Skip to content

Commit

Permalink
fix(policy): matcher with same key not the same value (#6460)
Browse files Browse the repository at this point in the history 
* fix(policies): matcher with same key not the same value

Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
(cherry picked from commit 0e3ca75)
  • Loading branch information
@jakubdyszkiewicz @mergify
jakubdyszkiewicz authored and mergify[bot] committed Apr 5, 2023
1 parent e37b639 commit 739a67c
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/core/xds/rules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func (ss Subset) IsSubset(other Subset) bool {
if otherTag.Value == tag.Value && otherTag.Not != tag.Not {
return false
}
if otherTag.Value != tag.Value && !otherTag.Not {
if otherTag.Value != tag.Value && !otherTag.Not && !tag.Not {
return false
}
}
Expand Down
16 changes: 16 additions & 0 deletions pkg/core/xds/rules_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,22 @@ var _ = Describe("Rules", func() {
},
confYAML: []byte(`action: ALLOW`),
}),
Entry("single matched not", testCase{
rules: xds.Rules{
{
Subset: []xds.Tag{
{Key: "key1", Value: "val1", Not: true},
},
Conf: meshtrafficpermission_api.Conf{
Action: "Allow",
},
},
},
subset: []xds.Tag{
{Key: "key1", Value: "val2"},
},
confYAML: []byte(`action: Allow`),
}),
Entry("single matched rule, rule and subset with negation", testCase{
rules: xds.Rules{
{
Expand Down

0 comments on commit 739a67c

Please sign in to comment.