in src/PSRule.Rules.Azure/Data/Policy/PolicyAssignmentVisitor.cs [286:361]
private string GetFieldObjectPathArrayFilter(JObject obj)
{
if (obj.TryStringProperty(PROPERTY_FIELD, out var fieldProperty))
{
var subProperty = string.Empty;
// If we come across a type, set the .type sub property in the object path
// Also set the current type for any further alias expansion
if (fieldProperty.Equals(PROPERTY_TYPE, StringComparison.OrdinalIgnoreCase) &&
obj.TryStringProperty(PROPERTY_EQUALS, out var fieldType))
{
subProperty = $".{PROPERTY_TYPE}";
SetDefaultResourceType(fieldType);
}
else if (TryPolicyAliasPath(fieldProperty, out var fieldAliasPath))
{
subProperty = fieldAliasPath.GetLastSegment(COLLECTION_ALIAS);
}
var comparisonExpression = obj.Children<JProperty>()
.FirstOrDefault(prop => !prop.Name.Equals(PROPERTY_FIELD, StringComparison.OrdinalIgnoreCase));
if (comparisonExpression != null)
{
var objectPathComparisonOperator = ExpressionToObjectPathComparisonOperator(comparisonExpression.Name);
// Expand string values if we come across any
var comparisonValue = comparisonExpression.Value;
if (comparisonValue.Type == JTokenType.String)
comparisonValue = TemplateVisitor.ExpandPropertyToken(this, comparisonValue);
if (objectPathComparisonOperator != null)
{
return FormatObjectPathArrayFilter(
subProperty,
objectPathComparisonOperator,
comparisonValue
);
}
else
{
// Convert in expression
if (comparisonExpression.Name.Equals(PROPERTY_IN, StringComparison.OrdinalIgnoreCase)
&& comparisonValue.Type == JTokenType.Array)
{
var filters = comparisonValue
.Select(val => FormatObjectPathArrayFilter(subProperty, EQUALITY_OPERATOR, val));
return string.Concat(GROUP_OPEN, string.Join($" {OR_CLAUSE} ", filters), GROUP_CLOSE);
}
// Convert notIn expression
else if (comparisonExpression.Name.Equals(PROPERTY_NOTIN, StringComparison.OrdinalIgnoreCase)
&& comparisonValue.Type == JTokenType.Array)
{
var filters = comparisonValue
.Select(val => FormatObjectPathArrayFilter(subProperty, INEQUALITY_OPERATOR, val));
return string.Concat(GROUP_OPEN, string.Join($" {AND_CLAUSE} ", filters), GROUP_CLOSE);
}
// Convert exists expression
else if (comparisonExpression.Name.Equals(PROPERTY_EXISTS, StringComparison.OrdinalIgnoreCase))
{
var existsValue = comparisonValue.Value<bool>();
return FormatObjectPathArrayFilter(
subProperty,
existsValue ? INEQUALITY_OPERATOR : EQUALITY_OPERATOR,
null);
}
}
}
}
return null;
}