Skip to content

fix: selector applies to all block matches #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
leoparente merged 4 commits into from
Feb 26, 2025
Merged

fix: selector applies to all block matches #66

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
554a85c
fix: selector applies all block matches
leoparente Feb 25, 2025
beb1779
add match all
leoparente Feb 25, 2025
2f46b62
remove not necessery code
leoparente Feb 26, 2025
d49b84d
add message
leoparente Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions agent/configmgr/git.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,10 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
return nil, err
}

// Check for matching selector
// Use a set (map) to store unique policy paths
policyPathsSet := make(map[string]struct{})

// Iterate through all selectors and collect all matching ones
for selectorName, entry := range selectors {
matches := true
for key, value := range entry.Selector {
Expand All @@ -201,21 +204,28 @@ func (gc *gitConfigManager) processSelector(file *object.File, cfg config.Config
break
}
}

if matches {
gc.logger.Info("Selector matched", zap.String("selector", selectorName))
policyPaths := make([]string, 0)
for _, policy := range entry.Policies {
for pName, policy := range entry.Policies {
if policy.Enabled != nil && !*policy.Enabled {
continue
}
policyPaths = append(policyPaths, policy.Path)
if _, exists := policyPathsSet[policy.Path]; exists {
gc.logger.Warn("Policy path already exists", zap.String("selector", selectorName),
zap.String("policy", pName), zap.String("path", policy.Path))
}
policyPathsSet[policy.Path] = struct{}{}
}
return policyPaths, nil
}
}

return nil, nil
// Convert map keys to a slice
var policyPaths []string
for path := range policyPathsSet {
policyPaths = append(policyPaths, path)
}

return policyPaths, nil
}

func (gc *gitConfigManager) schedule(cfg config.Config, backends map[string]backend.Backend) {
Expand Down
31 changes: 18 additions & 13 deletions docs/configs/git.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,17 +42,18 @@ The Orb Agent requires the Git repository containing its policies to have the fo
.
├── .git
├── selector.yaml
├── dir2
│   ├── newpolicy.yaml
│   └── dir3
│   └── newpolicy2.yaml
└── folder1
└── policy1.yaml
├── policy1.yaml
├── folder2
│   ├── policy2.yaml
│   └── folder3
│   └── policy3.yaml
└── folder4
└── policy4.yaml
```

### selector.yaml
The `selector.yaml` file must include the `selector` and `policies` sections:
- `selector`: Defines key-value pairs (agent labels) used to identify agents
- `selector`: Defines key-value pairs that identify agents based on their labels. If the selector is empty, it matches all agents.
- `policies`: Specifies policy file paths and their enabled or disabled state. If the `enabled` field is not provided, the policy is enabled by default


Expand All @@ -64,17 +65,21 @@ agent_selector_1:
policies:
policy1:
path: policy1.yaml
policy2:
enabled: false
policy2:
enabled: false
path: folder2/policy2.yaml
agent_selector_2:
selector:
region: US
pop: nyc02
policies:
policy1:
enabled: true
path: policy1.yaml
policy3:
path: folder3/policy3.yaml
enabled: true
path: policy1.yaml
policy3:
path: folder2/folder3/policy3.yaml
agent_selector_matches_all:
selector:
policies:
path: folder4/policy4.yaml
```
Loading