqueness)
 			}
-			return policyPaths, nil
 		}
 	}
 
-	return nil, nil
+	// Convert map keys to a slice
+	var policyPaths []string
+	for path := range policyPathsSet {
+		policyPaths = append(policyPaths, path)
+	}
+
+	return policyPaths, nil
 }
 
 func (gc *gitConfigManager) schedule(cfg config.Config, backends map[string]backend.Backend) {
diff --git a/docs/configs/git.md b/docs/configs/git.md
index cefe263..fe389aa 100644
--- a/docs/configs/git.md
+++ b/docs/configs/git.md
@@ -42,12 +42,13 @@ The Orb Agent requires the Git repository containing its policies to have the fo
 .
 ├── .git
 ├── selector.yaml
-├── dir2
-│   ├── newpolicy.yaml
-│   └── dir3
-│       └── newpolicy2.yaml
-└── folder1
-    └── policy1.yaml
+├── policy1.yaml
+├── folder2
+│   ├── policy2.yaml
+│   └── folder3
+│       └── policy3.yaml
+└── folder4
+    └── policy4.yaml
 ```
 
 ### selector.yaml 
@@ -64,8 +65,8 @@ agent_selector_1:
   policies:
     policy1:
       path: policy1.yaml
-	policy2:
-	  enabled: false
+    policy2:
+      enabled: false
       path: folder2/policy2.yaml
 agent_selector_2:
   selector:
@@ -73,8 +74,8 @@ agent_selector_2:
     pop: nyc02
   policies:
     policy1:
-	  enabled: true
-	  path: policy1.yaml
-	policy3:
-      path: folder3/policy3.yaml 
+      enabled: true
+      path: policy1.yaml
+    policy3:
+      path: folder2/folder3/policy3.yaml
 ```
\ No newline at end of file

From beb1779404342e3f5c78438489ca3e2a81262d6d Mon Sep 17 00:00:00 2001
From: Leonardo Parente <23251360+leoparente@users.noreply.github.com>
Date: Tue, 25 Feb 2025 13:43:17 -0300
Subject: [PATCH 2/4] add match all

---
 agent/configmgr/git.go | 14 ++++++++------
 docs/configs/git.md    |  6 +++++-
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/agent/configmgr/git.go b/agent/configmgr/git.go
index e64663d..7337cde 100644
--- a/agent/configmgr/git.go
+++ b/agent/configmgr/git.go
@@ -198,20 +198,22 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
 	// Iterate through all selectors and collect all matching ones
 	for selectorName, entry := range selectors {
 		matches := true
-		for key, value := range entry.Selector {
-			if cfgValue, exists := cfg.OrbAgent.Labels[key]; !exists || cfgValue != value {
-				matches = false
-				break
+		// If selector is empty, it matches everything
+		if len(entry.Selector) > 0 {
+			for key, value := range entry.Selector {
+				if cfgValue, exists := cfg.OrbAgent.Labels[key]; !exists || cfgValue != value {
+					matches = false
+					break
+				}
 			}
 		}
-
 		if matches {
 			gc.logger.Info("Selector matched", zap.String("selector", selectorName))
 			for _, policy := range entry.Policies {
 				if policy.Enabled != nil && !*policy.Enabled {
 					continue
 				}
-				policyPathsSet[policy.Path] = struct{}{} // Add path to set (ensures uniqueness)
+				policyPathsSet[policy.Path] = struct{}{}
 			}
 		}
 	}
diff --git a/docs/configs/git.md b/docs/configs/git.md
index fe389aa..3cc2536 100644
--- a/docs/configs/git.md
+++ b/docs/configs/git.md
@@ -53,7 +53,7 @@ The Orb Agent requires the Git repository containing its policies to have the fo
 
 ### selector.yaml 
 The `selector.yaml` file must include the `selector` and `policies` sections:
- - `selector`: Defines key-value pairs (agent labels) used to identify agents
+ - `selector`: Defines key-value pairs that identify agents based on their labels. If the selector is empty, it matches all agents.
  - `policies`: Specifies policy file paths and their enabled or disabled state. If the `enabled` field is not provided, the policy is enabled by default
 
 
@@ -78,4 +78,8 @@ agent_selector_2:
       path: policy1.yaml
     policy3:
       path: folder2/folder3/policy3.yaml
+agent_selector_matches_all:
+  selector:
+  policies:
+    path: folder4/policy4.yaml
 ```
\ No newline at end of file

From 2f46b62eae54528cc02ab4ff0059d9f5af3526ea Mon Sep 17 00:00:00 2001
From: Leonardo Parente <23251360+leoparente@users.noreply.github.com>
Date: Wed, 26 Feb 2025 08:13:21 -0300
Subject: [PATCH 3/4] remove not necessery code

---
 agent/configmgr/git.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/agent/configmgr/git.go b/agent/configmgr/git.go
index 7337cde..6167133 100644
--- a/agent/configmgr/git.go
+++ b/agent/configmgr/git.go
@@ -198,13 +198,10 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
 	// Iterate through all selectors and collect all matching ones
 	for selectorName, entry := range selectors {
 		matches := true
-		// If selector is empty, it matches everything
-		if len(entry.Selector) > 0 {
-			for key, value := range entry.Selector {
-				if cfgValue, exists := cfg.OrbAgent.Labels[key]; !exists || cfgValue != value {
-					matches = false
-					break
-				}
+		for key, value := range entry.Selector {
+			if cfgValue, exists := cfg.OrbAgent.Labels[key]; !exists || cfgValue != value {
+				matches = false
+				break
 			}
 		}
 		if matches {

From d49b84d093541763a13a9b55796cbb5600c888d9 Mon Sep 17 00:00:00 2001
From: Leonardo Parente <23251360+leoparente@users.noreply.github.com>
Date: Wed, 26 Feb 2025 11:50:29 -0300
Subject: [PATCH 4/4] add message

---
 agent/configmgr/git.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/agent/configmgr/git.go b/agent/configmgr/git.go
index 6167133..de7fa1e 100644
--- a/agent/configmgr/git.go
+++ b/agent/configmgr/git.go
@@ -206,10 +206,14 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
 		}
 		if matches {
 			gc.logger.Info("Selector matched", zap.String("selector", selectorName))
-			for _, policy := range entry.Policies {
+			for pName, policy := range entry.Policies {
 				if policy.Enabled != nil && !*policy.Enabled {
 					continue
 				}
+				if _, exists := policyPathsSet[policy.Path]; exists {
+					gc.logger.Warn("Policy path already exists", zap.String("selector", selectorName),
+						zap.String("policy", pName), zap.String("path", policy.Path))
+				}
 				policyPathsSet[policy.Path] = struct{}{}
 			}
 		}